What is MDSAP Audit?
MDSAP, or Medical Device Single Audit Program, is a joint initiative between Australia, Brazil, Canada, Japan, and the United States regulatory bodies. It allows manufacturers to demonstrate compliance with applicable requirements in each country through one audit.
The MDSAP audit overviews a manufacturer’s quality system and processes to ensure products meet safety standards and prescribed safety regulations. The audit covers all aspects of the quality management system, such as design control activities, manufacturing processes, software validation procedures, change control systems, and post-market surveillance.
The primary goal behind MDSAP is to ensure that companies have met stringent international standards when producing medical devices to ensure consistent quality and compliance worldwide. Understanding and implementing these global standards allow regulators to identify potential risks within the production chain better while enabling compliance with these standards.
What are the Benefits for Medical Devices Manufacturer?
When a medical device manufacturer is certified under MDSAP, an authorized auditing organization will conduct a single audit and share the results across the participating countries. It could eliminate the need for multiple regulatory authority-specific audits throughout their audit cycle.
What is the Difference Between Mdsap and ISO 13485?
ISO 13485:2016 and MDSAP are certification programs designed to help medical device manufacturers meet regulatory requirements and demonstrate compliance with industry standards. While these programs have many similarities, they have some differences worth noting.
One of the most significant differences between ISO 13485 and MDSAP is that MDSAP has more rigorous requirements than ISO 13485. Companies already certified to ISO 13485 may need extra effort to meet the additional requirements of MDSAP. It could include implementing new quality management systems or changing existing processes to align with MDSAP standards. Companies wishing to achieve ISO 13485 certification are advised to assess the requirements outlined in the ISO 13485 checklist fully.
What to Expect From An MDSAP Audit
The MDSAP audit applies the process approach, which is organized and rational. It includes reviewing Standard Operating Procedures (SOPs) initially and performing a review with questions provided by a checklist, which are kept consistent across the audit. Below are some expectations from an MDSAP audit:
The audit sequence covers four primary processes:
- Management
- Measurement, Analysis, and Improvement
- Design and Development
- Production and Service Controls
Plus, three supporting processes:
- Purchasing
- Device Marketing Authorization and Facility Registration
- Medical Device Events and Advisory Notices Reporting
Additionally, the audit will put heavy emphasis on the following:
- Activities related to risk in all processes
- Processes you outsource
- Validation of design and process
- Risks associated with change management
Sequence and Timing Of MDSAP Audits
The MDSAP audit consists of three audits conducted in three-year cycles.
Initial Certification Audit
During the audit, two stages will be conducted according to ISO/IEC 17021:
- Stage 1 – This audit will evaluate your Quality Management Systems (QMS) documentation and prepare you for a Stage 2 audit.
- Stage 2 – This stage will determine whether the QMS is actually in compliance with ISO 13485 requirements and the regulatory requirements of MDSAP-participating agencies.
Surveillance Audit
Two years after its initial MDSAP certification audit, a surveillance audit is required to verify compliance with the MDSAP QMS requirements. This audit does not include the review activities that are part of an initial certification audit and is optional to assess all MDSAP needs within Stage 2 activities. A surveillance audit should evaluate any modifications in the products or QMS processes of the manufacturer since their initial certification audit.
Recertification Audit
A recertification audit is required every three years after the initial certification audit. This audit aims to assess the adequacy of a manufacturer’s QMS to ensure it meets MDSAP requirements. A recertification audit typically uses a smaller sample size and is shorter than the initial certification audit.
How to Prepare for An MDSAP Audit
You can best prepare for an MDSAP audit by downloading and reading the MDSAP audit model guide the months before. Nevertheless, it would help if you remembered a few things when preparing for the MDSAP audit.
Examine the MDSAP Audit Model to determine what the Auditing Organization (AO) will need
The MDSAP Audit Model is a comprehensive guide providing AOs with all the necessary information for the audit. It includes 90 questions that the AO will ask. Medical device regulatory agencies participating in the MDSAP program cross-reference these with relevant sections of ISO 13485:2016.
Conduct an MDSAP gap analysis
The MDSAP Companion Document guides manufacturers and auditors regarding the Audit Model, allowing for a more structured approach to the audit process. As a result, the document clarifies what information the manufacturer should focus on, eliminating any guesswork.
Ensure documents must be organized and easily accessible
Having the documents needed for the audit organized and easily retrievable is essential, as the allocated time does not allow for going over areas without ready accessibility. When documents are not easily accessible, the auditor cannot review them.
Provide proof of control over suppliers
Procedures and programs must incorporate how the manufacturer justifies its control of suppliers. A manufacturer cannot just reference ISO or MDSAP certification but must show how they ensure compliance.
Establish a clear understanding of who does what and where
Manufacturing companies with multiple locations should pay special attention to this aspect. Identify the scope of activities at each site and the products covered by operations. Ensure that multi-site manufacturing is defined in Stage 1 so that the AO can calculate the appropriate time frame for Stage 2.
Prove employees’ competency
Evidence must be provided that employees are competent, not just trained, regarding all relevant regulatory requirements. Objective evidence might include testing after training and job function check to ensure competency is practiced rather than just learned.
FAQs About MDSAP Audit
As part of the program, participating medical device manufacturers will be audited annually, according to a three-year certification cycle, to ensure they meet the necessary safety and quality standards. Audits will include a review of the manufacturer’s processes, procedures, and personnel competencies.
Auditing Organizations (AOs) conduct MDSAP audits. They are private companies meeting MDSAP requirements. An AO performs MDSAP audits for manufacturers, and many AOs can also conduct ISO 13485 audits simultaneously.
Most procedures take 15 minutes on average, but critical areas such as sterilization, servicing, or installation can take up to 45 minutes. However, the design can take a significant amount of time. An MDSAP audit can last up to 4-5 days.
The Food and Drug Administration (FDA) recognizes MDSAP audit reports as an alternative to FDA Establishment Inspection Reports (EIRs). The program does not affect FDA inspections conducted for cause or compliance follow-ups. Additionally, MDSAP doesn’t apply to any necessary pre-approval or post-approval assessments for Pre-Market Approval (PMA) applications.