visual resource

What is the Medical Device Single Audit Program (MDSAP)?

This document provides a basic overview of MDSAP and why it is important as well as the pros of getting the MDSAP Audit completed.

About RCA
Regulatory Compliance Associates® Inc. (RCA) provides worldwide services to the pharmaceutical, biologic, sterile compounding, biotechnology, and medical device industries for resolution of compliance and regulatory challenges.

Please complete the form to access the visual resource.


What is the Medical Device Single Audit Program (MDSAP)?

What is the Medical Device Single Audit Program (MDSAP)?

MDSAP is a standardized global auditing program which allows for a single regulatory audit of a medical device manufacturer’s quality management system (QMS) to be conducted to satisfy the requirements of several global regulatory agencies and/or regulatory bodies. 

MDSAP was conceived in 2012 (launched in 2014) by the International Medical Device Regulators Forum (IMDRF).  The program officially completed the pilot phase in December of 2016 and manufacturers are now able to begin the process for certification.  Currently 5 countries are participating in the program and they include: USA, Canada, Australia, Brazil and Japan.  The World Health Organization (WHO) and the European Union (EU) are Official Observers.  One special area of consideration is that manufacturers selling products in Canada have a deadline of January 1, 2019 to become certified in order to continue to sell their products on the Canadian Market. MDSAP will replace the current Canadian Medical Devices Conformity Assessment System (CMDCAS) in Canada. The two (2) year transition period in Canada started on January 1, 2017 and continues through January 1, 2019. At the end of this transition period, only MDSAP certificates will be accepted. 


Global Regulatory Authorities Designated Use of the MDSAP Audit Reports
US – FDA The FDA will accept the MDSAP Audit Report in lieu of FDA routine inspections.However, MDSAP does NOT apply for certain types of regulatory inspections including:·         “for cause” inspections·         “compliance follow-up” inspections; or·         pre-or post-approval inspections for PMA (Premarket Authorization)
Canada – HC MDSAP will replace the Canadian Medical Device Conformity Assessment System (CMDCAS) by the end of the (2) two year transition period in Canada [January 1, 2017 to January 1, 2019]. After the transition period ends in Canada, only  MDSAP certificates will be accepted.
Australia – TGA MDSAP Audit Reports may be used to support compliance with the medical device authorization requirements (unless the particular medical device is excluded or exempt from the requirements)
Brazil – ANVISA MDSAP Audit Reports may be used to support the technical evaluation of the premarket and post-marketing requirements.
Japan – MHLW and PMDA MDSAP Audit Reports may be used to support the premarket and postmarket requirements.


MDSAP audits must be conducted by recognized Auditing Organizations (AO) authorized by the participating global regulatory agencies and/or regulatory bodies pursuant to the MDSAP requirements.  These will be conducted on an annual basis based on a (3) three year certification cycle.


What to expect in the MDSAP audit:

During your MDSAP audit, you should expect the Auditing Organization to cover all elements of ISO 13485 (Management, Device Marketing Authorization, Measurement and Analysis, Medical Device Adverse Events Reporting, Design and Development, Production and Service Controls, and Purchasing) with a heavy emphasis on:

  • Incorporation of risk within all processes to manage your product lifecycle
  • More scrutiny on your outsourcing practices
  • Both design and process validation
  • Design change management and risks associated with these changes


Value Proposition

Traditionally, manufacturers selling their products globally were faced with the challenge of being audited by multiple regulatory authorities causing disruption to manufacturers.  MDSAP evolved because it was recognized that a single audit would be more efficient while ensuring the Quality Management System was thoroughly covered during an audit.  It also provides consistency in the audit process and minimizes the burden on resources.  All important factors when you consider efficiency goals within an organization.


What’s in it for the Regulatory Authorities?

  • Creates a coalition of countries utilizing shared technology, resources, and services to improve the oversight of medical devices more efficiently.
  • Better utilizes the widely accepted international standards and best practices to achieve alignment of regulatory approaches of multiple regulatory bodies.


What’s in it for the manufacturer?

  • One audit overall instead of one per Regulatory Authority means less burden on manufacturer resources to deal with multiple audits.
  • Use of standardized non-conformity grading system will make the outcomes more predictable.
  • Utilization of a consistent audit criteria compliant to the requirements of all participating regulatory authorities will be used by the Auditing Organizations.
  • Saves you time and money by participating in 1 audit versus multiple audits.


Country specific Adverse Event Reporting

  • In 2012 Australia made access available to the Database of Adverse Event Notifications (DAEN). The database is searchable by report number, date, manufacture, sponsor, etc. 
  • The Manufacturer and User Facility Device Experience (MAUDE) has been available since 1996 and is also searchable by report number, date, manufacturer, etc. The product problems are categorized into more than 1,000 device and patient problems as defined by Code 3500A
  • Canada utilizes what is referred to as the Adverse Reaction Database. The search criteria is more limited however, reports date back to 1965.
  • Japan and Brazil also have information available publicly however, the incidents are only available in the local languages.
  • European Database on Medical Devices (EUDAMED)*
    • EUDAMED will be an information system for exchanging legal information related to the application of European Union Directives on medical devices between the European Commission’s Enterprise and Industry Directorate General and the Competent Authorities in the European Union Member States. Its legal basis is laid down in Directives 90/385/EEC, 93/42/EEC, 98/79/EC and 2000/70/EC.
    • EUDAMED will also develop a vigilance module. This vigilance module will inform Member States on incidents or near-incidents in relation to certain devices on the market.
    • EUDAMED will also develop a vigilance module. This vigilance module will inform Member States on incidents or near-incidents in relation to certain devices on the market.

*Note, EUDAMED is expected to be operational in March of 2019.  Note this date is subject to change.


About RCA

MDSAPRegulatory Compliance Associates® (RCA) provides worldwide services to the following industries for resolution of compliance and regulatory challenges:


We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA-and globally-regulated companies.

As your partners, we can negotiate the potential minefield of regulatory compliance and private equity due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.


To begin the RCA® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

Our website uses cookies to give you the best possible experience.

By continuing to use this site, you agree to the use of cookies.