8 Factors to Prepare for your MDSAP Audit

Dale Morgan

The Medical Device Single Audit Program, or MDSAP, is a program that allows medical device
manufacturers to be audited once for compliance with the ISO 13485 standard AND regulatory
requirements of participating countries. These countries include: Australia, Brazil, Canada, Japan and the United States.

Organized by the International Medical Device Regulators Forum, IMDRF, this initiative was
implemented in January 2017. It was created to accelerate international medical device regulatory harmonization and convergence.

This harmonization aims to promote consistency, predictability and transparency by standardizing their oversight on auditing organizations, including their practices, as well as conformity assessments.

Due to time limitations and complexity of the audit, organizations must be prepared to supply
evidence of conformity to the program.

8 success factors you need to consider:

  1. The Management Process
    The purpose of auditing the management process is to evaluate the overall suitability, effectiveness and alignment of your medical device quality management system. The MDSAP audit will examine and look for key pieces of objective evidence including but not limited to: 
    • Identification of the interrelated processes needed for the QMS along with their management throughout the organization, their sequence and interactions.
    • Periodically reviewed quality objectives at relevant functions and levels within the organization consistent with the quality policy.
    • Proper implementation of all applicable requirements of Medical Device QMS i.e. Requirements for regulatory purposes (ISO 13485:2016) and the Quality Management System requirements of the Conformity Assessment Procedures of the 5 country regulators in using the MDSAP Program.
    Effective QMS management processes create an opportunity for all members of an organization to gain an understanding of a quality culture that supports the overall improvement of the management system.The Management Process
  2. Management Review and Corrective and Preventive Actions
    The purpose of a management review is to evaluate the overall suitability, effectiveness and alignment of your medical device quality management system. Management reviews create an opportunity for executive teams to understand how resources are being used, where issues occur and how it supports the overall improvement of the management system.

    When audits detect problematic issues, it’s very important that management response include the effective;
    • Containment and Correction of the problem
    • Corrective Action
    • Mitigation of any emerging risks related to actions taken

    However, businesses are often quick to react to the issue by treating the symptoms and are therefore likely to experience the issue again. MDSAP requires that you should take a step back and understand the broader issue, linkages to all processes and resolving the true root cause and eliminating the issue from reoccurring.

    The management review also serves as a formal tool of communication. Being transparent with your employees is critical in achieving business objectives. It gives your employees an understanding of the context in which they work and demonstrates the commitment of top management to the organization.

    If you’re experiencing meeting overload watch our webinar on tips and techniques for conducting effective management reviews.
  3. Post-Market Surveillance – Adverse Events and Advisories
    Auditors will now look to understand your post-market surveillance (PMS) process. This is systematic collection, analysis and interpretation of data and information related to your marketed medical device.

    Organizing a team to manage product safety and quality is critical in building an effective internal PMS process. This team should be structured to continually evaluate the balance between risk and performance through a reactive (incident-driven) and proactive (review-driven) approach.
  4. Design & Development Activity
    Review of the Design and Development process will evaluate how the organization has utilized risk management activities to ensure design inputs are comprehensive and meet user needs. It confirms that risk control measures were planned and have been implemented in the design and verifies that risk control measures are effective in controlling or reducing risk.

    The MDSAP audit will look to verify that design and development inputs were established, reviewed and approved. They must address: customer functional, performance and safety requirements; intended use; applicable regulatory requirements; and other requirements including those arising from human factor issues.
  5. Product Realization Planning and Process Validations
    The production process will be examined in the MDSAP audit, based on the information the audit team has learned about device and QMS nonconformities from the Measurement, Analysis and Improvement process. Auditors will also look at high risk elements and essential design outputs from the design projects reviewed from the design and development process.

    The product verifications and process validations need to be aligned throughout these MDSAP processes.
  6. Specialized Processes - Sterilization
    Under Annex 2 of the MDSAP requirements, manufacturers must have their sterilization processes audited. This is to verify that all processes contributing the device’s sterility are properly controlled and supported through the quality management system, ensuring consistency and reliability throughout the product lifecycle.

    The sterilization audit can focus on Microbiology, Packaging and Sterile Barrier Systems, Environmental and Contamination Control, or Routine Sterilization.
  7. Supplier Control
    The control of suppliers underlies several processes within the QMS. The regulatory bodies have put greater emphasis on the responsibility of every step of a medical device manufacturer’s supply chain. Manufactures are expected to have control of any outsourced processes throughout the product lifecycle, including design, manufacture and purchase of the medical device.

    The program requires manufacturers to evaluate and select suppliers based on their ability to meet your requirements.
  8. Risk-based approach
    To comply with the MDSAP requirements, Medical Device manufactures must bring a risk-based approach to manage and control risk. Effective Risk management planning and ongoing review of the effectiveness of risk management activities to ensure that policies, procedures and practices are established for analyzing, evaluating and controlling risk.

    As manufacturing and supply chains continue to become more and more complex, adopting a risk-based approach gives you the framework to understand your production and supply chain risk, understand how that risk affects your product, and how it impacts your customers.

    Promote risk-based thinking throughout your organization.

Final Thoughts
Going through the steps of compliance and certification to the MDSAP requirements shouldn’t be seen as a “checkbox” activity. Instead, organizations should look at the certification process as a method of improving the performance and effectiveness of its processes.

By focusing on these eight key components, you’re not just meeting your compliance and
regulatory requirements, but setting your business up for success.

Find out more about the MDSAP and ISO 13485.

Or contact us to start your MDSAP certification journey.

Previous Article
The 3 Challenges Commonly Experienced by Manufacturers Seeking Certification to the MDSAP
The 3 Challenges Commonly Experienced by Manufacturers Seeking Certification to the MDSAP

Due to changes in technical and regulatory requirements the Medical Device industry has recently experience...

Next Article
Maximizing your Certification to ISO 13485
Maximizing your Certification to ISO 13485

In this webinar, we’ll also review practical examples for the validation of software used in quality manage...

Want to speak to someone about Remote Audits?