Medical Device Single Audit Program (MDSAP) updates audit process

MDSAP audit documentation includes update to MDSAP Companion Document

TheMedical Device Single Audit Program - MDSAP - was developed by the International Medical Device Regulators Forum (IMDRF) to conduct regulatory audits of quality management systems (QMS) of manufacturers of medical devices.

The MDSAP audit is based on ISO 13485:2016 with the applicable regulatory requirements of the participating jurisdictions – Australia, Canada, Japan, Brazil, USA – included as areas of focus. Audits conducted to MDSAP follow a closely prescribed process of defined tasks that the auditors have to perform. An MDSAP audit uses a process approach, based on a foundation of risk management, to select samples of procedures and records to examine.  The audit is focused on how risks are identified and addressed. The audit process is described in the MDSAP Audit Model.

The MDSAP Companion Document originally identified the audit tasks that have to be covered and the links to the applicable regulatory requirements for participating jurisdictions. In September 2020, the Companion Document was combined with the description of the MDSAP Audit Approach in a single document. This updated, combined MDSAP Audit approach document did not make fundamental changes to the audit process but there are some minor changes to a few of the audit tasks. Changes in the updated document provide clarification on some of the audit tasks, particularly in relation to some of the regulatory requirements from MDSAP participating jurisdictions. The updated document also includes a new Annex containing a quick reference guide to the reporting timeframes for adverse events and advisory notices for the MDSAP jurisdictions.

The minor changes incorporated into the document are all listed in a summary of changes from the prior revision. Minor modifications to a few of the audit tasks include:

• Addressing the expectations for the term ‘documented’ and the evidence of QMS planning in the Management Process;
• Indicating that special attention is to be paid in the Device Marketing Authorization and Facility Registration Process if there are instances when devices have been marketed to jurisdictions where marketing authorization has not been obtained;
• Emphasizing the need to assess the link between design changes and the need for market authorization, also in the Device Marketing Authorization and Facility Registration Process;
• Confirming that information from the organization’s analysis of quality data should be used to inform the selection of specific products and processes to audits in the Design and Development, Production and Service Controls, and Purchasing processes;
• Adding criteria for selecting complaints for review and reference to post-market surveillance activities in the tasks for the Measurement Analysis and Improvement process;
• Revising audit tasks to focus on the organization’s processes for evaluating complaints for potential individual adverse event reports and evaluating quality issues for potential advisory notices, also in the Measurement Analysis and Improvement process;
• Indicating that post-production feedback is to be used for maintaining product requirements and improving product realization processes in the Design and Development Process;
• Adding reference to design inputs to the manufacturing process and examples of design output documents in the assessment of conformity of the Design and Development process;

Organizations participating in MDSAP will want to make note of the changes in the audit tasks and consider if these will affect their preparation for initial or surveillance audits under MDSAP. The training material for MDSAP audits is available on the US FDA website under CDRH Learn (go to Postmarket activities  – Inspections – Global Harmonisation). MDSAP documents are also publicly available. There is additional material on the BSI website providing information on MDSAP. Resources to help are also being included in BSI’s Compliance Navigator.

Author: Eamonn Hoxey, of E V Hoxey Ltd, UK, is a writer, trainer and consultant on a range of life science areas including regulatory compliance, quality management, sterility assurance and standards development