Author: Suzanne Broussard

Take the advice of industry experts and AOs—the key to acing the MDSAP audit is to prepare, prepare, prepare.

The MDSAP audit process is intense in that it is designed to provide thorough coverage of QMS and multiple jurisdictions regulations. Remember, your organization already maintains a level of compliance in all countries they sell devices. MDSAP simply rolls all these regulatory requirements into an efficient process. Here are a few tips to keep in mind when preparing for the MDSAP audit.

1. Look closely at the MDSAP Audit Model to determine exactly what the Auditing Organization (AO) will need. The MDSAP Audit Model is the AOs guide. Everything needed for the audit is clearly laid out in this comprehensive guide. Each of the 90 questions the AO will ask is contained in this guide. And, each question is cross-referenced to relevant sections of ISO 13485:2016 and other specific requirements of medical device regulatory authorities participating in the MDSAP program.

Author: Suzanne Broussard

Risk Assessment is the Cornerstone of the MDSAP Audit

When preparing for the MDSAP audit, it is important to understand that the audit focuses heavily on risk-based processes, outsourced processes, and validation activities. MDSAP is based on the international quality systems standard ISO 13485:2016, which requires organizations to consider risk from device conception through its lifetime of use. This Risk Management  includes the device manufacturer and the supply chain.

Check out our Resources page for our whitepaper on MedDev 2.7/1 Equivalence and Risk/Benefit Profile.

There are seven “Processes” in the MDSAP audit. FDA’s vision of how all these processes link together is depicted in Figure 2.

The first four “Primary” processes, depicted in the dark blue boxes, and the “Supporting” Purchasing process were all built on a foundation of Risk Management. The other two Supporting processes (note that Device Marketing Authorization and Facility Registration links to two processes), depicted in the light blue boxes, fulfill the requirements of the participating regulatory authorities. There are 90 total tasks.

Author: Dr. Suzanne Broussard

MDSAP as a Single Regulatory Audit 

The Medical Device Single Audit Program (MDSAP) is now in year three of voluntarily allowing medical device manufacturers to satisfy requirements of multiple regulatory jurisdictions with a single audit. Understanding the basics of MDSAP is the first step to determining if this is right for your organization.  

Device manufacturers are starting to accept this more harmonized auditing program, with over 2,700 manufacturers having undergone an MDSAP audit as of December 2018 (Figure 1). The significant increase in audits in 2018 reflects Health Canada’s hard deadline of January 1, 2019 for device manufacturers to comply with MDSAP in order to sell medical devices in Canada. While there were plenty of concerns about the transition, Health Canada received over 3,000 MDSAP certifications or transition submissions accounting for 90% of medical manufacturers operating in Canada. The remaining 10% are companies with very low or no sales, meaning they may likely pull out of the market.  

Several early adaptors are lauding the MDSAP program for saving time and limiting company resources needed for auditing agencies. These outcomes are in line with IMDRF’s primary goals for creating MDSAP, which are to “…jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers.”