6 April 2017

The Anatomy of an MDSAP Audit

Launched by the International Medical Devices Regulators Forum (IMDRF) in 2012, the Medical Device Single Audit Program (MDSAP) provides medical device manufacturers a way to simplify pre- and post-market audits required by regulatory authorities around the world.

Under the MDSAP, a single audit performed by an authorized Auditing Organization (AO) is deemed sufficient to evaluate compliance with the quality management system requirements of regulatory agencies in multiple major medical device markets, including the U.S., Canada, Japan, Brazil, and Australia. [White paper: The Medical Device Single Audit Program Pilot Explained]

This single audit approach reduces the need for duplicate quality management audits, helping device manufacturers better manage costs and access to markets around the world.

We've broken down the specific requirements, activities, and potential complications of a MDSAP audit along with important items every device manufacturer should consider.

MDSAP Auditing Requirements

The MDSAP audit has been designed to meet the requirements of ISO 13485, addressing five primary processes in particular:

  1. Management

  2. Measurement, analysis, and improvement

  3. Design and development

  4. Production and service controls

  5. Purchasing

MDSAP audits include two other supporting processes to address specific requirements of participating MDSAP regulatory authorities:

  1. Device marketing authorization and facility registration

  2. Medical device adverse events and advisory notices reporting

MDSAP Auditing Activities

The MDSAP audit program is based on the three-year audit cycle comprised of the following activities:

• Initial certification audit: A complete audit of a manufacturer’s QMS. This is conducted in accordance with the requirements of ISO/IEC 17021 in two separate stages.
 
• Stage 1 audit activities are intended to evaluate QMS documentation and the extent of a manufacturer’s preparedness to undergo Stage 2 audit activities.
 
• Stage 2 audit activities assess actual compliance of the QMS with the requirements of ISO 13485 and other requirements of MDSAP- participating regulatory authorities.
 
• Surveillance audits: In the two years following an initial MDSAP certification audit, a surveillance audit is conducted to determine compliance with MDSAP QMS requirements. These audits do not include the review activities that are part of an initial certification audit and do not need to address all MDSAP requirements that are part of Stage 2 activities. Surveillance audits should assess any changes in the manufacturer’s products or QMS processes since the initial certification audit was conducted.

• Recertification audit: Recertification audits are conducted in the third year following the initial certification audit. These are intended to evaluate a manufacturer’s QMS for continued suitability and ability to meet QMS requirements under the MDSAP. These audits employ more precise sampling, and typically take less time than initial certification audits.

Along with the auditing activities described above, device manufacturers may be subject to special audits or assessments conducted by regulatory authorities, which may be unannounced.


Potential MDSAP Complications

• The ISO will withdraw ISO 13485:2003 as of March 1, 2019, and medical device manufacturers currently certified to ISO 13485:2003 have until then to modify their current QMS to comply with the requirements of the revised standard.

• Participating regulatory authorities may adopt different timetables for transitioning their regulations to the latest ISO 13485 revision. Health Canada, is one regulatory body that has aligned its timetable for acceptance of ISO 13485:2016 in parallel with that of the ISO7.

• Regulators in other jurisdictions may adopt a more aggressive timetable. This would require manufacturers to switch over to the requirements earlier.

MDSAP implementation is now in progress, making it critically important to plan your transition to the new auditing paradigm as soon as possible.

Contact us to learn how our large staff of quality professionals can help you plan and conduct a MDSAP audit and help you adapt your current auditing processes to comply with new requirements.

 
The Medical Device Single Audit Program Pilot Explained
Want to learn more about the MDSAP? Grab our free white paper and discover the full story behind the Medical Device Single Audit Program Pilot.
Read the White Paper  

Topics: Medical Devices, FDA Auditing, Global Regulations, MDSAP