Skip to the content

Ready for MDSAP? This is what you should know about the new regulatory change


Besides the new European Medical Device Regulation – the EU MDR – there is another major regulatory challenge for the global medical device industry to tackle. It is called the Medical Device Single Audit Program (MDSAP).

There is still limited knowledge and awareness among medical device manufacturers about MDSAP and its impact. Many small or medium-sized medical device companies in the United States, Europe and the rest of the world have still not heard about it or are underestimating the impact of MDSAP.


So, what is MDSAP?

The MDSAP will become mandatory for all manufacturers who wish to sell their medical device products to other global markets.

If you are a manufacturer that sells into Canada for example, Health Canada will as of January 2019 only accept MDSAP certificates

Later, the United States, Brazil, Australia and Japan will follow the MDSAP program. This adds complexity to the changes being managed by manufacturers, Notified Bodies, and regulators, at an already complicated time.


The MDSAP in details

The Medical Device Single Audit Program allows a single audit of a medical device manufacturer's Quality Management System, which satisfies the requirements of multiple regulatory jurisdictions. Audits are conducted by Auditing Organizations (AO), authorized by the participating Regulatory Authorities (RA) to audit under MDSAP requirements.

MDSAP is a way that medical device manufacturers can be audited once for compliance with the standard and regulatory requirements of up to five different medical device markets: Australia, Brazil, Canada, Japan and the United States.



What you should prepare for

For manufacturers, MDSAP requires thorough preparation, no matter how good their current quality management system is. Many manufacturers will suffer for the first time from an FDA style auditing and scrutiny. If they are unlucky enough, FDA or any other regulator from the MDSAP countries (USA, Brazil, Canada, Japan and Australia) might attend the audit as an observer and put even more pressure on the auditors. 

What is involved in the MDSAP Audit Process? 

A MDSAP Certificate (obtained upon successfully completing a MDSAP audit) can be used to demonstrate compliance with Quality Management System (QMS) requirements for Medical Device registration in each of the five participating countries. The MDSAP process involves an audit by an Auditing Organization (AO) engaged by the Medical Device Manufacturer on every site involved in the MDSAP application.

Key Staff Must be Trained in the additional QMS requirements for MDSAP.

In order to have a successful MDSAP audit, it is essential that the Medical Device Manufacturer’s staff including Top Management, Quality, Regulatory & Operations Staff and Internal Auditors are familiar with these additional QMS requirements and that the requirements are correctly implemented and adhered to within the QMS. For this reason, it is essential that the foregoing groups are properly trained well in advance of any proposed MDSAP audit.

The QMS audit will no longer focus solely on quality

To get the Medical Device Single Audit Program to satisfy the needs of all five Auditing Organizations, compromises had to be made. The result is that MDSAP audits have a wider scope that pulls Regulatory into the fray. You will be asked questions related to regulatory compliance, not just QMS compliance. The MDSAP Audit Model requires review of your entire QMS as well as your device registration processes and regulatory notification (Adverse Event) notification systems. For example, a question that might come up is how your regulatory strategy impacts your product design. Other regulatory-related questions are sure to arise. During the audit you can expect a LOT more emphasis on risk, outsourced activities, validation, and change management.

What can companies do to prepare for the MDSAP?

Although medical device companies are still trying to fully understand all changes the MDSAP will bring, they cannot afford to delay implementation.

Here are three key steps organizations should take as they embark on the road to MDSAP-compliance:

  1. Abandon the paper-based processes

While continuing to bring new innovations to market, many medical device companies have largely relied on out-dated technology. Many maintain manual, paper-based processes, and homegrown, on-premise, legacy systems. There is also a dependency on email to share documents and information. These processes and systems do not support the broad visibility and control needed to meet new requirements, nor do they enable the kind of efficient collaboration with external partners that so many device companies rely on today.

  1. Conduct a portfolio review and gap assessment

All devices need to be reviewed to ensure they are compliant with the guidelines. Overall, the amount of supporting data and documents has increased significantly. Documents such as post-market surveillance plans and reports, post-market clinical follow-up reports, periodic safety update reports, and summaries of safety and clinical performance are all required. Additionally, more emphasis is now placed on clinical evaluation requirements and the required clinical data that must be collected and maintained. In some cases, devices may need to be reclassified which will require additional data, documentation, and ultimately time and resources.

  1. Conduct a technology landscape assessment

Now is the time to evaluate the systems you use across the organization to support clinical, quality, and regulatory. Systems should help improve compliance, mitigate risk, and provide increased visibility and transparency across the organization.


To recap:

Medical device companies need to find ways to increase operational visibility internally and externally, enable transparent content and data management across all functions, and improve efficiency.

How Minerva can help medical device companies meet MDR compliance standards
Increased visibility and continuous collaboration between business functions will be key to maintaining the required permanent compliance with the new regulation. Minerva Medical Device PLM enables companies to unify clinical data management with clinical operations. It puts all data and documents on one system, to enable faster and easier collaboration with one source of truth for shared operational data.

About the author

Thomas Skogen

Thomas is an expert in Supply Chain and Manufacturing Optimization with more than 10 years of experience originating from Medical Device and High-Tech & Electronic Industries. He comes with a background as an Electronics engineer, complemented with a Master in Technology Management. Thomas has held positions in multinational corporations such as Nilfisk, heading the internal optimization program as well as the supply chain organization.

comments powered by Disqus