Join industry expert, Danny Kroo, key takeaways from the session include: 1. What is MDSAP and when should you consider it? 2. How to prepare for an MDSAP certification audit 3. What are common nonconformities issued by auditing organizations
This presentation originally aired during the 2022 Global MedTech Regulatory Trends Virtual Summit.
Call Girls Chennai Megha 9907093804 Independent Call Girls Service Chennai
MDSAP Success and Failures Guide
1. MDSAP: Success and Failures
By Danny Kroo,
Docusys Corporation
August 31, 2022
Copyright Docusys Corporation 2022
2. Agenda
• Introduction to MDSAP
• MDSAP process with Auditing Organization
• Common Failures with MDSAP audits
• How to be Successful with MDSAP audits
Copyright Docusys Corporation 2022
3. Introduction- About Danny Kroo
• President of Docusys Corporation- Assisting organizations to comply
with quality management and regulatory affairs.
• Documentation , implementation and training services
• Internal audit services (ISO 13485:2016, MDSAP, EU MDR, ISO 9001,
AS9100, AS9120)
• Medical device lead assessor for notified body
• Created a course at McGill University Biomedical Engineering
department “Medical Devices: Regulatory affairs and Quality
Management
Copyright Docusys Corporation 2022
4. What is MDSAP?
Medical Device Single Audit Program ( MDSAP) is a regulatory audit
program that was jointly developed by several jurisdictions.
It allows a medical device manufacturer to have a single quality
management system audit to satisfy the requirements of all
participating regulatory authorities.
Copyright Docusys Corporation 2022
7. • MDSAP Official Observers:
• European Union (EU)
• United Kingdom's Medicines and Healthcare products Regulatory Agency
(MHRA)
• The World Health Organization (WHO) Prequalification of In Vitro Diagnostics
(IVDs) Programme
MDSAP Affiliate members are:
• Argentina's National Administration of Drugs, Foods and Medical Devices
(ANMAT)
• Ministry of Health of Israel (NEW)
• Republic of Korea's Ministry of Food and Drug Safety
• Singapore's Health Sciences Authority (HSA)
Copyright Docusys Corporation 2022
8. MDSAP Program Objectives
• Develop, manage, and oversee a single audit program that
will allow a single regulatory audit to satisfy the needs of
multiple regulatory jurisdictions
• To promote greater alignment of regulatory approaches and
technical requirements
• To promote consistency, predictability, and transparency of
regulatory programs
Copyright Docusys Corporation 2022
9. MDSAP Benefits
Single Audit used instead of multiple separate audits/ inspections by
participating regulatory authorities:
Reduction of Number of audits/ inspections
▪ Optimization of time and resources spent/used in audits activities.
▪ Reduction of audit costs
Flexibility : Medical device manufacturers are free to choose among all
authorized auditing organizations to perform the audits.
▪ Routine audits are announced and planned with the manufacturer.
▪ Audits performed by auditors who know the company already
(certification bodies)
Copyright Docusys Corporation 2022
10. MDSAP Benefits
Improved predictability of audits’ outcomes :
▪ Auditing organizations monitored by the participating Regulatory
Authorities,
▪ Usage of a standard MDSAP audit approach
▪ Usage of same grading process of nonconformities
▪ Usage of standard report template to report audits’ outcomes
Commitment to quality and compliance : enrolling in the MDSAP is
considered as an evidence of a medical device manufacturers’ commitment
to product quality and regulatory compliance.
Copyright Docusys Corporation 2022
11. MSDAP Program Distinctions
• No additional requirements for manufacturers
• Single audit optimizes time and resources
• Routine audits are scheduled/planned with AO
• Expected to improve predictability
• Expected to add additional Regulatory Authorities
Copyright Docusys Corporation 2022
Criteria ISO 13485 MDSAP
Program Customer Manufacturer Regulator
Output of success Certificate Report & Certificate
Auditing Organizations Qualification Competent Body Regulators
Nonconformance grading Major/Minor 1, 2, 3, 4, 5
12. MDSAP Overview
Use of outputs of MDSAP audits
Copyright Docusys Corporation 2022
Australia Brazil Canada Japan USA
Use as part of evidence
to assess compliance
with MD market
authorization
requirements
Input for ANVISA’s
premarket and post-
market assessment
procedures
Concurrent with
CMDCAS until ends in
late Dec 2018
Report might be utilized
for a desk review for
class 2,3,4 in lieu of a
premarket inspection
performed by PMDA or
registered certification
bodies in Japan
Substitute for Routine
Inspections only.
Not for PMA, “For
Cause” or “Compliance
Follow-up”
Audits in lieu of ANVISA
inspection to grant
GMP certs for class 3,4
Use of certificate for
obtaining/maintaining a
Class 2,3,4 device
license
Report might also be
utilized for periodic
post market inspections
Report review with
scrutiny on significance
of findings
For renewal of ANVISA’s
GMP certs bi-annually
From January 2019,
Health Canada will only
accept MDSAP
certificates
Reports will be used in
review of on-site
inspection for eligible
sites so as to obtain a
QMS certificate
May use Warning Letters
if conclusion of
imminent/unreasonable
risk to public health
14. MDSAP Audit Cycle
• Three Year Audit Cycle
• Initial Audit (Stage One & Stage Two)
• Surveillance Audits (Years 1 and 2)
• Re-audit (Recertification Audit)
• Note that not all Regulatory Authorities require “certificate”
• Other Possible Audits
• Special Audits
• changes, nonconformances, suppliers, post-market issue follow-up
• Audits by Regulatory Authorities
• Unannounced Audits (to close major nonconformances)
Copyright Docusys Corporation 2022
15. MDSAP Requirements
• ISO 13485 plus applicable Country-specific requirements
• A separate report is required per site.
• To recommend certification to MDSAP all applicable processes
and jurisdictions must be audited.
• There is no sampling of design and manufacturing sites
permitted in the MDSAP program.
• All RA’s in the program get copies of submitted reports
Copyright Docusys Corporation 2022
16. MDSAP Process Based Approach
Different from the traditional checklist-style audit.
Similar to FDA’s QSIT (Quality Systems Inspection Technique)
Auditors assess the conformance of a process to regulatory
requirements and effectiveness of the process in producing the
desired results.
This approach reviews individual processes and the
interrelationships and connections between them, which allows
organizations to understand both their level of conformance and
the effectiveness of their quality management system (QMS).
Copyright Docusys Corporation 2022
17. MDSAP Process Based Approach
Auditing organization (AO) will:
▪ review procedures,
▪ map the process, and then
▪ ask auditees about the process to determine if their responses align
with the procedure and if the process is effective in achieving desired
results.
▪ analyze process performance against targets (e.g., nonconforming
parts, product defects, product quality, and reliability targets) and
planned results.
▪ evaluate the handling of process/product nonconformities and
effectiveness of the resulting corrective and preventive actions.
Copyright Docusys Corporation 2022
18. MDSAP Audit Sequence
Purpose of the sequence- to provide a logical, efficient roadmap for AO
and ensure consistency across auditors.
The audit sequence contains :
Four primary processes (Management; Measurement, Analysis, and
Improvement; Design and Development; and Production and Service
Controls),
An enabling process(Purchasing), and
Two supporting processes (Device Marketing Authorization and Facility
Registration, appearing in two spots below, and Medical Device Adverse
Events and Advisory Notice Reporting).
Copyright Docusys Corporation 2022
20. MDSAP Audit Sequence
Each MDSAP process area includes:
• Audit objectives and
• A series of tasks that auditors use to determine compliance with ISO
13485 and
• Applicable regulatory requirements of the countries participating in the
program (Australia, Brazil, Canada, Japan, and the US).
Copyright Docusys Corporation 2022
21. MDSAP Audit Sequence
Audit sequence:
Start and end each audit with the management process.
Perform the audit tasks within each process area to determine if the process
outcomes and purpose are achieved.
Focus on linkages between processes (interrelationships).
Assess risk control activities throughout the audit.
Document nonconformities, paying special attention to the potential
interrelationship of nonconformities.
Copyright Docusys Corporation 2022
22. MDSAP
• Uses GHTF Document
SG3/N19:2012 - Nonconformity
Grading System for Regulatory
Purposes and Information Exchange
• Definition of nonconformity
unchanged – non-fulfillment of
requirement
• Creates a quantitative grading
system
Copyright Docusys Corporation 2022
Nonconformity Grading
23. MDSAP Nonconformity Grading - Final
Maximum grade is a 5.
Copyright Docusys Corporation 2022
QMS Impact
Direct
3 4
Absence of Process
or Procedure +1
Indirect
1 2
Led to
Nonconforming
devices on market
+1
First Repeat
Occurrence Escalation Criteria
24. Failures
1. MDSAP is a regulatory audit not just for ISO 13485:2016
Some organizations just believe that MDSAP is ISO 13485:2016 + regulatory
requirements
Organizations need to adjust their own internal audit process to better align
with the MDSAP audit.
2. Clarify scope and role of organization depending on jurisdiction
3. Change Control (4.1.4) is an area where new organizations to MDSAP have
issues. Changes are reviewed when auditing each of the processes.
Copyright Docusys Corporation 2022
25. Failures
4. Outsourcing and purchasing controls. Example outsourced production-
auditor expectation is to review production records. Same with design.
5. Meeting regulatory requirements and addressing new regulatory
requirements.
- example: Biocompatibility testing on material but should be done on
sterilized product
-Incomplete standards referenced. Electrical device without IEC 60601.
Copyright Docusys Corporation 2022
26. Success factors- Preparation
1. Train key staff and process owners on MDSAP requirements
2. Document basic Regulatory Requirements from Each of the Five
MDSAP Jurisdictions that are applicable to your QMS. Could cover the
presence of technical documentation, and compliance with vigilance
and incident reporting regulations.
3. Perform a thorough audit covering all the design and production tasks
for the product selected. If there are 2 products that are candidates
for selection, audit both of them.
4. Spend time auditing the previous CAPA issued at MDSAP audits and
previous internal audits.
Copyright Docusys Corporation 2022
27. Success factors- Preparation- Internal audit
1. Perform an internal audit simulating the sequence and task questions.
Allows auditees the chance to practice to answer questions and
understand the thought process for audit trails.
2. When selecting the product in design or production, select the ones that
had changes since the last audit or are considered the highest risk. If all
are same risk class, select the product that is sterile or was not audited in
the previous audit.
3. Perform a thorough audit covering all the design and production tasks for
the product selected. If there are 2 products that are candidates for
selection, audit both of them.
4. Spend time auditing the previous CAPA issued at MDSAP audits and
previous internal audits.
Copyright Docusys Corporation 2022
28. MDSAP Audit Preparation Tips
• Create your own report card. Examine your past nonconformities from
your AO and internal audits, and grade them using the MDSAP
nonconformities grading system. This will give you an internal report card
that can be useful in elevating the importance of the initiative to
management if resources are scarce.
• Open a CAPA for gaps and be sure to make progress. Even if an AO finds a
nonconformance during the audit, having a CAPA in progress minimizes the
sting as long as the appropriate containment is effective.
• Be prepared to address regulatory issues. MDSAP audits have a broader
scope that pulls regulatory into the fray. You will be asked questions related
to your registration processes, adverse event notification system, how
regulatory strategy impacts product design, and more. Expect a heavy
emphasis on risk! Make sure you have someone from Regulatory on your
audit team.
Copyright Docusys Corporation 2022
29. Success factors- Preparation- MDSAP audit
1. Train several persons to work on retrieving documents- back room.
2. Stage the documents and records that will be asked for fast retrieval.
3. Review the MDSAP audit schedule and ensure that you have someone assigned
to answer questions on each topic. Translate the audit tasks.
4. Ask everyone assigned to respond to auditor questions to read through the tasks
in the Audit Approach document.
5. When an issue comes up , ask the auditor to clarify and indicate what task is
being audited.
6. Do not argue with the auditors, ask questions to better understand the issue,
the requirement and the origin of the requirements.
Copyright Docusys Corporation 2022
30. What to Expect
• Stage 1 audit focused on evaluating your QMS documentation.
• Will want to see if you are prepared for the stage 2 audit, during which
they will assess your actual compliance with ISO 13485 plus the specific
nuances of the United States, Japanese, Canadian, Australian and Brazilian
QMS requirements.
• In years 1 and 2 following your initial certification audit, the AO will
conduct surveillance audits focusing on any changes to your products or
QMS processes during the previous year.
• After three years, the AO will return to conduct a recertification audit. The
surveillance audits differ from your initial certification audit because they
will focus on evaluating your ability to continue meeting QMS
requirements under the MDSAP.
• After that, the cycle continues—two annual surveillance audits followed by
a recertification audit.
Copyright Docusys Corporation 2022
31. Managing the Initial Certification Audit
• Likely have two auditors at your door who will probably split up,
which means you may need to have two escorts, two sets of subject
matter experts (SMEs), and maybe even two conference rooms
available.
• Recommend having only one “back room” where you store
documents for easy access and so you can compare notes on where
each auditor is going.
Copyright Docusys Corporation 2022
32. Managing the Initial Certification
• Use the published MDSAP Audit Approach to figure out where the
auditor will go next. Remember that this is their guide and by
studying it you can anticipate which links might be followed and what
questions may come next.
• The audit is timed, with very specific durations for each process. This
means you have to produce documentation very quickly. Consider
pre-printing documents or using a dedicated folder with electronic
versions that can be quickly accessed.
• Also, if you have some physical documents that are available only in,
for example, your supplier, call ahead for the documents.
Copyright Docusys Corporation 2022
33. Maintaining MDSAP Compliance and Being Mindful
of the “Process Approach”
• After you (hopefully) pass your initial certification audit, you’ll need
to adjust your ongoing internal audits to align with MDSAP.
• MDSAP audits follow a process approach. This means an AO auditor
may follow linkages and threads, whereas an internal auditor will
usually look at one functional area at a time.
• For example, if an AO auditor is examining Receiving and Inspection,
he/she may ask about process inputs such as where the testing
methods and specifications originate. The answer is likely Design, so
the auditor may decide to visit R&D next.
Copyright Docusys Corporation 2022
34. Internal Auditing Issues- Qualification of auditors
• Some medical device companies have an auditing department at the
enterprise level that audit many sites within the organization.
• They can simulate the MDSAP schedule and be at one site for a week, and
then not return for a year.
• Smaller companies really have to organize and plan so they can cover all
the processes that will to be addressed during the actual MDSAP audit. The
key is to plan and document the rationale for your approach. Smaller
companies sometimes outsource the audit due to resource issues.
• Qualification of MDSAP internal auditors for various jurisdictions is
sometimes difficult to prove. Training and/or outsourcing are potential
solutions.
Copyright Docusys Corporation 2022
35. Audit Approach- Take Note
1. Does not contain the actual requirements from the various
regulations. Auditors must have access to the applicable regulations
from each of the five MDSAP countries in order to make compliance
determinations.
2. Does not necessarily refer to all of the requirements that apply from
the individual participating countries e.g. need to validate spreadsheets
that contain Quality Records.
3. There are no references (within the body of the text) to additional
regulations, from individual countries, that may apply e.g. 21 CFR Part
11 for Electronic Records and Electronic Signatures
Copyright Docusys Corporation 2022
38. Look at MDSAP Audit Approach document to verify the tasks
Copyright Docusys Corporation 2022
39. Tasks in Audit Approach Example
Copyright Docusys Corporation 2022
40. Tasks in Audit Approach Example
Copyright Docusys Corporation 2022
41. Tasks in Audit Approach Example
Copyright Docusys Corporation 2022
42. Tasks in Audit Approach Example
Copyright Docusys Corporation 2022
43. Summary- Keys to Success
• Planning
• Organizing documents and records to be easily retrievable for the
audit
• Reviewing the tasks in Audit Approach
• Conducting a Gap Analysis
• Ensure that any previous MDSAP nonconformities have been
resolved.
• Ensure that regulatory requirements are documented.
Copyright Docusys Corporation 2022
44. Contact Information
• LinkedIn Danny Kroo
• Website: www.docusys.ca
Do not hesitate to contact me to ask questions.
There is no charge or obligation
Copyright Docusys Corporation 2022