MDSAP Audit - Our QMS conforms to ISO 13485:2016 and FDA GMP

Eddyo

Registered
Hi there!

We're a small Canadian company that manufactures medical devices for the Canadian and US markets and have a MDSAP audit scheduled for later this year.

From what I've gathered online, the MDSAP program framework mainly consists of ISO 13485:2016 and GMP, in our case FDA 21 CFR Part 820.

We successfully went through a transition audit (13485:2003 to 13485:2016) last November and also had a FDA inspection audit at our facility less than 2 years ago with only a few minor observations noted.

My question is if our QMS conforms to 13485:2016 and FDA GMP does that mean we should be mainly ready for an MDSAP audit?
 
Elsmar Forum Sponsor

yodon

Leader
Super Moderator
The countries recognizing MDSAP are US, Canada, Japan, Brazil, and Australia. The scope of the audit would depend on the intended target markets. I think Health Canada has specific requirements above 13485 so there may be more than you expect.
 

Ronen E

Problem Solver
Moderator
My question is if our QMS conforms to 13485:2016 and FDA GMP does that mean we should be mainly ready for an MDSAP audit?

Mainly, yes.
It's my impression that MDSAP tends to interpret ISO 13485 on the stricter side though. The MDSAP manuals should provide answers.
 

RA Guy

Involved In Discussions
Performing a gap analysis using the MDSAP Companion Document would be a good start.
(broken link removed)
Of course only use the regulatory requirement for the jurisdictions you want to have in scope (i.e., Canada and USA).
This document is also helpful for updating your internal audit program (checklists, etc.) to ensure adequate coverage of requirements.
 

DannyK

Trusted Information Resource
The MDSAP audit is much more prescriptive. The auditors choose a product based on what they feel is higher risk (large # complaints, risk class, changes) and go into more details than what you were audited previously.
I have 15 clients that went through MDSAP audits with different auditing organizations.
I would highly recommend that you review the MDSAP companion document and get someone to perform an internal audit based on the MDSAP process.
 

somashekar

Leader
Admin
Hi there!

We're a small Canadian company that manufactures medical devices for the Canadian and US markets and have a MDSAP audit scheduled for later this year.

From what I've gathered online, the MDSAP program framework mainly consists of ISO 13485:2016 and GMP, in our case FDA 21 CFR Part 820.

We successfully went through a transition audit (13485:2003 to 13485:2016) last November and also had a FDA inspection audit at our facility less than 2 years ago with only a few minor observations noted.

My question is if our QMS conforms to 13485:2016 and FDA GMP does that mean we should be mainly ready for an MDSAP audit?
Yes, you should be mainly ready.
Look into the approach how the MDSAP grades the audit NC. Do a very critical internal audit per the MDSAP process, and get familiar with grading your NC this way. This is a nice time to make your internal audit more purposeful.
 

Eddyo

Registered
Thanks for all the feedback and info. I've downloaded copies of the MDSAP Companion Document and MDSAP Audit Model and going to review it. Let me know if there are any other docs that I should look into.
 

cmeby

Involved In Discussions
We recently underwent an MDSAP audit and I can share a few items to prep:
Make sure your QMS procedures outline the areas of Country Specific requirements from the Companion Document. Canada and USA have differences in wording.
Example: Your Reporting and Recalls procedures should outline the exact processes and templates to use for the different countries.
Example: how you manage significant change to QMS and product is different for each country...document clearly
-Have evidence of our Gap analysis for MDSAP to your QMS, then fill the gaps. Train employees (keep records)
Update your Internal Audit to cover MDSAP and implement a FULL QMS audit prior to the external audit.
-Have all of your Registration, Authorized Rep Agreements, and vigilance reports available.
-Have all of your supplier information available, infrastructure and backups.
-Have evidence of Trend Analysis and Post-Market Surveillance from both countries. Can be in the same doc, but document that you searched Maude Database and the Canadian Reportable events database.

My auditor asked me for proof in the form of Essential Requirements - that we meet the Safety and Effectiveness Standards for Canada. (10-20) (Europe and Australia have a template for this but I am not finding this for Canada...I will post a request. )

If you follow the Companion Document and ensure you prepare your evidence for the areas, you will feel ready.

good luck!
 

cscalise

Starting to get Involved
Hi,

I will also chime in here. I completed MDSAP internal auditor training with Oriel Stat A Matrix and there were a number of participants that had already experienced an MDSAP audit. Because the are tied to regulation it is believe that they are becoming more prescription and similar to an FDA inspection rather than ISO compliance audit. Depth covered varied with auditor but as they gain more experience, I believe this will even out. I strongly recommend you download the companion document. There are 7 defined processes. If those titles don't match exactly to your company's processes, map your organization's processes to these categories. Then review each of the tasks per process to ensure that you can answer (and have documentation available) to support that your organization is aligned with the standard and applicable regulations. I'm just finishing up a contracted internal audit and was able to highlight some gaps for the client. They recently finished the Stage 1 and observations made could be tied back to content available in the companion document. Good luck.
 
Top Bottom