Prior to the MDSAP audit, how long would you think your organization spent assessing requirements, completing gap analyses and updating your documentation to get ready for MDSAP?
I didn't work with our team, but I can attest that I saw very little change in the way of procedures as MDSAP didn't introduce anything new to the way we do our day-to-day activities. We maintain a master document that maps our QMS to relevant standards and regs, so it wasn't a big deal to leverage it. The first pass hit us with some technical things (which we probably should have caught, see my first post) as well as at least one "huh, so you want us to document
that differently?" change that hit a lot of documents, but not in a particularly meaningful way.
[analogy: imagine if our documents referred to "The fifty states of the USA" and the auditor said "well actually, the are 4 commonwealths and 46 states, and as a representative of Virginia you have to fix this"... it felt like that.]
From the outside: It didn't look differently than many other audits. An actual technical deficiency that was easily uncovered and also easy to address (put another way: one department learned how to do better at their job), and one set of "findings or OFI, you decide how much pain you want to tolerate" changes.
It's not as if I expected the external MDSAP auditors to find things that they missed. The biggest surprise for me (which is more about my own ignorance) was that our auditors clearly had a specific set of (practically unique) things to look for based on the
nation-specific requirements for medical devices. I was reminded of says past in NRTL testing when (for example) there was a disagreement between a UL standard for a product and a CSA standard for the same product. At some point the third-party will tell you what needs to be done to comply with all without failing to comply with any one (or more).