How to Use the MDSAP Companion Document

When people speak of bringing a medical device “to market,” the location of that market is often left unmentioned. That’s because worldwide, there are dozens of different markets for medical devices—and regulatory authorities governing them.

For instance, in the US marketplace, the Food and Drug Administration (FDA) is the regulatory body. But just to the north in Canada, medical devices fall under the jurisdiction of a different regulatory body, Health Canada.

Companies that want to sell their devices in a number of different markets often face a form of regulatory redundancy—each regulator is required to audit the company to ensure compliance with rules and requirements. For a company operating in several different markets, this can be an immense burden. 

The solution is known as the Medical Device Single Audit Program (MDSAP). 

MDSAP allows manufacturers operating under the authority of multiple regulators to undergo one audit which satisfies all the requirements of those disparate regulators.

Current members of the MDSAP include:

• U.S. Food & Drug Administration

• Therapeutic Goods Administration of Australia

• Agência Nacional de Vigilância Sanitária (Brazil) 

• Ministry of Health, Labour and Welfare; Japanese Pharmaceuticals and Medical Devices Agency (Japan)

• Health Canada

These regulators will accept MDSAP audit reports from manufacturers selling medical devices within their jurisdiction. 

While this is a great step forward and removes some of the regulatory burden from medical device manufacturers, it’s essential you know what’s required of you if you choose to participate in MDSAP.

The MDSAP companion document is your source for what to expect during the audit process. And in this article, we’ll be delving into the companion document to help you better understand what’s required and what you need to do to meet those requirements:

FREE RESOURCE: Prepare for your upcoming MDSAP audit with this customizable MDSAP ISO 13485 Gap Assessment Tool. Download your copy now by clicking here.

What is the MDSAP companion document?

You may have heard of the original, separate MDSAP Process Companion Document and MDSAP Audit Model document. However, in 2020, the two documents were combined to create the MDSAP Audit Model document. It contains largely the same information as the preceding MDSAP Companion Document, but the requirements have been consolidated into one official document.

The role of this document is two-fold. First, it acts as guidance for auditors in the grading processes they must follow to audit the quality management systems (QMS) of medical device manufacturers. 

Second, it tells medical device manufacturers exactly what auditors will be looking for, so that expectations can be met. That’s why I would recommend getting familiar with this document well ahead of any external audit, leveraging it while your team conducts its own internal audits.

Following the MDSAP companion document processes

Below are the relevant sections of the MDSAP companion document that your medical device company should follow in preparation for an audit:

Management process

The MDSAP companion document outlines key functions of the management process, which boil down to the provision of adequate resources for the company and the creation and monitoring of a QMS. 

This section also highlights that a “management representative” must be appointed by your company. The management representative must report to company leadership about the performance of your QMS, ensure awareness of regulatory requirements within the company, and ensure that the requirements of the QMS are “effectively defined, documented, implemented, and maintained.”

Authorized Registration process

Device Marketing Authorization and Facility Registration is the second chapter in the MDSAP companion document. 

This chapter offers the specific information auditors must look for during the Authorized Registration process, such as proof that a company has:

1. Complied with requirements to register and/or license device facilities

2. Submitted device listing information to regulatory authorities, when applicable

3. Obtained device marketing authorization in the appropriate jurisdictions

4. Arranged for assessment of changes (where applicable) and obtained marketing authorization for changes to devices or the QMS which require an amendment to existing marketing authorization

This chapter also includes several sections outlining the tasks an auditor must carry out, along with country-specific information on definitions and requirements.

Measurement, Analysis and Improvement process

This process will draw close scrutiny from an auditor because measurement, analysis, and improvement can be charged with identifying existing and potential causes of product and quality problems. Identifying these causes is critical because it represents the first step in taking appropriate preventive or corrective actions.

The MDSAP companion document outlines the following outcomes that an auditor should look for during the Measurement, Analysis and Improvement process:

1. Defined, documented and implemented procedures for measurement, analysis and improvement that address the requirements of the QMS standard and participating MDSAP regulatory authorities

2. Identified, analyzed, and monitored appropriate sources of quality data to identify nonconformities or potential nonconformities and determined the need for corrective or preventive action

3. Ensured investigations are conducted to identify the underlying cause(s) of nonconformities and potential nonconformities, where possible

4. Implemented appropriate corrective action to eliminate the recurrence or preventive action to prevent the occurrence of product or quality system nonconformities, commensurate with the risks associated with the nonconformities or potential nonconformities encountered

5. Reviewed the effectiveness of corrective action and preventive action

6. Utilized information from the analysis of production and post-production quality data to amend the analysis of product risk, as appropriate

This chapter lists 16 different audit tasks and is one of the largest chapters in the MDSAP companion document, which should give you an indication of its importance from the perspective of an auditor.

Adverse Event and Advisory Reporting process

Chapter four of the MDSAP companion document covers the processes for reporting adverse events and advisory notices within an appropriate timeframe.

Any company may be audited on its process for notification of adverse events. If you have had an adverse event, then you will also probably be audited on your notification of advisory notices, which verifies that you have reported to regulatory authorities when necessary.

The MDSAP guidance document lists three outcomes of the Adverse Event and Advisory Reporting process that auditors will expect to see:

1. Defined processes to ensure individual device-related adverse events are reported to regulatory authorities as required

2. Ensured that advisory notices are reported to regulatory authorities and authorized representatives when necessary

3. Maintained appropriate records of individual device-related adverse events and advisory notices

The Adverse Event and Advisory Reporting Process is closely related to the Measurement, Analysis, and Improvement Process, and may be linked to it during the auditing process.

Design and Development process

The Design and Development chapter covers design controls and their documentation as well as risk management activities, and is thus one of the most important chapters in the companion document.

This chapter from the MDSAP guidance also details the nine outcomes auditors will be looking for throughout the Design and Development process, which are copied below:

1. Defined, documented and implemented procedures to ensure medical devices designed according to specified requirements

2. Effectively planned the design and development of a device

3. Established mechanisms, including systematic review, for addressing incomplete, ambiguous or conflicting requirements

4. Determined the internally or externally imposed requirements for safety, function, and performance for the intended use, including regulatory requirements, risk management, and human factors requirements

5. Verified that design outputs satisfy design input requirements (AKA design verification activities)

6. Identified and mitigated, to the extent practical, the risks associated with the device, including the device software

7. Ensured that changes to the device design are controlled, the risks associated with the design change are identified and mitigated, to the extent practical, and that the device will continue to perform as intended

8. Performed design validation to ensure devices conform to user needs and intended use

9. Confirmed that the design is correctly translated into production methods and procedures.

Production and Service Controls process

The Production and Service Controls chapter of the MDSAP guidance document is concerned with the manufacturing of your medical device.

The MDSAP auditor will look at production and service controls, including testing, infrastructure, facilities, equipment, and servicing, to ensure that your products meet specifications. If that seems like a lot to cover, it is. This chapter includes twenty-nine audit tasks and is the largest in the companion document.

However, there are only six stated outcomes listed in the MDSAP guidance document for the Production and Service Controls process:

1. Defined, documented, and implemented procedures to ensure production and service processes are planned, developed, conducted, controlled, and monitored to ensure conformity to specified requirements

2. Developed production and service process controls commensurate with the potential effect of the process on product risk

3. Ensured that when the results of a process cannot be verified by subsequent monitoring or measurement, the process is validated with a high degree of assurance that the process will consistently achieve the planned result

4. Implemented procedures for the validation of the application of computer software for production and service processes that affect the ability of the product to conform to specified requirements, including validation of computer software used in the QMS

5. Maintained records for each batch of medical devices that provides information for traceability and confirmation that the batch meets specified requirements

6. Implemented controls to protect customer property, including intellectual property, confidential health information, and other forms of customer property that is used or incorporated into products.

Purchasing process

The Purchasing process is the final chapter of the MDSAP guidance document, and its intent is to ensure that any products that have been purchased or subcontracted conform to requirements.

An auditor will pay particular attention to the controls you have in place, weighting these in terms of how critical the product is for the overall safety and efficacy of your device. 

The companion document also describes the outcomes MDSAP auditors will be looking for during the Purchasing process:

1. Defined, documented, and implemented procedures to ensure purchased or otherwise supplied products conform to specified purchase requirements

2. Established criteria for the selection, evaluation and re-evaluation of suppliers based on the type and significance of the product purchased and the impact of the supplied product on subsequent product realization or the quality of the finished device

3. Performed the evaluation and selection of suppliers based on the capability of the supplier to meet specified requirements

4. Ensured the continued capability of suppliers to provide quality products that meet specified purchase requirements through re-evaluation

5. Determined and implemented an appropriate combination of controls applied to suppliers in conjunction with acceptance verification activities to ensure conformity to product and QMS requirements, based on the impact of the supplied product on the finished device.

FREE RESOURCE: Prepare for your upcoming MDSAP audit with this customizable MDSAP ISO 13485 Gap Assessment Tool. Download your copy now by clicking here.

Leverage MDSAP companion document with a proven medical device QMS solution

The MDSAP companion document should make it clear that even when you’re facing a single audit, there are still quite a few regulatory requirements your medical device and systems must conform to.

And the best way to pass your next audit with flying colors is with a QMS built specifically for the medical device industry. Greenlight Guru’s Medical Device Success Platform is more than a standard QMS. Powered by machine learning and natural language processing, Greenlight Guru comes with industry best practices and regulatory standards built into every feature of the software.

Ensure you’re always in compliance and ready to conquer your MDSAP audit. Get your free demo of Greenlight Guru today.

Looking for a design control solution to help you bring safer medical devices to market faster with less risk? Click here to take a quick tour of Greenlight Guru's Medical Device QMS software