This presentation provides an update on the progress of the Pilot and explores how the results of audits will be used by the participating Regulatory Authorities in support of market authorisation within their jurisdictions.

1. Medical Devices Single Audit Program
MDSAP - Overview and Update
Keith M Smith
Senior Adviser and MDSAP Assessor
Quality Audits and Assessments Section
Medical Devices Branch
Medical Devices and Product Quality Division
ARCS Scientific Congress Canberra, August, 2016

2. Objectives
• TGA’s International Programs
• IMDRF MDSAP Model
• MDSAP Pilot
• Audits
• Assessments
• Implementation
• Participation
• Questions
1

3. TGA’s International Programs
• Seeking to collaborate with other Regulators in innovative ways
– Share resources and the regulatory work
– Leverage external resources and systems
– Converge requirements and expectations
– Build consistency and confidence in outcomes
• The MDSAP is a significant international program! … we envisage …
– Benefits manufacturers through a reduced number of audits, reduced annual cost, an increase
in the predictability of outcomes, and opportunities for export markets.
– Benefits Sponsors as an additional basis for market authorisation. (ARTG entry)
– Benefits Regulators as it frees resources to target risk areas
2

4. IMDRF MDSAP Model
3

5. MDSAP model
• Allows recognized Auditing Organisations to conduct audits of a medical device
manufacturer that will satisfy the relevant Quality Management System
requirements of multiple participating Regulatory Authorities.
• Referred to as a “single” audit program
• Started development in 2012 by the International Medical Device Regulators
Forum (IMDRF)
– Successor of the Global Harmonisation Task Force
– Australia, Brazil, Canada, China, Europe, Japan, Russia, and the United States of America
4

6. Assess and
recognize
Make
regulatory
decisions –
Market Authorisation
Audit and certify
Share audit
report and
certificate
Auditing
Organisations
Medical Device
Manufacturers
Regulatory
Authorities
CONCEPT
5

7. MDSAP Pilot
6

8. MDSAP Pilot
• International consortium of some of the countries who are members of the IMDRF
who are dedicated to pooling technology, resources, and services to improve the
safety and oversight of medical devices on an international scale in an Audit and
Assessment Pilot Program
– Memorandum of Understanding, Brazil, November 2012
• MDSAP Pilot
– January 2014 – December 2016
7

9. MDSAP Pilot - International Consortium
• MDSAP international consortium of countries:
– Therapeutic Goods Administration (TGA) of Australia,
– Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA),
– Health Canada,
– Japanese MHLW and PMDA, and
– U.S. Food and Drug Administration (US FDA)
• Observers
– World Health Organisation (WHO) Diagnostic Prequalification Program
– European Union
 May make a decision about full participation later in 2016
8

10. MDSAP Pilot – Governance and Operations
• Regulatory Authority Council (RAC)
• International Subject Matter Expert (SME) Working Groups
9

11. Regulatory Authority Council (RAC)
• The MDSAP governing body is the RAC
– Two senior managers from each participating jurisdiction
– Representation from observing jurisdictions (WHO and EU)
• Responsibilities:
– Perform executive planning, strategic priorities, sets policy and make final decisions on behalf of
the MDSAP Consortium.
– Final review and approval of MDSAP documentation; policy, procedures, work instructions, etc.
– Auditing Organisation authorisation and recognition decisions
10

12. Subject matter expert (SME) working groups
• MDSAP Audit and Assessment SME
– Develops procedures, work flows, work instructions, templates, training, etc. for
 The auditing of medical device manufacturers by recognized Auditing Organisations
 The assessment of Auditing Organisations by Regulatory Authorities
 A Quality Management System for the operation of the MDSAP
• Regulatory Exchange Platform secure (REPs) SME
– Developed IT requirements and specifications for REPsecure
– Overseeing the Cooperative Agreements with the Host Organisation
 Pan American Health Organisation (PAHO)
11

13. MDSAP Audits by
Auditing Organisations
12

14. MDSAP Audit Process: Model and Criteria
• The design of each layer of the MDSAP seeks to define relevant objectives,
processes, competence management requirements and outputs.
• The audit process for medical device manufacturers provides for an efficient and
thorough coverage of each QMS process requirement
– Documented in an “Audit Model” and “Companion Guide”
– Defines a prescribed audit “process” approach
– The sequence of the audit of QMS processes ensures information determined early in the audit
informs the audit of processes later in the audit.
– Annual audits
13

15. MDSAP Audit Process: Model and Criteria
• Each QMS process has objectives and a series of tasks to determine compliance
with ISO13485 and Regulatory requirements.
• Regulatory requirements include, for example:
– Registration of manufacturing sites
– Licensing of medical devices
– Reporting of adverse event and advisory notices (recalls)
– Tracking of specified devices
– Review of technical documentation in the context of audit
14

16. MDSAP audit process: Model and criteria
• An Auditing Organisation’s activities are directed by a number of documents, for
example:
– Audit Model and Companion Guide
– Nonconformity Grading and RA Exchange Form and Guide
– Audit Report Template and Policy / Guide
– Audit Time Calculations
– Post Audit Timeline
– Certification document content
– Notification of manufacturer participation, etc
• Full process is defined in “MDSAP Audit Procedures and Forms”
– Web search “FDA MDSAP Pilot” for the complete listing
15

17. MDSAP audit
model
- Sequence to
audit QMS
processes for
ISO 13485 and
Regulatory
Requirements
RiskManagement
Purchasing
Management
Device Marketing
Authorisation and
Facility Registration
MD Adverse Events
and Advisory Notice
Reporting
Device Marketing
Authorisation and
Facility Registration
Measurement,
Analysis and
Improvement
Design and
Development
Production and
Service Controls
16

18. Nonconformity grading
• GHTF N19 - Nonconformity
Grading System for Regulatory
Purposes
• NCs are assigned a grade, 1 to 5
• Calculated in two steps
– Grading Matrix
– Escalation Rules
 No Documented Process, +1
 Release of nonconforming medical
device, +1
3 4
1 2
OccurrenceImpact
First Repeat
Indirect
Cl4.1–6.3
Direct
Cl6.4–8.5.3
17

19. Post audit timeline
• 5 Working Day Notification
– Auditing Organisation informs MDSAP Regulatory Authorities of 1 or more Grade 5
Nonconformities, or >2 Grade 4 Nonconformities, or public health threat/fraud
• 15 Calendar Days
– Medical Device manufacturer provides remediation plan
• 30 Calendar Days
– Medical Device manufacturer provides evidence of implementation of remediation actions for
any grade 4 or 5 nonconformities
• 45 or 90 Calendar Days
– Auditing Organisations submits full audit report package
– 45 days in cases where a 5 day notification was required.
18

20. 19
Initial Audit Surveillance Audit Recertification Audit
Special Audit, Unannounced Audit, Regulatory Authority audit
Stage 1
Documentation Review
Stage 2
On-Site Full Audit
Stage 1 – (as needed)
Documentation Review
Review of changes,
management process,
M,A&I, registration,
authorisation, etc.
Stage 1 – (as needed)
Documentation Review
Review audit reports,
corrections/corrective
actions, tasks not
covered in previous
audits
MDSAP – Manufacturer Audit Program
AuditActivitiesAudit

21. 20
MDSAP Assessments by
Regulatory Authorities

22. MDSAP Auditing Organisation Assessment Criteria
• An MDSAP Assessment is based on the model established by the IMDRF
MDSAP documents that refer to the relevant ISO Standard, primarily …
– ISO/IEC 17021:2011 – Reqs for bodies providing audit and certification of management systems
– N3 – Requirements for Auditing Organisations
– N5 – Regulatory Authority assessment method
– N11 – Auditing Organisation Nonconformity Grading and Decision Process
– … includes verification that AOs are auditing regulatory requirements
• Full process is defined in “MDSAP Assessment Procedures and Forms”
– Application, Assessment, Decision Making etc.
– Web search “FDA MDSAP Pilot” for the complete listing
21

23. RA assessment method: Processes
Outsourcing
• Management (including Impartiality)
• Measurement, Analysis and Improvement
• Competency Management
• Audit and Certification Process
• Information Management
22

24. 23
MDSAP – Auditing Organisation Assessment Program
Initial Assessment
Application Review
Stage 1 Assessment
including Documentation Review
Stage 2 On-Site Assessment
(Head Office)
3 Witnessed Audits
Surveillance Assessment Re-Recognition Assessment
On-Site Assessment of all
Critical Locations
(as necessary)
Surveillance On-Site
Assessment
(Head Office)
1 Witnessed Audit
1 Witnessed Audit per Critical
Location per Assessment
Cycle (as necessary)
Stage 1 Assessment
including Documentation
Review for changes
Re-Recognition On-Site
Assessment
(Head Office)
1 Witnessed Audit
1 Witnessed Audit per Critical
Location per Assessment
Cycle (as necessary)
AssessmentActivitiesAssessment

25. Summary: Assessment versus audit
Assessment and Recognition
• of Auditing Organisation
by Regulatory Authorities
• of compliance to the IMDRF
Recognition Criteria
– ISO/IEC 17021, IMDRF N3, N5, N11
etc, GHTF N19
• 4-year cycle
• MDSAP Assessment Model
Audits and Certification
• of Medical Device manufacturers
by Auditing Organisation
• of compliance to ISO 13485, plus specific
quality system requirements from the
participating RAs’ regulations
• 3-year cycle
• MDSAP Audit Model
24

26. 25
MDSAP Implementation

27. Timeline
IMDRF Model
and Pilot
Development
CMDCAS
Registrar
Assessment /
Witness Audits
ISO13485:2003
to 2016,
CMDCAS to
MDSAP
Global
System??
26

28. Auditing organisations and the MDSAP Pilot
• Stages of Assessment
– Application Review
– Stage 1 - Documentation Review
– Stage 2 - Head Office and Critical Location on-site assessments
– When any nonconformities have been closed the AO is “Authorised” to conduct MDSAP audits
under the Pilot arrangements
– 1st MDSAP audit by the AO is witnessed then all assessment material is reviewed to confirm
continued Authorisation.
– A minimum of 2 additional MDSAP audits are to be performed and witnessed to meet the
minimum recognition criteria
– Regulatory Authorities will announce the successful Auditing Organisations at the Pilot and
grant them full MDSAP Auditing Organisation Recognition.
27

29. Facts: Assessment activities
• Application Review: 13
• Stage 1 Assessment: 10
• Stage 2 Assessment: 10
• Critical Locations: 5
• Witnessed Audit: 11
• Surveillance Assessment: 7
• Special Assessment: 1
28

30. Auditing organisations and the MDSAP Pilot
• During the Pilot, only the Auditing
Organisations recognized under the
Canadian CMDCAS program were
allowed to participate.
– All 13 have applied and are progressing
through the stages of assessment
– Others will be allowed to apply from 1
January 2017
– See “AO Availability” for an updated listing
on MDSAP website.
• BSI Group America
• TUV SUD America Inc.
• Intertek Testing Services
• LNE G-MED
• SAI Global Certification Services
• TUV USA Inc.
• LRQA
• DQS Med
• DEKRA Certification B.V.
• TUV Rheinland N.A. Inc.
• NSAI
• SGS UK Ltd.
• UL, LLC 29

31. MDSAP Participation
30

32. Participating manufacturers (June 2016)
6 9 10
25
11
23 24
106
15
25
50
61
83
107
117
0
20
40
60
80
100
120
140
Q3,
2014
Q1,
2015
Q2,
2015
Q3,
2015
Q4,
2015
Q1,
2016
Q2,
2016
July,
2016
Sites Added
Cumulative Total
31

33. Profile of manufacturers currently participating
• Organisations selling into Canada and internationally
• Manufacturing sites for finished medical devices
• Relatively large organisations
– ~ 70 people and more
• Manufacturers of combination products selling into Australia
• Organisations intending to sell in Brazil
• Manufacturers of high risk medical devices
• Organisations participating in the WHO Prequalification of IVDs Program
32

34. Why should manufacturers participate?
• Limit the number of medical device regulatory audits
• Improvement in predictability of audit outcomes
• Facilitate the application for marketing authorisation in countries where a quality
management system audit is a prerequisite
• Anticipate the transition towards the mandatory application of MDSAP in Canada
• Be a part of the process during the pilot to help shape the policies and procedures
for the operational program scheduled to begin in 2017
• Encourage the Auditing Organisation to get authorized/ recognized
• As MDSAP grows, so will RA participation
• Choice of MDSAP Auditing Organisation
33

35. Some RA-specific benefits
• Australia – TGA will take into account MDSAP audit reports for QMS when:
– deciding whether to issue or maintain Conformity Assessment Certificates that are required for
“combination” products
 Medicine / Device, Animal Origin / Device etc.
– auditing applications for ARTG Entry when evidence of compliance with the QMS requirements
of a conformity assessment procedure is required.
– when EC Conformity Assessment Certification for QMS is not available.
• Brazil – program outcomes and reports used as key inputs into ANVISA’s pre-
market and post-market assessment procedures
34

36. Some RA-specific benefits
• Canada – will accept either MDSAP or CMDCAS certificates for obtaining Class
II, III or IV medical device license. Full transition to MDSAP expected to occur by
2019
• Japan – may accelerate the Marketing Authorisation and reduce post-market
burden (still under evaluation)
• United States – will accept MDSAP audit reports as substitute for routine
inspections
• See also MDSAP Question and Answer document on FDA MDSAP website!
35

37. WHO Prequalification for diagnostic devices
• MDSAP audits may be recognized as acceptable evidence of QMS compliance
with international regulations, resulting in an abbreviated or waived site audit
by WHO.
36

38. How to participate
• Any medical device manufacturer is eligible
• Participation is not initiated through a Regulatory Authority!
• Identify a participating MDSAP Auditing Organisation - FDA MDSAP website.
– Any current CMDCAS recognized registrar
– Many may also be able to provide audit and assessment for EC Certification.
• Inquire if the AO has progressed sufficiently in the assessment process to accept
applications for an MDSAP audit.
• An RA’s routine audit / inspection program will not be suspended until an AO
notifies MDSAP of a manufacturer’s participation in the program.
– Note that “for cause” audits may still be conducted by RAs
37

39. Feedback mechanisms
• IMDRF Consultations
• MDSAP Participation Surveys
• Email:
– MDSAP@tga.gov.au
– MDSAP.ATENDIMENTO@anvisa.gov.br
– QS_MDB_HC@hc-sc.gc.ca
– MDSAP@pmda.go.jp
– MDSAP@fda.hhs.gov
38

40. Resources
– MDSAP Website
 http://www.fda.gov/medicaldevices/internationalprograms/mdsappilot/default.htm
– MDSAP Question and Answer Document
 http://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM430563.pdf
– Canadian Medical Device Conformity Assessment System (CMDCAS)-Recognized Certification
Bodies
 http://www.scc.ca/accreditation/management-systems/cmdcas/cmdcas-recognized-certification-bodies
– IMDRF Consultations
 http://www.imdrf.org/consultations/consultations.asp#current
39

41. Resources
• CDRH Learn:
– http://www.fda.gov/Training/CDRHLearn/ucm372921.htm
• MDSAP Documents:
– http://www.fda.gov/MedicalDevices/InternationalPrograms/MDSAPPilot/default.htm
• IMDRF Final Documents:
– http://www.imdrf.org/documents/documents.asp
40

42. Questions
41