How to Audit Your Economic Operator
Why EO Audits Became a Non-Negotiable Part of MDR/IVDR
If MDR/IVDR taught the medical device industry anything, it’s that relying on assumptions is not a compliance strategy. Before the new regulations came into force, most manufacturers never imagined they’d have to audit an importer or distributor. These operators were often seen as commercial partners, not regulatory actors. But that mindset doesn’t survive under MDR/IVDR. Today, Economic Operators carry legally defined responsibilities, and their failures directly impact you — the manufacturer.
This shift means EO audits are no longer optional. They are not “nice to have.” They are expected. A manufacturer that doesn’t audit its EOs eventually discovers weaknesses the hard way — during a Competent Authority inspection, a notified body audit, or worse, after a serious incident hits the market. An EO audit is your opportunity to discover risks before the regulator does.
What an EO Audit Is Actually Designed to Do
A lot of people misunderstand the purpose of auditing an EO. The goal isn’t to catch them doing something wrong or to shame them into compliance. An EO audit provides clarity where assumptions usually live. Most EO failures don’t arise because an operator is negligent or lazy — they arise because the operator doesn’t genuinely understand MDR/IVDR expectations. And why would they? Many importers and distributors spent decades functioning primarily as logistics players. MDR/IVDR transformed them into regulatory checkpoints overnight.
Auditing breaks the illusion that regulatory processes “just happen.” It forces operators to demonstrate their systems, show their documentation, explain their decisions, and reveal whether their day-to-day operations align with what the law requires.
In practice, audits uncover:
Gaps in vigilance processes
Poor or nonexistent verification records
Weak complaint handling
Incorrect or outdated EUDAMED registrations
Missing PRRC qualifications
Outdated SOPs that no longer reflect MDR/IVDR realities
When you run an EO audit, you are piecing together the real compliance picture — not the one operators say they follow.
Why Assumptions Are the Silent Killers of MDR/IVDR Compliance
Almost every significant compliance failure tied to EOs comes from assumptions. Manufacturers assume their importer is checking CE marking. They assume the distributor knows the difference between a complaint and a serious incident. They assume the AR is maintaining the latest technical documentation. They assume people understand vigilance timelines.
And then they discover — during an inspection — that none of these assumptions were true.
One manufacturer admitted that their importer had been “verifying” documentation for years. When asked to show evidence, the importer pointed to a spreadsheet with empty columns. They believed mere intent to comply counted as compliance. It doesn’t.
An EO audit eliminates assumptions by requiring proof. It’s not personal. It’s simply verification.
The Most Common Weakness Audits Reveal
If EO audits reveal one pattern consistently across the industry, it’s this: vigilance is the weakest area in the supply chain. Many EOs, especially distributors, still believe vigilance belongs exclusively to the manufacturer. They fail to understand that MDR/IVDR requires them to collect and forward complaints, monitor incidents, escalate issues rapidly, and store information properly.
When auditors ask operators to walk through their vigilance process, the results can be shocking. Some keep complaints in unstructured email threads. Some cannot differentiate between feedback and incidents. Others have no idea how quickly a serious incident must be escalated.
Vigilance is also the area Competent Authorities are increasingly focused on. A weak vigilance chain is a regulatory landmine.
EUDAMED: The Silent Audit Trigger No One Talks About
Many EO audits reveal problems related to EUDAMED registration. Operators may think they registered but didn’t complete the process. Others mis registered under the wrong actor role. Some have missing SRNs, and some believe the manufacturer must handle EUDAMED for them.
EUDAMED might still be rolling out, but regulators expect proper registration. When an EO can’t produce their SRN, it sets off immediate alarms.
How a Simple Attitude Test Reveals EO Readiness
One of the most telling parts of an EO audit is not the documentation — it’s the operator’s reaction. A competent EO is prepared, cooperative, and willing to walk you through their systems. They understand the stakes and treat audits as normal compliance practice.
A high-risk EO reacts very differently. They may become defensive, confused, dismissive, or evasive. Operators who resist being audited are almost always hiding weak processes. The correlation is near perfect.
Attitude is not a compliance requirement, but it is a compliance signal. If an EO resists you, imagine how they’ll respond to a regulator.
Why a 30-Minute Audit Can Change Everything
Audits don’t have to take days. A well-structured EO audit can reveal major gaps in half an hour. Asking an operator to show their PRRC, vigilance process, verification records, and EUDAMED SRN alone often uncovers more than you expect.
The point isn’t to overwhelm the operator. The point is to verify competence. Even a quick audit shows whether an EO understands their obligations or is winging it.
What Happens When You Don’t Audit Your EOs
Manufacturers who skip EO audits almost always pay for it later. A Competent Authority review finds undocumented processes. A distributor mismanages a complaint. An importer places a device on the market without proper verification. An AR fails to maintain technical documentation.
And the regulator doesn’t accept “We didn’t know.” Under MDR/IVDR, the manufacturer must know. You are the one accountable.
The Value of Auditing as a Relationship Strengthener
EO audits aren’t adversarial by nature. In fact, many operators appreciate audits because they clarify expectations and highlight gaps they didn’t know existed. Audits open the door for training, collaboration, and stronger partnerships built on transparency.
When done correctly, an EO audit improves relationships — it doesn’t damage them.
The Real Reason EO Audits Matter
EO audits are about protecting the manufacturer. They eliminate blind spots, prevent regulatory surprises, and establish a culture where compliance isn’t left to chance. In MDR/IVDR, you are only as strong as your weakest operator. Auditing ensures that weakness doesn’t remain hidden long enough to become a finding.
