The MDSAP is an audit program that allows auditing organization to perform a single audit of a medical device manufacturer to obtain a certification that takes in consideration the applicable regulatory requirements of each of the partecipating countries. A single audit satisfies multiple regulatory authorities.
Currently, the countries and related regulatory authorities that are within the MDSAP program are the following:
- Health Canada (Canada)
- Brazil’s Agência Nacional de Vigilância Sanitária (Brazil)
- Therapeutic Goods Administration of Australia (Australia)
- Japan’s Ministry of Health, Labour and Welfare, and the Japanese Pharmaceuticals and Medical Devices Agency (Japan)
- U.S. Food and Drug Administration (United States)
There are currently two observer members:
- The World Health Organization (WHO)
- European Union
Characteristics of the MDSAP Audit
The MDSAP Audit is baed on a 3-year cycle, similar to the structure of the ISO 13485 certification. This consists of a Stage 1 audit (preparation review) and a Stage 2 audit where the implementation of all the requirements is checked. Each there is a surveillance audit and the end of the year the re-certification audit.
Typically the length of QMS audit is based on the number of employees of the organization, based on a correspondence table which is published within the IAF MD 5:2015 – Determination of Audit Time of Quality and Environmental Management System. This is not the case for MDSAP audit. In fact, for MDSAP audit duration is based on the elements to be covered by the audit. Each task to be covered is associated to a pre-determined amount of time; the sum of the time of each task provides the overall audit duration.
Non-Conformity Grading for MDSAP Audit
For MDSAP, there is no longer the distinction between major and minor non-conformities, which is the standard classification for QMS audits. In fact, the non-conformity classification system used for MDSAP Audit is based on a specific non-conformity matrix and escalation rules which are described within the IMDRF guideline Quality Management System – Medical Devices – Non-conformity Grading System for Regulatory Purposes and Information Exchange.
The determination of the non-conformity grading is based on two steps:
- Step1 : Grading Matrix
- Step 2: Escalation Rule
The Grading Matrix
The grading matrix evaluates the non-conformity based on QMS impact and occurrence.
The QMS impact is evaluated based on the clause of the ISO 13485 against which the non-conformity was raised. Non-conformity on clauses between 4.1 and 6.3 have an indirect impact on QMS thus the score is equal to 1 (green); non-conformities on clauses between 6.4 and 8.5 have a direct impact on QMS, thus the score is equal to 3 (yellow).
The occurrence, instead, is evaluated whether the same non-conformity was raised in the previous two audits. It could be 2 or 4, depending if the non-conformity was raised for the first time (score equal o 2) or it is recurring.
The Escalation Rule `
For MDSAP audit, the score which is the outcome of the grading matrix explained in the section afore, it is increased in some specific scenario which could have an impact on quality, safety and efficacy of the device on the market. The scenario where the increase could be performed are:
- Absence of a documented process or procedure
- Release of a Nonconforming Medical Device
The final grade for a nonconformity under this grading scheme will be a number between 1 and 6. However, the grade of “5” was determined to be the maximum, because this represents a significantly high enough risk that some specific actions are required.
The Structure of MDSAP Audits
The MDSAP audit is based on four primary processes, which are:
- Management process,
- Measurement, Analysis and Improvement process,
- Design and Development process and
- Production and Service Controls process with links to the supporting process for Purchasing
Risk management shall always be foundation for the five processes that are the requirements of a quality management system for medical device organizations.
To the processes mentioned above, the MDSAP jurisdiction added two fundamental processes which have specific requirements related to all the MDSAP countries participating in the program:
- Device Marketing Authorization and Facility Registration and
- Medical Device Adverse Events and Advisory Notices Reportin
In conclusion, the MDSAP program became a fundamental audit process for medical device organization. Among the MDSAP countries, Canada decided to allow product registration of the medical device organizations that has already succeeded to have MDSAP certification; in the opposite case, it is not possible to sell medical device within the Canadian territory. In the upcoming countries, when the MDR will become a more established regulation, it could be possible that Europe will become a member of the MDSAP program.
Subscribe to QualityMedDev Newsletter
If you would like to stay updated with the last news and analysis from the regulatory world for medical device sector, do not forget to subscribe to our newsletter.