The Medical Device Single Audit Program (MDSAP) is an initiative designed to allow medical device manufacturers to undergo a single audit that satisfies the regulatory requirements of multiple countries, including the United States. For MDSAP registration, the audit process evaluates whether a manufacturer’s Quality Management System (QMS) complies with the applicable regulations of all participating countries, including the FDA's regulations for the United States.

The audit standards for MDSAP are based on several key frameworks, regulations, and international standards, which include:

1. FDA's Quality System Regulation (QSR) - 21 CFR Part 820

• FDA QSR is the primary U.S. regulatory framework for medical device manufacturers. The MDSAP audit ensures that the manufacturer’s QMS complies with these requirements. Key areas of the audit include:
  • Design controls (21 CFR 820.30)
  • Production and process controls (21 CFR 820.70)
  • Corrective and preventive actions (CAPA) (21 CFR 820.100)
  • Supplier controls (21 CFR 820.50)
  • Device labeling requirements (21 CFR 801)

2. ISO 13485:2016 - Medical Devices – Quality Management Systems

• ISO 13485:2016 is an international standard that outlines the requirements for a QMS specific to the medical device industry. It is one of the primary standards used in MDSAP audits and serves as a guideline for implementing effective QMS practices. The audit assesses how well the manufacturer’s QMS aligns with ISO 13485 principles, including:
  • Management responsibility
  • Resource management
  • Product realization
  • Measurement, analysis, and improvement
• ISO 13485 also provides requirements for risk management (ISO 14971), supplier management, and post-market surveillance.

3. ISO 14971:2019 - Risk Management for Medical Devices

• Risk management is a critical part of medical device regulation, and the MDSAP audit checks compliance with ISO 14971, which outlines the process for identifying hazards, assessing risks, and controlling risks throughout the product lifecycle. It includes:
  • Risk analysis and evaluation
  • Risk control measures
  • Post-market risk management activities

4. Regulations of Other Participating Countries

MDSAP audits also evaluate compliance with the regulatory requirements of the countries participating in the program. For the United States, this involves aligning with the FDA’s QSR, but manufacturers must also comply with the requirements of the following countries:

• Canada: Health Canada's Medical Device Regulations (MDR) and Medical Device Single Audit Program (MDSAP) requirements.
• Brazil: The ANVISA (Agência Nacional de Vigilância Sanitária) regulations for medical devices.
• Australia: The Therapeutic Goods Administration (TGA) regulations.
• Japan: The Pharmaceuticals and Medical Devices Agency (PMDA) regulations.

5. MDSAP-Specific Audit Criteria

• The MDSAP audit itself is guided by specific criteria outlined by the MDSAP Audit Model, which includes a comprehensive evaluation of the manufacturer’s QMS, its processes, and documentation. The audit follows the requirements set forth by all participating regulatory bodies and ensures that a manufacturer is adhering to the appropriate national and international standards.
• The criteria include:
  • Compliance with QMS regulations (as outlined above)
  • Processes for ensuring the safety, effectiveness, and quality of the device throughout its lifecycle
  • Documenting and reporting of complaints, nonconformities, and corrective actions
  • Post-market surveillance and vigilance processes
  • Periodic audits and inspections of production facilities
  • Review of the device's lifecycle, from development to post-market monitoring

6. Audit Process and Procedures

• The MDSAP audit is conducted by an MDSAP-recognized auditing organization. These organizations are accredited by the MDSAP Regulatory Authorities to assess QMS compliance against the audit standards.
• The audit includes:
  • Document Review: Assessing QMS documentation and records for compliance with relevant regulations.
  • On-site Inspections: A physical inspection of the manufacturing facility and processes to verify the effectiveness of the QMS.
  • Interviews: Discussions with personnel to confirm the understanding and application of QMS procedures.
  • Product Inspections: Reviewing the production of representative devices to ensure adherence to QMS procedures and regulatory requirements.

7. Audit Outcomes and Findings

• After the audit, the auditor will issue a report that includes:
  • Findings: Any non-conformities or areas where the manufacturer does not meet the regulatory requirements.
  • Corrective Actions: The manufacturer may need to implement corrective actions to address any findings.
  • MDSAP Certificate: If the manufacturer’s QMS is compliant with the relevant standards and regulations, they will receive an MDSAP certificate, demonstrating compliance with the FDA QSR and other participating country regulations.

Key Audit Standards Summary:

1. FDA QSR (21 CFR Part 820)
2. ISO 13485:2016
3. ISO 14971:2019
4. Regulations from other MDSAP participating countries (Canada, Brazil, Australia, Japan)
5. MDSAP-specific criteria and audit model covering comprehensive QMS evaluation

Conclusion:

The MDSAP audit standards for medical device registration in the United States primarily focus on ensuring that a manufacturer’s Quality Management System (QMS) aligns with FDA’s Quality System Regulation (QSR), ISO 13485, and other international standards. The audit also evaluates compliance with the regulatory requirements of other MDSAP participating countries, making it an efficient way for manufacturers to demonstrate their regulatory compliance across multiple markets.