Understanding the MDSAP Non-Conformance Scoring and Audit Report

April 6, 2020

The Medical Device Single Audit Program (MDSAP) stands to unify regulatory requirements and auditing activities in the US, Canada, Australia, Brazil, and Japan. While the program is largely based on ISO 13485:2016, there are a few key additions and changes made to ensure there is consistency and reliability in the audit results. This gives the regulator confidence that the client has met their requirements, and that the Auditing Organization (AO) has assessed the system and product appropriately.

One key change is the method used to identify and record non-conformances. The MDSAP does not recognize “Major” or “Minor” non-conformances but uses a grading system, that scores non-conformances on a point system ranging from 1 – 5, in a two-step process.

Step One: The Grading Matrix

A grading matrix determines the base score allocated to a non-conformance, grading it between 1 to 4. This is calculated by assessing the impact on the quality management system, as well as its occurrence.

The MDSAP Non-Conformance Matrix

The quality management systems impact is split by direct and indirect impacts. Direct impact refers to requirements that have an influence on the design and manufacture of the product, which in turn, affects safety and performance. Indirect impact is graded with a lower score, as these non-conformances don’t influence the medical devices’ safety or performance.

The occurrence of a non-conformity refers to the frequency a non-conformance is found within the same sub-clause, in any previous audit performed by the same AO. If a non-conformance has occurred more than once, the MDSAP deems this as a higher risk, and therefore increases your score by 1 point.

Step Two: Escalation Rules

Once a grade is identified using the above matrix, it can then be escalated, and deemed a higher risk, if there is an absence of documented processes or if a non-conforming medical device is released.

While your final non-conformity grade will be between 1 and 6, the regulators recognize a score of 6 as a 5. Further, if the score is above 4, it will be deemed as a high-risk, with intervention required.

What happens with your Non-Conformity Grade

The AO submits the audit report, with its non-conformances, to the regulators. This is a new process that lets the regulators have a periodic view of how manufacturers are performing, and understand if they can help resolve issues faster, with the intent of ensuring what's being used in the clinical space by healthcare professionals is safe and effective.

If an AO finds three or more grade 4 non-conformances, or one or more grade 5’s, it will have to notify the appropriate regulator within five days.

The manufacturer will also have to submit a remediation plan for each non-conformity within 15 calendar days from the date the non-conformance was issued. Evidence of this plan’s implementation must be provided within 30 days after the audits end date.

Understanding the Intent Behind the Audit Report

The MDSAP audit report is substantially different from what has been used by the medical device industry previously. It has been developed into multiple tasks to standardize audit processes and remove ambiguity from the program. This is to ensure that two different auditors can go to the same place for the same reason and come up with a similar result.


Learn more about the MDSAP and ISO 13485.
Or, contact us to start your MDSAP certification journey.

Previous Article
Improve Awareness and Management of Risks
Improve Awareness and Management of Risks

During this webinar we'll discuss how to plan effectively and share with your team the tools to use and inc...

Next Article
Crisis Management – Unlocking the Power of ISO to Safeguard Your Business
Crisis Management – Unlocking the Power of ISO to Safeguard Your Business

This webinar will discuss how to utilize the requirements in standards to provide your organization with th...