Globalization at its best: MDSAP
By: Anne Sophie Dil – Co-Founder at NAALA
Published on 13 December, 2021
Anne Sophie Dil
Co-Founder at NAALA
Published on 13 December, 2021
The world is getting smaller. Or at least: it is getting easier for people, businesses, and goods to travel the world. It is no longer an exception for products to be offered across various national borders. As long as there is a need for the product, there is a market for its provider.
This, of course, applies equally – if not particularly – to medical devices. The need for health care innovation crosses national boundaries, but legislation for it crosses jurisdictional boundaries only to a limited extent.
The Medical Device Single Audit Program (MDSAP) does not change these jurisdictional boundaries, but rather allows medical device companies to enter multiple jurisdictions simultaneously. MDSAP is promised to be a time-saving solution for medical device companies worldwide who want to offer their product across borders. Some of the benefits of MDSAP include:
- decrease of the burden for medtech firms,
- increase of positive and predictable audit outcomes, and therefore
- enabling of medtech firms to plan and conduct audits easier.
MDSAP is not a certificate or legislation, but it is an approach to a cross-border audit. By (successfully) completing the program, medical device companies can make their product available in multiple specific jurisdictions with a single audit.
The objective of the program is to “develop a standard set of requirements for auditing organizations performing regulatory audits of medical device manufacturers’ quality management systems.
The MDSAP process has two outputs, namely:
- MDSAP certificate, and
- MDSAP audit report,
which are used in various ways by the participating authorities.
Five regulatory authorities are involved in MDSAP. These jurisdictions each have different ways of handling the outputs of the MDSAP process:
- Canada
Canada is the only jurisdiction using the MDSAP certificate. The MDSAP certificate is simultaneously the only certificate accepted for medical devices in the Canadian market by the Canadian regulatory authority Health Canada. This means that if a company wants to market a medical device in Canada, it must successfully complete the MDSAP process.
- Brazil
The Brazilian National Health Surveillance Agency ANVISA Brazil utilizes the outcomes of the MDSAP audit report for the pre-market and post-market assessment processes. When a manufacturer desires a new market application in Brazil, they can use the MDSAP audit report in lieu of an audit by ANVISA
- Japan
The Japanese Ministry of Health, Labour and Welfare (MHLW) and Pharmaceutical and Medical Devices Agency (PMDA) utilize the outcomes of the MDSAP audit report in the same manner as Brazil’s ANVISA.
- Australia
The Australian Therapeutics Goods Administration (TGA) utilizes an MDSAP audit report and certificates as part of the evidence that is assessed for compliance with medical device conformity assessment procedures and market authorization requirements.
- United States
The U.S. Food and Drug Administration (FDA) uses the MDSAP audit report as a substitute for routine audits. The MDSAP audit reports are not accepted for audits related to Premarket Approval, due to lack of regulatory convergence.
The European Union has decided that they could not be full members in spring 2014, as they were at the time in the middle of deciding whether to continue with a medical device directive or proceed with a regulation (which, spoiler alert, ended up in the Medical Devices Regulation).
The EU now is involved as an observer in the program (as well as the United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA) and the World Health Organization (WHO)). This means that they observe and/or contribute to the activities of the Regulatory Authority Council (the governing body of the MDSAP), but the program does not provide “access” to the European market.
However, the European Commission’s Medical Devices Coordination Group (MDCG) has issued guidelines for notified bodies, which conduct audits in the EU to obtain access to the European market (with a CE mark). With these guidelines, the EU encourages notified bodies to use the MDSAP audit reports in a way that is consistent with the European legislation for medical devices quality management systems. This, of course, is partly due to the fact that ISO 13485:2016 is both part of the material scope of the MDSAP approach, and is a fundamental part of the requirements for medical device quality management systems in the EU.
Since surveillance audits, their periodicity, and the powers of EU auditors (notified bodies) are prescribed by (European) law, these should be enforced. However, according to the MDCG, it would be possible for notified bodies to use the scope and results of recent MDSAP audit reports as input when developing surveillance audit programs. This would allow the notified body to focus its audits on specific requirements from the MDR that are not covered or only partially covered by the MDSAP audit report.
MDSAP is an approach for medical device manufacturers to be audited for compliance with ISO 13485:2016, and additionally with regulatory requirements of the different medical device markets. Thus, the quality management system must be appropriately implemented and meet all the requirements of:
- ISO 13485:2016,
- the Quality Management System requirements of the Conformity Assessment Procedures of the Australian Therapeutic Goods (Medical Devices) Regulations,
- Brazilian Good Manufacturing Practices,
- Japanese QMS Ordinance,
- the Quality System Regulation of the US FDA, and
- specific requirements of medical device regulatory authorities participating in the MDSAP program.
With MDSAP, in addition to the quality management system, the design and manufacturing processes, and all other activities related to the medical device are audited.
When you will undergo an MDSAP audit, the following is important:
- Identify the territorial scope
You don’t have to choose to conduct an audit for all jurisdictions. Each participating authority has specific regulatory concerns that you will need to meet to successfully pass the MDSAP audit, so you can choose to scope only the authorities in the countries where you want to enter the market.
- Conduct a gap analysis
Through a gap analysis, you can determine the extent to which you are already fulfilling the requirements that apply to the MDSAP audit within the scope you have established.
- Prepare the audit checklist
The MDSAP audit is always conducted in the form of an audit checklist. This allows you to know exactly what to expect when you will undergo an MDSAP audit, and allows you to properly prepare for the audit
- Conduct an internal audit
In order to give sufficient substance to the requirements of the MDSAP, internal audits must be carried out on the quality management system. One may choose to outsource this, as specific knowledge and independence is necessary to perform a sufficiently critical internal audit.
An audit according the MDSAP approach consists of two stages:
- Stage 1 a document review and readiness evaluation of the manufacturer to undergo a stage 2 audit, and
- Stage 2 an evidence review to determine if all applicable QMS requirements of ISO 13485 and all other applicable regulatory requirements from participating regulatory authorities have been effectively implemented.
The MDSAP audit follows a standard sequence of chapters, each consisting of a number of tasks. The chapters addressed in the MDSAP audit approach are as follows:
- Management
- Device marketing authorization and facility registration
- Measurement, analysis and improvement
- Medical device adverse events and advisory notices reporting
- Design and development
- Production and service controls
- Purchasing
The manufacturer should ensure that all the tasks within the chapters are completed. To illustrate, task 1 of chapter 1 of the MDSAP reads as follows:
QMS Planning, Implementation, Changes and Quality Manual
Confirm that quality management system planning is performed to ensure that all required processes are identified, documented, implemented, monitored and maintained in order to conform to the applicable requirements and meet quality objectives.
Verify that changes to the quality management system are managed to maintain the conformity of the quality management system and of the devices produced.
Verify that a quality manual has been documented.
Clause and Regulation
ISO: ISO 13485:2016: 4.1.1, 4.1.2, 4.1.3, 4.2.2., 4.1.4, 5.4.2
TGA: TG(MD)R Sch3 P1 1.4(4)
ANVISA: RDC ANVISA 16/2013: 2.1, 5.6
MHLW/PMDA: MHLW MO169: 5-1, 5-2, 5-3, 5-4, 7, 14
FDA: 21 CFR 820.20
Additional country-specific requirements.
Questions? We are happy to discuss your specific case.
Related
To date, FDA’s CDRH is responsible for ensuring reasonably safe and effective medical devices on the US market. Class I and II devices are either 510(k) exempt or require a 510(k) notification in order to…
The IMDRF and its essential principles of safety and performance have the ability to help manufacturers design and manufacture (in vitro diagnostic) medical devices while reducing costs due to jurisdictional differences. Conformity is a prerequisite in most countries as conformity assessments and classification apply universally…
It is no longer newsworthy: the United Kingdom has left the European Union. This has consequences, including for the application of European laws and regulations. The UK has chosen not to implement the European Medical Devices Regulation (EU MDR) and European In-Vitro Diagnostics Regulation (EU IVDR) during the transition period. Nevertheless, the UK market remains an interesting one, which many manufacturers of (innovative) medical devices would like to tap into. What rules should be considered when placing a medical device on the UK market….