Blog | The FDA Group

3 Ways to Prepare for the MDSAP Internally

Written by The FDA Group | July 11, 2017

The Medical Device Single Audit Program (MDSAP) is a global initiative intended to accelerate medical device regulatory harmonization by allowing a single regulatory audit to satisfy the requirements of multiple jurisdictions around the world.

For manufacturers that have determined MDSAP certification is a valuable pursuit, (read our free white paper if you're still unsure) there are three general steps companies can take to prepare their organizations for the initial audit, which involves a review of impacted documentation to determine preparedness for an on-site assessment of both the head office and any critical locations.

1. Conduct a Gap Assessment of All Standard Operating Procedures (SOPs) and Processes

“The very first step toward preparing for the initial audit should be a thorough and complete gap assessment of all SOPs and processes with an eye toward risk.” – Corrine Bonfiglio, The FDA Group Consultant

--

Just as many manufacturers struggled to understand and adapt their processes when design control requirements were formally introduced during the switch from GMPs to QSRs, the MDSAP presents a similar learning curve with the introduction of risk requirements.

The MDSAP follows in line with a greater movement toward a more risk-based approach around the world. This program expands the definition of “risk” beyond risk assessments for products alone to encompass the entire quality system.

2. Develop and Implement a Comprehensive Risk Assessment Program

Regulators now expect manufacturers to conduct risk assessments on processes throughout the quality system. In particular, your Notified Body will be looking for a robust risk assessment program in order to gauge and measure your investment in assessing risk beyond product quality and safety alone.

In many cases, developing such a program will require companies either augment their current Quality staff or use a third party consultant. In this case, an experienced consultant can bring firsthand knowledge gained through working with other manufacturers to build a program proven to be effective and aligned with regulatory expectations. 

It’s important to note that the concept of risk still remains a tripping point for many regulated manufacturers. Given its recently-expanded scope, even veteran Quality professionals at the helm of smaller risk assessment programs struggle to know where to start when widening these efforts to the entire quality system.

Experienced third party experts are especially valuable not only for developing effective programs, but prioritizing their implementation and ensuring sufficient documentation while training staff to successfully use the expanded program.

Despite the complex challenge, the bottom line for MDSAP preparation is simple: Device manufacturers must have at least a minimal risk assessment program in place with accompanying risk-related documentation for both products and processes to satisfy MDSAP auditors during their initial assessment.

Contact The FDA Group today to learn how our consultants have helped device companies develop robust risk assessment programs and how they can help build one for you.

3. Ensure employees aren’t just trained in ISO 13485:2016, but fully “competent” in it

In addition to conducting a thorough gap assessment and developing a comprehensive risk assessment program, device companies that haven’t yet trained their employees to the ISO 13485:2016 standard should ensure they do so in preparation for the MDSAP.

This updated standard aligns incredibly closely to FDA’s regulations and an effective training program will prepare staff for the expectations that are quickly approaching. 

Companies with robust FDA quality systems shouldn’t find the new ISO standard a considerable challenge beyond the new areas of risk-related requirements. Many industry experts predict the next version of FDA’s QSR will make risk its primary focus, in keeping with the broader trend seen throughout the world. As such, device manufacturers should make risk their primary focus as well. 

Perhaps even more importantly, device companies must expand their concept of training beyond what was accepted in the past. One term in particular sets the bar for training much higher in the updated standard: competence.

Speaking at RAPS' 2016 Regulatory Convergence, leading medical device quality systems expert and former FDA official, Kim Trautman warned attendees the requirements for employee training will be stricter:

--

"Long gone are the days that you can have a training course and someone can sign their name and say, 'Yup, I put my butt in the chair and I attended the course,' [or] give somebody a slide deck of PowerPoints and say 'okay, go through the PowerPoints.' All over the standard, the word competence is seen. You have to assess the competence. You cannot just train. You have to train and assess the competence."

--

13485:2016 carries over the same dimensions for competency as the earlier version (education, training, skills, and experience), and still requires manufacturers determine the necessary competence for those who perform work that affects product quality. However, the 2016 standard introduces a number of additional requirements that will need to be implemented prior to your MDSAP audits.

1. Document the process for establishing competence 

While most companies have a process in place, it may be informal. The most widely used method for documentation generates a job description identifying a particular job and the relevant competencies. This job description may include standard elements such as job title, document date, description of job, department or function, and the competence elements noted above.

Additionally, a procedure should be written which explains the method, responsibility, and authority for creating these descriptions. This should be included in the document control system.

The next step is identifying the people who perform that job and determining if the person in that job meets the competence requirements. Use a gap analysis to identify each requirement from the job description before documenting the evidence which  suggests the person meets the requirement. This could be a diploma, a training certificate, years of experience document on a resume, etc. 

2. Document the process for providing needed training  

ISO 10015:1999 Quality management – Guidelines for training offers valuable guidance for establishing a training program which covers the development, implementation, maintenance, and improvement of strategies and systems specifically for training.

3. Provide training or take other action to achieve or maintain the competence needs 

If any gaps exist between the requirement and the objective evidence, develop a plan to train the employee or take other needed actions. These plans may be simple or more involved depending on the situation.

4. Develop a methodology to check effectiveness that is proportionate to the risk associated with the work performed 

In addition to presenting a viable training cycle, ISO 10015:199 Quality management – Guidelines for training also offers good advice for evaluating the effectiveness of your training program in both the short and long term.

• In the short term, obtain trainee feedback information on the training methods, resources used, and knowledge and skills gained as a result of the training

• In the long term, assess trainee job performance and productivity improvement

 
 
Grab our free white paper and learn more about the MDSAP, including which companies stand to benefit and how to prepare for certification success.