MDSAP Implementation

[Pale Pilgrim]

Hi,
Our company currently sells medical devices in the EU and US markets but are looking at branching out into others. This brought up the question of MDSAP.
I know its going to be different from company to company depending on the complexity of the QMS etc. but can anyone tell me how much work was involved for them in getting ready for MDSAP and how long it took from starting to update your QMS to being ready for an audit?

 

[Tidge]

Caveat: I did not work directly with our "MDSAP transition team"; we are in the US and European markets. From what I gather, the roughest patch that we experienced was related to rather technical details specific to addresses-of-record and labeling in the other nations. As near as I can tell: every MDSAP audit starts with a dive into the regulatory end of the pool, and the rest of the QMS hasn't gotten as much direct attention.

The only other area that I felt offered 'sharp edges' (for us) was in the area of timeliness of complaint reporting to certain nations. Our processes are quite robust, and designed to easily meet compliance with reporting deadlines... yet depending on the nature of a complaint and the investigation I want to say that we had cases where we honestly couldn't know the complaint was reportable (in another jurisdiction) until it was 'too late'. I don't think we got dinged for this (the records made it clear what this history was) but "counting days" is something auditors can do rather easily.

 

[Pale Pilgrim]

Thanks for the reply. Prior to the MDSAP audit, how long would you think your organization spent assessing requirements, completing gap analyses and updating your documentation to get ready for MDSAP? Also, once you were ready and contacted the AO how long were you waiting to have the audit? Was there a long wait post audit for certification?

 

[Tidge]

Prior to the MDSAP audit, how long would you think your organization spent assessing requirements, completing gap analyses and updating your documentation to get ready for MDSAP?

I didn't work with our team, but I can attest that I saw very little change in the way of procedures as MDSAP didn't introduce anything new to the way we do our day-to-day activities. We maintain a master document that maps our QMS to relevant standards and regs, so it wasn't a big deal to leverage it. The first pass hit us with some technical things (which we probably should have caught, see my first post) as well as at least one "huh, so you want us to document that differently?" change that hit a lot of documents, but not in a particularly meaningful way. [analogy: imagine if our documents referred to "The fifty states of the USA" and the auditor said "well actually, the are 4 commonwealths and 46 states, and as a representative of Virginia you have to fix this"... it felt like that.]

From the outside: It didn't look differently than many other audits. An actual technical deficiency that was easily uncovered and also easy to address (put another way: one department learned how to do better at their job), and one set of "findings or OFI, you decide how much pain you want to tolerate" changes.

It's not as if I expected the external MDSAP auditors to find things that they missed. The biggest surprise for me (which is more about my own ignorance) was that our auditors clearly had a specific set of (practically unique) things to look for based on the nation-specific requirements for medical devices. I was reminded of says past in NRTL testing when (for example) there was a disagreement between a UL standard for a product and a CSA standard for the same product. At some point the third-party will tell you what needs to be done to comply with all without failing to comply with any one (or more).

 

[Ed Panek]

We are in the process of implementing MDSAP, One thing to be aware of is if you sell into any country that participates in the MDSAP program, you must include them in your scope. For example, if you sell into the USA the FDA will receive notices of your inspection results.