Based on ISO 13485:2016, MDSAP (Medical Device Single Audit Program) is an audit program that allows for a single regulatory audit of a medical device manufacturer´s quality management system to satisfy the requirements of multiple regulatory jurisdictions. Our Head of Quality Dr Dirk Hüber explains more about what the program involves, whether and when to join, and how to prepare for your audit below…
What is MDSAP?
An MDSAP audit evaluates your company’s QMS, rather than your products. The five countries that currently participate in the MDSAP program are:
- USA (program lead via the FDA)
In these countries, an MDSAP certificate is an alternative way to support market approval, apart from in Canada, where the certificate is mandatory to achieve market approval for your product.
The objectives of the MDSAP are to:
- Develop and implement a single audit program that satisfies the needs of several regulatory jurisdictions.
- Improve alignment of regulatory approaches and technical requirements.
- Improve consistency, predictability and transparency of regulatory programs.
The advantages for manufacturers include the following:
- Less audits – since one audit covers the regulatory requirements for all participating countries.
- Audits are scheduled and planned – akin to Notified Bodies in the EU, but unlike the individual audits involving regulatory authorities of the participating countries.
- Technical requirements are aligned between the participating countries.
- There are no surprises – the requirements and audit process are defined and publicly available in the MDSAP Companion Document.
Should you join the MDSAP program?
When making your decision on whether to join the MDSAP program, there are three key considerations to bear in mind:
- Outside of the MDSAP program, all the regulatory authorities of the participating countries work to different schedules, regulations and approaches whilst auditing manufacturers.
- The participant countries of the MDSAP program are key markets for almost all MedTech companies; most MedTech companies either sell into these countries, or, if a start-up, have a business plan to sell into these countries at some stage.
- If Canada is an anticipated market, you must join MDSAP.
Consequently, it is advantageous for almost all MedTech companies to participate in the program in order to benefit from less audits, a transparent audit approach, and aligned requirements between five key markets (including EU requirements to an extent).
When should you join the MDSAP program?
If you are a start-up company it is important to time your application to join MDSAP efficiently. The best time to join is as you file for market approval in one of the participating countries. This way, the regulatory authority of that country does not need to assess your QMS themselves; instead, they will receive the MDSAP certificate and audit report.
Of course, when following this path, you should be well prepared and have a stable, well established QMS in place, to avoid the risk of failing the MDSAP audit. Even if you are a start-up, it is advisable for you to have a QMS certified according to ISO 13485:2016 rather early in your pathway. This will also help to avoid any unwanted surprises when you file your first product for the first market, as it will support your team by having any evidence ready in the expected form and of the necessary quality.
How to prepare for your MDSAP
Whether you are a start-up or an established company, the following steps should be taken when you come to join the MDSAP program:
- For start-ups, if you establish your QMS according to ISO 13485:2016 (and MDR or IVDR, respectively), implement the additional requirements of the MDSAP Companion Document at the same time. For most requirements this will be relatively easy, and you will benefit from not needing to read and align the regulatory requirements from five countries with European requirements.
- If you are an established company, the MDSAP Companion Document will help facilitate an efficient gap assessment of your QMS. Should any gaps be identified, in many cases closing these won´t be overly complex, as the MDSAP Companion Document is based upon ISO 13485:2016.
- Finally, engage a certification Body and Notified Body that is also an audit organisation for MDSAP. Clarify with them whether they can implement joint MDSAP and ISO 13485 audits to maximise your efficiency.