Introduction

Achieving compliance with the EU Medical Device Regulation (MDR 2017/745) is not just about having documentation in place—it requires a structured, well-executed internal audit system.

A strong internal audit checklist helps medical device companies identify gaps early, reduce audit findings, and ensure readiness for notified body assessments.

So, what should your MDR internal audit checklist actually include?

1.Organisational Structure and Legal Clarity

Your internal audit should first verify that your organization is clearly defined and properly documented.

Key aspects to review include legal status and ownership structure, organisational chart and reporting lines, roles, responsibilities and authorities of personnel, and relationships with parent companies or affiliates.

Lack of clarity in organisational structure can raise serious concerns during audits.

2.Independence and Impartiality

Independence is one of the most critical expectations under MDR.

Your checklist should ensure that activities are free from conflicts of interest, procedures exist to identify and manage potential conflicts, decision-making remains objective and unbiased, and there is a clear separation between consulting and conformity assessment activities.

Even perceived conflicts of interest can result in major nonconformities.

3.Confidentiality and Information Control

Handling sensitive data requires strict control.

Your internal audit should confirm that confidentiality procedures are defined and implemented, access to information is restricted and controlled, personnel understand and comply with confidentiality obligations, and information is protected throughout all conformity assessment activities.

This is especially important for clinical and technical documentation.

4.Liability and Financial Stability

Financial robustness is often overlooked but it is essential.

Make sure your audit covers adequate liability insurance aligned with your activities, coverage that reflects the risk profile of your devices, availability of sufficient financial resources, and long-term operational sustainability.

This demonstrates reliability and trustworthiness as an organisation.

5.Quality Management System (QMS)

Your QMS is the backbone of MDR compliance.

Your internal audit should evaluate whether the QMS is fully established, implemented and maintained, document and record control systems are effective, management reviews are regularly conducted, corrective and preventive actions are implemented, and complaint handling processes are clearly defined.

A weak QMS is one of the most common causes of audit findings.

6.Internal Audit System Effectiveness

Your audit process itself must also be audited.

Ensure that internal audit procedures are clearly defined, audit frequency and planning are appropriate, audit scope covers all critical processes, post-audit actions such as CAPA follow-up are implemented, and audit effectiveness is regularly evaluated.

An ineffective internal audit system can undermine your entire compliance framework.

7.Personnel Competence and Objectivity

Competent and objective personnel are essential for a reliable internal audit.

Your checklist should verify that personnel qualifications and experience are documented, sufficient resources are available for all activities, training programs are implemented and continuously updated, and responsibilities and authority levels are clearly defined.

In addition, the auditor must be independent and able to make unbiased decisions based on evidence.

If you choose to outsource your internal audit, this can be a highly effective approach. However, it is critical to ensure that the same person or organisation is not providing consultancy services to you at the same time. This creates a conflict of interest and may lead to serious findings related to impartiality.

Selecting an auditor who is both competent and truly independent is key to maintaining credibility and passing notified body assessments.

Conclusion

An MDR internal audit is not just a regulatory requirement—it is a strategic tool.

A well-structured checklist helps you identify compliance gaps early, reduce the risk of major audit findings, improve overall system efficiency, and build confidence with notified bodies.

Companies that approach internal audits proactively are better positioned to succeed under MDR.