Does MDSAP replace ISO 13485, or do both have to be maintained?

Mark Meer

Trusted Information Resource
#1
With just over 17 months until MDSAP is mandatory for Canadian sales, our current ISO 13485 certification body is pressuring us to get on the program.

(and I don't blame them...I suspect a flood of requests come 2018, and not enough CB resources to accommodate. :nope: )

Can anyone on the MDSAP (or in the process) help me with the following: How does MDSAP affect your ISO 13485 certification? Did you:

a) Continue to maintain ISO 13485 certification? If so, does this involve the (odious) number of MDSAP audit hours PLUS audit hours for 13485? ...or is there some way to combine the two efficiently to avoid additional audit burden/expense? or,

b) Drop your ISO 13485 certification? I'm not sure what the implications would be. Assuming global sales (Europe, Asia, South America...) in addition to the 5 MDSAP countries, is there a reason ISO 13485 would have to be maintained if you have MDSAP? Certain distributors have asked for our ISO 13485 in the past, but maybe now they will also accept MDSAP?


Mandatory MDSAP is going to be an industry gong show it seems... :nope:

Any experience or input much appreciated!
MM
 
Elsmar Forum Sponsor

DannyK

Trusted Information Resource
#2
MDSAP does not replace ISO 13485.
It replaces the CMDCAS program for Canada and adds the regulatory requirements for USA, Australia, Japan, and Brazil.
You will still need to registered to either ISO 13485:2003 and ISO 13485:2016 before March 1, 2019.
The shock will come for small businesses that were used to 1 or 1.5 days surveillance audits. These audit can 4 or 5 days easily. And with the new standard comes an increase in day rates.
Some companies are considering to abandon the Canadian market because of the huge increase in fees. Canada is the only country that makes MDSAP mandatory.
There will be a crisis situation toward the end of 2018.
 

Mark Meer

Trusted Information Resource
#3
You will still need to registered to either ISO 13485:2003 and ISO 13485:2016 before March 1, 2019.
Why? What is the significance of March 1, 2019?

As far as global markets go, if you were wanting to keep access as flexible as possible, am I correct in assuming that companies will have to maintain BOTH MDSAP (just for Canada) and ISO13485?

The shock will come for small businesses that were used to 1 or 1.5 days surveillance audits. These audit can 4 or 5 days easily. And with the new standard comes an increase in day rates.
Some companies are considering to abandon the Canadian market because of the huge increase in fees. Canada is the only country that makes MDSAP mandatory.
There will be a crisis situation toward the end of 2018.
Yup. We are in this category. It's difficult to imagine what on earth auditors would do with a 7-day audit, given the limited products (and corresponding limited records) we maintain.
Abandoning the Canadian market altogether seems an option worth considering at this point... :(
 

Mark Meer

Trusted Information Resource
#4
Some other considerations that might help our decision:

Does anyone know if there's any talk of other countries adopting MDSAP as mandatory in the future? Any anticipation that, for example, the US FDA or Australian TGA may also mandate MDSAP?

Does anyone know if other countries/regions may also recognise MDSAP in the future? Is it a program other countries are lining up to join? ...or is it likely limited to the current 5 countries for the foreseeable future?
 

yodon

Staff member
Super Moderator
#6
Let's back up a second. My understanding is that MDSAP is intended to be a vehicle to allow results of a single audit to be accepted by multiple countries (regulatory bodies) - you don't "maintain" MDSAP, you only comply with all the applicable regulatory requirements for your target markets. These audits would cover the country-specific requirements. As far as I know, only Canada has mandated an MDSAP audit.

Per the FDA (https://www.fda.gov/MedicalDevices/InternationalPrograms/MDSAPPilot/), they will accept an MDSAP as a substitute for a routine inspection.

The EU, as far as I know, has not embraced MDSAP so if you want to continue to market there, you'll still be subject to the same audits. I expect, if you wanted to market in the US, Canada, and EU, you could have the MDSAP audit and they could also cover the 13485 audit (no doubt with extra cost).

I think DannyK is spot on with his assertion that this is heading towards a crisis. To do an MDSAP audit, the audit agency needs to be accredited to do so. I think, to date, only a very few agencies have been accredited.

Couple that with the already reduced number of registrars / notified bodies plus all the additional work they're going to have to do under the MDR and the situation starts looking pretty grim!

Further, as the FDA statement is worded, they can accept the MDSAP audit as a substitute for a *routine* inspection. They are still authorized to do any for-cause inspections. If they don't like something in the MDSAP report, they are free to do an inspection.

So while the concept sounds good (one audit to rule them all -- sorry, had to), application is going to be, well, interesting.
 

mihzago

Trusted Information Resource
#7
MDSAP is not a separate certification or a quality management system, it's an auditing approach.
ISO13485 is still defining your QMS requirements, and MDSAP is an audit process that verifies your compliance with ISO 13485 and applicable country regulations.

Take a look at the audit model
https://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM390383.pdf

(note, there is a version specific to 2003 and 2016 version of ISO 13485).
All questions and evidence collected during the audit are based on ISO 13485.

The audit time is longer because it's no longer based on the size of the company (effective number of employees), but on the number of activities that a manufacturer is performing.

There are no additional requirements beyond ISO 13485, at least none that I am aware of, except for the regulatory requirements; though, the 2016 version requires you to comply with applicable regulatory requirements anyway.
 

Mark Meer

Trusted Information Resource
#9
MDSAP is not a separate certification or a quality management system, it's an auditing approach.
ISO13485 is still defining your QMS requirements, and MDSAP is an audit process that verifies your compliance with ISO 13485 and applicable country regulations.
So, am I correct to assume that by being on the MDSAP program you necessarily maintain ISO 13485 certificate as well?

In otherwords, MDSAP is not separate from ISO 13485, but rather just an extension of ISO 13485 to cover other countries' specific QMS requirements (in addition to the base ISO 13485 requirements)?
 

Marcelo

Inactive Registered Visitor
#10
So, am I correct to assume that by being on the MDSAP program you necessarily maintain ISO 13485 certificate as well?

In otherwords, MDSAP is not separate from ISO 13485, but rather just an extension of ISO 13485 to cover other countries' specific QMS requirements (in addition to the base ISO 13485 requirements)?
This is not right.

First, there's no "ISO 13485 certification". What exists are certification schemes - a certification program with its own rules, which includes, for example, a specific audit methodology and usually includes a recognition agreement such as an MLA - that uses ISO 13485 as a basis. For example, the IAF has a certification scheme for ISO 13485. The end result of these schemes is a certificate that shows compliance with something, in particular, with the requirements defined in the certification scheme rules. In the case of the mentioned IAF, the certificate shows compliance with ISO 13485 following IAF rules.

MDSAP is another certification scheme, with it's own rules. The end result is a MDSAP Certificates - they represent the application of an audit methodology to determine compliance with the requirements of ISO13485:2016 and relevant regulatory requirements for QMS through a single audit for multiple regulators.

Can you use your MDSAP certificate to show compliance to ISO 13485? Or even the IAF, or any certification scheme based on ISO 13485?
The answer depends on what you are using it for.

For example, to get the benefits of the MDSAP program, you have to use and MDSAP certificate, they don't accept an ISO 13485 certificate from other schemes (this is generally true for most schemes, unless there's a recognition agreement between schemes).
 
Last edited:
Thread starter Similar threads Forum Replies Date
A Does Class 1 Medical Device need to be certified to MDSAP? Canada Medical Device Regulations 5
L Does a backdate form format can be changed if wrong revision is used? Document Control Systems, Procedures, Forms and Templates 8
B General Motors and Honda Alliance - What does this mean to suppliers? IATF 16949 - Automotive Quality Systems Standard 3
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
A Does ISO 9001:2015 cover all the requirements of ISO 10012:2003? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
N FDA UDI - Label vs. Labeling - Does the insert need to include UDI? Other US Medical Device Regulations 0
A Does anyone have a checklist of API Spec 650 13th Edition? Oil and Gas Industry Standards and Regulations 0
D Does Manufacture can submit CE mark application under MDD with NB for his New product after May 2020? EU Medical Device Regulations 3
A What does this sentence "this symbol shall be used in the orientation shown" mean in ISO 780:2015? Other Medical Device Related Standards 4
L Turkish Requirements - Does the Software need to be translated? CE Marking (Conformité Européene) / CB Scheme 2
R Where does IATF 16949 address Process mapping? IATF 16949 - Automotive Quality Systems Standard 3
J Does Pakistan Medical Device Import License allows parallel import? Other Medical Device Regulations World-Wide 0
BeaBea Interesting Discussion Where Does Marketing/ Advertisement of Products fit in to ISO 9001? Process Maps, Process Mapping and Turtle Diagrams 39
P Does anyone have a API Q1 Documentation Package? Quality Management System (QMS) Manuals 1
N What is our product classification? (Does Unclassified classification still exists) Other US Medical Device Regulations 14
C Does a CE mark infer meeting all applicable standards? CE Marking (Conformité Européene) / CB Scheme 4
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
A Does AS9100 require traceability to operators performing the work? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
I Does anybody use Detection in medical device Design FMEA? ISO 14971 - Medical Device Risk Management 18
A EN ISO 14971:2019 does not include the Annex Zs ISO 14971 - Medical Device Risk Management 4
Watchcat Does "Similar Device" = "Predicate"? EU Medical Device Regulations 7
C Document Control Stamps - Does anyone still stamp their documents? Document Control Systems, Procedures, Forms and Templates 24
Y Does Solidworks (2D/3D drafting modules) need validation? Other Medical Device and Orthopedic Related Topics 5
M Definition Open Audit - What does an Open Audit mean? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
I Does training have to be written? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
P What does UPH/m² mean? Quality Tools, Improvement and Analysis 3
L "IATF-Compliant" IATF 16949:2016 certification? What does this mean? IATF 16949 - Automotive Quality Systems Standard 13
D Why does Official Journal list superseded standards? EU Medical Device Regulations 6
B Record Management - Does the QMS need to control templates of records? Records and Data - Quality, Legal and Other Evidence 17
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
Sidney Vianna IAQG SCMH explains "positive risk"..........but does it? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
D Where does "as far as possible" stop? FMEA - EN 14971 ISO 14971 - Medical Device Risk Management 29
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
G Does pitch/increment/resolution of a ruled scale apply to measurement uncertainty as line item? Measurement Uncertainty (MU) 10
L External power supplies: How close does the safety report have to match the end-use application? IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
Watchcat Does 820.30 include the manufacturing process? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Watchcat Does ISO 13485 7.3 include the manufacturing process? ISO 13485:2016 - Medical Device Quality Management Systems 14
R When does the FDA consider a component a medical device? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 17
B Does EN ISO 15223-1:2016 include the graphic symbols to be added to software and IFU? Other Medical Device Related Standards 9
DitchDigger Boston Fire Code: Who Does What? (CAL TB 117-2013; CAL TB 133) Occupational Health & Safety Management Standards 2
GreatNate Metrotom - Does anyone have any exposure to the Zeiss Metrotom 800 or 1500? Manufacturing and Related Processes 0
G Is ISO 9001:2015 certification worth it for a company that does only contract manufacturing? Quality Management System (QMS) Manuals 14
K EU MDR Rule 11 - Does the 'Risk logic' used in Rule 11 conflict with that used in the other rules? EU Medical Device Regulations 2
C Does ISO 9001-2015 have a requirement for manufacturing equipment to be numbered? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
William55401 How Often Does FDA State Consultant Recommended in a Pharma WL? US Food and Drug Administration (FDA) 1
C Does ITAR apply to Exporters only? Other ISO and International Standards and European Regulations 6
D Does every piece of equipment used in a laboratory need to have an IQ protocol written and executed? ISO 13485:2016 - Medical Device Quality Management Systems 1
A What if Contract Manufacturers does not have an ISO 13485 certificate? Where will the NB audit take place, at legal mfg. site or contract mfg. site? Other Medical Device Regulations World-Wide 3

Similar threads

Top Bottom