background image for GxP Lifeline
GxP Lifeline

MDSAP Opens More Compliance Opportunities for Med Device Manufacturers


Medical Device quality management professional with MDSAP compliance network in the hand.

Advanced technology has moved medical device innovation into the fast lane. It stands to reason that global regulatory agencies would step up to help keep the momentum going — and they have. In 2012, the International Medical Device Regulators Forum (IMDRF) held its inaugural meeting in Singapore. The outcome of the meeting led to the organization of a work group that would develop specific documents for establishing the Medical Device Single Audit Program (MDSAP).

The IMDRF evolved MDSAP through a series of pilot and transitional stages — it became fully implemented in 2019. In a nutshell, the program allows an MDSAP-recognized auditing organization to conduct a single regulatory audit of a medical device manufacturer to ensure its quality management system (QMS) and quality audit management software satisfies the relevant requirements of all the other regulatory authorities participating in the program. Other agencies can use the data and reports from that single audit without having to conduct their own inspections.1

The MDSAP is a ground-breaking program that has become a game-changer for medical device companies seeking to sell their products in multiple global regions. The program presents tremendous opportunities for medical device manufacturers to accelerate product life cycles. However, MDSAP does not replace every type of audit. Inspections such as for-cause, compliance follow-up, pre-approval or post-approval, and compliance with Electronic Product Radiation Control (EPRC) regulation still require oversight from the regulatory agency in each region where the company wants to sell products. Implementing digitized quality audit management software helps companies comply with the requirements of each participating agency.

MDSAP Participants

The following are the regulatory agencies currently participating in the program. There are a considerable number of benefits with MDSAP, and each participant agency has mapped out its own plan for adopting this method of oversight.

United States – U.S. Food and Drug Administration (FDA)

For the FDA MDSAP requirements, the agency will accept MDSAP audit reports as a substitute for the agency’s routine inspections. The FDA’s website has also become the repository of documentation for the MDSAP program. The “MDSAP Roles and Responsibilities,” published in Jan. 2023, provides updates to the FDA’s MDSAP policies. To meet the expectations of the FDA, audit management must be highly prioritized and transparent.2 Audit-readiness is essential in this case, so you don’t risk causing delays in your approval processes.

Canada – Health Canada

In 2016, Health Canada began transitioning to MDSAP from its Canadian Medical Devices Conformity Assessment System (CMDCAS). Similar to the FDA’s MDSAP policies, Health Canada uses MDSAP audit reports and certificates as evidence of conformity to Medical Device Regulations, sections 32(2)(f), 32(3)(j), and 32(4)(p). In early 2019, Health Canada made MDSAP certification a requirement for medical device manufacturers selling devices in Canada. So far, Canada is the only country where MDSAP is mandatory. Outside of instructions for conducting audits during the pandemic, published in 2020, Health Canada’s MDSAP policies have not changed.3

Australia – Therapeutic Goods Administration (TGA)

In 2018, the TGA issued new regulatory pathways in addition to the CE (Conformitè Europëenne) mark for approval of products in Australia that are focused on MDSAP. According to the TGA guidance, a MDSAP audit, combined with Canadian, Japanese, or FDA approval, can be used to obtain TGA registration, which includes the Australian Register of Therapeutic Goods (ARTG) of a medical device. Australia will not require surveillance audits if you are MDSAP compliant.

The TGA published an amendment in July 2021 changing the conformity assessment certification for devices containing medicines or materials of animal, microbial, recombinant, or human origin and Class 4 in vitro diagnostic medical devices. Instead of only relying on conformity assessment certification by the TGA, sponsors can now provide conformity assessments issued by a member state of the European Union for inclusion in the Australian Register of Therapeutic Goods (ARTG).4

Brazil – Agência Nacional de Vigilância Sanitária (ANVISA)

The MDSAP audit certificates replace Brazilian good manufacturing practice (GMP) certificates. Agência Nacional de Vigilância Sanitária (ANVISA) uses MDSAP certificates as evidence of conformity to Collegiate Board of Directors (RDC) No. 16/2013 requirements. The report, “Regulatory Updates: Brazil” published in 2020, includes brief information and updates to Brazil’s MDSAP requirements.5

Japan – Japanese Pharmaceuticals and Medical Devices Agency (PMDA)

Japan recognizes MDSAP to reduce the burden of proof for medical device manufacturers. Japanese Pharmaceuticals and Medical Devices Agency (PMDA) may perform an off-site inspection instead of an on-site inspection or reduce documents for off-site inspection when a regulatory agency submits a MDSAP audit report. The PMDA’s “Acceptance of MDSAP Audit Reports in Japan” published in Dec. 2020 details the Japanese quality management system (QMS) requirements and the agency’s MDSAP processes.6

Note: The PMDA encourages foreign manufacturers to use MDSAP audit reports for the QMS inspection application. Communication between Marketing Authorization Holders (MAH) and manufacturers is necessary when manufacturers want to use the MDSAP reports.

Stages of an MDSAP Audit

The MDSAP audit process begins with an initial audit, also known as the Initial Certification. This involves two stages:

  • Stage 1: Documentation Review – The auditing organization (AO) reviews the application and the relevant documentation to assess the company’s preparedness for stage 2: an on-site assessment.
  • Stage 2: On-Site Assessment – Once the AO is satisfied with your documentation and preparedness, it completes an on-site assessment, which includes determining how your QMS complies with ISO 13485 as well as any other regulatory requirements for the IMDRF regulatory bodies.
  • Note: The FDA is currently pursuing the harmonization of ISO 13485 and the Quality System Regulation (QSR), which will become the Quality Management System Regulation (QMSR). To comply with the FDA MDSAP requirements, it’s important to follow the progress of that harmonization to ensure your QMS and quality audit management software is current with the latest guidelines.

In the two years following the initial certification audit, the AO conducts surveillance audits to determine your organization’s compliance with the MDSAP QMS requirements, such as the FDA’s audit management guidelines. These audits primarily address changes to your products or QMS processes since the initial audit. During the fourth year following the initial audit, the AO conducts a recertification audit to evaluate the ability of your QMS to continue meeting the MDSAP requirements.

Consult the Companion Document

For more details about the MDSAP audit, there is a companion document that provides more information about these requirements and how to prepare for the audit. For example, there is a significant amount of documentation required for all stages of an MDSAP audit. The companion document can be a helpful resource for understanding the documentation requirements.7

MDSAP is expected to continue on a path of rapid growth as other countries become active participants. For example, the European Union (EU) and the World Health Organization (WHO) are currently participating as observers. The MDSAP audits reduce or eliminate steps for country-specific requirements in IMDRF jurisdictions, helping companies meet the compliance requirements for marketing their products on a global scale.


References:


Medical Device quality management professional with MDSAP compliance network in the hand.

Advanced technology has moved medical device innovation into the fast lane. It stands to reason that global regulatory agencies would step up to help keep the momentum going — and they have. In 2012, the International Medical Device Regulators Forum (IMDRF) held its inaugural meeting in Singapore. The outcome of the meeting led to the organization of a work group that would develop specific documents for establishing the Medical Device Single Audit Program (MDSAP).

The IMDRF evolved MDSAP through a series of pilot and transitional stages — it became fully implemented in 2019. In a nutshell, the program allows an MDSAP-recognized auditing organization to conduct a single regulatory audit of a medical device manufacturer to ensure its quality management system (QMS) and quality audit management software satisfies the relevant requirements of all the other regulatory authorities participating in the program. Other agencies can use the data and reports from that single audit without having to conduct their own inspections.1

The MDSAP is a ground-breaking program that has become a game-changer for medical device companies seeking to sell their products in multiple global regions. The program presents tremendous opportunities for medical device manufacturers to accelerate product life cycles. However, MDSAP does not replace every type of audit. Inspections such as for-cause, compliance follow-up, pre-approval or post-approval, and compliance with Electronic Product Radiation Control (EPRC) regulation still require oversight from the regulatory agency in each region where the company wants to sell products. Implementing digitized quality audit management software helps companies comply with the requirements of each participating agency.

MDSAP Participants

The following are the regulatory agencies currently participating in the program. There are a considerable number of benefits with MDSAP, and each participant agency has mapped out its own plan for adopting this method of oversight.

United States – U.S. Food and Drug Administration (FDA)

For the FDA MDSAP requirements, the agency will accept MDSAP audit reports as a substitute for the agency’s routine inspections. The FDA’s website has also become the repository of documentation for the MDSAP program. The “MDSAP Roles and Responsibilities,” published in Jan. 2023, provides updates to the FDA’s MDSAP policies. To meet the expectations of the FDA, audit management must be highly prioritized and transparent.2 Audit-readiness is essential in this case, so you don’t risk causing delays in your approval processes.

Canada – Health Canada

In 2016, Health Canada began transitioning to MDSAP from its Canadian Medical Devices Conformity Assessment System (CMDCAS). Similar to the FDA’s MDSAP policies, Health Canada uses MDSAP audit reports and certificates as evidence of conformity to Medical Device Regulations, sections 32(2)(f), 32(3)(j), and 32(4)(p). In early 2019, Health Canada made MDSAP certification a requirement for medical device manufacturers selling devices in Canada. So far, Canada is the only country where MDSAP is mandatory. Outside of instructions for conducting audits during the pandemic, published in 2020, Health Canada’s MDSAP policies have not changed.3

Australia – Therapeutic Goods Administration (TGA)

In 2018, the TGA issued new regulatory pathways in addition to the CE (Conformitè Europëenne) mark for approval of products in Australia that are focused on MDSAP. According to the TGA guidance, a MDSAP audit, combined with Canadian, Japanese, or FDA approval, can be used to obtain TGA registration, which includes the Australian Register of Therapeutic Goods (ARTG) of a medical device. Australia will not require surveillance audits if you are MDSAP compliant.

The TGA published an amendment in July 2021 changing the conformity assessment certification for devices containing medicines or materials of animal, microbial, recombinant, or human origin and Class 4 in vitro diagnostic medical devices. Instead of only relying on conformity assessment certification by the TGA, sponsors can now provide conformity assessments issued by a member state of the European Union for inclusion in the Australian Register of Therapeutic Goods (ARTG).4

Brazil – Agência Nacional de Vigilância Sanitária (ANVISA)

The MDSAP audit certificates replace Brazilian good manufacturing practice (GMP) certificates. Agência Nacional de Vigilância Sanitária (ANVISA) uses MDSAP certificates as evidence of conformity to Collegiate Board of Directors (RDC) No. 16/2013 requirements. The report, “Regulatory Updates: Brazil” published in 2020, includes brief information and updates to Brazil’s MDSAP requirements.5

Japan – Japanese Pharmaceuticals and Medical Devices Agency (PMDA)

Japan recognizes MDSAP to reduce the burden of proof for medical device manufacturers. Japanese Pharmaceuticals and Medical Devices Agency (PMDA) may perform an off-site inspection instead of an on-site inspection or reduce documents for off-site inspection when a regulatory agency submits a MDSAP audit report. The PMDA’s “Acceptance of MDSAP Audit Reports in Japan” published in Dec. 2020 details the Japanese quality management system (QMS) requirements and the agency’s MDSAP processes.6

Note: The PMDA encourages foreign manufacturers to use MDSAP audit reports for the QMS inspection application. Communication between Marketing Authorization Holders (MAH) and manufacturers is necessary when manufacturers want to use the MDSAP reports.

Stages of an MDSAP Audit

The MDSAP audit process begins with an initial audit, also known as the Initial Certification. This involves two stages:

  • Stage 1: Documentation Review – The auditing organization (AO) reviews the application and the relevant documentation to assess the company’s preparedness for stage 2: an on-site assessment.
  • Stage 2: On-Site Assessment – Once the AO is satisfied with your documentation and preparedness, it completes an on-site assessment, which includes determining how your QMS complies with ISO 13485 as well as any other regulatory requirements for the IMDRF regulatory bodies.
  • Note: The FDA is currently pursuing the harmonization of ISO 13485 and the Quality System Regulation (QSR), which will become the Quality Management System Regulation (QMSR). To comply with the FDA MDSAP requirements, it’s important to follow the progress of that harmonization to ensure your QMS and quality audit management software is current with the latest guidelines.

In the two years following the initial certification audit, the AO conducts surveillance audits to determine your organization’s compliance with the MDSAP QMS requirements, such as the FDA’s audit management guidelines. These audits primarily address changes to your products or QMS processes since the initial audit. During the fourth year following the initial audit, the AO conducts a recertification audit to evaluate the ability of your QMS to continue meeting the MDSAP requirements.

Consult the Companion Document

For more details about the MDSAP audit, there is a companion document that provides more information about these requirements and how to prepare for the audit. For example, there is a significant amount of documentation required for all stages of an MDSAP audit. The companion document can be a helpful resource for understanding the documentation requirements.7

MDSAP is expected to continue on a path of rapid growth as other countries become active participants. For example, the European Union (EU) and the World Health Organization (WHO) are currently participating as observers. The MDSAP audits reduce or eliminate steps for country-specific requirements in IMDRF jurisdictions, helping companies meet the compliance requirements for marketing their products on a global scale.


References:


2019-bl-author-david-jensen

David Jensen is a content marketing specialist at MasterControl, where he is responsible for researching and writing content for web pages, white papers, brochures, emails, blog posts, presentation materials and social media. He has over 25 years of experience producing instructional, marketing and public relations content for various technology-related industries and audiences. Jensen writes extensively about cybersecurity, data integrity, cloud computing and medical device manufacturing. He has published articles in various industry publications such as Medical Product Outsourcing (MPO) and Bio Utah. Jensen holds a bachelor’s degree in communications from Weber State University and a master’s degree in professional communication from Westminster College.


Free Resource
The Ultimate Guide to Medical Device Quality Management

Enjoying this blog? Learn More.

The Ultimate Guide to Medical Device Quality Management

Download Now
[ { "key": "fid#1", "value": ["GxP Lifeline Blog"] } ]