The Medical Device Single Audit Program (MDSAP) allows for medical device manufacturers to undergo a single regulatory audit that covers the requirements of several jurisdictions. A three-year pilot program was completed in December 2016, and the MDSAP became operational in January 2017.
To date, the geographies participating in the program include the U.S. (FDA), Canada (Health Canada), Brazil (ANVISA), Australia (The Therapeutics Goods Administration), and Japan (Ministry of Health, Labor, and Welfare). Certain other jurisdictions, including the EU, are currently “observers” of the program and may decide to become full participants in the near future.
The program encompasses a standardized, global approach to auditing with a focus on reducing the regulatory burden faced by the medical device industry. Nobody enjoys undergoing an audit, so with an opportunity now to replace multiple regulatory audits (each involving its own specific requirements, requests, procedures, and timing) with one audit that satisfies all pertinent regulatory parties, medical device companies need to take a hard look at the MDSAP. While the FDA provides several resources that explain the MDSAP in detail, here are five points to consider:
1) The audit program associated with the MDSAP does not add any new requirements. Rather, it incorporates the existing requirements of ISO 13485:2016 as well as specific requirements related to the participating countries and regulatory bodies. The audit instructions for MDSAP include cross-references to the specific clauses from ISO 13485. A manufacturer is expected to comply only with the requirements related to those jurisdictions where it markets its products.
2) Medical device manufacturers should not engage with a particular regulatory authority for purposes of participating in the MDSAP. Rather, you should directly contact an Auditing Organization (AO) that has been approved to conduct such audits. While the number of these AO’s is continually expanding, a current listing for manufacturers to choose from is available here. The cost of an MDSAP audit is based on negotiation between the manufacturer and the AO.
3) The MDSAP includes a single annual assessment of an organization’s quality management system (QMS), with a full, formal certification every 3 years.
4) If an AO issues a negative audit report, it does not necessarily mean that the manufacturer would need to stop selling in all of the relevant jurisdictions participating in the MDSAP. Each individual regulatory body would determine the appropriate actions based on the specifics of the observed nonconformities.
5) Upon successful completion of an MDSAP audit, the AO will issue written certification to the medical device manufacturer that specifically documents compliance with the requirements of ISO 13485 as well as with any other regulations pertaining to the applicable jurisdictions.
The MDSAP represents a significant step in greatly enhancing efficiency for medical device companies. Its goal is to provide a less burdensome alternative, while at the same time maintaining the confidence of regulatory bodies and consumers worldwide through a globally-aligned, highly-effective audit approach based on best practice consensus. Having the ability to minimize business interruption and reallocate team members’ time from managing multiple audits to other vital projects and tasks can provide a tremendous benefit to quality and regulatory leaders throughout the industry.