Audit Approach
A QMS audit is a systematic, independent and objective evaluation of an organization's QMS. Third party certification bodies perform QMS audits of medical device company’s QMS to verify that organizational, regulatory and international standards requirements have been met. These bodies are called Auditing Organizations (or AOs) within the MDSAP.
The MDSAP allows competent auditors from a recognized MDSAP AO to conduct a single audit of a medical device organization's QMS. This single audit satisfies the QMS requirements of RAs participating in MDSAP including:
- ISO13485:2016 - Medical devices – Quality management systems – Requirements for regulatory purposes and the regulatory requirements from relevant MDSAP RAs (see ISO - ISO 13485 — Medical devices)
- the Australian Therapeutic Goods (Medical Devices) Regulations (2002) Schedule 3 Part 1, excluding 1.6, and Schedule 3 Part 4
- the Brazilian Good Manufacturing Practices (RDC ANVISA 16/2013)
- the Canadian Medical Devices Regulations (Parts 1 and 1.1)
- the Japanese QMS ordinance (MHLW MO 169)
- the American Quality System Regulation (21 CFR Part 820), and
- other specific requirements of medical device regulatory authorities participating in the MDSAP program including 21 CFR Part 803 and 21 CFR Part 806.
The MDSAP Audit Approach was developed to ensure AOs performed QMS audits in a consistent way. It defines the audit sequence, instructions for auditing each specific process, and identifies the linkages between processes. The audit approach is based on a foundation of risk management principles. Further information on the MDSAP QMS is available in the MDSAP QMS P0001: Quality System Manual and the MDSAP QMS F0001.1 QMS Policy and Objectives.
The audit sequence follows four primary processes:
- Management process
- Measurement, Analysis and Improvement process
- Design and Development process
- Production and Service Controls process.
These primary processes all have linkages to the supporting Purchasing process, including supplier control and verification of purchased product.
There are two additional supporting processes that are necessary to meet specific jurisdictional regulatory requirements:
- Device Marketing Authorization and Facility Registration
- Medical Device Adverse Events and Advisory Notice Reporting.
Each process includes several tasks to be audited. While the sequence of processes to be audited is prescribed, auditors may audit tasks within a given process in any sequence to allow for an efficient and effective audit. The tasks required to be audited vary depending on if the audit is an initial certification, surveillance, re-certification, or special audit. Audits may be conducted offsite in a documentation review format, onsite, or in a remote capacity or a combination of these, depending on the type and nature of the audit.
For each audit conducted, AOs are required to determine the duration of an audit, including how long auditors, or a team of auditors should spend auditing each process and task. A tool is available to assist with these calculations.
After the audit has been conducted, the AO issues any nonconformities using a standard template and a final report to the medical device manufacturer. If nonconformities were raised, the manufacturer has the opportunity to formally respond and address these.
After the successful closure of an initial or re-certification audit, the AO will issue an MDSAP certificate. This certificate is an attestation by the AO that the facilities listed in the certificate have been audited against the listed criteria for the listed scope and found to conform to those requirements, including the regulatory requirements for the specific RAs. Certificates are not normally issued after surveillance audits.
Within a specified time period after the audit, AOs are required to submit the audit report and nonconformities into the Regulatory Exchange Platform-secure (REPs). REPs is an electronic repository where RAs can access information to support their pre- and post-market regulatory activities.
Further detail regarding the MDSAP audit approach can be found in the MDSAP Audit Procedures and Forms and under Manufacturers.
For a list of recognized MDSAP AOs, click here.