Internal Audit Program under MDSAP and 13485:2016

[snoopy2017]

Hi everyone,

Does anyone have suggestions on how we can establish an internal audit program based on both ISO 13485:2016 and MDSAP? How would this internal audit program look different from a previous program under 13485 only?

I would appreciate any advice.

Thank you.

 

[Ronen E]

How would this internal audit program look different from a previous program under 13485 only?

It wouldn’t and it shouln’t. ISO 13485 is also about compliance with applicable regulatory requirements, so real ISO 13485 compliance is supposed to address regulatory compliance in all relevant jurisdictions anyway.

 

[Jane's]

Hello, I was wondering why would you want both, why not just MDSAP?

 

[Ronen E]

Hello, I was wondering why would you want both, why not just MDSAP?

MDSAP is based on 13485. 13485 is a subset of MDSAP. In that sense, what does “just MDSAP” mean?

 

[Jane's]

Hi Ronen. I probably didn't formulate my question well. Since ISO 13485 compliance comes inherent with MDSAP compliance, I was confused by the OP asking about "an internal audit program based on both ISO 13485:2016 and MDSAP". If you satisfy MDSAP, you will satisfy ISO 13485, so wouldn't it be enough to have an internal audit system only based on MDSAP?

 

[Ronen E]

Hi Ronen. I probably didn't formulate my question well. Since ISO 13485 compliance comes inherent with MDSAP compliance, I was confused by the OP asking about "an internal audit program based on both ISO 13485:2016 and MDSAP". If you satisfy MDSAP, you will satisfy ISO 13485, so wouldn't it be enough to have an internal audit system only based on MDSAP?

My opinion -

As I replied to the OP, MDSAP doesn’t add anything that isn’t already required by “standalone” 13485, from an internal auditing aspect, so in my mind they’d need “an internal audit system only based on 13485”. MDSAP is a shell.

But anyway, it’s just semantics. Both are the same, from that specific aspect.

 

[Jane's]

The difference may be that MDSAP adds regulatory requirements specific for Brazil and Japan for example, while ISO 13485 would not identify those requirements as applicable, assuming the company does not sell in Brazil or Japan.

 

[Ronen E]

The difference may be that MDSAP adds regulatory requirements specific for Brazil and Japan for example, while ISO 13485 would not identify those requirements as applicable, assuming the company does not sell in Brazil or Japan.

MDSAP doesn’t require regulatory compliance in domains where the audited org doesn’t distribute.

 

[Jane's]

MDSAP doesn’t require regulatory compliance in domains where the audited org doesn’t distribute.

Hi Ronen,

It does not require (audit findings are not raised as NCs), but they are reported. "Single" audit means that the audit is not different depending on your specific markets, it is always the same audit. For that reason I find MDSAP more inclusive, however I do agree that all you ever need to prepare for is ISO 13485. Preparing for MDSAP only removes the element of surprise from the audit.

 

[cocoyou]

Hi snoopy2017 , in response to your question about setting up an Internal Audit Program based on the MDSAP. here is my response.
I created an audit schedule with 8 areas to be audited, these areas were based on the FDA companion document. When setting up these audit you will noticed redundancy between the areas, the reason for that, is because you have to evaluate how the quality system complies with requirements from difference part of the organization. the audits will result in longer audits if is one auditor process, but depending how you set it up, it will be about 3 audits per quarter. In doing this more than one auditor can work on the audits and be very in deep process. I presented my audit schedule to the auditors as we were getting MDSAP certified and they were satisfy with it. they explained that doing this way it will guarantee to cover all requirements. I hope this help.