Medical Device Single Audit ProgramFrequently Asked QuestionsTable of ContentA. General Questions about MDSAPB. Questions related to AssessmentsC. Questions related to AuditsA. General Questions about MDSAP1. What is the Medical Device Single Audit Program Pilot?The Medical Device Single Audit Program Pilot or “MDSAP Pilot” is a program thatwill allow the conduct of a single regulatory audit of a medical device manufacturer’squality management system that will satisfy the requirements of multiple regulatoryjurisdictions. Audits will be conducted by Auditing Organizations authorized by theparticipating Regulatory Authorities to audit under MDSAP.The MDSAP is a way that medical device manufacturers can be audited once forcompliance with the standard and regulatory requirements of up to five differentmedical device markets: Australia, Brazil, Canada, Japan and the United States. Theprogram’s main mission is to “ jointly leverage regulatory resources to manage anefficient, effective, and sustainable single audit program focused on the oversight ofmedical device manufacturers.” [International Medical Device Regulators ForumMedical Devices Single Audit Program, International Coalition Pilot Program Sheet,January 2014 – IMDRF Home Page].The MDSAP Pilot is planned to run from January 2014 until Dec. 2016.2. Why is the MDSAP Pilot being developed?The MDSAP Pilot was developed to:2016-05-04 v0081
·····Pilot the implementation of the requirements that are defined in the IMDRFMDSAP Model;Enable appropriate regulatory oversight of medical device manufacturers’quality management systems while minimizing regulatory burden on industry;Promote more efficient and flexible use of regulatory resources through worksharing and mutual acceptance among regulators while respecting thesovereignty of each authority;Promote globally, in the longer term, a greater alignment of regulatoryapproaches and technical requirements based on international standards andbest practices;Promote consistency, predictability and transparency of regulatory programsby standardizing;o the practices and procedures of participating regulators for theoversight of third party auditing organizations, ando the practices and procedures of participating third party auditingorganizations; ando Leverage, where appropriate, existing requirements and proceduresfor conformity assessment.3. Which Regulatory Authorities are part of the MDSAP Pilot and what is the planfor expansion of the program?The MDSAP Pilot is being developed by representatives of the AustralianTherapeutic Goods Administration (TGA), Brazil’s Agência Nacional de VigilânciaSanitária (ANVISA), Health Canada, MHLW/PMDA, and the U.S. Food and DrugAdministration (FDA). All regulatory authorities participating in the MDSAP Pilot areequal partners in the program.Regulatory Authorities may eventually decide to participate in the MDSAP and tobecome active participants in the Pilot Program. For example, the World HealthOrganization (WHO) Prequalification of In Vitro Diagnostics (IVDs) Programme andthe European Union (EU) are Official Observer to the MDSAP Regulatory AuthorityCouncil (RAC) and Subject Matter Expert (SME) Work Group.4. When is it anticipated that the MDSAP will go live?The MDSAP Pilot, that is designed to confirm the proof-of-concept, was launched onJanuary 1st, 2014 and will run through to the end of calendar year 2016. Fullimplementation of the MDSAP is anticipated sometime in 2017.5. What is the difference between a Regulatory Authority being a participant inMDSAP Subject Matter Expert (SME) Working Group (WG) versus being anobserver to this working group?2016-05-04 v0082
The Regulatory Authority participants provide the resources to support thedevelopment, implementation, maintenance and expansion of MDSAP andparticipate actively in the process of recognizing, monitoring, and re-recognizingAuditing Organizations under the framework of the IMDRF MDSAP. Theparticipating Regulatory Authorities have committed to use the MDSAP deliverablesduring the Pilot in order to assess program success. Each Regulatory Authorityparticipant is also represented on the MDSAP Regulatory Authority Council (RAC);the MDSAP’s governing board, by two senior level managers.A Regulatory Authority who is an “observer” may attend MDSAP SME WG meetings,assessments, and other activities, but does not utilize MDSAP program deliverablesto replace or supplement its regulatory scheme deliverables or portions of thesedeliverables. The observers are represented on the MDSAP RAC by one seniorlevel manager.6. Is the list of medical device manufacturers participating in the MDSAP Pilotmade publicly available?During the Pilot, the information on who is participating will not be made publiclyavailable by the Regulatory Authorities. However, the participating RegulatoryAuthorities plan to develop an Internet Portal on which the information may becomeavailable.7. Will industry be able to provide input into MDSAP documents or the programin general?Yes. There are two venues for the industry to contribute. IMDRF MDSAPdocuments either under development, or undergoing a revision, are made availableon the IMDRF’s web site for consultation. (IMDRF Consultations) The RegulatoryAuthorities that are participating in the MDSAP Pilot have established, documentedand are implementing an MDSAP Quality Management System MDSAPDocumentation. Feedback on MDSAP can be submitted to any of the participatingRegulatory Authorities in written format, electronically, by telephone, or in person.Electronic feedback is preferred and may be submitted to one of the four emailaddresses listed below. MDSAP participating regulators will address the feedback inaccordance with the procedure MDSAP QMS P0011 Complaints and/or CustomerFeedback ProcedureManufacturers are encouraged to provide feedback.Contact v.brQS MDB 6-05-04 v0083
8. What is the criterion that must be achieved for the MDSAP Pilot to beconsidered successful?The MDSAP Subject Matter Experts Working Group has developed a plan to gatherevidence for a “proof of concept” of the MDSAP Pilot. The plan includes eightperformance indicators for the measurement of the success of the Pilot. The criteriaare related to audit reports and non-conformities, the audit model, duration of audits,Auditing Organizations and manufacturers. A method for data collection, sampling,method of analysis and targets were defined for each indicator. MDSAP P0007Proof of concept for MDSAP Pilot.9. Have there been discussions with WHO regarding the pre-clearance processfor IVDs and taking account the results of an MDSAP audit? Will medicaldevices assessed by the WHO be included in the program at a later stage?WHO is participating as a member of the IMDRF MDSAP Working Group and as anobserver to the MDSAP. WHO has indicated a willingness to adapt and integrateMDSAP processes as much as possible in their Prequalification Program. WHOintends to utilize MDSAP reports where possible if they are available for devices thatare subject to their Prequalification Program.10. If an RA decides to change its GMP/QMS or Regulatory requirements, how willthe changes be incorporated into MDSAP?The MDSAP Subject Matter Experts would revise the MDSAP Audit Model and theMDSAP Audit Model Companion document to reflect any changes in regulatoryrequirements. Accordingly, the impacted MDSAP training would be updated.The IMDRF MDSAP WG N3 document requires “The Auditing Organizations toparticipate in any regulatory coordination group established for the purpose ofkeeping the Auditing Organization’s personnel current on medical device legislation,guidance documents, standards, and best practice documents adopted in theapplicable regulatory systems.” (N3 – Clause 6.1.3)11. How will the revision of ISO 13485 impact MDSAP?When ISO 13485:2003 is superseded by a new version, the impact on the MDSAPPilot will be analyzed and any affected documents, the Audit Model, in particular will be revised as necessary.12. How do I find out more specific information on the documents, policies, andprocedures that will be used in the MDSAP Pilot?The MDSAP Pilot participating Regulatory Authorities and the candidate AuditingOrganizations will primarily utilize the IMDRF MDSAP WG documents that can befound at: IMDRF Documentation2016-05-04 v0084
In addition, there are many other MDSAP Regulatory Authority Council reviewed andapproved documents that are to be used for implementing the Pilot and include: anaudit strategy for auditing medical device manufacturers, requirements for the auditreports, a method for audit time calculation, and the MDSAP Pilot QualityManagement System procedures. For further information on the Pilot andassociated documents, please refer to the MDSAP Home Page or contact one of theparticipating Regulatory Authorities QS MDB HC@hc-sc.gc.caMDSAP@pmda.go.jpMDSAP@fda.hhs.govB. Questions related to Assessments13. Which Auditing Organizations can apply to the MDSAP Pilot?During the MDSAP Pilot, all Auditing Organizations currently recognised underCMDCAS program are invited to apply for authorization to participate in the MDSAPPilot by submitting an MDSAP application. These Auditing Organizations(recognized Registrars) undergo an application review, stage 1 assessment, stage 2on-site assessment, and, if applicable, on-site assessment at their critical locations,and successfully resolve any identified deficiency will be authorized to perform anyMDSAP Pilot Audits. The participating Regulatory Authorities will decide whether toofficially recognize Auditing Organizations upon completion of the MDSAP Pilot.Additional auditing organizations may apply for recognition under MDSAP followingthe successful conclusion of the pilot.The reason for this initial restriction is that the participating Regulatory Authoritiesalready have some involvement with the CMDCAS Registrars through variousagreements and programs. Australia’s TGA Inspectorate has a Memorandum ofUnderstanding with Health Canada on the reciprocal recognition of qualitymanagement system (QMS) certificates for medical device manufacturers utilizingthe CMDCAS Program. The U.S. FDA has worked closely with Health Canada overthe last 10 years on the use of third party auditing organizations in a regulatoryprogram, including within the CMDCAS program. In addition, those third parties thatwere recognized under FDA’s Third Party Inspection program and also accreditedunder the CMDCAS program, had for several years performed pilot Multi-PurposeAudits (pMAP) under a separate initiative.2016-05-04 v0085
ANVISA, TGA, and the U.S. FDA have also observed several assessments ofCMDCAS Registrars as well as observed witnessed audits that have beenperformed by those Registrars. Therefore, the Regulatory Authorities involved inthis Pilot already have several years of confidence building with the CMDCASRegistrars. Many of the CMDCAS Registrars are also designated as Notified Bodiesunder the European regulatory scheme.The list of Registrars Recognized by Health Canada can be found at: CMDCASrecognized registrars.14. Can Contract Research Organizations participate in MDSAP Pilot? Whatabout Certified Quality Auditors?The MDSAP includes the use of Auditing Organizations, also known as CertificationBodies or Registrars in other schemes. During the Pilot, only CMDCAS recognizedregistrars may apply for recognition.If an Auditing Organization also acts as a Contract Research Organization, theorganization’s management system must ensure the impartiality of the AuditingOrganization.An independent Certified Quality Auditor may not individually apply for recognitionunder the MDSAP Pilot. Should an auditor become permanently employed or workon a contract basis for an Auditing Organization, and meet the competency andother criteria for auditors as required under MDSAP, e.g. absence of conflict ofinterest, that auditor may be qualified to perform MDSAP audits as long as the AO isrecognized under MDSAP.15. Who will be entitled to perform audits of medical device manufacturers underthe MDSAP Pilot?During the MDSAP Pilot, candidate Auditing Organizations who successfullycomplete an application review process, the stage 1 and stage 2 assessmentprocesses, the assessment of any critical location and the resolution of any identifiednonconformity, will be authorized to perform audits under the Pilot program. Theinitial audit of a medical device manufacturer conducted by an authorized MDSAPAO will be witnessed by representatives of at least two of the four participatingregulatory authorities. The governing documents for assessing candidate AuditingOrganizations can be found on the MDSAP Pilot webpages.The recognition of Auditing Organizations who satisfactorily fulfil programrequirements will be promulgated after the completion of the MDSAP Pilot.16. How will an Auditing Organization pay regulators for the application andtraining?2016-05-04 v0086
During the MDSAP Pilot (2014-2016) there are no application fees. Also, there areno costs associated with the MDSAP Training. Training on the MDSAP Audit Modeland the requirements of the participating Regulatory Authorities is available on-lineto registered candidate applicants MDSAP Training Material. Instructions on how toapply for an account are also provided.17. How are assessments of auditing organizations being conducted by RAsunder the MDSAP Pilot?The assessment program is defined in key documents for the planning and conductof assessments by Regulatory Authority assessment teams; and, the follow-up andmonitoring of assessment activities of Auditing Organizations. The sequence of allassessment activities follows a 4-year cycle. The cycle begins with an initialauthorization, followed by annual surveillance assessments for three consecutiveyears.Assessments are performed per document IMDRF MDSAP WG N5 FINAL:2013,Regulatory Authority Assessment Method for the Recognition and Monitoring ofMedical Device Auditing Organizations and associated MDSAP documents MDSAPDocumentation.18. Must Auditing Organizations have all documentation in English to beassessed by the Regulatory Authorities?Auditing Organizations must have at least the documents requested for theapplication submission and for Stage 1 Assessment in English. During the Stage 2Assessment, the Auditing Organizations must have personnel with fluency in Englishto translate documents and records that are not in English.Additionally, records that are specific to the MDSAP program (including but notlimited to the documents included in the audit report package) should be in Englishas well.19. What is the best way to determine what is expected of the AuditingOrganizations with regard to multiple jurisdictions?Medical device manufacturers will have to be audited according to the scopedeclared in their application for certification services. Based on the countries wherethe manufacturer sells (or intends to sell) or has devices registered, the AO willdetermine the regulatory requirements applicable to that manufacturer.The AOs will have to refer to the Audit Model MDSAP AU P0002 and Audit ModelCompanion MDSAP AU G0002.1 to make that determination. The two documentsincorporate or reference the regulatory requirements of each of the participatingRegulatory Authorities.2016-05-04 v0087
20. What oversight do Regulatory Authorities have over the AuditingOrganizations?The audits of medical device manufacturers will be performed by MDSAP AuditingOrganizations that will be assessed and monitored by Regulatory Authorities. Inaccordance with best practices, the MDSAP Pilot incorporates a transparentassessment program by Regulatory Authorities who will oversee the compliance ofthe Auditing Organizations with MDSAP requirements. This program includes arobust plan and schedule for assessing the competence and compliance of MDSAPAuditing Organizations and includes assessments of their head office and criticallocations, as well as witnessing the performance of AO audits (“witnessed” audits),as part of an ongoing four year recognition cycle.The Regulatory Authorities involved in the Pilot will base their recognition andassessment process on the IMDRF MDSAP WG and Pilot MDSAP documents inaddition to other documents drafted and approved by the Regulatory AuthorityCouncil. IMDRF Documentation and MDSAP Documentation.In particular, Regulatory Authorities will evaluate or “assess” an AuditingOrganizations’ compliance to the requirements of IMDRF MDSAP WG documentsN3 and N4.· IMDRF MDSAP WG N3 FINAL:2013 Requirements for Medical Device AuditingOrganizations for Regulatory Authority Recognition· IMDRF MDSAP WG N4 FINAL:2013 Competence and Training Requirements forAuditing Organizations21. What is a witnessed audit?A witnessed audit will give Regulatory Authorities the opportunity to verify that anAuditing Organization adequately conducts their audits using the MDSAP AuditModel, and reports appropriately on the outcomes of audits. It is an essentialassessment activity for building confidence in the reliability of the third party AuditingOrganization.During a witnessed audit, the Auditing Organization’s audit team conducts the auditof the medical device manufacturer and the Regulatory Authorities’ assessmentteam observes the AO without interfering in the audit process. After the AuditingOrganization has issued the audit report, the assessment team finalizes and sharestheir conclusions with the Auditing Organization. The RA conclusions are not inrelation to the compliance of the manufacturer to ISO 13485 and the relevantregulatory requirements. The RA’s conclusions only relate to the ability of theAuditing Organization to audit against the requirements of the MDSAP Pilot.22. Who performs witnessed audits and how are the assessors selected?2016-05-04 v0088
The witnessing of an audit being conducted by an Auditing Organization will beperformed by qualified MDSAP Regulatory Authority Assessors. These assessorsare experienced Regulatory Authority Assessors who will have knowledge of theMDSAP requirements, the requirements of the participating Regulatory Authoritiesand the device and manufacturing technologies used by the medical devicemanufacturer that is being audited.Regulatory Authority Assessors are to be qualified against the competencyrequirements as defined in the document IMDRF MDSAP WG N6 FINAL:2013,Regulatory Authority Assessor Competence and Training Requirements.23. Can an Auditing Organization contest a nonconformity or its grading?If an Auditing Organization disagrees with a nonconformity issued by the RegulatoryAuthorities or its grading, it may formally file for an appeal to the participatingRegulatory Authorities. The process is defined in IMDRF MDSAP WG N11FINAL:2014).24. If a current Notified Body applies for authorization to perform audits under theMDSAP Pilot but does not pass the MDSAP assessment, could they also bede-notified to the EU Directive?No. European Competent Authorities and Designating Authorities are notparticipants in the MDSAP Pilot. It is therefore unlikely that European Authoritieswould de-notify a Notified Body based on the outcome of an MDSAP PilotAssessment. Nevertheless, European Authorities are likely to be informed if thereason for refusing the authorization was due to concerns that arose from aconcurrent assessment by an Auditing Organization of the relevant Europeanregulations. In such cases, the European Authorities may follow-up with the AuditingOrganization and make their own assessment of the situation.25. Who from the Auditing Organization or the Regulatory Authorities makes thefinal decision on the compliance of the medical device manufacturer?The Auditing Organizations are fully responsible for making the decision oncompliance to issue MDSAP certification documents under
Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs) Programme and the European Union (EU) are Official Observer to the MDSAP Regulatory Authority Council (RAC) and Subject Matter Expert (SME) Work Group. 4. When is it anticipated that the MDSAP will go live?
The quality audit system is mainly classified in three different categories: i Internal Audit ii. External Audits iii. Regulatory Audit . Types Of Quality Audit. In food industries all three audit system may be used to carry out 1. Product manufacturing audit 2. Plant sanitation/GMP audit 3. Product Quality audit 4. HACCP audit
Internal Audit Boot Camp Session 2: Phases of an Audit Program . IA Boot Camp 03/17/21 National Indian Gaming Commission Page 17 of 26 . It is important to understand and include audit steps within your audit program. Audit steps can be updated and created during the planning phase. Audit steps provide the auditor with the proper guidance to
INTERNAL AUDIT Example –Internal audit report [Short Client Name] Internal Audit Report Rev. [Rev Number] STEP ONE: Audit Plan Process to Audit (Audit Scope): Audit Date(s): Lead Auditor: Audit #: Auditor(s): Site(s) to Audit: Applicable Clauses of [ISO 9001 or AS9100] S
4.1 Quality management system audit 18.104.22.168 Quality management system audit - except: organization shall audit to verify compliance with MAQMSR, 2nd Ed. 4.2 Manufacturing process audit 22.214.171.124 Manufacturing process audit 4.3 Product audit 126.96.36.199 Product audit 4.4 Internal audit plans 188.8.131.52 Internal audit programme
CHAPTER 12 Internal Audit Charters and Building the Internal Audit Function 273 12.1 Establishing an Internal Audit Function 274 12.2 Audit Charter: Audit Committee and Management Authority 274 12.3 Building the Internal Audit Staff 275 (a) Role of the CAE 277 (b) Internal Audit Management Responsibilities 278 (c) Internal Audit Staff .
AUDIT OF DEKALB COUNTY DATA CENTER PHYSICAL SECURITY AUDIT REPORT NO. 2018-007-IT John Greene Chief Audit Executive FINAL REPORT What We Did In accordance with the Office of Independent Internal Audit's (OIIA) Annual Audit Plan, we conducted a performance audit of the DeKalb County Data Center Physical Security.
A.4 Audit Committee 1. Minutes and Committee Reports and Recommendations 2. Written duties and responsibilities 3. Duly signed Oath of Office 4. Audit Systems and Procedure 5. Audit Program of Work 6. Internal Audit Report 7. Monitoring report on audit recommendations 8. Report to General Assembly A.5 Education Committee 1.
DIR-330 A1 Device 6-18-2016 DIR-130 A1 Device 6-18-2016. DFE-690TXD A4 Device 6-8-2016 DFE-538TX F2 Device 6-8-2016 DFE-528TX E2 Device 6-8-2016 DXS-3250E A1 Device 5-31-2016 DXS-3250 A1 Device 5-31-2016 DXS-3227P A1 Device 5-31-2016 DXS-3227 A1 Device 5-31-2016 DEM-411T A1 Device 5-31-2016