Change Country
-or-
by John Lafferty, Life Sciences Programme Director at SQT Training Ltd.
Read time: 4 minutes.
Why This Matters for EU & Irish Medical Device Companies
For medical device manufacturers across Ireland and Europe, regulatory audits—whether under MDSAP or ISO 13485—are a critical part of maintaining market access and compliance. Having worked extensively with companies across the sector, I consistently hear the same concern:
“Some audit non-conformities don’t feel fully justified.”
In many cases, this arises due to lack of clarity in the audit and audit reporting processes..
In this article, we explore how to help to ensure that your organisation does not receive any unjustified non-conformities – especially in the environment of the MDSAP.
Key Takeaways for Medical Device Companies
Auditors are highly experienced professionals—but they are also human.
Common auditing mistakes include:
This is particularly relevant when auditing against standards like ISO 13485:2016, where intent and interpretation matter.
So, the key question becomes:
How do you prevent the auditor’s opinion from becoming your non-conformity?
Interested in our MDSAP Internal Auditor Training Course? View the Course details here.
I recommend what I call the “Three Things Principle”.
Establish Ground Rules at the Audit Opening Meeting
During the audit Opening Meeting, agree with the auditor that any non-conformity raised must include three clearly defined elements:
What exactly did the auditor see, read, or hear?
Which specific regulation, standard, or internal procedure has not been met?
The critical step: How does the exact wording of the requirement explicitly prohibit what was observed?
This approach aligns with best practice auditing principles and is central to professional auditor training.
In fact, it is a core concept taught in SQT Training’s MDSAP Internal Auditor programmes.
So why isn’t it always applied? Because most organisations don’t explicitly ask for it.
The third element—how the observation offends the standard—is where weak findings collapse.
It forces:
Without this, a “non-conformity” may simply reflect:
View the MDSAP Internal Auditor Training Course
Real-World Example: When a Non-Conformity Isn’t One
Scenario
At first glance, this appears to be a valid non-conformity. However, by applying the Three Things Principle, we will be able to test it for validity:
In this case, the auditor has given us the first two ‘Things’ but not the third. They have clearly listed the Observation and the Standard, but they have not documented ‘how the observation offends the standard’, and this omission is crucial.
👉 There is no explicit requirement in ISO 13485 for line clearance.
Deeper Analysis
Conclusion
Without demonstrating how the requirement is explicitly breached, the finding does not qualify as a true non-conformity.
In the MDSAP environment, where audits are:
…organisations must agree the ground rules with the auditor before the audits commences so that they can be confident in:
This is not about resisting auditors—it is about ensuring fair, accurate, and compliant outcomes.
If your organisation is preparing for:
Learn how to apply the Three Things Principle in practice and build audit confidence with expert-led training at SQT Training.
MDSAP Internal Auditor Training Course with SQT Training
Learn:
This training is also available on an in-company basis and can be tailored to meet your specific training needs and requirements. The in-company training can be tailored to align with your internal procedures and processes and examples from your workplace can be incorporated into the training. We can also offer you feedback on your risk management procedure during the training, if required.
Categories
ArchiveSign up to receive the latest industry and company news direct to your inbox.
2026