This article explains the mdsap pilot, and how it is likely to impact medical device manufacturers.
The acronym “mdsap” stands for “medical device single audit program.” This is a three-year pilot program that began on January 1, 2014. Regulatory bodies are attempting to use a single regulatory audit to meet the requirements for all countries. The mdsap pilot is one of the direct results of medical device regulatory bodies forming the new International Medical Device Regulators Forum (IMDRF) organization (http://bit.ly/imdrf).
The FDA’s Kim Trautman is the working group chairperson for IMDRF. There is a limited amount of information on the IMDRF webpage (http://bit.ly/imdrf-mdsap), but you can find more information on the US FDA website (http://bit.ly/MDSAP). Four countries are currently participating in the mdsap pilot:
- Australia’s Therapeutic Goods Administration (TGA)
- Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA)
- Health Canada (HC)
Japan is an official observer for the program, with the participation of both their device agency (http://bit.ly/Japan-MHLW) and pharmaceutical agency (http://bit.ly/Japan-PMDA). China and Europe are also represented in the mdsap working group at the IMDRF.
Currently, there are 15 recognized registrars for the CMDCAS (http://bit.ly/CMDCAS-webinar) program for medical device companies that want to obtain a medical device license in Canada. Health Canada plans to participate in the mdsap pilot for three years, and then the mdsap program will become a mandatory replacement for the CMDCAS certification program in 2017.
How will auditors approach mdsap audits?
The current CMDCAS audit program benefits significantly from Health Canada’s alignment of the Canadian Medical Device Regulations (CMDR) with the ISO 13485 Standard used by third-party auditors. The tool that Health Canada uses to ensure that auditors are consistent is the GD210 audit checklist (http://bit.ly/GD210Guidance). The mdsap will need to harmonize the regulations of Canada, Australia, Brazil and the USA. This may seem like an impossible task, but Notified Bodies and consultants have been using multi-national regulatory comparison checklists for years in order to ensure that all the applicable regulations are covered during audits.
Auditors currently relying primarily upon audit checklists should quickly adapt to the mdsap with longer checklists. However, those third-party auditors that are currently using the process approach will need to carefully study the comparison checklists being developed. The process approach will still be the best approach for auditing, but auditors will need to be familiar with a larger number of requirements for step in population of their turtle diagrams (http://bit.ly/Process-Approach).
I recommend looking at what aerospace and automotive auditors do. Auditees are expected to create and maintain process flow charts for each process, but the auditors will also compare previous versions they created in past audits. This makes the process much more efficient–except the first time they create the diagrams.
How will mdsap audits be different?
The biggest difference between the current CMDCAS audits and the mdsap will be the duration of audits. SGS indicated on its website (http://bit.ly/MDSAP-SGS) that manufacturers should expect these audits to be 35-100% longer in duration. The typical ISO 13485 audit might be two days, and CMDCAS might add no additional time, or as much as a half day to the duration. However, the mdsap program will require gathering objective evidence for Australian, Brazilian and U.S. regulations. Even if this only added a half day for each country, the combined effect would be four days instead of two and one half days.
At first glance, this may seem to be a burden, but actually this should be a relief. Currently, manufacturers might have a CMDCAS audit every year, an FDA inspection every other year and they are still waiting for an ANVISA inspection, so they can launch a product in Brazil. Instead of a worst case scenario of three audits/inspections in one year, the mdsap program will enable companies to schedule a single audit to address each major market at one time. When Japanese and Europeans adopt the mdsap as well, then companies will realize an even greater overall reduction in the number of audit days each year.
How important will mdsap be?
Historically, Health Canada is the only country that made ISO 13485 certification mandatory. However, making ISO 13485 certification mandatory essentially made ISO 13485 a global prerequisite for medical device manufacturers–which has not happened with ISO 9001 certification. Health Canada indicated that it intends to make the MDSAP program mandatory at the end of the 3-year pilot. If Health Canada makes MDSAP audits mandatory, MDSAP may become the new defactor auditing standard globally.
In addition to the impact of Health Canada, Brazil has agreed to accept the mdsap audits in lieu of initial audits by ANVISA. The current backlog of ANVISA audits is more than a year, and companies have resorted to filing lawsuits against ANVISA in order to get to the “top of the list.” Therefore, all of the companies on the waiting list are likely to jump at the opportunity to participate in the mdsap pilot.
Let me know if you want to understand specifics about the mdsap program. Please submit your suggestions for future blogs to: http://bit.ly/QA-RA-Suggestion-Box