Discover how the MDSAP program helps medical device manufacturers comply with global standards.
Published 28 Mar 2023
MDSAP, or Medical Device Single Audit Program, is a joint initiative between Australia, Brazil, Canada, Japan, and the United States regulatory bodies. It allows manufacturers to demonstrate compliance with applicable requirements in each country through one audit.
The MDSAP audit overviews a manufacturer’s quality system and processes to ensure products meet safety standards and prescribed safety regulations. The audit covers all aspects of the quality management system, such as design control activities, manufacturing processes, software validation procedures, change control systems, and post-market surveillance.
The primary goal behind MDSAP is to ensure that companies have met stringent international standards when producing medical devices to ensure consistent quality and compliance worldwide. Understanding and implementing these global standards allow regulators to identify potential risks within the production chain better while enabling compliance with these standards.
When a medical device manufacturer is certified under MDSAP, an authorized auditing organization will conduct a single audit and share the results across the participating countries. It could eliminate the need for multiple regulatory authority-specific audits throughout their audit cycle.
ISO 13485:2016 and MDSAP are certification programs designed to help medical device manufacturers meet regulatory requirements and demonstrate compliance with industry standards. While these programs have many similarities, they have some differences worth noting.
One of the most significant differences between ISO 13485 and MDSAP is that MDSAP has more rigorous requirements than ISO 13485. Companies already certified to ISO 13485 may need extra effort to meet the additional requirements of MDSAP. It could include implementing new quality management systems or changing existing processes to align with MDSAP standards. Companies wishing to achieve ISO 13485 certification are advised to assess the requirements outlined in the ISO 13485 checklist fully.
The MDSAP audit applies the process approach, which is organized and rational. It includes reviewing Standard Operating Procedures (SOPs) initially and performing a review with questions provided by a checklist, which are kept consistent across the audit. Below are some expectations from an MDSAP audit:
The audit sequence covers four primary processes:
Plus, three supporting processes:
Additionally, the audit will put heavy emphasis on the following:
The MDSAP audit consists of three audits conducted in three-year cycles.
During the audit, two stages will be conducted according to ISO/IEC 17021:
Two years after its initial MDSAP certification audit, a surveillance audit is required to verify compliance with the MDSAP QMS requirements. This audit does not include the review activities that are part of an initial certification audit and is optional to assess all MDSAP needs within Stage 2 activities. A surveillance audit should evaluate any modifications in the products or QMS processes of the manufacturer since their initial certification audit.
A recertification audit is required every three years after the initial certification audit. This audit aims to assess the adequacy of a manufacturer’s QMS to ensure it meets MDSAP requirements. A recertification audit typically uses a smaller sample size and is shorter than the initial certification audit.
You can best prepare for an MDSAP audit by downloading and reading the MDSAP audit model guide the months before. Nevertheless, it would help if you remembered a few things when preparing for the MDSAP audit.
The MDSAP Audit Model is a comprehensive guide providing AOs with all the necessary information for the audit. It includes 90 questions that the AO will ask. Medical device regulatory agencies participating in the MDSAP program cross-reference these with relevant sections of ISO 13485:2016.
The MDSAP Companion Document guides manufacturers and auditors regarding the Audit Model, allowing for a more structured approach to the audit process. As a result, the document clarifies what information the manufacturer should focus on, eliminating any guesswork.
Having the documents needed for the audit organized and easily retrievable is essential, as the allocated time does not allow for going over areas without ready accessibility. When documents are not easily accessible, the auditor cannot review them.
Procedures and programs must incorporate how the manufacturer justifies its control of suppliers. A manufacturer cannot just reference ISO or MDSAP certification but must show how they ensure compliance.
Manufacturing companies with multiple locations should pay special attention to this aspect. Identify the scope of activities at each site and the products covered by operations. Ensure that multi-site manufacturing is defined in Stage 1 so that the AO can calculate the appropriate time frame for Stage 2.
Evidence must be provided that employees are competent, not just trained, regarding all relevant regulatory requirements. Objective evidence might include testing after training and job function check to ensure competency is practiced rather than just learned.
As part of the program, participating medical device manufacturers will be audited annually, according to a three-year certification cycle, to ensure they meet the necessary safety and quality standards. Audits will include a review of the manufacturer’s processes, procedures, and personnel competencies.
Auditing Organizations (AOs) conduct MDSAP audits. They are private companies meeting MDSAP requirements. An AO performs MDSAP audits for manufacturers, and many AOs can also conduct ISO 13485 audits simultaneously.
Most procedures take 15 minutes on average, but critical areas such as sterilization, servicing, or installation can take up to 45 minutes. However, the design can take a significant amount of time. An MDSAP audit can last up to 4-5 days.
The Food and Drug Administration (FDA) recognizes MDSAP audit reports as an alternative to FDA Establishment Inspection Reports (EIRs). The program does not affect FDA inspections conducted for cause or compliance follow-ups. Additionally, MDSAP doesn’t apply to any necessary pre-approval or post-approval assessments for Pre-Market Approval (PMA) applications.
With SafetyCulture (formerly iAuditor), manufacturers can ensure they comply with MDSAP requirements. SafetyCulture is a cloud-based multi-purpose inspection app that helps organizations prepare before MDSAP audits. Here's how it works:
Rob Paredes is a content contributor for SafetyCulture. He is a content writer who also does copy for websites, sales pages, and landing pages. Rob worked as a financial advisor, a freelance copywriter, and a Network Engineer for more than a decade before joining SafetyCulture. He got interested in writing because of the influence of his friends; aside from writing, he has an interest in personal finance, dogs, and collecting Allen Iverson cards.
Importance GMP validation ensures that every step of the manufacturing process, from raw material ...
What is 5S in the Workplace? 5s Lean is a systematic approach aimed at optimizing workplace ...
Importance Quality metrics play a pivotal role in organizations across various industries, serving ...