ISO 13485:2016 and MDSAP internal auditing

[snoopy2017]

A small company is currently transitioning to ISO 13485:2016 and MDSAP. If somebody had ISO 13485:2016 internal auditor training, would they be qualified to audit the company to MDSAP requirements? Would they require additional MDSAP internal auditor training? What would the company's internal auditing program look like?

Thank you everyone.

 

[Ronen E]

<snip> additional MDSAP internal auditor training <snip>

I don’t think there’s even such a thing. MDSAP is not an independent quality management scheme; it is merely a program to consolidate auditing under ISO 13485 and members regulatory schemes.

What would the company's internal auditing program look like?

Basically, like one following ISO 13485. Compliance with applicable regulatory requirements is an integral part of ISO 13485, so it’s included in the scope by default.

 

[Sam Lazzara]

In addition to being competent in ISO 13485:2016 they should also be competent in the MDSAP international regulations that apply.

 

[Minda]

Depending on the size of your company and your registrar's requirements it might be nice to attend a training course covering the transition to MDSAP, but if you are already certified to ISO 13485:2003 and have transitioned over to the 2016 version (or are in the process of doing so) then you have already covered most of what MDSAP is looking for. The only additions are specific regulatory requirements for countries that your company sells medical devices to.

MDSAP itself will not replace your ISO 134885 cert, but it theoretically will allow regulatory auditor from Brazil, Japan, Canada, the FDA, etc. to all be satisfied by a single MDSAP audit report. Of course they will perform follow up audits on findings that score above a certain level, but in essence their workload will be minimized because the scope of their visit will be much more narrow.

 

[Ronen E]

The only additions are specific regulatory requirements for countries that your company sells medical devices to.

There shouldn’t be any additions because ISO 13485 already requires compliance with applicable regulatory requirements.

 

[isolytical]

The applicable requirements for national/international regulatory authorities are (should) already be documented somewhere/somehow in the QMS and therefore no additional training is needed, except as new regulatory markets are entered and those requirements become audit criteria. A correctly trained should be able to audit bassed on any criteria anyway. The comment above concerning coordination of requirements between regulatory agencies is correctly how the MDSAP should be viewed. Don't make the QMS more complicated than necessary - of course KIS (last S left off as it was never needed).

 

[Jane's]

KIS (last S left off as it was never needed).

Liked.