Ensuring medical devices comply with the requirements for multiple markets can be disruptive, time consuming and expensive. In this article we look at the Medical Device Single Audit Program (MDSAP), which verifies compliance to ISO 13485 and the regulatory requirements of medical devices in Australia, Brazil, Canada, Japan, and the US.
Medical device manufacturers must ensure the products they supply are safe and comply with the regulatory requirements of their target market(s). Since most countries enforce their own regulations, this can be a costly exercise involving multiple audits against a variety of requirements. A much better option is a single auditing program that covers multiple markets.
Launched as a pilot program in 2014, MDSAP follows the work of the International Medical Device Regulatory Forum (IMDRF) and Global Harmonization Task Force (GHTF). It leverages regulatory resources into a single aligned auditing program covering multiple markets, and seeks to:
MDSAP is based on ISO 13485:2016 but also covers the medical device regulation requirements enforced in the following territories:
For medical device manufacturers, this means compliance with one auditing program will give them access to five markets.
Canada became the first country to require compliance to MDSAP. They initially began extending applications under the Canadian Medical Device Conformity Assessment Scheme (CMDCAS) in 2017, but, since January 1, 2019, it has been a mandated requirement.
Originally published in 1996, ISO 13485 is a comprehensive quality management system (QMS) standard covering the regulatory requirements needed for companies operating in the medical device sector. It is now in its third edition, published on March 1, 2016.
Certification to ISO 13485:2016 allows an organization to demonstrate its ability to provide medical devices and related services in a consistent and compliant manner. It is not restricted to manufacturers but is applicable to businesses in every stage of the medical device life cycle.
As with many current ISO standards, ISO 13485:2016 provides a framework that can be applied to organizations of all sizes.
MDSAP has a three-year audit cycle. The initial audit is made up of two stages. Stage 1 looks at QMS documentation and considers the readiness of the site(s) for auditing. Stage 2 takes place at least 30 days after Stage 1 and incorporates the main body of the assessment. There are then surveillance audits every year and a recertification audit in the third year.
Each site under the scope of the audit must be assessed annually, with each site requiring a separate report. Certification can only be recommended if all applicable processes, jurisdictions, products, and manufacturing locations are audited. In general, outsourced processes and services are not audited unless they are required by the jurisdiction.
MDSAP audits cover seven processes – four primary and three supporting. These are:
In combination, auditing these processes shows compliance with the specific requirements of participating MDSAP regulatory authorities.
The tasks associated with each individual process audit are explained in the MDSAP Companion Document. This includes a reference to the applicable ISO 13485 clause and the jurisdictional requirements to need to be verified. It should be noted, all ISO 13485 clauses are covered in the MDSAP.
In total, there are 175 tasks that can be audited, of which 90 are from ISO 13485 and 85 are country-specific requirements. In some cases, audit requirements must be multiplied for very large multisite manufacturers.
Critical aspects will be highlighted in each of the seven process audits. These are:
MDSAP certification has multiple benefits for manufacturers. With a single audit, the company can demonstrate compliance to the requirements of ISO 13485:2016 and five key target markets – Australia, Brazil, Canada, Japan, and the US. These audits are also scheduled directly with the auditing organization (AO), and so there is minimal disruption while time and resources are optimized. Additionally, scheduled FDA inspections are eliminated. However, participation in MDSAP does not eliminate FDA visits for cause.
SGS offers a comprehensive range of service, including auditing and product testing, to help companies gain MDSAP certification.
Learn about SGS MDSAP Services.