Why MDSAP Opens a World of Opportunity for Med Devices

Since advanced technology has moved medical device innovation into the fast lane, it stands to reason that global regulatory agencies would step up and help keep the momentum going — and they have. Over the past few years, the International Medical Device Regulators Forum (IMDRF) has been developing a harmonized regulatory approval program called the Medical Device Single Audit Program (MDSAP). Luis Jimenez, vice president of business development at Brandwood CKC, discussed the program with attendees of MasterControl’s 2019 user conference, Masters Summit, and provided expert insight on how it benefits medical device manufacturers.

What is MDSAP?

By definition, MDSAP allows a recognized auditing organization to conduct a single regulatory audit of a medical device manufacturer’s quality management system (QMS) that satisfies the requirements of multiple regulatory authorities participating in the program. In simpler terms, “Some of the toughest regulators in the world come together and agree on a standardized audit, and if you are a participant, they will say you’re good to go,” said Jimenez.

MDSAP is a ground-breaking program and will most likely become a game-changer for companies competing in the global medical device arena. To give some perspective, in order to remain compliant, medical device manufacturers expect surprise visits from large regulators. These inspections are unannounced and require the company’s quality team to be dedicated to the audit. Sometimes, organizations have quality team members specifically for supporting audits as these site visits can occur frequently.

Further, going global with a medical device requires preparing submission materials according to each country’s regulatory guidelines, which includes translating specific documentation. Then, you need to present your submissions to each country you want to market your product in. Coordinating all the documents and effort for this process is arduous and stressful. A single error in a submission can result in the delay of a market entry and a significant loss of revenue.

Minimize the Regulatory Burden

The ability to streamline the global regulatory approval process by participating in a single audit instead of multiple separate audits can be a huge advantage. The U.S. Food and Drug Administration (FDA) defines it as a way to minimize the regulatory burden on the industry by promoting a greater alignment of regulatory approaches and technical requirements based on international standards.(1) Jimenez defines it as “more time for innovation, building better quality products and getting them on the global market faster.”

The IMDRF has been building MDSAP since 2012. The program has evolved through a series of pilot and transitional stages and became fully implemented in 2019.

MDSAP Development Time Line

The MDSAP Audit

Ultimately, MDSAP will present tremendous opportunities for medical device manufacturers to accelerate product life cycles. One thing Jimenez pointed out is MDSAP is a big audit — typically lasting five days with two inspectors on site. This will pose challenges to a manufacturer’s QMS.

The program uses ISO 13485:2016 as a framework, but it’s also a hybrid, so approximately 30 percent of the audit includes what you would see during a CE (European conformity) audit. Regulatory agencies say the requirements of ISO 13485:2016 apply to all organizations regardless of size and type. It also applies to suppliers and other third parties that provide products or product components, including QMS-related services.(2)

MDSAP and ISO 13485:2016 Compared

The processes and basic requirements for MDSAP parallel ISO 13485:2016, with a few significant differences:

  • QMS documentation must include the geographic-specific information of the IMDRF members.
  • Requirements of specific geographical regions must be satisfied in the following documents:
  • Premarket regulatory.
  • Postmarket regulatory.
  • Recalls and product notifications.
  • Design and development.
  • Design changes.
  • MDSAP uses a point-based nonconformity grading system instead of the traditional grading criteria that includes “significant finding,” “regular finding” or “significant opportunity for improvement.”

Stages of the Initial MDSAP Audit

The MDSAP audit process begins with an initial audit, also known as the Initial Certification. This involves two stages:

  • Stage 1: Documentation Review — The auditing organization (AO) reviews the application and the relevant documentation to assess the company’s preparedness for stage 2: an on-site assessment.
  • Stage 2: On-site Assessment — Once the AO is satisfied with your documentation and preparedness, it completes an on-site assessment, which includes determining how your QMS complies with ISO 13485 as well as any other regulatory requirements for the IMDRF regulatory bodies.

These assessments are required for the MDSAP audit. There is a companion document that provides more detailed information about these requirements and how to prepare for the audit.

Documentation Requirements

The initial audit for MDSAP requires a significant amount of documentation. Brandwood CKC, the consultancy firm Jimenez works for, shared a list of the different types of documents you need to have available for review. These documents will need to comply with each country’s regulations:

Surveillance Audits

In the two years following the initial certification audit, the AO conducts surveillance audits to determine your organization’s compliance with the MDSAP QMS requirements. These audits primarily address changes to your products or QMS processes since the initial audit. During the fourth year following the initial audit, the AO conducts a recertification audit to evaluate the ability of your QMS to continue meeting the requirements for MDSAP.

“One thing to note, if you are working on your ISO 13485 audit, especially if you are on schedule for a recertification audit, you can do both together,” said Jimenez. “The AO will just extend the audit and do a gap analysis.”

Countries Currently Participating in MDSAP

As MDSAP has progressed, regulatory entities in key global markets have become full participants in the program:

  • United States — U.S. Food and Drug Administration (FDA).
  • Canada — Health Canada.
  • Australia — Therapeutic Goods Administration (TGA).
  • Brazil — Agência Nacional de Vigilância Sanitária (ANVISA).
  • Japan — Japanese Pharmaceuticals and Medical Devices Agency (PMDA).

There are a considerable number of benefits with MDSAP, and each participant has mapped out its own plan for adoption.

United States — FDA

The FDA will accept MDSAP audit reports as a substitute for the agency’s routine inspections. The FDA’s website has also become the repository of documentation for the MDSAP program. “However, MDSAP does not replace every type of audit,” said Jimenez. “For example, MDSAP audits will not substitute for certain types of inspections, including: for cause, compliance follow-up, pre-approval or post-approval and compliance with Electronic Product Radiation Control (EPRC) regulations.”

Canada — Health Canada

In 2016, Health Canada began transitioning to MDSAP from its Canadian Medical Devices Conformity Assessment System (CMDCAS). The agency uses MDSAP certificates as evidence of conformity to Medical Device Regulations, sections 32(2)(f), 32(3)(j) and 32(4)(p). In early 2019, Health Canada made MDSAP certification a requirement for medical device manufacturers selling devices in Canada. So far, Canada is the only country where MDSAP is mandatory.

Australia — TGA

As of 2018, TGA issued new pathways in addition to the CE mark for approval of products in Australia that are focused on MDSAP. According to the TGA guidance, a MDSAP audit, combined with Canadian, Japanese or FDA approval, can be used to obtain TGA registration, which includes the Australian Register of Therapeutic Goods (ARTG) of a medical device. Australia will not require surveillance audits if you are MDSAP compliant.

If you have a 510(k) and are MDSAP compliant, you can register your product in Australia in an expedited manner. “We believe Australia expedited the issuance of these pathways in anticipation of the significant issues expected with MDR (EU Medical Device Regulation) implementation and wanted to be ahead of the game by providing manufacturers alternative approval pathways to Australia,” said Jimenez. “We are actually seeing clients abandoning MDR and adopting MDSAP to go into Australia, for example, companies seeking approval for legacy products that are being up-classified.”

Jimenez mentioned one caveat to TGA’s guidance, which is that classification rules need to be carefully reviewed when planning submissions. For example, all animal-derived and recombinant medical device products are automatically classified as high risk (Class III) with the TGA. “If you have a Class II, 510(k)-approved device containing animal or recombinant-based materials and you wish to register it in Australia using the U.S. and MDSAP certificates, you will need to have a conforming assessment performed by TGA because you didn’t go through a premarket approval (PMA) process,” he said.

Brazil — ANVISA

MDSAP audit certificates replace Brazilian GMP certificates. ANVISA uses MDSAP certificates as evidence of conformity to RDA №16/2013 requirements. “Brazil is known for having a huge backlog of GMP audits, so with MDSAP you could be cutting your time for approval in Brazil by many years,” said Jimenez.

Japan — PMDA

Japan recognizes MDSAP to reduce the burden of proof for medical device manufacturers. PMDA may perform an off-site inspection instead of an on-site inspection or reduce documents for off-site inspection when a MDSAP audit report is submitted.

“An interesting thing about Japan is they are using MDSAP as a communication device for PMDA,” said Jimenez. “They are looking at it as a new database format for registration and reporting. All registrations will go through the MDSAP database.”

Note: PMDA encourages foreign manufacturers to use MDSAP audit reports for the QMS inspection application. Communication between Marketing Authorization Holders (MAH) and manufacturers is necessary when manufacturers want to use the MDSAP reports.

Initial Reviews of MDSAP

Jimenez said that medical device manufacturers’ experience with MDSAP has been positive so far — fewer audits impose less business disruption. Regulators are also encouraged by the program, saying the audits are well planned, more consistent and make better use of inspectors’ time.

MDSAP is expected to continue on a path of rapid growth as other countries become active participants. For example, the European Union (EU) and the World Health Organization (WHO) are currently participating as observers. MDSAP audits reduce or eliminate steps for country-specific requirements in IMDRF jurisdictions. “Manufacturers who are ISO 13485 certified, are already well on their way to compliance,” said Jimenez.


  1. “Medical Device Single Audit Program Frequently Asked Questions.” Retrieved from https://www.fda.gov/media/90179/download
  2. “ISO 13485:2016 and MDSAP: How to Prepare Your QMS Now,” The FDA Group, Mar. 7, 2017. Retrieved from https://www.thefdagroup.com/blog/iso-134852016-mdsap-how-to-prepare-your-qms-now

David Jensen is a content marketing specialist at MasterControl, where he is responsible for researching and writing content for web pages, white papers, brochures, emails, blog posts, presentation materials and social media. He has over 25 years of experience producing instructional, marketing and public relations content for various technology-related industries and audiences. Jensen writes extensively about cybersecurity, data integrity, cloud computing and medical device manufacturing. He has published articles in various industry publications such as Medical Product Outsourcing (MPO) and Bio Utah. Jensen holds a bachelor’s degree in communications from Weber State University and a master’s degree in professional communication from Westminster College.

Originally published at https://www.mastercontrol.com.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Our cloud-based solutions make quality and compliance processes faster and help bring life-changing innovations to more people sooner.