Regulatory, Quality and Information Security Audits

Ensure compliance with a full range of expert-led audits for 

QMS, QSR,  ISMS, FDA, MDSAP, and ISO, IEC and NEN standards.

Services

icon

AI Quickscans of technical documentation and QMS documentation

icon

FDA Mock audits

icon

ISO/IEC 27001, NEN 7510-1, QMSR, MDSAP, ISO 13485 Internal Audit (optional: supported using AI to ensure a full scope check)

icon

Supplier & Subcontractor audits

icon

Due Diligence audits

icon

Regulatory audits for medical devices and External Audit support

Our Specialty

What Do We Offer?

Management systems such as a Quality Management Systems (QMS) or Information Security Management System (ISMS) continue to be subject to both medical device internal audit and external audits after the initial certification has been granted by a certification body or Regulatory Authority.

Information Security Management Systems per ISO/IEC 27001 and NEN 7510-1 require the organization to execute internal audits on a periodic basis to assess the effectiveness of the management system, and the implemented information security technical and organizational controls. 

Quality Management Systems per ISO 13485, ISO 9001, QSR or QMSR, MDSAP and ISO/IEC 42001 similarly require the organization to execute internal audits on a periodic and planned basis to assess the compliance of the QMS, the implemented quality controls, procedures and changes implemented over time.

In addition, organizations may wish to exercise control over suppliers and subcontractors (supplier audits) or execute due diligence audits to understand the level of regulatory compliance to applicable regulations from an external party prior to entering into an acquisition. 

At MedQAIR, our team of qualified auditors is ready to support Quality, Regulatory, Information Security and Privacy audits. Together with our expert auditors, we help draft an audit plan, plan for the relevant dates, execute the (hybrid) audits, and provide a detailed report with the relevant findings from the audit.

 

 

Blog Hub

Latest Insights & Updates

Explore our blog posts on MDR, IVDR, and AI Act compliance to stay ahead of regulatory changes.

Frequently Asked Questions

Find answers to common questions about our services, compliance processes, and how we can assist your business.

Internal audits help organisations assess whether their quality, regulatory, information security, and operational processes remain compliant with applicable requirements. They also help identify gaps, verify implementation of procedures, and prepare for external audits and regulatory inspections.

Internal audits are required or expected under various frameworks, including ISO 13485, ISO 9001, ISO/IEC 42001, ISO/IEC 27001, NEN 7510-1, MDSAP, FDA QMSR, and other management system standards. Audit activities help demonstrate ongoing compliance and system effectiveness.

Audit frequency depends on the applicable standard, organisational risks, previous findings, regulatory obligations, and business activities. Most organisations establish a risk-based audit programme that covers all relevant processes within a defined audit cycle. At the minimum the expectation is to execute audits on a yearly basis.

Yes. MedQAIR supports internal audits and audit preparation activities for quality management systems aligned with ISO 13485, MDSAP, FDA QMSR, and related regulatory frameworks.

Internal audits are conducted on behalf of the organisation to assess compliance and identify improvement opportunities. External audits are performed by certification bodies, notified bodies, regulators, customers, or other independent parties to evaluate compliance against specific requirements.

Yes. Depending on the audit scope, available documentation, and applicable requirements, audits may be performed on-site, remotely, or through a hybrid approach that combines both methods.

Supplier audits assess whether suppliers and subcontractors maintain appropriate controls, quality processes, and compliance activities. They are often used for critical suppliers whose products or services may impact product quality, safety, cybersecurity, or regulatory compliance.

Regulatory due diligence involves reviewing compliance status, quality systems, technical documentation, regulatory approvals, and operational risks before acquisitions, investments, licensing activities, or strategic partnerships.

Yes. Audit activities may include reviewing technical files, quality system documentation, software lifecycle records, cybersecurity documentation, clinical evidence, and other regulatory documentation relevant to the audit scope.

Audits help organisations assess whether processes, documentation, supplier controls, post-market activities, and management system requirements remain aligned with MDR and IVDR expectations throughout the product lifecycle.

Yes. Information security audits may assess compliance with ISO/IEC 27001, NEN 7510-1, cybersecurity controls, supplier security management, vulnerability management processes, and related governance activities.

Common findings include incomplete procedures, insufficient records, gaps in supplier oversight, inadequate training evidence, weak change management controls, inconsistencies in technical documentation, and deficiencies in cybersecurity or risk management processes.

Preparation typically includes reviewing procedures, ensuring documentation is current, closing known gaps, verifying training records, assessing supplier controls, and conducting internal audits or mock audits to identify potential findings before the external assessment.

Yes. MedQAIR provides qualified auditors and specialists to support internal audits, supplier audits, information security audits, due diligence assessments, audit readiness activities, and remediation programmes across medical device, software, and AI-enabled healthcare technologies.

Book a Free 30 minute Consultation

Schedule a Meeting With Our Experts

Unlock Your Quick Guide to AI Act Compliance!

Explore AI-enabled SaMD requirements with our easy step-by-step guide.

Get Your Free eBook

Cookies help us improve your experience on our website. By using our site, you consent to the use of cookies as described in this policy.