The First Clinical Question Reveals How Ready You Really Are

Written by HATEM RABEH, MD, MSc Ing

Your Clinical Evaluation Expert And Partner

in
S

Unannounced audits are designed to reveal what you do when you don’t have time to prepare. For clinical evaluation, this creates a unique problem. Your CER might be perfectly written, but if you cannot explain its reasoning under pressure, the auditor sees a compliance document, not a clinical strategy.

I have watched technical files fall apart during unannounced audits not because the documentation was missing, but because the team could not answer basic clinical questions without scrambling through hundreds of pages. The auditor does not wait. They move to the next question. And each silence builds a pattern.

This is the third part of the Notified Body Deep Dive series. We are looking at what happens when clinical evaluation moves from documentation review to live interrogation. What the auditor is testing. What you should have ready. And why most teams are not as prepared as they think.

Why Clinical Questions Come Up During Unannounced Audits

Unannounced audits under MDR Annex IX are not limited to manufacturing and post-market surveillance. The Notified Body can assess any part of your quality system, including the clinical evaluation process. This is explicit in the regulation.

The auditor may arrive to check corrective actions or complaint handling. But if they see a recent design change, a new indication, or a gap in your post-market clinical follow-up, they will pivot to clinical questions. Not because they planned to, but because clinical evaluation is the foundation for conformity.

The problem is not that the questions are difficult. The problem is that most teams treat clinical evaluation as something finalized at submission. It sits in the technical file. It gets referenced in management reviews. But nobody is maintaining live access to its reasoning.

When clinical evaluation is disconnected from operations, it shows immediately. The auditor asks about your benefit-risk determination, and you cite a sentence from page 47. They ask how you monitor that risk in PMCF, and you cannot connect the two documents without opening both files.

That disconnect is what they are looking for.

The Three Clinical Areas Auditors Target First

Auditors do not have unlimited time during unannounced visits. They focus their clinical questions on areas where deficiencies create the most regulatory exposure. Three topics come up repeatedly.

State of the Art and Clinical Context

The first question is often about state of the art. Not the section in your CER, but your working knowledge of it. Can you explain what alternative treatments exist for your intended use? Can you describe how your device compares clinically, not just technically?

If your device treats chronic wounds, the auditor may ask: what are the standard care pathways for this patient population? What clinical outcomes define success in current practice? Where does your device fit?

Most teams cannot answer this without reading from the CER. That tells the auditor that the state of the art analysis was written for compliance, not for understanding.

Benefit-Risk Justification for Current Use

The second area is benefit-risk. The auditor will ask you to explain your benefit-risk determination and then immediately ask: has anything changed since you wrote that?

This is where live knowledge matters. If you had three complaints last quarter involving skin irritation, and your benefit-risk analysis lists skin reactions as an acceptable risk, you need to explain how those complaints fit within your predicted risk profile. You need to show that you reviewed them clinically, not just as complaint records.

If you had a design change that modified patient contact duration, the auditor will ask whether that affects your benefit-risk balance. They want to see the connection between your CER conclusions and your ongoing decisions.

Teams that maintain benefit-risk as a living reference can answer this in two minutes. Teams that treat it as a static chapter cannot.

PMCF Execution and Clinical Gaps

The third focus is PMCF. The auditor knows your PMCF plan exists. What they want to know is whether you are actually following it and whether you are using the data.

They will ask: when did you last review PMCF data? What did you learn? Did it confirm your clinical assumptions or reveal gaps?

If your PMCF plan says you will monitor infection rates in post-market use, the auditor will ask to see that data. If you cannot show it, they will ask why. If you show it but cannot explain what it means for your benefit-risk profile, that is a finding.

PMCF is not about having a plan. It is about demonstrating that clinical evaluation continues after CE marking. The auditor tests this by asking operational questions that require current knowledge.

What You Should Have Ready Before the Knock

Preparation for unannounced clinical questions is not about memorizing your CER. It is about maintaining accessible clinical knowledge that connects documentation to decisions.

A One-Page Clinical Summary

You need a summary that you can reference in thirty seconds. It should cover:

– Intended use and target population
– Key clinical claims and supporting evidence
– Primary risks and how they are mitigated
– Current benefit-risk conclusion
– Active PMCF objectives

This is not a regulatory document. It is an internal reference that ensures anyone involved in the audit can orient quickly. When the auditor asks about your clinical strategy, you start here, not with the full CER.

Clinical Data Log with Status

Maintain a log that tracks all clinical data sources referenced in your CER, with current status. If you cited a clinical study, note when it was reviewed, whether new publications exist, and whether any data has changed your conclusions.

The auditor may ask: is the clinical evidence in your CER still valid? If you have to search through literature databases during the audit, you have already lost control of the conversation.

This log should be updated at minimum during management review. It does not need to be complex. It needs to be current.

PMCF Data Summary with Conclusions

Keep a rolling summary of PMCF findings. Not raw data dumps, but interpreted results. What did you measure? What did you find? What does it mean for your clinical evaluation?

If you collect patient feedback forms, summarize trends quarterly. If you monitor complaint patterns for clinical significance, document your assessment. The auditor wants to see that PMCF data feeds back into clinical evaluation, not that it sits in a separate folder.

Post-Market Event Review with Clinical Assessment

Any post-market event that could affect clinical performance should have a documented clinical assessment. Not just a complaint investigation or corrective action, but a clinical interpretation.

If a user reports unexpected bleeding during device use, your complaint file will document the investigation. The auditor will ask: did this event change your understanding of clinical risk? Did it require an update to your CER or benefit-risk analysis?

If the answer is yes, show the update. If the answer is no, show the clinical rationale for why not. Either is acceptable. What is not acceptable is uncertainty.

How to Answer When You Don’t Have the Full Answer

Even with preparation, the auditor may ask a question you cannot answer immediately. How you handle that moment determines whether it becomes a minor observation or a major finding.

Do not guess. Do not fabricate a connection between documents that you are not certain exists. The auditor will verify, and if your explanation does not match the record, the deficiency escalates.

Instead, acknowledge the gap clearly.