The Medical Device Single Audit Program (MDSAP) is a harmonised approach to auditing and monitoring the quality management systems of medical device manufacturers on an international scale. It was developed by a group of medical device regulators (the IMDRF) to recognise third-party auditors to conduct a single audit of a medical device manufacturer that will cover ISO 13485:2016 and their respective regulatory requirements.
“The purpose of MDSAP is to establish, conduct and command a single audit program.” This allows a single audit of a medical device manufacturer’s QMS which satisfies the requirements of multiple regulatory jurisdictions. MDSAP Audits are conducted by Auditing Organizations (AO), authorized by the participating Regulatory Authorities (RA) to audit under MDSAP requirements. Accordingly, Medical Device Single Audit Program (MDSAP) audit reports may be used by regulatory authorities in lieu of their own inspection reports. The current MDSAP program participants include: USA, Canada, Australia, Japan and Brazil.
MDSAP is a way that medical device manufacturers can be audited once for compliance with the standard and regulatory requirements of up to five different medical device markets: Australia, Brazil, Canada, Japan and the United States
TGA requires assessment of compliance of the medical device to the Medical Device authorisation requirements where the MDSAP audit report is used as an evidence. This is not mandatory only if the device is exempted from the requirements.
ANIVSA pre-market and post-market assessment procedures require the MDSAP audit reports to be utilised as an input for regulatory technical evaluation.
MDSAP audit outcomes aid in assessment of regulatory compliance for quality management systems in Canada.
MDSAP audit reports are accepted as alternative of FDA routine inspections where these are not applicable for pre-approval and post-approval inspections, Pre-market approval or PMA applications.
MDSAP reports are used as a trial to allow exemption from on-site inspection of the manufacturing site;
MDSAP Audits are conducted annually, according to a three-year MDSAP certification cycle, by approved auditing organizations (notified bodies). “An initial MDSAP certification audit is conducted by MDSAP- recognized Auditing Organizations which will be followed by annual surveillance audits”. MDSAP Audit time is based on tasks, not employee count, with an average of 15 minutes per task.
To maintain the consistency amongst the MDSAP-recognized Auditing Organizations, they should follow the MSDAP Audit plan:
All MDSAP audit reports must be submitted to all regulators. As part of the MDSAP program, regardless of the outcome, all regulators will be reviewing the reports. Additionally, a database will be set up for these reports, so any of the participating countries can review reports associated with a particular organization or medical device, as well as trending nonconformities.
Nonconformities are graded on a scale of one to five, with a grade of 1, 2, or 3 considered a minor nonconformity, and grades of 4 or 5 considered more serious. If an MDSAP audit identifies one or more grade-5 nonconformities, more than two grade-4 nonconformities, a public health threat, or any fraudulent activity, the auditing organization must inform regulatory authorities within five days. An unannounced follow-up visit six to nine months later will verify that appropriate corrective actions have been effectively implemented, and subsequent follow-up visits are then scheduled.
In most cases, the manufacturer must provide a remediation plan for each non-conformance within 15 calendar days of the date the nonconformity report was issued. In cases involving grade 4 or grade 5 nonconformities, final response — with evidence of effective corrective action — must be provided within 30 days of the last day of the audit.
MDSAP Auditing organizations are expected to provide an audit package, which includes non-conformance grading, to regulatory authorities within 45 days of the end of the audit.
“It is necessary to apply for MDSAP certification only in those markets where the manufacturer is planning to market their devices. When the scope of MDAP certification is determined it is important to consider the compliance requirements and long-term objectives relevant to the product to be marketed. Manufacturers willing to expand the their MDSAP certificate to other markets must imbibe the changes in their QMS to add supporting documentation and undergo a recertification by the MDSAP-recognized Auditing Organization.”
The MDSAP program was officially implemented in January 2017, following the completion of the pilot program.
Health Canada requires all license holders to change from CMDCAS to MDSAP by December 31, 2018.
Health Canada will terminate the CMDCAS program on December 31, 2018. After this date, Health Canada will only accept MDSAP certificates from manufacturers with their device applications or renewals.
Maven understands the specific challenges medical device manufacturers face and the importance of bringing innovative yet safe products to global markets. Ensuring the predictability and transparency of regulatory clearance is key to maintaining a competitive edge.
Partner with us and gain the confidence of knowing you have a solid quality management system in place for medical devices. We can be your one stop solution.