AI Traceability Journal – September 2025 | What Audits Reveal—and What You Can Do About It
- Team Hoodin
- Sep 4
- 2 min read
Theme: ISO 13485 §4.1.3 • MDR Article 10.9 • Annex II Section 4
This Month’s Focus
Traceability is not just about knowing what changed. It’s about showing why, when, and who decided — in a way that holds up under scrutiny.
This month, we focus on what audits are still revealing in 2025 and how to close those gaps with practical, system-level fixes.
What Audits Are Still Revealing in 2025
Despite increased awareness of MDR, IVDR, and ISO 13485 §4.1.3, many RA/QA teams still fall short in traceability and update control — and auditors are catching it.
A 2024 audit analysis highlights that uncontrolled or outdated documents are still one of the most frequent non-conformities, particularly when SOPs and technical documentation are not properly versioned or approved.Source: SimplerQMS
Traceability failures during facility audits are also common. In one summary of real notified body findings, auditors flagged missing traceability of device components and update logs — including “no visibility into what changed, who approved it, or what the impact was.”Source: PJR – Most Common ISO 13485 NCRs
WHO's own inspections have cited data integrity issues, missing justification for decisions, and lack of update traceability as critical failures, especially in regulatory files and quality management documentation.Source: WHO Inspection Findings
Checklist: Solving the Traceability Gaps
Use this as your internal audit reference for September:
Maintain a controlled, versioned repository of all procedures and documentation (incl. approval metadata).
Every update — regulatory, technical, or procedural — must be logged with:
Date of update
Source and scope
Impact assessment
Responsible reviewer
Include "no change needed" decisions, with rationale and reviewer noted.
Ensure traceability for:
Device components
Technical documentation changes
Labeling updates and PMS/Vigilance processes
Integrate regulatory surveillance with change control procedures.
Prepare a traceability summary for your next Management Review (per ISO 13485 §5.6).
Conduct a focused internal audit this month on §4.1.3 compliance and documentation control.
AI Support Tip of the Month
Use AI to generate structured impact assessments based on regulatory updates.
Example prompt:
"Assess the impact of the July 2025 update to MDCG 2021-27 on our Class IIb active implantable device for the German market. Highlight required updates to technical documentation, PMS, or QMS."
Feed the output into your traceability journal entry and change control record.
Next Month – October 2025
Risk Justification Under Scrutiny – When Common Sense Isn’t Enough
Next month we’ll explore how risk management justifications are being challenged, and how to build defensible logic from ISO 14971 into your traceability system. Wish to learn more on how to mitigate risks and set up best practise solutions for applicable requirement matrixes? Try out the Hoodin program "The Compliance Control Program - AI-Powered Regulatory Control and Documentation" Sign up here! It is free to attend!