Call Us Today at 508-231-8842        EMERGENCY

For those who may not be entirely familiar with the Medical Device Single Audit Program (MDSAP), this initiative is intended to allow auditors from MDSAP-recognized Auditing Organizations (AOs) to conduct a single audit of a medical device manufacturer’s quality management system that will satisfy the requirements of the medical device regulatory authorities participating in the MDSAP program. The countries currently participating in the program include the United States, Canada, Japan, Australia, and Brazil. The objective is to jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers.

Audits performed under the MDSAP program will be process-based, focusing on several defined processes, a defined method for linking those processes, but all audits will be based on the foundation of risk management.

As part of this effort to review risk management and software used both as part of the medical device and as part of the internal quality system, , the auditors will look to see if the firm has addressed the exchange of sensitive digital information between platforms, organizations, and nations. This is, in large part, in response to the fact that several of today’s medical devices are computers with internet connectivity and can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. The increased use of wireless technology and software in medical devices also increases the risks of potential cybersecurity threats.

During the audit of an organization’s quality management system as identified in the seven MDSAP processes, the audit team will be asked to be mindful of “linkages” needed for an organization’s quality management system to function effectively. For example, linkages assist auditors in making appropriate selections when moving to the next process (e.g. using information from the Measurement, Analysis and Improvement process to select a design project to review where appropriate). The auditors may look for linkages between the design of the internet connectivity and compliance verification to UL 2900. There may be linkages between complaints and the wireless networks in a hospital or auto-updates to the firm’s software. There might even be linkages between the supplier qualification and the software embedded in the Bluetooth or wireless manufacturer.

The audit team is also asked to assess risk management activities during the audit of the organization’s quality management system processes. This risk may be related to the software being used internally by the organization. Even something as simple as email may have direct linkages to ERP or complaint handling systems, where security breaches can originate. Software risk management in addition to device risk management is an integral aspect of an organization’s quality management system and it is the responsibility of top management to provide the necessary commitment and resources.

Effective risk management usually starts in conjunction with the design and development process, proceeds through product realization, including the selection of suppliers, and continues until the time the product is decommissioned. Risk-based decisions occur throughout the various quality management system processes, and each organization must decide how much risk is acceptable to ensure medical devices are as safe as practical.

Sign up to receive our Newsletters!

The Latest News

Artificial Intelligence: What you need to know about next-gen smart medical device compliance

Recent strides in artificial intelligence (AI) and machine learning technology is opening the door to the development of increasingly smart medical devices capable of turning big data and digital information into actionable insights for healthcare professionals. AI is having a significant impact on the evolution of smart devices and how healthcare will be delivered in the future. AI, coupled with machine learning, is calling into question what it means to approve a medical device capable of...

Mobile Medical Apps

In today’s wireless world, it seems everyone has a smartphone and it’s revolutionizing how services and information are presented and accessed. In the healthcare industry, this means rapid advances in telemedicine and the development of mobile medical apps (MMAs) which raise some unique concerns for compliance and challenges for regulation by the FDA and medical regulatory submissions. It is important to determine if your product is a regulated MMA or not a medical device. On May 17, 2019, the...
MEDIcept

Digital Health Innovation and Regulatory Compliance

Advances in digital health technology and innovation are picking up speed as wireless communications continue to evolve and become incorporated in growing numbers of devices, systems, and networks. The cloud, , are only fueling the demand for wireless and cloud-based integration of medical devices, which promises to improve the delivery of healthcare, often at reduced costs. Telemedicine, wearable devices, artificial intelligence (AI), and remote diagnostic and monitoring systems are just some...