Mock Audit-Style Medical Device QMS Review
Panabistics performs a mock audit-style review of your medical-device quality management system against ISO 13485:2016 requirements. The review is designed to identify documentation gaps, weak implementation evidence, inconsistent processes, audit risks, and remediation priorities before an initial certification audit, surveillance audit, recertification audit, customer audit, or internal readiness decision.
The Medical Device QMS Readiness Stress Test goes beyond a document checklist. Panabistics reviews whether the quality management system is appropriately structured, implemented, supported by objective evidence, and capable of withstanding auditor scrutiny.
Part of Panabistics Regulatory Readiness Stress Tests. Navigating the Future of MedTech Compliance.
Review Scope
The scope is tailored to the organization, device portfolio, lifecycle activities, certification status, outsourced processes, and available QMS evidence.
| Area Reviewed | What We Assess |
|---|---|
| QMS scope and applicability | Whether the quality management system scope, organizational responsibilities, device activities, exclusions, and justifications are clearly defined and appropriate. |
| Quality manual and process architecture | Whether the quality manual, procedures, work instructions, forms, records, and process interactions are complete, coherent, and appropriately controlled. |
| Document and record control | Whether controlled documents, revisions, approvals, retention requirements, obsolete-document handling, and quality records are consistently managed. |
| Management responsibility | Whether management commitment, quality policy, quality objectives, assigned responsibilities, and quality-system oversight are adequately demonstrated. |
| Management review | Whether management reviews are appropriately planned, documented, supported by required inputs, and followed by meaningful actions. |
| Competence and training | Whether personnel competence, training requirements, effectiveness checks, and training records are adequate for assigned responsibilities. |
| Risk-management integration | Whether risk-based thinking and risk-management activities are appropriately integrated into relevant QMS processes and lifecycle activities. |
| Design and development controls | Whether design planning, inputs, outputs, reviews, verification, validation, transfer, changes, and design-history evidence are appropriately controlled where applicable. |
| Supplier and purchasing controls | Whether supplier selection, qualification, monitoring, purchasing requirements, outsourced-process controls, and supplier records are adequate. |
| Production and service controls | Whether production, installation, servicing, process instructions, environmental controls, and related evidence are appropriately managed where applicable. |
| Process validation | Whether processes requiring validation are identified, justified, validated, monitored, and maintained in a controlled state. |
| Identification and traceability | Whether product identification, status identification, traceability, and implantable-device requirements are addressed where applicable. |
| Monitoring and measuring equipment | Whether equipment calibration, verification, maintenance, identification, and traceability records are adequate. |
| Feedback and complaint handling | Whether feedback, complaints, investigations, trending, escalation, and related records are appropriately managed. |
| Regulatory reporting | Whether reportability assessments, escalation processes, regulatory reporting obligations, and related records are addressed where applicable. |
| Nonconforming product | Whether nonconformities, segregation, evaluation, disposition, concessions, rework, and related records are appropriately controlled. |
| CAPA | Whether corrective and preventive action processes are risk-based, evidence-supported, timely, effective, and appropriately documented. |
| Internal audits | Whether internal audits are adequately planned, independent, risk-informed, documented, and followed through to closure. |
| Data analysis and improvement | Whether quality data, trends, metrics, complaints, supplier performance, CAPA information, and other signals are used to support improvement. |
| Audit readiness | Whether the organization can retrieve objective evidence efficiently, explain its processes clearly, and demonstrate consistent implementation during an external audit. |
Deliverables
A structured report identifying likely audit findings, observations, weak implementation evidence, and improvement opportunities.
A traceable register mapping identified gaps to the applicable ISO 13485 requirements and affected QMS documents or records.
A prioritized action plan distinguishing critical issues, audit risks, documentation improvements, and longer-term enhancements.
A concise management-level summary of the organization’s readiness posture, major risks, and recommended next steps.
Targeted support to update procedures, records, process controls, CAPA responses, and implementation evidence after the review.
Audience
The Medical Device QMS Readiness Stress Test focuses on the organization’s core medical-device quality management system and assesses the applicable QMS evidence against ISO 13485:2016 requirements.
For companies preparing for an MDSAP audit, Panabistics also offers the MDSAP Audit Readiness Stress Test, which builds on the QMS foundation and evaluates the applicable audit-process and jurisdiction-specific requirements.
For companies operating in the United States, FDA QMSR-specific requirements can be incorporated into the review scope where appropriate.
This service is an independent readiness review. It is not a certification audit, does not issue an ISO certificate, does not replace an accredited certification body, and does not guarantee certification or a finding-free audit. The organization remains responsible for implementing and maintaining its quality management system and meeting all applicable regulatory requirements.
Request a Review
Tell us about your QMS scope, certification status, audit timeline, prior findings, and available evidence. We will respond within 24 business hours to discuss scope and next steps.