- Why Us
When people speak of bringing a medical device “to market,” the location of that market is often left unmentioned. That’s because worldwide, there are dozens of different markets for medical devices—and regulatory authorities governing them.
For instance, in the US marketplace, the Food and Drug Administration (FDA) is the regulatory body. But just to the north in Canada, medical devices fall under the jurisdiction of a different regulatory body, Health Canada.
Companies that want to sell their devices in a number of different markets often face a form of regulatory redundancy—each regulator is required to audit the company to ensure compliance with rules and requirements. For a company operating in several different markets, this can be an immense burden.
The solution is known as the Medical Device Single Audit Program (MDSAP).
MDSAP allows manufacturers operating under the authority of multiple regulators to undergo one audit which satisfies all the requirements of those disparate regulators.
Current members of the MDSAP include:
U.S. Food & Drug Administration
Therapeutic Goods Administration of Australia
Agência Nacional de Vigilância Sanitária (Brazil)
Ministry of Health, Labour and Welfare; Japanese Pharmaceuticals and Medical Devices Agency (Japan)
These regulators will accept MDSAP audit reports from manufacturers selling medical devices within their jurisdiction.
While this is a great step forward and removes some of the regulatory burden from medical device manufacturers, it’s essential you know what’s required of you if you choose to participate in MDSAP.
The MDSAP companion document is your source for what to expect during the audit process. And in this article, we’ll be delving into the companion document to help you better understand what’s required and what you need to do to meet those requirements:
You may have heard of the original, separate MDSAP Process Companion Document and MDSAP Audit Model document. However, in 2020, the two documents were combined to create the MDSAP Audit Model document. It contains largely the same information as the preceding MDSAP Companion Document, but the requirements have been consolidated into one official document.
The role of this document is two-fold. First, it acts as guidance for auditors in the grading processes they must follow to audit the quality management systems (QMS) of medical device manufacturers.
Second, it tells medical device manufacturers exactly what auditors will be looking for, so that expectations can be met. That’s why I would recommend getting familiar with this document well ahead of any external audit, leveraging it while your team conducts its own internal audits.
Below are the relevant sections of the MDSAP companion document that your medical device company should follow in preparation for an audit:
The MDSAP companion document outlines key functions of the management process, which boil down to the provision of adequate resources for the company and the creation and monitoring of a QMS.
This section also highlights that a “management representative” must be appointed by your company. The management representative must report to company leadership about the performance of your QMS, ensure awareness of regulatory requirements within the company, and ensure that the requirements of the QMS are “effectively defined, documented, implemented, and maintained.”
Device Marketing Authorization and Facility Registration is the second chapter in the MDSAP companion document.
This chapter offers the specific information auditors must look for during the Authorized Registration process, such as proof that a company has:
Complied with requirements to register and/or license device facilities
Submitted device listing information to regulatory authorities, when applicable
Obtained device marketing authorization in the appropriate jurisdictions
Arranged for assessment of changes (where applicable) and obtained marketing authorization for changes to devices or the QMS which require an amendment to existing marketing authorization
This chapter also includes several sections outlining the tasks an auditor must carry out, along with country-specific information on definitions and requirements.
This process will draw close scrutiny from an auditor because measurement, analysis, and improvement can be charged with identifying existing and potential causes of product and quality problems. Identifying these causes is critical because it represents the first step in taking appropriate preventive or corrective actions.
The MDSAP companion document outlines the following outcomes that an auditor should look for during the Measurement, Analysis and Improvement process:
Defined, documented and implemented procedures for measurement, analysis and improvement that address the requirements of the QMS standard and participating MDSAP regulatory authorities
Identified, analyzed, and monitored appropriate sources of quality data to identify nonconformities or potential nonconformities and determined the need for corrective or preventive action
Ensured investigations are conducted to identify the underlying cause(s) of nonconformities and potential nonconformities, where possible
Implemented appropriate corrective action to eliminate the recurrence or preventive action to prevent the occurrence of product or quality system nonconformities, commensurate with the risks associated with the nonconformities or potential nonconformities encountered
Reviewed the effectiveness of corrective action and preventive action
Utilized information from the analysis of production and post-production quality data to amend the analysis of product risk, as appropriate
This chapter lists 16 different audit tasks and is one of the largest chapters in the MDSAP companion document, which should give you an indication of its importance from the perspective of an auditor.
Chapter four of the MDSAP companion document covers the processes for reporting adverse events and advisory notices within an appropriate timeframe.
Any company may be audited on its process for notification of adverse events. If you have had an adverse event, then you will also probably be audited on your notification of advisory notices, which verifies that you have reported to regulatory authorities when necessary.
The MDSAP guidance document lists three outcomes of the Adverse Event and Advisory Reporting process that auditors will expect to see:
Defined processes to ensure individual device-related adverse events are reported to regulatory authorities as required
Ensured that advisory notices are reported to regulatory authorities and authorized representatives when necessary
Maintained appropriate records of individual device-related adverse events and advisory notices
The Adverse Event and Advisory Reporting Process is closely related to the Measurement, Analysis, and Improvement Process, and may be linked to it during the auditing process.
This chapter from the MDSAP guidance also details the nine outcomes auditors will be looking for throughout the Design and Development process, which are copied below:
Defined, documented and implemented procedures to ensure medical devices designed according to specified requirements
Effectively planned the design and development of a device
Established mechanisms, including systematic review, for addressing incomplete, ambiguous or conflicting requirements
Determined the internally or externally imposed requirements for safety, function, and performance for the intended use, including regulatory requirements, risk management, and human factors requirements
Verified that design outputs satisfy design input requirements (AKA design verification activities)
Identified and mitigated, to the extent practical, the risks associated with the device, including the device software
Ensured that changes to the device design are controlled, the risks associated with the design change are identified and mitigated, to the extent practical, and that the device will continue to perform as intended
Performed design validation to ensure devices conform to user needs and intended use
Confirmed that the design is correctly translated into production methods and procedures.
The Production and Service Controls chapter of the MDSAP guidance document is concerned with the manufacturing of your medical device.
The MDSAP auditor will look at production and service controls, including testing, infrastructure, facilities, equipment, and servicing, to ensure that your products meet specifications. If that seems like a lot to cover, it is. This chapter includes twenty-nine audit tasks and is the largest in the companion document.
However, there are only six stated outcomes listed in the MDSAP guidance document for the Production and Service Controls process:
Defined, documented, and implemented procedures to ensure production and service processes are planned, developed, conducted, controlled, and monitored to ensure conformity to specified requirements
Developed production and service process controls commensurate with the potential effect of the process on product risk
Ensured that when the results of a process cannot be verified by subsequent monitoring or measurement, the process is validated with a high degree of assurance that the process will consistently achieve the planned result
Implemented procedures for the validation of the application of computer software for production and service processes that affect the ability of the product to conform to specified requirements, including validation of computer software used in the QMS
Maintained records for each batch of medical devices that provides information for traceability and confirmation that the batch meets specified requirements
Implemented controls to protect customer property, including intellectual property, confidential health information, and other forms of customer property that is used or incorporated into products.
The Purchasing process is the final chapter of the MDSAP guidance document, and its intent is to ensure that any products that have been purchased or subcontracted conform to requirements.
An auditor will pay particular attention to the controls you have in place, weighting these in terms of how critical the product is for the overall safety and efficacy of your device.
The companion document also describes the outcomes MDSAP auditors will be looking for during the Purchasing process:
Defined, documented, and implemented procedures to ensure purchased or otherwise supplied products conform to specified purchase requirements
Established criteria for the selection, evaluation and re-evaluation of suppliers based on the type and significance of the product purchased and the impact of the supplied product on subsequent product realization or the quality of the finished device
Performed the evaluation and selection of suppliers based on the capability of the supplier to meet specified requirements
Ensured the continued capability of suppliers to provide quality products that meet specified purchase requirements through re-evaluation
Determined and implemented an appropriate combination of controls applied to suppliers in conjunction with acceptance verification activities to ensure conformity to product and QMS requirements, based on the impact of the supplied product on the finished device.
The MDSAP companion document should make it clear that even when you’re facing a single audit, there are still quite a few regulatory requirements your medical device and systems must conform to.
And the best way to pass your next audit with flying colors is with a QMS built specifically for the medical device industry. Greenlight Guru’s Medical Device Success Platform is more than a standard QMS. Powered by machine learning and natural language processing, Greenlight Guru comes with industry best practices and regulatory standards built into every feature of the software.
Ensure you’re always in compliance and ready to conquer your MDSAP audit. Get your free demo of Greenlight Guru today.
Looking for a design control solution to help you bring safer medical devices to market faster with less risk? Click here to take a quick tour of Greenlight Guru's Medical Device QMS software
Taylor Brown is a Medical Device Guru, certified Lead Auditor for ISO 13485, and a card-carrying Quality Nerd. She got her start in the industry as a technical writer and quickly became an audit readiness and support specialist, traveling around the United States to establish ISO 13485 compliant quality systems. She...