The International Medical Device Regulators Forum (IMDRF)External Link Disclaimer recognizes that a global approach to auditing and monitoring the manufacturing of medical devices could improve their safety and oversight on an international scale.
The Medical Device Single Audit Program (MDSAP) streamlines regulatory audits for medical device manufacturers by enabling a single audit to satisfy the requirements of multiple regulatory authorities involved in the program.Key international partners participating in MDSAP include:
MDSAP Members:
- Therapeutic Goods Administration of Australia
- Brazil’s Agência Nacional de Vigilância Sanitária
- Health Canada
- Japan’s Ministry of Health, Labour and Welfare, and the Japanese Pharmaceuticals and Medical Devices Agency
- U.S. Food and Drug Administration
MDSAP Official Observers:
- European Union (EU)
- United Kingdom's Medicines and Healthcare products Regulatory Agency (MHRA)
- The World Health Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs) Programme
MDSAP Affiliate Members
- Argentina's National Administration of Drugs, Foods and Medical Devices (ANMAT)
- Ministry of Health of Israel
- Kenya's Pharmacy and Poisons Board (NEW)
- Republic of Korea's Ministry of Food and Drug Safety
- Federal Commission for Protection from Sanitary Risks (COFEPRIS) of Mexico
- Singapore's Health Sciences Authority (HSA)
- TFDA - Taiwan Food and Drug Administration
Medical Device Single Audit Program (MDSAP) - Audit Requirements
| Chapter | Title | Tasks |
|---|---|---|
| 1 | Management |
QMS Planning, Implementation, Changes, and Quality Manual: Develop and maintain a Quality Management System (QMS) including procedures for planning, implementing, and managing changes. Ensure compliance with quality standards and regulations through a comprehensive quality manual. Management Representative: Appoint a management representative responsible for overseeing the QMS and ensuring its effectiveness throughout the organization. Quality Policy and Objectives: Establish a quality policy outlining the organization's commitment to quality and define measurable quality objectives aligned with business goals. Organizational Structure, Responsibility, Authority, and Resources: Define the organizational structure, roles, responsibilities, and authorities required to implement the QMS effectively. Allocate adequate resources to support QMS activities. Management Reviews: Conduct regular management reviews to assess the performance and effectiveness of the QMS, identify areas for improvement, and ensure ongoing suitability and effectiveness. Distribution of Devices with Appropriate Marketing Authorization: Ensure that devices are distributed only after obtaining appropriate marketing authorization and comply with regulatory requirements for distribution. |
| 2 | Device Marketing Authorization and Facility Registration |
Submission for Device Marketing Authorization and Facility Registration: Prepare and submit applications for device marketing authorization and facility registration as required by regulatory authorities. Evidence of Marketing Clearance or Approval: Maintain records of marketing clearance or approval for each device, including supporting documentation from regulatory authorities. Notification of Changes to Marketed Devices or the QMS: Notify regulatory authorities of any changes to marketed devices or the QMS that may affect their safety, performance, or regulatory compliance. |
| 3 | Measurement, Analysis, and Improvement |
Procedures for Measurement, Analysis, and Improvement of QMS Effectiveness and Product Conformity: Develop and implement procedures for measuring, analyzing, and improving the effectiveness of the QMS and product conformity to quality requirements. Investigation of Nonconformity and Potential Nonconformity: Establish procedures for investigating nonconformities and potential nonconformities, determining their root causes, and implementing corrective and preventive actions to prevent recurrence. Corrective and Preventive Actions: Take corrective actions to address nonconformities identified during production or service activities. Implement preventive actions to eliminate the causes of potential nonconformities and improve overall QMS effectiveness. Internal Audits and Management Review: Conduct regular internal audits to verify compliance with QMS requirements and identify opportunities for improvement. Review audit findings and QMS performance during management reviews to drive continuous improvement. |
| 4 | Medical Device Adverse Events and Advisory Notices Reporting |
Notification of Adverse Events: Establish procedures for promptly reporting adverse events associated with medical devices to regulatory authorities and other relevant stakeholders. Notification of Advisory Notices: Notify regulatory authorities of any advisory notices issued by the organization regarding potential risks associated with marketed devices. |
| 5 | Design and Development |
Identification of Devices Subject to Design and Development Procedures: Determine which devices require formal design and development procedures based on their classification and intended use. Design and Development Planning: Develop a comprehensive plan for managing the design and development of medical devices, including defining project scope, objectives, and deliverables. Implementation of the Design and Development Process: Execute the design and development activities according to the established plan, ensuring compliance with regulatory requirements and design controls. Risk Management Activities: Integrate risk management throughout the design and development process to identify, assess, and mitigate potential risks associated with device use. Design Changes and Review Processes: Implement procedures for managing design changes, including documentation, review, verification, and validation activities to ensure changes meet regulatory requirements and do not adversely affect device safety or performance. |
| 6 | Production and Service Controls |
Planning and Control of Production and Service Processes: Develop procedures for planning and controlling production and service processes, ensuring compliance with specifications, standards, and regulatory requirements. Process Validation and Monitoring: Validate production and service processes to demonstrate their ability to consistently produce conforming products. Monitor and measure process performance to identify opportunities for improvement. Control of Nonconforming Products and Rework: Establish controls for identifying, segregating, and dispositioning nonconforming products. Implement rework procedures to correct nonconformities and ensure product compliance. Preservation of Products: Implement measures to protect product integrity and prevent damage or deterioration during handling, storage, and transportation. Installation and Servicing Activities: Develop procedures for installing and servicing medical devices, including verification, validation, and documentation of service activities to ensure device safety and performance. |
| 7 | Purchasing |
Planning and Control Activities Regarding Purchased Products and Outsourced Processes: Define procedures for planning and controlling activities related to purchasing products and outsourcing processes. Evaluate supplier capabilities and establish criteria for supplier selection, evaluation, and re-evaluation. Verification of Purchased Products: Verify the conformity of purchased products to specified requirements before acceptance and use in production processes. Purchasing Control Activities as Source of Quality Data for the Measurement, Analysis, and Improvement Process: Utilize data from purchasing control activities to measure, analyze, and improve the effectiveness of the QMS and product quality. |
| Annex 1 | Audit of Product/Process Related Technologies and Technical Documentation | - Audit of Product/Process Related Technologies and Technical Documentation: Conduct audits to assess compliance with requirements related to product and process technologies, including documentation controls, design and development activities, and process validations. |
| Annex 2 | Audit of Requirements for Sterile Medical Devices | - Audit of Requirements for Sterile Medical Devices: Conduct audits to verify compliance with requirements for the sterilization of medical devices, including validation of sterilization processes, monitoring and control of environmental conditions, and maintenance of sterile packaging integrity. |
| Annex 3 | Medical Device Adverse Events and Advisory Notices Reporting Process Quick Reference | - Medical Device Adverse Events and Advisory Notices Reporting Process Quick Reference: Provide a quick reference guide for reporting adverse events associated with medical devices and issuing advisory notices to ensure timely communication with regulatory authorities and stakeholders. |
| Annex 4 | Requirements for Written Agreements | - Requirements for Written Agreements: Define requirements for written agreements between organizations involved in the design, manufacture, distribution, and servicing of medical devices to ensure clarity and consistency in contractual obligations and responsibilities. |
| Annex 5 | Japan’s QMS Ordinance Revision - Tables | - Japan’s QMS Ordinance Revision - Tables: Provide tables outlining revisions to Japan's Quality Management System (QMS) Ordinance, including changes to regulatory requirements, documentation standards, and audit procedures. |
| Annex 6 | Acceptable Exclusions from an Organization’s Scope of Certification | - Acceptable Exclusions from an Organization’s Scope of Certification: Identify circumstances under which organizations may exclude certain processes or activities from their scope of certification, ensuring transparency and clarity in the certification process. |
Medical Device Single Audit Program (MDSAP) - Audit Process
The Medical Device Single Audit Program (MDSAP) mandates a thorough assessment of medical device manufacturers by an accredited auditing organization specialized in MDSAP protocols. This audit encompasses four key components:- Quality Management Systems (QMS): The audit scrutinizes the manufacturer's QMS to ensure compliance with established standards and regulations. This includes evaluating processes, procedures, documentation, and organizational structure related to quality assurance.
- Regulatory Compliance: Manufacturers undergo rigorous scrutiny to verify adherence to regulatory requirements set forth by relevant authorities. This entails assessing licensing, certification, labeling, and other regulatory aspects to ensure conformity with applicable laws and standards.
- Risk Management: An integral part of the audit involves evaluating the manufacturer's risk management processes. This includes assessing the identification, assessment, mitigation, and monitoring of risks associated with the design, production, and distribution of medical devices.
- Post-market Surveillance: The audit examines the manufacturer's post-market surveillance practices, focusing on their ability to monitor and address device-related issues post-distribution. This involves evaluating procedures for complaint handling, adverse event reporting, and product recalls to ensure prompt and effective responses to safety concerns.
Non-Conformity Grading System as per MDSAP
- Critical Non-Conformity (Grade 1): Critical non-conformities are the most severe and indicate serious deficiencies that pose an immediate threat to patient safety or regulatory compliance. These issues require urgent attention and corrective action to prevent harm to patients or regulatory sanctions. Failure to address critical non-conformities promptly may result in suspension or withdrawal of regulatory approval.
- Major Non-Conformity (Grade 2): Major non-conformities represent significant deviations from regulatory requirements or quality standards that could compromise product safety, effectiveness, or compliance. While not as severe as critical non-conformities, they still require immediate corrective action to prevent recurrence and ensure compliance with regulations. Failure to address major non-conformities in a timely manner may result in regulatory sanctions or restrictions.
- Minor Non-Conformity (Grade 3): Minor non-conformities are relatively minor deviations from established quality management systems or regulatory requirements. While they do not pose an immediate threat to product safety or regulatory compliance, they still need to be addressed and corrected to maintain overall quality and regulatory compliance. Failure to address minor non-conformities may result in escalated scrutiny during subsequent audits or inspections.
- Opportunity for Improvement (OFI): OFIs are observations or suggestions for enhancing the effectiveness or efficiency of quality management systems, processes, or procedures. Unlike non-conformities, OFIs do not indicate deviations from regulatory requirements but rather areas where improvements can be made to enhance overall quality and compliance. While not mandatory, addressing OFIs can help drive continuous improvement and prevent future non-conformities.
Each non-conformity identified during an MDSAP audit is documented, graded according to its severity, and communicated to the manufacturer for corrective action. Manufacturers are responsible for investigating, addressing, and documenting corrective actions for all identified non-conformities within specified timelines. Failure to adequately address non-conformities may lead to regulatory sanctions, including suspension or revocation of regulatory approvals.