The Medical Device Single Audit Program (MDSAP) was introduced in 2014 for a three-year pilot program to allow a single audit that ensures the regulatory requirements for participating countries are satisfied.
Medical Device Network spoke to NSF International’s executive director Brian Ludovico about the advantages of joining the MDSAP and the future of this international program.
Why was MDSAP introduced?
Brian Ludovico: MDSAP was designed so that the regulators of five different jurisdictions, Canada, Australia, Brazil, the US, and Japan could jointly leverage third party resources to conduct audits of medical device manufacturers.
Those third parties would then audit the manufacturers under ISO 13485 and, in doing so, include the regulations of those jurisdictions if the customer was selling into those areas. At the time, the regulatory authorities recognised that there were notified and certification bodies doing much the same as what they do, which is audit against quality and regulatory.
Under the MDSAP, regulatory authorities hoped these groups could do more work and save resources so that they could spend valuable time focusing on the bigger manufacturers, or high-risk manufacturers, and really hone in on deeper impacting regulatory issues.
Now it has blossomed into a fully-fledged programme in its own right. It’s a misnomer that it is a FDA programme. It is a consortium equally shared by those five jurisdictions.
Do you see the programme expanding beyond those jurisdictions?
BL: I have been told that it won’t expand based on membership. New countries that want to get involved will adopt the MDSAP processes and more importantly will accept MDSAP reports but it’s not necessarily something where membership beyond the current five jurisdictions will expand.
Now, I don’t have a crystal ball. It is more likely to be adopted by those other countries depending on contractual agreements and a lot of other factors.
For instance, the EU does not act as ‘one group’, but rather a group of 28 member states. As such, any negotiation with other jurisdictions is not done as a single vote or signature, it involves all 28. This makes contractual discussions and agreements very difficult.
Right now, the European Union (EU) and the World Health Organisation (WHO) are both official observers. That means their opinions are listened to, things are run by them, so that a more global approach is taken into consideration in an effort to improve the Program.
People are asking when the EU will join MDSAP. We don’t see them as joining the programme; optimism hopes for some sharing of information, so that if someone was to show a certificate for MDSAP, the EU would say, that’s good enough for us in some capacity. But that could all change.
Remember that the EU system includes a review of the technical information related to the product, while MDSAP is focused on the quality management system. We have seen that Annex I of the MDSAP Model outlines the requirements for technical documentation. This was brought about to not only address the ISO 13485:2016 requirement under clause 4.2.3, but also based on the acceptance of EU-style technical documentation, largely due to the Australian-EU agreements.
What are the advantages to joining MDSAP?
BL: There are a lot of benefits. The groups that are spending money and putting resources towards becoming an Auditing Organisation (AO) are already certification bodies of some kind, and in most cases, Notified Bodies.
So the first benefit is that the organisation will be audited by the same groups that they have been using for many years. There’s a familiarity with the people that they already know.
You’ll also, hopefully, have MDSAP rolled into your current auditing schedule. MDSAP does not add any more regulations to an organisation beyond what is already there. There are no extra hoops to jump through if you’re already selling in that jurisdiction.
Another benefit is you’re getting up to five additional jurisdictions at one time in a single audit. You may have more auditors, more days and maybe a new expert on the team, but it’s a small price to pay for familiarity, the same audit schedule, and no more of an arduous process.
How can NSF help?
BL: If an AO performs a preparatory or mock audit and they’re also doing your certification audit, anything that was found as a non-conformity in your mock, can and will be written up as a recurring non-conformity in your certification audit and escalated to the next risk grade. That is perfectly acceptable under MDSAP.
But if you use an organisation other than the group that does your certification, anything that’s discovered in the mock, will not be used in the certification audit. A lot of people don’t know that.
That’s where NSF comes in. If we do your mock audits, we’ll run through the whole MDSAP process and if we find non-conformities, you’re in no way obligated to tell your auditing organisation when they come in to do the certification audit. It will not be visible to them.
And who better to use than a group that knows all about MDSAP. We have on our staff ex-regulators from the MDSAP participating jurisdictions, the EU, and the WHO, all of whom were involved in the development and implementation of the MDSAP Program.
It behoves the company to have that kind of expertise come in and check them out so that they don’t fail when the real audit happens.