This presentation provides an update on the progress of the Pilot and explores how the results of audits will be used by the participating Regulatory Authorities in support of market authorisation within their jurisdictions.
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot Program
1. Medical Devices Single Audit Program
MDSAP - Overview and Update
Keith M Smith
Senior Adviser and MDSAP Assessor
Quality Audits and Assessments Section
Medical Devices Branch
Medical Devices and Product Quality Division
ARCS Scientific Congress Canberra, August, 2016
2. Objectives
• TGA’s International Programs
• IMDRF MDSAP Model
• MDSAP Pilot
• Audits
• Assessments
• Implementation
• Participation
• Questions
1
3. TGA’s International Programs
• Seeking to collaborate with other Regulators in innovative ways
– Share resources and the regulatory work
– Leverage external resources and systems
– Converge requirements and expectations
– Build consistency and confidence in outcomes
• The MDSAP is a significant international program! … we envisage …
– Benefits manufacturers through a reduced number of audits, reduced annual cost, an increase
in the predictability of outcomes, and opportunities for export markets.
– Benefits Sponsors as an additional basis for market authorisation. (ARTG entry)
– Benefits Regulators as it frees resources to target risk areas
2
5. MDSAP model
• Allows recognized Auditing Organisations to conduct audits of a medical device
manufacturer that will satisfy the relevant Quality Management System
requirements of multiple participating Regulatory Authorities.
• Referred to as a “single” audit program
• Started development in 2012 by the International Medical Device Regulators
Forum (IMDRF)
– Successor of the Global Harmonisation Task Force
– Australia, Brazil, Canada, China, Europe, Japan, Russia, and the United States of America
4
8. MDSAP Pilot
• International consortium of some of the countries who are members of the IMDRF
who are dedicated to pooling technology, resources, and services to improve the
safety and oversight of medical devices on an international scale in an Audit and
Assessment Pilot Program
– Memorandum of Understanding, Brazil, November 2012
• MDSAP Pilot
– January 2014 – December 2016
7
9. MDSAP Pilot - International Consortium
• MDSAP international consortium of countries:
– Therapeutic Goods Administration (TGA) of Australia,
– Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA),
– Health Canada,
– Japanese MHLW and PMDA, and
– U.S. Food and Drug Administration (US FDA)
• Observers
– World Health Organisation (WHO) Diagnostic Prequalification Program
– European Union
May make a decision about full participation later in 2016
8
10. MDSAP Pilot – Governance and Operations
• Regulatory Authority Council (RAC)
• International Subject Matter Expert (SME) Working Groups
9
11. Regulatory Authority Council (RAC)
• The MDSAP governing body is the RAC
– Two senior managers from each participating jurisdiction
– Representation from observing jurisdictions (WHO and EU)
• Responsibilities:
– Perform executive planning, strategic priorities, sets policy and make final decisions on behalf of
the MDSAP Consortium.
– Final review and approval of MDSAP documentation; policy, procedures, work instructions, etc.
– Auditing Organisation authorisation and recognition decisions
10
12. Subject matter expert (SME) working groups
• MDSAP Audit and Assessment SME
– Develops procedures, work flows, work instructions, templates, training, etc. for
The auditing of medical device manufacturers by recognized Auditing Organisations
The assessment of Auditing Organisations by Regulatory Authorities
A Quality Management System for the operation of the MDSAP
• Regulatory Exchange Platform secure (REPs) SME
– Developed IT requirements and specifications for REPsecure
– Overseeing the Cooperative Agreements with the Host Organisation
Pan American Health Organisation (PAHO)
11
14. MDSAP Audit Process: Model and Criteria
• The design of each layer of the MDSAP seeks to define relevant objectives,
processes, competence management requirements and outputs.
• The audit process for medical device manufacturers provides for an efficient and
thorough coverage of each QMS process requirement
– Documented in an “Audit Model” and “Companion Guide”
– Defines a prescribed audit “process” approach
– The sequence of the audit of QMS processes ensures information determined early in the audit
informs the audit of processes later in the audit.
– Annual audits
13
15. MDSAP Audit Process: Model and Criteria
• Each QMS process has objectives and a series of tasks to determine compliance
with ISO13485 and Regulatory requirements.
• Regulatory requirements include, for example:
– Registration of manufacturing sites
– Licensing of medical devices
– Reporting of adverse event and advisory notices (recalls)
– Tracking of specified devices
– Review of technical documentation in the context of audit
14
16. MDSAP audit process: Model and criteria
• An Auditing Organisation’s activities are directed by a number of documents, for
example:
– Audit Model and Companion Guide
– Nonconformity Grading and RA Exchange Form and Guide
– Audit Report Template and Policy / Guide
– Audit Time Calculations
– Post Audit Timeline
– Certification document content
– Notification of manufacturer participation, etc
• Full process is defined in “MDSAP Audit Procedures and Forms”
– Web search “FDA MDSAP Pilot” for the complete listing
15
17. MDSAP audit
model
- Sequence to
audit QMS
processes for
ISO 13485 and
Regulatory
Requirements
RiskManagement
Purchasing
Management
Device Marketing
Authorisation and
Facility Registration
MD Adverse Events
and Advisory Notice
Reporting
Device Marketing
Authorisation and
Facility Registration
Measurement,
Analysis and
Improvement
Design and
Development
Production and
Service Controls
16
18. Nonconformity grading
• GHTF N19 - Nonconformity
Grading System for Regulatory
Purposes
• NCs are assigned a grade, 1 to 5
• Calculated in two steps
– Grading Matrix
– Escalation Rules
No Documented Process, +1
Release of nonconforming medical
device, +1
3 4
1 2
OccurrenceImpact
First Repeat
Indirect
Cl4.1–6.3
Direct
Cl6.4–8.5.3
17
19. Post audit timeline
• 5 Working Day Notification
– Auditing Organisation informs MDSAP Regulatory Authorities of 1 or more Grade 5
Nonconformities, or >2 Grade 4 Nonconformities, or public health threat/fraud
• 15 Calendar Days
– Medical Device manufacturer provides remediation plan
• 30 Calendar Days
– Medical Device manufacturer provides evidence of implementation of remediation actions for
any grade 4 or 5 nonconformities
• 45 or 90 Calendar Days
– Auditing Organisations submits full audit report package
– 45 days in cases where a 5 day notification was required.
18
20. 19
Initial Audit Surveillance Audit Recertification Audit
Special Audit, Unannounced Audit, Regulatory Authority audit
Stage 1
Documentation Review
Stage 2
On-Site Full Audit
Stage 1 – (as needed)
Documentation Review
Review of changes,
management process,
M,A&I, registration,
authorisation, etc.
Stage 1 – (as needed)
Documentation Review
Review audit reports,
corrections/corrective
actions, tasks not
covered in previous
audits
MDSAP – Manufacturer Audit Program
AuditActivitiesAudit
22. MDSAP Auditing Organisation Assessment Criteria
• An MDSAP Assessment is based on the model established by the IMDRF
MDSAP documents that refer to the relevant ISO Standard, primarily …
– ISO/IEC 17021:2011 – Reqs for bodies providing audit and certification of management systems
– N3 – Requirements for Auditing Organisations
– N5 – Regulatory Authority assessment method
– N11 – Auditing Organisation Nonconformity Grading and Decision Process
– … includes verification that AOs are auditing regulatory requirements
• Full process is defined in “MDSAP Assessment Procedures and Forms”
– Application, Assessment, Decision Making etc.
– Web search “FDA MDSAP Pilot” for the complete listing
21
23. RA assessment method: Processes
Outsourcing
• Management (including Impartiality)
• Measurement, Analysis and Improvement
• Competency Management
• Audit and Certification Process
• Information Management
22
24. 23
MDSAP – Auditing Organisation Assessment Program
Initial Assessment
Application Review
Stage 1 Assessment
including Documentation Review
Stage 2 On-Site Assessment
(Head Office)
3 Witnessed Audits
Surveillance Assessment Re-Recognition Assessment
On-Site Assessment of all
Critical Locations
(as necessary)
Surveillance On-Site
Assessment
(Head Office)
1 Witnessed Audit
1 Witnessed Audit per Critical
Location per Assessment
Cycle (as necessary)
Stage 1 Assessment
including Documentation
Review for changes
Re-Recognition On-Site
Assessment
(Head Office)
1 Witnessed Audit
1 Witnessed Audit per Critical
Location per Assessment
Cycle (as necessary)
AssessmentActivitiesAssessment
25. Summary: Assessment versus audit
Assessment and Recognition
• of Auditing Organisation
by Regulatory Authorities
• of compliance to the IMDRF
Recognition Criteria
– ISO/IEC 17021, IMDRF N3, N5, N11
etc, GHTF N19
• 4-year cycle
• MDSAP Assessment Model
Audits and Certification
• of Medical Device manufacturers
by Auditing Organisation
• of compliance to ISO 13485, plus specific
quality system requirements from the
participating RAs’ regulations
• 3-year cycle
• MDSAP Audit Model
24
28. Auditing organisations and the MDSAP Pilot
• Stages of Assessment
– Application Review
– Stage 1 - Documentation Review
– Stage 2 - Head Office and Critical Location on-site assessments
– When any nonconformities have been closed the AO is “Authorised” to conduct MDSAP audits
under the Pilot arrangements
– 1st MDSAP audit by the AO is witnessed then all assessment material is reviewed to confirm
continued Authorisation.
– A minimum of 2 additional MDSAP audits are to be performed and witnessed to meet the
minimum recognition criteria
– Regulatory Authorities will announce the successful Auditing Organisations at the Pilot and
grant them full MDSAP Auditing Organisation Recognition.
27
30. Auditing organisations and the MDSAP Pilot
• During the Pilot, only the Auditing
Organisations recognized under the
Canadian CMDCAS program were
allowed to participate.
– All 13 have applied and are progressing
through the stages of assessment
– Others will be allowed to apply from 1
January 2017
– See “AO Availability” for an updated listing
on MDSAP website.
• BSI Group America
• TUV SUD America Inc.
• Intertek Testing Services
• LNE G-MED
• SAI Global Certification Services
• TUV USA Inc.
• LRQA
• DQS Med
• DEKRA Certification B.V.
• TUV Rheinland N.A. Inc.
• NSAI
• SGS UK Ltd.
• UL, LLC 29
33. Profile of manufacturers currently participating
• Organisations selling into Canada and internationally
• Manufacturing sites for finished medical devices
• Relatively large organisations
– ~ 70 people and more
• Manufacturers of combination products selling into Australia
• Organisations intending to sell in Brazil
• Manufacturers of high risk medical devices
• Organisations participating in the WHO Prequalification of IVDs Program
32
34. Why should manufacturers participate?
• Limit the number of medical device regulatory audits
• Improvement in predictability of audit outcomes
• Facilitate the application for marketing authorisation in countries where a quality
management system audit is a prerequisite
• Anticipate the transition towards the mandatory application of MDSAP in Canada
• Be a part of the process during the pilot to help shape the policies and procedures
for the operational program scheduled to begin in 2017
• Encourage the Auditing Organisation to get authorized/ recognized
• As MDSAP grows, so will RA participation
• Choice of MDSAP Auditing Organisation
33
35. Some RA-specific benefits
• Australia – TGA will take into account MDSAP audit reports for QMS when:
– deciding whether to issue or maintain Conformity Assessment Certificates that are required for
“combination” products
Medicine / Device, Animal Origin / Device etc.
– auditing applications for ARTG Entry when evidence of compliance with the QMS requirements
of a conformity assessment procedure is required.
– when EC Conformity Assessment Certification for QMS is not available.
• Brazil – program outcomes and reports used as key inputs into ANVISA’s pre-
market and post-market assessment procedures
34
36. Some RA-specific benefits
• Canada – will accept either MDSAP or CMDCAS certificates for obtaining Class
II, III or IV medical device license. Full transition to MDSAP expected to occur by
2019
• Japan – may accelerate the Marketing Authorisation and reduce post-market
burden (still under evaluation)
• United States – will accept MDSAP audit reports as substitute for routine
inspections
• See also MDSAP Question and Answer document on FDA MDSAP website!
35
37. WHO Prequalification for diagnostic devices
• MDSAP audits may be recognized as acceptable evidence of QMS compliance
with international regulations, resulting in an abbreviated or waived site audit
by WHO.
36
38. How to participate
• Any medical device manufacturer is eligible
• Participation is not initiated through a Regulatory Authority!
• Identify a participating MDSAP Auditing Organisation - FDA MDSAP website.
– Any current CMDCAS recognized registrar
– Many may also be able to provide audit and assessment for EC Certification.
• Inquire if the AO has progressed sufficiently in the assessment process to accept
applications for an MDSAP audit.
• An RA’s routine audit / inspection program will not be suspended until an AO
notifies MDSAP of a manufacturer’s participation in the program.
– Note that “for cause” audits may still be conducted by RAs
37
When a manufacturer elects to participate in MDSAP, they agree to a 3 year audit cycle. The audit cycle begins in the first year with the initial audit (certification), which is comprised of a Stage 1 documentation review to verify that all documents required under ISO 13485 and RA regulations are present. An on-site Stage 2 audit is the second part of the initial audit. For the Stage 2, auditors verify implementation of requirements and records.
For Years 2-3 of the audit cycle two Surveillance audits must be conducted. An individual surveillance audit does not need to cover all MDSAP requirements, but must address Clause 9.3.2.1 of ISO 17021 and:
Changes to products, QMS or manufacturer changes
Audit tasks associated with: the management process; adverse event and advisory notice reporting; device marketing authorisation and facility registration; and design and development or production and service controls
Recertification Audits
Do not require a Stage 1, unless significant changes have occurred since last audit
Can be shorter than the initial audit through more selection and focused sampling
Audit should include:
Review of MDSAP audit reports
Changes to manufacturer/QMS
Follow-up on any corrections/corrective actions from previous findings
Review of the QMS effectiveness/suitability over the current audit cycle
All other applicable MDSAP audit process tasks
Special, Unannounced or RA audits can occur at any time during the MDSAP audit cycle