What happens after I have MDSAP certification

MDSAP audits are conducted annually within a three-year certification cycle. After the initial audit is conducted, two partial surveillance audits are conducted once a year for two consecutive years. The cycle recommences with a complete re-audit (also called a recertification audit) in the third year.

The process of conducting and closing out a surveillance audit is very similar to an initial audit; however, the scope of the audit is reduced, and not all audit tasks will be assessed by the AO during the audit. Manufacturers are still required to address nonconformities in the same way they would for an initial or re-audit. AOs are still required to issue an audit report and upload the Audit Report Package into REPs in accordance with stipulated timeframes.

Special audits, audits conducted by MDSAP RAs and unannounced audit may potentially occur at any time in addition to the routine audits conducted within the certification cycle.

Any RA may audit a facility if:

• An MDSAP audit report failed to provide evidence required to support market authorization decisions
• An audit reveals public health safety concerns or fraudulent activity
• If MDSAP certification is inappropriate for the devices within scope - Further information on combination projects is available here.
• If a manufacturer is subject to regulatory action.

MDSAP certificates are usually issued after an initial audit or recertification audit, and not typically after a surveillance audit.

A list of medical device manufacturers participating in the MDSAP will not be made publicly available by MDSAP RAs; however, AOs are required make information on conformity status or certifications granted, suspended or withdrawn, publicly accessible or available upon request.