Medical-Device-Single-Audit-Program-MDSAP
Medical Device Single Audit Program (MDSAP) folks watch out!
In the last few weeks I have taken part in discussions with numerous auditors and managers from different auditing organizations (AO) to find out more about their understanding of MDSAP and their interpretation of certain MDSAP rules and practices.
I found out that MDSAP, despite its thoroughly defined process and several guidance documents, still leaves some room for ambiguity. This controversy could in some cases be a big disadvantage for the manufacturers. Considering that the MDSAP in general is a new approach and most manufacters are not experienced in it yet, they would not be able to differentiate between what is really required and what is a mere personal interpretation of an auditor.
May your auditor ask you to present them your MDSAP mock audit report?
Some auditors believe they may ask for the mock audit report even if the mock audit was performed by another organization or maybe by the manufacturers themselves.
Others believe that they may ask for the report only, if the mock audit was conducted by the same AO as the one performing the MDSAP certification audit.
Imagine they were really allowed to take a look into your mock audit report even if the mock audit was conducted by another organization!
The final document of the International Medical Device Regulators Forum (IMDRF) on Requirements for Medical Device Auditing Organizations for Regulatory Authority Recognition authored by the IMDRF MDSAP Working Group states in chapter 9.4.3 that ‘‘findings from any audit, (“mock audits,” “gap audits,” or “pre-assessment audits” outside of the scope of Stage 1/Stage 2 audits), shall be documented and taken into consideration when grading nonconformities identified at a subsequent regulatory audit’’
What does this mean?
First of all, the auditor would ask for your MDSAP mock audit report for the stage 1 audit. This would give the auditor a teaser of what to expect when looking at certain records or going deeper into certain processes in stage 2 of the audit.
Wasn’t being unbiased one of the principles of auditing (ISO 19011:2011 Chapter 4 (a)) ? Is the auditor still unbiased if he receives the findings on a silver plate?
Now imagine that the manufacturer has performed a mock audit six months before the MDSAP certification audit. They were very truthful and transparent during the mock audit, because they wanted to finally put the stinky fish on the table and make sure they receive a report that can help them convince the top management that there is a need to take action and invest a bit in the Quality Management System.
Let us say they had ten nonconformities (NCs) in the mock audit.
Believe me, that is not too much.
They were able to close seven of the NCs before the MDSAP certification audit. The auditor sees that there are still three of them open, he will most probably write them up.
That is not all!
Guess what?
Because these NCs have been identified in a previous (mock) audit, the auditor considers them to be repeated nonconformities, which gives them automatically a plus one in the initial grading.
Let us look at the MDSAP grading of nonconformities first and then take an example to make it clear.
Assume that one of the three still open NCs is a missing documented procedure for Feedback.
ISO 13485:2016 in chapter 8.2.1 Feedback, states that the organization shall document procedures for the feedback process. Not fulfilling this requirement is expected to have direct impact on the quality management system.
Therefore, if it is the first time, the grade is 3. In this case it is a repeated finding, therefore, the grade is 4. Additionally, there is absence of a required documented procedure which triggers an escalation +1 to the grading. This means that the final grade for this nonconfomity would be 5.
What does this mean?
The manufacturer has a serious issue!
No need to talk about the other two NCs that are still open and no need to talk about any new NC’s from the certification audit.
One grade 5 is enough! The AO will inform the regulators within 5 days.
Guess who will be knocking at the door within the next few weeks? FDA or HC or TGA or ANVISA or MHLW or maybe all at once.
This would be a horror scenario. Is this fair?
You can still avoid this!
Join our QUNIQUE MDSAP training on the 21st of March 2018 in Zürich to find out more about how to avoid this and several other pitfalls during MDSAP audit. https://www.qunique.ch/Seminare/
Also published on HEALTHMANAGEMENT.org:
The small print of Medical Device Single Audit Program (MDSAP)
Beside the new European Medical Device Regulation (MDR), there is another major regulatory challenge for the current medical device industry – the Medical Device Single Audit Program (MDSAP).
MDR came into force in early 2017, whereas MDSAP will become mandatory for all manufacturers who want to sell their medical devices in Canada in 2019 and in the USA, Brazil, Japan and Australia later on.
There is still limited knowledge and awareness among medical device manufacturers about MDSAP and its impact. Many small size medical device companies in Europe either have still not heard about it or are busy preparing for the MDR underestimating the impact of MDSAP. The aim of this short article is to spread awareness of the new single audit programme.
The Medical Device Single Audit Program is a wolf in sheep’s clothing and I will explain why.
The word ‘single’ gives the impression that this programme saves time, increases efficiency and eliminates redundancies in audits. This might be true; however only from the regulators’ perspective. FDA, for instance, has a huge backlog of inspections that they should have performed; except due to lack of resource, they are applying a risk-based approach and thus allowing many manufacturers of lower risk class devices to be remain unaudited for longer periods of time that extends to more than ten years in many cases. With the MDSAP, FDA will be receiving information about manufacturers they haven’t been able to inspect before.
For the manufacturers on the other hand, MDSAP requires thorough preparation, no matter how good their current quality system is. Many manufacturers will suffer for the first time from an FDA style auditing and scrutiny. If they are unlucky enough, FDA or any other regulator from the MDSAP countries (USA, Brazil, Canada, Japan and Australia) might attend the audit as observer and put even more pressure on the auditors.
Based on the above considerations, we can differentiate between two types of manufacturers.
Type A: Many companies that are used to FDA inspections, have already registered for MDSAP and started preparing their processes and documentation to be ready for MDSAP on time. Some of them have even participated in an MDSAP Pilot Study.
Type B: Companies who decided not to register for MDSAP and dispense their Canadian certificate for one of the following reasons:
- Their Canadian Market is not profitable enough
- MDSAP is expensive
- MDSAP is time-consuming
- MDSAP is transparent, whatever goes wrong during an audit would be reported to the regulators including FDA.
MDSAP is transparent, whatever goes wrong during an audit would be reported to the regulators including FDA.
The latter, namely the transparency of MDSAP, makes the bridge to the title of this article, ‘The small print of MDSAP’.
Manufacturers who decide to give up selling products in Canada, because of mentioned reasons, might most probably arouse the curiosity of the FDA. There has been a trend noticed in Europe that companies who have CMDCAS (the Canadian Certificate) and are selling products in Canada, but still have not registered for MDSAP are more likely to receive an email from FDA announcing an inspection. In other words, FDA seems to be concluding that manufacturers, who are ready to give up their Canadian market to avoid MDSAP, might have something to hide and would be worth having an FDA inspection.
Therefore, medical device manufacturers might be able to avoid MDSAP, but not its consequences. The time is running, but it is still not too late to learn more about MDSAP and prepare the business to overcome the new challenges.
