The document provides an overview of the Medical Device Single Audit Program (MDSAP), which allows manufacturers to consolidate regulatory audits from multiple countries, including the USA, Canada, and Australia, into a single audit to streamline the approval process and reduce costs. It outlines the audit process, transition year changes related to ISO 13485:2016, and the regulatory impacts in different regions. It also emphasizes the importance of proper quality management systems and offers consulting services to assist companies in preparing for MDSAP audits.

1. Understanding the Medical Device
Single Audit Program
Presented by:
Kyle Rose
President

2. Today’s Agenda
Introduction 2 min.
What is MDSAP 3 min.
Audit Scheduling and Application 5 min.
MDSAP Audit Prep 10 min.
Transition Year 10 min.
Conducting the Audit 10 min.
Regulatory Impact 10 min.
Questions? 10 min.

3. About the Presenter
Kyle Rose (CQA) is the President of Rook
Quality Systems, a consulting firm
dedicated on helping startup to mid-
sized medical device companies develop
and maintain effective and efficient
quality systems.
Rook Quality Systems provides specialized and
custom consulting services for all classes of
medical devices, medical software,
and combination devices. We work with you to
outline your quality and business goals to develop
innovative and efficient practices that improve
compliance and quality.
The development of a new medical device or
software is regulated by the FDA or an
International Regulatory Body. This process is the
foundation for the success of your device and
company. Rook Consultants help focus your
expertise during the development phase of your
device for market and patient success while
capturing the required documentation for device
approval.
After market approval of your device, the Quality
System becomes an even larger component of
your company. Rook consultants have designed
dozens of custom quality systems for all sizes of
companies and will assist in the creation of the
perfect Quality System for your device and
regulations.

4. What is MDSAP?
• Medical Device Single Audit Program
The MDSAP program has allowed us to consolidate the global regulatory assessment process across
multiple international locations, reducing internal costs while increasing the overall predictability of
these efforts across our global footprint. By minimizing disruption to our business, we can focus on
delivering the safest, most effective and technologically advanced products possible.
MDSAP allows any medical device manufacturer to contract with an MDSAP recognized Auditing
Organization to have a single regulatory quality management system audit that meets the
requirements of all participating Regulatory Authorities.

5. What is MDSAP?
• Who is Involved
The Five Initial Participating Regulatory Authorities (RA):
• USA – FDA
• Australia - TGA
• Japan - MHLW
• Canada – Health Canada
• Brazil - ANVISA
Each country defines how MDSAP outcomes are used within its jurisdiction in accordance with its
legislation and regulatory framework.

6. Who conducts the audit?
• Auditing outsourced to Auditing Organizations
Process Similar to ISO and CE Mark Audits
• The organization shall request a quote from an Auditing Organization for the MDSAP quote
and schedule the audits.
• Auditors will conduct the audits as planned to the scope of products documented to be under
the MDSAP
• Stage 1 Audit Year 1
• Stage 2 Audit Year 1 a few weeks after Stage 1
• Surveillance Audit years 2,3
• Recertification Audit year 4

7. Who conducts the audit?
• List of approved Auditing Organizations (AO)
• BSI
• Dekra
• SGS
• TUV
• DQS MED
• LNE
• INTERTEK
• Lloyds Register LRQA
• NSF
• NSAI
• UL
• SAI Global

8. Completing MDSAP Registration?
Select an AO or get quotes from multiple
• Check status of auditors to ensure availability for your companies schedule
• Very busy year for AOs ISO 13485:2016, MDSAP, and ISO 9001:2015 all in transition phase.
• Complete forms for review by AO
• List products and current registrations or licenses for each market in MDSAP
• List types of products under scope of your company
• Schedule audit
• Plan for multiple days for the first audit. Up to NINE days for companies transitioning to
13485:2016 as well!!!

9. Audit Prep?
Determining readiness for your first MDSAP audit
• Review of Standards
• ISO 13485:2016 merged into MDSAP regulations
• Gap Assessment of QMS Procedures
• Gap Assessment of QMS Processes and Records
• Conduct internal audit within scope of MDSAP.
• Rook Quality can perform a readiness MDSAP audit for your internal records.
Contact Rook Quality Systems for a free MDSAP Audit Checklist
info@rookqualitysystems.com

10. Transition Year
• In addition to the MDSAP the ISO 13485:2016 updates are
also going into affect in 2018 for most companies.
• The changes to ISO 13485 also affect the MDSAP program as
well.
• The main changes revolve around increased risk
management and monitoring of the QMS.

11. Transition Year 13485:2016 Key Changes
• Validation to all QMS Software
• Medical Device File for all devices or device families,
different than DHF or TF.
• Updated management review inputs/outputs
• Better defined maintenance and calibration requirements
• Additional batch verification through product lifecycle.
Manufacturing through distribution.
• Additional work environment and contamination control
requirements.
• Traceability in design control from inputs to outputs

12. Transition Year 13485:2016 Key Changes
• Increased risk analysis of training and effectiveness of training
• Increased risk analysis of supplier evaluation and approval.
• Additional review of supplier control including supplier
agreements/contracts.
• Documentation of statistical techniques for validations
• Linkage of customer feedback and Post Market Surveillance back
into risk management of the device (design, use, process)
• Requirements for internal audit scheduling
• Notification of AOs of complaints and adverse events
• Documentation of regulatory requirements and communication
process

13. Audit Process

14. Conducting the Audit
• Plan for a long audit, multiple days with potential for multiple auditors
• Audit to follow flow from Audit Process Chart
• Linkages between each section involved in the audit.
• Companies with multiple sites require efficient sharing of documentation. The majority
of the audit will be conducted at the primary audit site regardless of the processes that
are outsourced or off site.
• This includes virtual manufacturers

15. Conducting the Audit
Management Review
• Quality Manual, MGMT Review Procedures and Records
• Quality Policy, Interview of Top Management.
• Management commitment to Risk Management
• Document Control
• Regulatory review of marketing and registration (for all markets within scope of MDSAP
that apply to your company)
• Review of Marketing Clearances or Approvals
• Changes to Identification or Notification

16. Conducting the Audit
Process
• SOPs for Analysis of Data within QMS
• CAPA process and records
• CAPA related to changes of Design, Risk and/or Processes
• Internal Auditing
• Non-conforming material
• PMS, complaints, Adverse events
• Procedures for documenting and notifying of adverse events for each market.

17. Conducting the Audit
Design and Development
• Scope of Design and Development
• Design process from planning through validation
• Design Inputs and linkage to Outputs
• Verification and Validation and link to Risk Management
• Validation and Clinical Evaluation data
• Software Design and Development
• Control of Design and Development Changes
• Design review process
• Design transfer

18. Conducting the Audit
Production and Service Controls
• Product Realization and Risk Management
• Product, Infrastructure, and Work Environment Requirements and verification
• Process validations and change control
• Sterilization
• Monitoring and Measuring Devices and controls
• Medical Device File for each device or family
• Batch Records and Batch Control
• Incoming Inspection and Verification
• Control of NCR Product, Rework
• Identification and Traceability

19. Conducting the Audit
Production and Service Controls (continued)
• Use of customer property
• Preservation of product
• Installation and Servicing
• Risk management of installation and servicing

20. Conducting the Audit
Purchasing
• Planning of purchasing and outsourced processes
• Risk evaluation of purchasing
• Procedures and records for verification of purchased product
• Supplier selection, evaluation, monitoring
• Traceability of purchased product
• Records of verification of purchased product
• Supplier data evaluation
• Potential for off-site audits of critical suppliers by AO

21. Conducting the Audit
Audit Findings and Observation Scale
• Grading 1-5 Scale
• 5 Major Finding
• 1 Minor Observation
• QMS Impact Indirect vs Direct
• Occurrence First vs Repeat
• Repeat occurrence is within past
Two audit reports
• 1 Month Response/Closeout

22. Conducting the Audit
Audit Findings and Observation Scale
• Indirect: Clause 4.1-6.3 ISO 13485
• Direct: Clause 6.4-8.5 ISO 13485
• Rule 1 - Absence: Absence of a documented process or procedure of any requirement,
the grade increases by 1.
• Rule 2 - Medical Device: Release of a Nonconforming Medical Device outside of the
controls of the manufacturer’s QMS, the grade increases by 1.

23. Regulatory Impact
• Clearance for multiple markets after successful completion of MDSAP audit
• May avoid routine inspections
• Scheduled audits instead of unannounced
• 1 audit instead of multiple
• Significant cost increase for small companies
• Market analysis before joining MDSAP
• Health Canada Predicament

24. Regulatory Impact
Australia - TGA
• TGA recognizes MDSAP audit and applies successful audit to Conformity
Assessment Certificate
• Additional technical documentation may be needed for new devices that were
not sold in Australia prior to receiving MDSAP.

25. Regulatory Impact
Brazil - ANVISA
• ANVISA may use MDSAP audits in lieu of a premarket inspection by ANVISA to
grant ANVISA’s GMP Certificate to manufacturers intending to put medical
devices of class III or IV on the Brazilian market. Undergoing an MDSAP audit
may accelerate ANVISA´s GMP certification process, which is a pre-requisite to
the marketing authorization
• ANVISA can also use MDSAP audits to renew ANVISA’s GMP Certificate
biannually, as an alternative to an ANVISA comprehensive inspection.

26. Regulatory Impact
Canada - Health Canada
• MDSAP Mandatory for Health Canada. CMDCAS program extinct after 2019.
Audits must be conducted under MDSAP in 2018 to maintain Health Canada
clearance.
• MDAL Application for new Class II, III, and IV devices in Canada still required
after completion of MDSAP audit.
• New registration not required if Health Canada certificate is current.

27. Regulatory Impact
Japan - PDMA
• When an MDSAP audit report is submitted at the timing of premarket or
periodical post-market QMS inspection application, Japan’s Ministry of Health,
Labor and Welfare (MHLW) and Pharmaceuticals and Medical Devices Agency
(PMDA) will use the report as a trial:
• To exempt a manufacturing site etc.* from on-site inspection, and/or Version
014 2017-03-27 14
• To allow a Marketing Authorization Holder (MAH) to substitute considerable
part of documents required for the inspection with the report
• Special cases will still require PDMA Audits (Radioactive IVDs, devices made
from human or animal tissues)

28. Regulatory Impact
USA- FDA
• MDSAP routine audits are announced, scheduled by the Auditing Organization
with the manufacturer, with a pre-established duration;
• The FDA will review MDSAP audit reports with a level of scrutiny
commensurate to the significance of audit findings, taking into account the
review and follow-up performed by the Auditing Organization;
• Firms have one month to provide their full response to critical nonconformities
(grade 4 and 5) to the Auditing Organization (as opposed to 15 working days
following and FDA inspection);

29. Regulatory Impact
• Clearance for multiple markets after successful completion of MDSAP audit
• May avoid routine inspections
• Scheduled audits instead of unannounced
• 1 audit instead of multiple
• Significant cost increase for small companies
• Market analysis before joining MDSAP
• Health Canada Predicament

30. Contacting Rook Quality for your Quality or Audit Needs
*Free MDSAP Audit Checklist available by email request*
www.rookqualitysystems.com
info@rookqualitysystems.com
@RookQuality
Questions?