Author: Suzanne Broussard
When preparing for the MDSAP audit, it is important to understand that the audit focuses heavily on risk-based processes, outsourced processes, and validation activities. MDSAP is based on the international quality systems standard ISO 13485:2016, which requires organizations to consider risk from device conception through its lifetime of use. This Risk Management includes the device manufacturer and the supply chain.
Check out our Resources page for our whitepaper on MedDev 2.7/1 Equivalence and Risk/Benefit Profile.
There are seven “Processes” in the MDSAP audit. FDA’s vision of how all these processes link together is depicted in Figure 2.
The first four “Primary” processes, depicted in the dark blue boxes, and the “Supporting” Purchasing process were all built on a foundation of Risk Management. The other two Supporting processes (note that Device Marketing Authorization and Facility Registration links to two processes), depicted in the light blue boxes, fulfill the requirements of the participating regulatory authorities. There are 90 total tasks.
The MDSAP Audit is designed with the interrelatedness of each process in mind. For example, the manufacturer must identify the linked processes and perform Risk Management in accordance with clause 4.1.2 (c) of ISO 13485:2016. One process naturally links to the next process and the audit is conducted in a logical sequence.
Device manufacturers currently selling in these markets should already be in compliance with each country’s quality regulations, but allocating time and resources for each country’s audit can be challenging. Thankfully, MDSAP’s fruition offers the opportunity to simplify this challenge. Keep in mind that companies only need to be compliant in markets they are currently selling, and organizations are not allowed to opt out of participating nations in which they sell once they adopt MDSAP (no “cherry-picking”).
Read more about how device manufacturers can benefit from the MDSAP.
The audit is very scripted and starts with the Management Process working through each subsequent task straight through to the Purchasing Process. There is no deviation in flow and every “task” is timed. Tasks sections are broken down into Clause and Regulations, Additional Country-specific Requirements, and Links to Other Processes.
The Initial Certification Audit is conducted in two separate stages, typically several weeks apart.
Stage 1
Stage 1 is designed to determine if the Quality Management System (QMS) and other MDSAP documentation requirements are adequate, evaluate the readiness of the manufacturer, and facilitate the planning of the Stage 2 audit. Stage 1, sometimes referred to as a desk-audit, occurs in real-time, typically via virtual communications between the organization and auditor.
Here is an example of what MDSAP is looking for in Stage 1. “Whenever a MDSAP Audit Task requires an auditor to verify the identification and documentation of a requirement in QMS documentation, this verification should be performed as part of the pre-audit preparation and documentation review, as practical, to minimize on-site audit time and to increase the auditor’s familiarity with the manufacturer’s QMS.“
A deficiency letter is sent out after the Stage 1 audit informing manufacturers of deficiencies. Corrective action can then be taken to avoid getting findings during the physical audit.
Stage 2
The Stage 2 audit activities determine the manufacturer’s actual compliance with ISO 13485:2016 and all the regulatory requirements of the participating jurisdiction in which they market. There are two onsite auditors that split up assignments, typically in individual conference rooms.
The flow and timing of the Stage 2 audit are based on the specific tasks that need to be performed as assessed from the information supplied in Stage 1. The duration is calculated using the MDSAP P0008 algorithm based on the number of tasks and the time allotted for each. Variables like the number of employees and the specific process activities performed by the organization are used in this calculation. MDSAP provides two tools to help determine audit time, both of which are available on the FDA website.
Are you ready to read about our 9 tips to ace the MDSAP the first time?
Fill out this form, or contact us at info@criterionedge.com, and we would be happy to answer any of your questions as well as book you an appointment to discuss your project needs during a time that works for you.
In this discussion, we provide an overview of how to plan and coordinate change within an organization to meet upcoming EU IVDR regulatory requirements. We will be highlighting key steps involved in helping medical affairs transition to a more rigorous regulatory environments, and how to evaluate talent gaps, team leadership composition, and process challenges of your product portfolio.
In this discussion, our panel of proven leaders discuss the key elements that support and propel the innovation process in the medical device, pharmaceutical, and IVD industries. We will be highlighting key areas of the process, important players in the pathway to the market, and how successful innovations spawn new innovations in new markets such as the digital health space, and more.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Read more about our privacy policy here.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
This website uses Google Tag Manager and Pardot's tracking features to collect information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
