The Medical Device Single Audit Program: Everything you need to know to prepare & maintain MDSAP Certification

Bringing medical devices to several markets can be challenging, time consuming and costly. Even though most regions have their own specific regulatory requirements, they all strive to ensure that the medical devices that enter their markets are safe for patients and users. The International Medical Device Regulators Forum (IMDRF) recognizes that a global approach to auditing and monitoring the manufacturing of medical devices could improve safety and oversight on an international scale. This is why in 2012, the IMDRF started the initiative to create specific documents for advancing a Medical Device Single Audit Program (MDSAP).

In this article we explore what the MDSAP program entails, who is part of it, what are its objectives and what are the expectations when you enter in such audit program.

What is MDSAP?

As can be guessed from its name, the Medical Device Single Audit Program is a program that allows one single regulatory audit of a medical device manufacturer's quality management system that satisfies the relevant requirements of multiple regulatory jurisdictions. 

The audits are conducted by recognized Auditing Organizations that are authorized by participating Regulatory Authorities to conduct these audits in this program. 

By choosing the MDSAP, medical device manufacturers can be audited once for compliance with the regulatory requirements of up to five different medical device markets, being Austrialia, Brazil, Canada, Japan and the Unites States.

What Are the Goals of MDSAP?

The program’s main mission is to “…jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers.” 

The primary objectives of MDSAP encompass enhancing patient safety, ensuring consistent product quality, minimizing regulatory burden on manufacturers, promoting international cooperation, and facilitating market access for medical devices.

Which Regulatory Authorities Are Participating in MDSAP?

MDSAP involves collaboration among several regulatory authorities, including the United States Food and Drug Administration (FDA), Health Canada, Therapeutic Goods Administration (TGA) of Australia, Japan's Ministry of Health, Labour and Welfare (MHLW), and Brazil's Agência Nacional de Vigilância Sanitária (ANVISA). All these regulatory authorities are equal partners in this program. The participating Regulatory Authorities have committed to use the MDSAP deliverables

Next to the participating regulatory authorities, there are as well MDSAP Official Observers. Currently, these are the European Union (EU), Singapore's Health Sciences Authority (HSA), United Kingdom'm Medicines and Healthcare products Regulatory Agency (MHRA) and the World Health Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs) Programme. A Regulatory Authority who is an “observer” may attend MDSAP work group meetings, assessments, and other activities, but does not utilize MDSAP program deliverables to replace or supplement its regulatory scheme deliverables or portions of these deliverables.

MDSAP Audit Cycle

The MDSAP program is based on a three year audit cycle. 

  1. The Initial Audit or Initial Certification Audit is a complete audit of the organization's QMS consisting of a stage 1 and a stage 2 audit

  2. Partial Surveillance Audits are performed in the following two years

  3. A Recertification Audit is done in the third year, which is again a complete re-audit

Special Audits and Unannounced Audits can also be conducted and these can occur at any time within the audit cycle

Initial Certification Audit

The Initial Certification Audit is divided into two phases: Stage 1 and Stage 2.

The primary goal of the Stage 1 audit is to assess whether the QMS is well defined and documented according to the different requirements. Secondly, it also assesses the readiness of the organization to go to Stage 2 and will highlight the focus points for this Stage 2 audit and thirdly it aims at collecting information regarding the scope of the organization's QMS together with other aspects related to the organization.

In the Stage 2 audit it will be assessed if all applicable requirements of ISO 13485 and the relevant regulatory requirements of the different regulatory authorities have been implemented. The effectiveness of the QMS will be evaluated together with product and process related technologies and product technical documentation in relation with the relevant regulatory requirements.

Partial Surveillance Audits

During the surveillance audits, not necessarily every aspect of the QMS is audited in detail. The goal is that spread over the different surveillance audits, the authorities can remain confident about the effectiveness of the organization's QMS as well as review and evaluate changes in the QMS and the product documentation. 

Recertification Audit

Recertification audits or re-audits aim at confirming the continued relevance and suitability of the organization's QMS as a whole in relation to ISO 13485 requirements as well as relevant regulatory requirements from the regulatory authorities. Unless there are major changes, these audits do not require a Stage 1.

MDSAP Audit Process

MDSAP audits aim at evaluating the QMS of an organization. The backbone are the requirements of the ISO 13485 standard, but it goes beyond that as not all of the participating regulatory authorities have fully adopted ISO 13485 as the reference in terms of QMS requirements and they have specific requirements of their own. The full Audit model is described in this document. 

There are 7 key process elements or chapters that are being assessed:

  1. Management

  2. Device marketing authorization and facility registration

  3. Measurement, analysis, and improvement

  4. Medical device adverse events and advisory notices reporting

  5. Design and development

  6. Production and service controls

  7. Purchasing

Management 

The Management process is the first to be audited in the sequence of processes. The goal of the Management process is to ensure adequate resources for all other processes within the QMS.

Device marketing authorization and facility registration

This process is focused on ensuring that all activities related to market authorization and registrations with the regulatory authorities participating in the MDSAP have been completed.

Measurement, analysis and improvement

Identifying (potential) problems, analyzing the causes and mitigating those problem is key in a QMS. Auditing this process ensures that medical device organizations have implemented effective processes to collect and analyze information to identify actual and potential product, process and quality system nonconformities, investigate them and ensure appropriate and effective actions are taken.

Medical device adverse events and advisory notices reporting

In this process, the goal is to assess the existence of systems for timely reporting and management of adverse events and advisory notices associated with medical devices.

Design and Development

It's key for a medical device organization to ensure proper design documentation and maintain control over the design and development process so that the medical devices continue to meet user needs, intended uses and specified requirements.

Production and Service Controls

Production and service controls need to ensure that the organization is capable of ensuring products will meet specifications. In this part, procedures, testing, equipment, servicing and infrastructure will be evaluated.

Purchasing Process

Control over suppliers and the products or services delivered is key to ensuring proper quality is maintained. This includes supplier management, incoming inspections, control over outsourced processes.

How can Matrix Requirements help?

Whether you are going for a Notified Body audit in the EU, an inspection by FDA or a MDSAP audit, it's key to be well prepared and have proper documentation in place. Matrix Requirements provides you with one platform that allows you to both create and maintain your QMS as well as your product documentation.

Specifically dealing with requirements from multiple regions adds an additional layer of complexity to your documentation. Also here, Matrix provides you with ways to facilitate your regulatory submissions and create gap analyses against different requirements.

If you are interested to discover how Matrix can help you, feel free to contact us for a demo!

About the Author
Ann Vankrunkelsven
RA/QA Manager