The Medical Device Single Audit Program (MDSAP) is an international initiative allowing medical device manufacturers to undergo a single regulatory audit of their quality management system (QMS). This single audit satisfies the requirements of multiple regulatory jurisdictions, replacing multiple, separate inspections by different national regulators. This harmonized approach minimizes the regulatory burden on manufacturers while maintaining oversight of medical device safety and quality across several major global markets. A successful MDSAP audit results in a report that can be used for regulatory purposes in all participating countries.
The Medical Device Single Audit Program Structure
The MDSAP framework involves two main entities: Regulatory Authorities (RAs) and Auditing Organizations (AOs). RAs are the national government bodies that govern the program and accept the audit reports for their respective jurisdictions. The five primary RAs are the Therapeutic Goods Administration (TGA) of Australia, Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA), Health Canada, Japan’s Ministry of Health, Labour and Welfare (MHLW) and the Japanese Pharmaceuticals and Medical Devices Agency (PMDA), and the U.S. Food and Drug Administration (FDA).
The actual audits are not performed by the RAs themselves but by authorized Auditing Organizations. AOs are private, third-party bodies recognized by the participating RAs as competent to conduct MDSAP audits. RAs monitor the AOs to ensure they consistently apply the standardized audit model and maintain technical expertise.
Audit Scope and Quality Management System Requirements
The foundation for an MDSAP audit is the international standard for medical device quality management systems, ISO 13485:2016. This standard defines the general QMS requirements a manufacturer must meet to provide medical devices and related services that consistently meet regulatory requirements. An MDSAP audit assesses the manufacturer’s QMS against this international standard.
The program goes beyond standard ISO 13485 certification by integrating the specific regulatory requirements of the participating RAs. For manufacturers selling products in all five member countries, the single audit must demonstrate compliance with ISO 13485 plus the specific regulations of Australia, Brazil, Canada, Japan, and the United States. The audit scope includes country-specific requirements, such as the U.S. FDA’s Quality System Regulation (21 CFR Part 820) or Brazil’s Good Manufacturing Practices (RDC ANVISA 16/2013). Manufacturers are only audited against the specific regulatory requirements for the markets where they intend to sell their devices.
The MDSAP Audit Process and Nonconformity Grading
The MDSAP auditing cycle follows a three-year structure. It begins with an initial certification audit, followed by two surveillance audits in subsequent years, and concludes with a re-certification audit in the third year. The audit is process-based, examining seven key QMS areas, including management, design and development, and production and service controls. The standardized approach ensures a consistent assessment regardless of the Auditing Organization selected.
The program uses a mandatory Nonconformity Grading System, replacing traditional “major” or “minor” classifications with a numerical scale from 1 to 5. The scoring is determined by a two-step process that considers the impact of the finding on the QMS and the frequency of its occurrence in previous audits.
A grade of 4 or 5 is a high-risk finding, signaling a systemic QMS failure that requires immediate follow-up action. For example, a nonconformity resulting in the release of a nonconforming medical device to the market would escalate the grade. The final audit report, including nonconformities and their grades, is submitted to a secure online platform accessible to all participating RAs, ensuring transparency and shared regulatory oversight.
Regulatory Authority Acceptance and Market Access
A successful MDSAP audit report provides a significant advantage for manufacturers seeking market access across multiple jurisdictions. Participating Regulatory Authorities utilize the final report in distinct ways to satisfy their national QMS requirements. Health Canada, for example, requires a valid MDSAP certificate as the sole basis for QMS clearance for most medical device license applications.
The U.S. Food and Drug Administration (FDA) accepts the MDSAP report as a substitute for its own routine inspections, reducing the frequency of disruptive audits. The Australian TGA and Brazil’s ANVISA utilize the report as evidence of compliance for their market authorization requirements. This single-audit mechanism streamlines the regulatory submission process, reducing the time and resources manufacturers dedicate to multiple audits.