Call Us Today at 508-231-8842        EMERGENCY

For those who may not be entirely familiar with the Medical Device Single Audit Program (MDSAP), this initiative is intended to allow auditors from MDSAP-recognized Auditing Organizations (AOs) to conduct a single audit of a medical device manufacturer’s quality management system that will satisfy the requirements of the medical device regulatory authorities participating in the MDSAP program. The countries currently participating in the program include the United States, Canada, Japan, Australia, and Brazil. The objective is to jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers.

Audits performed under the MDSAP program will be process-based, focusing on several defined processes, a defined method for linking those processes, but all audits will be based on the foundation of risk management.

As part of this effort to review risk management and software used both as part of the medical device and as part of the internal quality system, , the auditors will look to see if the firm has addressed the exchange of sensitive digital information between platforms, organizations, and nations. This is, in large part, in response to the fact that several of today’s medical devices are computers with internet connectivity and can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. The increased use of wireless technology and software in medical devices also increases the risks of potential cybersecurity threats.

During the audit of an organization’s quality management system as identified in the seven MDSAP processes, the audit team will be asked to be mindful of “linkages” needed for an organization’s quality management system to function effectively. For example, linkages assist auditors in making appropriate selections when moving to the next process (e.g. using information from the Measurement, Analysis and Improvement process to select a design project to review where appropriate). The auditors may look for linkages between the design of the internet connectivity and compliance verification to UL 2900. There may be linkages between complaints and the wireless networks in a hospital or auto-updates to the firm’s software. There might even be linkages between the supplier qualification and the software embedded in the Bluetooth or wireless manufacturer.

The audit team is also asked to assess risk management activities during the audit of the organization’s quality management system processes. This risk may be related to the software being used internally by the organization. Even something as simple as email may have direct linkages to ERP or complaint handling systems, where security breaches can originate. Software risk management in addition to device risk management is an integral aspect of an organization’s quality management system and it is the responsibility of top management to provide the necessary commitment and resources.

Effective risk management usually starts in conjunction with the design and development process, proceeds through product realization, including the selection of suppliers, and continues until the time the product is decommissioned. Risk-based decisions occur throughout the various quality management system processes, and each organization must decide how much risk is acceptable to ensure medical devices are as safe as practical.

Sign up to receive our Newsletters!

The Latest News


Digital Health Innovation and Regulatory Compliance

Advances in digital health technology and innovation are picking up speed as wireless communications continue to evolve and become incorporated in growing numbers of devices, systems, and networks. The cloud, , are only fueling the demand for wireless and cloud-based integration of medical devices, which promises to improve the delivery of healthcare, often at reduced costs. Telemedicine, wearable devices, artificial intelligence (AI), and remote diagnostic and monitoring systems are just some...

Two Premier Medical Device Firms Merge to Provide More Comprehensive Services

Ashland, MA: MEDIcept Inc, a leading international quality and regulatory consulting firm focused on medical device and in-vitro diagnostics (IVD), and Reilly & Associates, a US-based privately held consulting firm specializing in medical device/biotechnology, announces the merger of the two companies.The merger promotes the shared strategic goal of becoming a world-wide, leading quality and regulatory value-added service firm focusing on medical devices and medical technology....

How Can You Outsource Quality Assurance?

If you’re a medical device manufacturer – and especially a smaller one, such as a recent start-up – the real question might be “How can you NOT outsource quality assurance?” Smaller firms such as start-ups are especially vulnerable to issues surrounding quality assurance and quality system development. Hiring an experienced QA professional or quality engineer can cut deeply into limited funds, never mind actually getting a Quality Management System (QMS) up and running. For small or...