Medical Device Single Audit Program

CAPT Kimberly Lewandowski-Walker

FDA/ORA/Office of Medical Products and Tobacco
Operations
National Expert, Medical Devices

1
 Objectives
• Introduction to MDSAP
 What is MDSAP?
 MDSAP Development Team
 How does MDSAP work?
 Assessment vs. Audit
• Benefits
 Benefits for the Regulatory Authorities
 Benefits for the FDA
 Benefits for the Auditing Organizations
 Benefits for the Manufacturers
• Quality Management System
• Conclusion
2
 MDSAP Development Team*
o Therapeutics Goods Administration (TGA)
• Two (2) members
o Agência Nacional de Vigilância Sanitária (ANVISA)
• Three (3) members
o Health Canada/Santé Canada
• Two (2) current members

o FDA/CDRH/OC
• Five (5) current members
• One (1) consultant

o FDA/ORO/ORA
• One (1) National Expert Investigator
*Development team governed by eight (8) member Regulatory Authority Council
made up of two (2) upper management representatives
3 from each participating
regulatory authority
Formal Statement of Cooperation Regarding the
Development of a Medical Device Single Audit
Program
Australia
Therapeutics Goods Administration (TGA)

Brazil
Agência Nacional de Vigilância Sanitária
(ANVISA)

Canada
Health Canada/Santé Canada

United States of America

Food and Drug Administration (FDA)

4
 Formal Statement of Cooperation Regarding the
Development of a Medical Device Single Audit
Program

The goal of the MDSAP is to provide for more effective,

efficient and less burdensome regulatory oversight of the
quality management systems of medical device
manufacturers.

The implementation of the MDSAP is intended to allow for

a single audit to satisfy the regulatory requirements of the
Participants.
Source: Statement of Cooperation

5
The objectives of the MDSAP are to:

Operate a single audit program that provides confidence in

program outcomes;

Enable the appropriate regulatory oversight of medical

device manufacturers’ quality management systems while
minimizing regulatory burden on industry;

Promote more efficient and flexible use of regulatory

resources through work-sharing and mutual acceptance
among Participants, while respecting the sovereignty of each
country;

Source: Statement of Cooperation

6
The objectives of the MDSAP are to (continued):

Promote, over the longer term, greater global alignment of

regulatory approaches and technical requirements based on
international standards and best practices;

Promote consistency, predictability and transparency of

regulatory programs by standardizing oversight practices and
procedures of Participants over third-party auditing
organizations, and the practices and procedures of
participating third-party auditing organizations; and

Leverage, where appropriate, existing conformity

assessment structures.
Source: Statement of Cooperation

7
 MDSAP Current Development Status
 Program support infrastructure including IT

 Initial Recognition, Surveillance, and Re-Recognition Criteria for

MDSAP Recognized Auditing Organizations (IMDRF Lead)

 Standardized AO Auditor Competency and Competency Maintenance

Requirements

 Standardized Regulatory Authority Assessor Competency and

Competency Maintenance Requirements

 Standardized Audit and Assessment Models

 Auditing of a Manufacturer by an MDSAP Recognized AO
 Assessment of MDSAP Recognized AO’s by participating
Regulatory Authorities

8
 MDSAP Current Development Status

 Standardized Rating System for Manufacturer Audit Findings

 Standardized Rating System for Recognized Auditing Organization

Assessment Findings

 MDSAP Quality Management System

 MDSAP Program Communication Strategy

(External and Stakeholders)

 MDSAP Program Launch Strategy

 Training on MDSAP Program

9
 January 1, 2014 Pilot Study
Recognition of initial participating auditing
organizations began:

 Application assessment of candidate auditing

organizations

 Assessment audits of candidate auditing

organization head office and critical locations

 Witness audits of candidate auditing

organization auditors performing audits of
manufacturers
10
 MDSAP Pilot Audit Process

• Designed and developed to ensure a single

audit will provide efficient yet thorough coverage
of the requirements of medical devices – quality
management systems
– ISO 13485:2003
– Brazilian Good Manufacturing Practices (RDC
ANVISA 16/2013)
– Quality System Regulation (21 CFR Part 820)

11
 MDSAP Pilot Audit Process

• AND other specific requirements of

medical device regulatory authorities
participating in the pilot MDSAP program,
such as:
– Registration
– Licensing
– Adverse event reporting

12
 How will Regulatory Authorities utilize the
Single Audit Program and resulting audit
report/certificate?

• Australia: TGA will use an MDSAP audit report

as part of the evidence that is assessed for
compliance with medical device market
authorization requirements unless the medical
device is otherwise excluded or exempt from
these requirements or if current policies restrict
the use of MDSAP audit reports

13
 How will Regulatory Authorities utilize the
Single Audit Program and resulting audit
report/certificate?

• Brazil: ANVISA will utilize the outcomes of the

program, including the reports, to constitute an
important input on ANVISA’s pre-market and
post-market assessment procedures, providing,
when applicable, key information that is
expected to support regulatory technical
evaluation on these issues.

14
 How will Regulatory Authorities utilize the
Single Audit Program and resulting audit
report/certificate?

• Health Canada: HC will use an MDSAP audit as

part of their Canadian Medical Device Conformity
Assessment System (CMDCAS) certification
program. Upon the successful completion of the
pilot, Health Canada’s intent is to implement the
Medical Device Single Audit Program as the
mechanism to achieve regulatory compliance for
quality management system requirements in
Canada.
15
 How will Regulatory Authorities utilize the
Single Audit Program and resulting audit
report/certificate?

• United States: FDA will accept the MDSAP

audit reports as a substitute for FDA routine
inspections. Inspections conducted “for cause”
or “compliance follow-up” by FDA will not be
affected by this program. Moreover, the MDSAP
would not apply to any necessary pre-approval
or post-approval inspections in support of
Premarket Approval (PMA) applications.
16
 What Auditing Organizations can apply
to the MDSAP Pilot?

• During the pilot, the only Auditing Organizations

that will be allowed to apply to the MDSAP for
recognition will be the accredited
organizations/registrars currently utilized in the
Health Canada CMDCAS program. The list of
registrars recognized by Health Canada can be
found on the Health Canada website.

17
 What Auditing Organizations can apply
to the MDSAP Pilot?

• As part of the MDSAP application process, the Auditing

Organizations will be required to comply with the
following IMDRF MDSAP documents, in addition to other
documents approved by the Pilot Coalition Regulatory
Authority Council:
– IMDRF MDSAP WG N3 – “Requirements for Medical Device
Auditing Organizations for Regulatory Authority Recognition”
– IMDRF MDSAP WG N4 – “Competency and Training
Requirements for Auditing Organizations”

18
 What oversight will Regulatory Authorities
have over the Auditing Organizations?

• In accordance with best practices, the Regulatory

Authorities involved in the Pilot Coalition have
developed a robust plan and schedule of assessing
the competence and compliance of MDSAP Auditing
organizations to include headquarters office
assessments, critical site location assessments, and
witnessed audits on an annual basis as part of a
four year recognition program.

19
 Assessment vs. Audit

Assessment & Audits

Recognition

• Of Auditing Organization • Of Device Manufacturers

By Regulatory Authorities By Auditing Organization
• Of compliance to the IMDRF • Of compliance to ISO
Recognition Criteria 13485 + specific quality
(including ISO/IEC 17021,
GHTF SG3/N19, etc.) system requirements from
PRAs’ regulations
• 4-year cycle
• MDSAP Assessment Model • 3-year cycle
• MDSAP Audit Model
20
 What oversight will Regulatory Authorities
have over the Auditing Organizations?

• The Regulatory Authorities involved in the pilot Coalition

will utilize as the basis of the recognition and
assessment process the following IMDRF MDSAP
documents, in addition to other documents drafts and
approved by the Pilot Coalition Regulatory Authority
Council:
– IMDRF MDSAP WG N5 – “Regulatory Authority Assessment
Strategy for the Recognition and Monitoring of Medical Device
Auditing Organizations”
– IMDRF MDSAP WG N6 – “Regulatory Authority Assessor
Competency and Training Requirements” 21
 What oversight will Regulatory Authorities
have over the Auditing Organizations?

• In addition, IMDRF MDSAP WG N11 is a document

being produced to “grade” nonconformities resulting
from a Regulatory Authority assessment of an
Auditing Organization and to document the decision
process for recognizing an Auditing organization or
revoking recognitions. When finalized, this
document will also be utilized under the Regulatory
Authority Assessment program.

22
Harmonization Efforts for Implementing a
Quality Management System within
MDSAP

• QMS Framework Model IWA 4:2009(E) Quality

management systems – Guidelines for the
application of ISO 9001:2008 in local
government

23
 Basic Approach
• Document internal processes (i.e., procedures,
templates, flowcharts [process mapping])
• Use “Best Practices” approach
• Timeliness, Consistency, Efficiency, and Transparency
• Implement an easy to use QMS Framework, and
• Use the PDCA Approach
– Do what you say (Do)
– Say what you do (Plan)
– Prove it (Check)
– Improve it (Act)
24
 Benefits for the Regulatory Authorities
• Promotes efficient and flexible use of regulatory
resources through work-sharing and mutual acceptance
among regulators while respecting the independence of
each participating regulatory authority.
• Promotes greater alignment of regulatory approaches
and technical requirements globally based on
international standards and best practices.

• Moves to create an international coalition of countries

dedicated to pooling technology, resources, and services
to improve the safety and oversight of medical devices in
a more efficient manner that is also less burdensome for
industry.

25
 Benefits for the FDA
• Provides confidence in the ability to use third parties
through direct recognition and monitoring

• Enables enhanced regulatory oversight of medical device

manufacturers’ quality management systems (post
marketing phase)

• Does not restrict the ability to inspect per current

practices but gives more intelligence on how to best
allocate resources
26
 Benefits for the
Auditing Organization (AO)
• Single assessment for all jurisdictions
• Reduced burden on AO resources (by reducing the
number of necessary regulatory recognitions)
• Standard recognition criteria (i.e. ISO/IEC 17021 +
IMDRF N3)
• Common manufacturer audit criteria and audit report
template
• Specified auditor competence criteria

27
 Benefits for Manufacturers

• May be acceptable alternative to inspection required for

marketing authorization in some countries
• Reduced burden on manufacturer resources (by
reducing the number of regulatory inspections/audits
from as many as four a year to one a year)
• Common audit criteria capturing the requirements of all
participating regulatory authorities to be used by
recognized auditing organizations
• Predictability in outcome, based on the use of a
standardized non-conformity grading system
28
 How can medical device manufacturers
participate?

• As of January 2014, the CMDCAS registrars are

allowed to start submitting their application for
MDSAP recognition. The MDSAP project plan
targets the review of applications every six
months for the duration of the pilot.

29
 How can medical device manufacturers
participate?

• After a successful assessment, the MDSAP

Auditing Organization applicants will be allowed
to perform MDSAP audits for medical device
manufacturers that will be utilized by the
Regulatory Authorities as previously discussed.

30
 How do I find out more specifics on the
documents, policies, and procedures that
will be utilized in the MDSAP pilot?

• http://www.fda.gov/MedicalDevices/Interna
tionalPrograms/default.htm

31