Medical Device Single Audit Program (MDSAP) Explained

A simple breakdown of MDSAP, how it can benefit your company, and detailed instructions on how to get started.

By now you have most likely heard the term MDSAP around the industry, but how well do you truly know what it means? Do you know whether or not your business should participate or where to even start if you do?

Well, you’ve come to the right place.

We are going to breakdown everything you need to know about MDSAP and leave you feeling confident to take the next steps! In this blog we will cover:

• MDSAP Timeline
• What is MDSAP?
• How does it work?
• Pros and Cons of Participating
• How to Participate
• MDSAP Industry Benefits
• How to Pass Your MDSAP Audit with Flying Colors

Let’s get started!

MDSAP Timeline

What is MDSAP?

The Medical Device Single Audit Program provides a globally standardized approach to auditing, allowing for an audit performed in one region to simultaneously satisfy the regulatory requirements of multiple different regions across the world.

MDSAP allows a medical device manufacturer to undergo one singular audit that will satisfy the requirements for any and all regulatory authorities participating in the program. As long as the audit is performed by a MDSAP recognized Audit Organization (AO), it will be accepted in each of the different markets of the participating regulatory authorities.

There are currently 5 regulatory authorities participating in MDSAP:

1. Australian Therapeutic Goods Administration (TGA)
2. Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA)
3. Health Canada
4. Japan’s Ministry of Health, Labour and Welfare, and the Japanese Pharmaceuticals and Medical Devices Agency (MHLW/PMDA)
5. U.S. Food and Drug Administration (FDA).

Therefore, MDSAP allows for 1 regulatory audit of a medical device manufacturer that will be accepted for all of the 5 regulatory authorities listed above. 1 audit for 5 different medical device markets! But, keep in mind that medical device manufacturers are responsible for scheduling, paying for, and completing this audit conducted by a MDSAP recognized AO.

Some good news, the MDSAP audit model doesn’t add any new requirements to the existing requirements from ISO 13485 or other country-specific requirements of the participating Regulatory Authorities. So, theoretically, if you were fully prepared for an audit and in compliance with existing requirements before you had even heard of MDSAP, your audit model would be ready to undergo a MDSAP audit as well.

How does it work?

Rather than the regulatory authorities performing the audits themselves, they give approval to third party Auditing Organizations (AO) to audit the medical device manufacturers themselves. If you have ever partaken in an ISO audit, MDSAP audits are very similarly designed.

Since MDSAP audits are scheduled and planned by the medical device company, they won’t be a surprise and you also get to choose what AO you would like to have auditing your business!

MDSAP is comprised of 3 audit phases:

1. Initial Audit
2. Surveillance Audit
3. Re-certification Audit

These 3 audit phases can be further broken down by the stages within them. The Initial Audit has 2 stages, Stage 1 and Stage 2. In Stage 1, the audit will be focussing on your Quality Management System (QMS) procedures and documentation, and how prepared you are for Stage 2. Stage 2 will be focussing more on your records of compliance, making sure that you are actually staying fully compliant.

The Surveillance Audit is conducted over a two year period and focuses heavily on your QMS requirements. This audit does not repeat the activities from the Initial Audit if there were no changes, but should assess any changes in your products or QMS processes since the initial certification audit was conducted.

The Re-certification Audit will take another year to complete. It is a comprehensive overview of your entire QMS that has been examined thus far. It's purpose is to make sure your QMS is meeting MDSAP QMS requirements and that you have continued compliance. This audit contains more precise sampling than the previous audits and typically takes less time than the initial certification audit.

Your audit will cover 7 main areas:

1. Management
2. Measurement, Analysis, and Improvement
3. Design and Development
4. Production and Service Controls
5. Purchasing
6. Device Marketing Authorization and Facility Registration
7. Medical Device Events and Advisory Notices Reporting

With 4 main focal points:

• Risk activities
• Outsourced processes
• Design and process validations
• Change management and associated risks

After you tackle the 3 audit phases of your MDSAP audit, you will need to be prepared with next steps depending on whether you pass or fail.

If you pass your audit, you move on to being certified! If you don't, it means there were non-conformities. But don't worry! You have 30 days to fix all of these non-conformities. If you correct them all in time and they are approved, you move on to certification. If not, you will need to go through the whole audit process again.

Regardless of whether you pass or fail, you will need to send in an audit report to local authorities. (see diagram below)

Pros and Cons of Participating

• Pros:
• One audit that is accepted in 5 different regulatory authorities/countries
• Exposure to other markets
• Streamlined time-to-market in other markets
• Scheduled/planned audits rather than surprise audits
• Medical device manufacturers get free choice over who will audit them, as long as they are on the Authorized Auditing Organizations list.
• Cons:
• Cost
• Time
• Resources

In short, there are many pros that come with participating in MDSAP. Although, it can be more challenging for smaller companies to participate due to the high costs. Currently, all company sizes pay the same amount, but keep a close eye on this because there has been talk of offering discounts for smaller companies!

How to Participate

After reading the pros and cons, if MDSAP is something your business can afford, you should definitely participate! 1 audit for 5 countries/markets, it doesn't get much better than that.

To make your life easier, we have outlined 8 simple, specific steps for how to get started:

1. Contact one of the approved Auditing Organizations.
2. Ask for a questionnaire to see if you qualify, then see what necessary steps you need to take in order to schedule your audits.
3. Get a quote.
4. Complete required forms for the AO to review.
5. Present any current products, registrations, licenses you have for each market.
6. Present the types of products your company has.
7. Schedule your audit.
8. Audits may take anywhere from 3-9 days. Companies transitioning to 13485:2016 will have longer audits.

When it comes to scheduling your MDSAP audit, the sooner the better! Audit spots are filling up fast and there are three big deadlines coming up before May 2020.

MDSAP Industry Benefits

MDSAP was created with the intent to benefit all parties involved: medical device manufacturers, regulatory authorities, government bodies, and consumers/patients.

Some of the following benefits of MDSAP include:

• Less regulatory burden on this industry while maintaining appropriate regulatory oversight of medical device manufacturers’ QMS (quality management systems).
• Higher efficiency and flexibility regarding the use of regulatory resources through work-sharing and mutual acceptance among regulators, while still respecting the jurisdictions of each authority.
• Greater alignment of regulatory approaches and technical requirements with international standards and best practices at a global level.
• More consistency and overall transparency of regulatory programs through the standardization of:
• Participating regulators' practices and procedures regarding oversight of third party AOs
• Third party AO's practices and procedures
• Existing requirements and procedures for conformity assessment
• Improved predictability of audit outcomes through:
• Enhanced AO recognition criteria
• Monitoring of AOs by the participating Regulatory Authorities
• A standardized MDSAP audit model
• Grading of any nonconformity using objective criteria to characterize the significance of the finding
• the reporting of the audit outcomes using a standard report template.

How to Pass Your MDSAP Audit with Flying Colors

The most surefire way to pass your MDSAP audit with flying colors is to have an effective Quality Management System (QMS). Having a good QMS will make sure your work is correctly documented, kept up to date, and easy to present to an auditor.

Sierra QMS is designed for organizations who are looking to market medical devices in a global regulated environment, so it is perfect for MDSAP audits. It is built for engineering teams to operate with their preferred tool-sets while automating the compliance with medical device QMS principles for global markets. Sierra Labs helps both medical device software developers and SaMDs developers to build a vigorous QMS that includes a variety of effective workflow management tools.

With compliance to regulatory requirements, an organization will not only be able to pass every audit, but will also be prepared to offer products which are safe, and avoid the setbacks (and disadvantages) related with noncompliance.

The optimized solution to reduce risk, maintain quality, and accelerate innovation is by utilizing an FDA compliant and best practice conformant medical device quality management application.

Want to see how Sierra QMS can help your organization pass your MDSAP audit?

Click Here for a Free Demo!