Guest Column | October 9, 2017

MDSAP And Its Implications For Device Makers

By Peter Rose, Maetrics

MDSAP And Its Implications For Device Makers

Manufacturers selling their products in multiple countries must comply with regulations in each country, which can be a complex and time-consuming process; the challenge of achieving compliance in multiple markets can even lead manufacturers to desist from expanding. In addition, regulatory variation from country to country means different audits and processes are required.

This is why a global approach to auditing has long been on the agenda of international regulators, leading the International Medical Device Regulators Forum (IMDRF) to initiate preparation for the Medical Device Single Audit Program (MDSAP) ten years ago.

A favourable by-product of the program — intended to increase alignment between regulatory approaches and technical requirements by introducing a single regulatory audit that satisfies requirements in multiple jurisdictions — is that coordination between participating countries encourages consistency and transparency within their regulatory programs.

The MDSAP functional statement officially defines the policy’s objective as, “To jointly leverage regulatory resources to manage an efficient, effective and sustainable single audit program focused on the oversight of medical device manufacturers’ quality management systems”.

Piloting The Program

The participating countries started a trial of the single audit program in January 2014, and in June 2017 a report collated the outcomes of the prospective “proof-of-concept” criteria established to confirm the viability of the MDSAP. The international coalition of countries participating in the pilot included five organisations:

  • Australia’s Therapeutic Goods Administration (TGA)
  • Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA)
  • Health Canada
  • the U.S. Food and Drug Administration (FDA)
  • Japan’s Ministry of Health and Labour and Welfare (MHLW)

Now that the trial period has come to an end, the program is officially active in these five countries.

MDSAP implementation

Typically, implementation of MDSAP takes place over three years and includes three different audits: the initial audit, the surveillance audit, and the recertification audit.

The initial audit is an essential documentation review that determines whether the audited company is ready for a stage 2 audit. The stage 2 audit comprises a thorough review of the company’s Quality Management System (QMS) to verify whether its products are safe, effective, and meet performance standards. The stage 2 audit also is an implementation review of the ISO 13485 standard and regulations applicable in the participating countries; so, upon successful completion of an initial audit, an Auditing Organisation (AO) will issue certification documents to state compliance.

If no significant changes have been made since their last audit, manufacturers do not need to undergo a stage 1 audit before running a surveillance audit. The purpose of the surveillance audit is to maintain confidence in the compliance of the audited QMS with applicable standards and regulations.

Lastly, the recertification audit evaluates the continuous effectiveness and suitability of the QMS, and ensures it continues to satisfy all applicable standards and regulations. The recertification audit will also confirm the relevance and applicability of the QMS within the scope of certification and MDSAP-specific requirements.

Consequences Of Non-Conformities

Non-conformities (NCs) identified during an on-site audit are graded on a scale from 1 (least critical) to 5 (most critical): a grade of 1, 2, or 3 is considered a minor non-conformity, and grades 4 and 5 are considered far more serious.

In the event of non-conformities, a number of deadlines become effective. If the MDSAP audit identifies one or more grade 5 NCs, more than two grade 4 NCs, a public health threat, or any fraudulent activity, AOs must inform the regulatory authorities within five business days.

Manufacturers must provide a remediation plan for each NC within 15 calendar days from the date the NC report is issued. For grades 4 and 5, manufacturers must provide their remediation plans to the AO within 30 days of the audit end date. AOs are, in turn, expected to provide the audit package, including the NC grading, to the regulatory authority within 45 days of the end of audit. AOs then will carry out an unannounced visit six to nine months later to verify that the remedial plan has been put into action.

Compliance with MDSAP could therefore significantly help to reduce the burden of managing different regulatory requirements, as manufacturers already will have identified issues and worked towards solving them.

Participating Countries

  • Canada — As of Jan. 1, 2019, the Class II, III, and IV medical devices in Canada will follow MDSAP. The Canadian Medical Devices Conformity Assessment System (CMDCAS) will yield to the MDSAP as mandatory for regulatory submission in Canada.

  • Australia — Combination products and other medical devices are accepted by MDSAP. The TGA can accept MDSAP certificates as support of evidence for compliance with the ISO13485 standard, and may request additional documents.

  • Brazil — The resolution from August 2015 allows MDSAP reports to serve as alternatives to ANVISA inspections, but only when the previous ANVISA inspection was deemed satisfactory.

  • USA — The MDSAP can be an alternative to an FDA inspection, excluding combination products and PMA inspections. Certification documents issued by the AO must comply with applicable US regulations.

  • Japan - An MDSAP audit report submitted at the time of pre- or postmarket QMS inspection can be used as a trial to exempt some manufacturing sites from on-site inspection, and/or to allow the manufacturer’s Marketing Authorization Holder (MAH) to substitute the MDSAP report for a considerable part of documents required for the inspection. 


MDSAP compliance will create new opportunities, which is particularly attractive for manufacturers looking to expand. Particularly, there will be greater access to the market as there will be a larger acceptance of audit reports through increased sharing. Also, participating in MDSAP may be seen as evidence of a medical device manufacturer’s commitment to product quality and regulatory compliance. MDSAP means that a single audit is used in lieu of multiple separate audits, which will ultimately reduce the overall number of audits or inspections and will make the most of time and resources which are spent on audit activities.

MDSAP is also expected to have an influence on the number of third party AOs. Even though currently the number of AOs is not as large as would be expected, it is highly possible that organisations (other than NBs) will also apply to be recognised as an AO.

Manufacturers, AOs, and regulatory authorities all will be impacted by this radical approach to harmonising regulation. However, the principles of transparency and standardisation embodied by the MDSAP can only be positive for the industry as it moves forward.

About The Author

Mr. Rose is the Managing Director and Practice Leader for Maetrics operations in Europe. Having worked in the medical device industry for over 20 years, Mr. Rose has a wealth of experience and knowledge in quality systems and regulatory affairs. He is a lead auditor and a qualified microbiologist, and has been recognized for his extensive experience with sterilization. His background roles include quality management, sterilization, cleanroom, quality systems, regulatory affairs and laboratory management.