The Medical Device Single Audit Program (MDSAP) is a program that allows the completion of a single medical device QMS regulatory audit that satisfies the requirements of multiple countries simultaneously.
The program largely relies on adherence to ISO 13485:2016, as well as a bundle of extra individual national regulatory requirements.
But a unique ingredient of the MDSAP is its nonconformity grading system: in an effort to make nonconformity grading more consistent, the MDSAP does away with traditional criteria such as 'significant findings', 'regular findings' and significant opportunities for improvement', and instead uses a tiered point system introduced by the GHTF.
Preparing for an MDSAP audit? Or just want some inspiration for an internal nonconformity grading system of your own, that aligns with industry practice?
Let's explore how it works.
MDSAP countries
The MDSAP
is a way for medical device manufacturers to be audited once to unlock access to five different international markets:
1) Australia
2) Brazil
3) Canada
4) Japan
5) The United States
Passing through the MDSAP process and getting the simultaneous stamp of approval for these 5 major economies is, of course, not easy.
The MDSAP is designed to be rigorous and leave very little room for error and quality weakness. After all, any defective device could wreak havoc in five large countries rather than one if it were to slip through the cracks.
It's in this framework that the MDSAP's unique nonconformity grading system makes sense. Let's dive into how it works.
Read the complete guide to the MDSAP
The point-based nonconformity grading system
The MDSAP's grading system works in two steps:
1) By assigning points to nonconformities observed against ISO 13485 requirements using a 4-point grading matrix
2) Feeding that initial point score into a pair of escalation rules that may lift the grade even higher
Let’s explore how each step works.
Step #1: the grading matrix
The matrix divides the clauses of ISO 13485:2016 into two distinct categories:
1) Those that indirectly impact your QMS as 'administrative enablers'
2) Those that directly impact it with a direct influence on your design and manufacturing controls which, in turn, directly impacts your product's safety and performance
The matrix then adds an 'occurrence' factor designating if that nonconformity has been observed in either of your two previous QMS audits.
The logic is clear: a recurring nonconformity directly impacting your QMS is a far more serious finding than a one-off indirect nonconformity, and so receives a higher grade.
Step #2: escalation
Your initial matrix grade is then augmented as follows if additional risk factors are identified.
+1: Absence of a documented process or procedure
+1: Release of a nonconforming device
The most serious type of nonconformity finding in an MDSAP audit would therefore be a recurring nonconformity (+2), directly impacting your QMS (+2), unsupported by any documented process or procedure (+1), and which has caused the release of a nonconforming device to market (+1).
Although the maximum theoretical score is 6, scores of 5 and 6 are treated as equally serious and so the score is capped at 5.
In this particular case, a high grade is not something to be proud of!
More reading
Do you feel prepared for your upcoming medical device audit?
Download our audit readiness checklist for medical device companies to get shipshape and confident.
Sumatha Kondabolu
Sumatha Kondabolu brings over 22 years of quality expertise across the pharmaceutical and medical device industries, specializing in quality system implementation and regulatory compliance for start-ups and scalable operations. She has helped organizations establish robust quality management systems aligned with global standards, enabling them to achieve seamless compliance and sustainable growth.
Sumatha has built and managed quality management systems meeting the requirements of FDA QSR, Canada’s Medical Devices Regulations, NIOSH, MDSAP, COFEPRIS, and the EU's MDR, IVDR, as well as pre-clinical and clinical frameworks. Her customers have successfully passed ISO and regulatory audits, achieving certification to the relevant ISO standards.
Sumatha holds a Bachelor of Pharmacy, a Master’s in Chemistry, and an advanced certificate in Quality Assurance Management. She is also a certified auditor for ISO 13485, ISO 27001, ISO 27701, ISO 42001, ISO 22716, ISO 17025, ISO 9001, and IATF 16949. Beyond certifications, she contributes to global standards development as an expert and committee member of the Standards Council of Canada (SCC)/ Canadian Standards Association (CSA) for:
- ISO/IEC JTC 1/SC 27 in Information Security, Cybersecurity, and Privacy Protection- Committee Member and Expert
- IEC TC 65/SC 65 as Technical Committee Member and Expert
- Chair for CSA Z289 and ISO/TC 210 - Quality management and related general aspects for products for health purposes, including medical devices.
COMPLIANCE INTELLIGENCE DATASHEET
Get audit-ready in weeks. Stay audit-ready forever.
Download datasheet