To keep up with product innovation and industry growth, the medical device industry has seen some significant changes in regulation.
Part of this, was the transition from ISO 13485, the international standard for Medical Device Quality Management Systems, to the Medical Device Single Audit Program (MDSAP).
The MDSAP introduces more than just technical standards or requirements for the quality management system. It serves as an efficient way to help manufacturers understand what the regulators need by adding in regulatory requirements that were previously handled on a separate platform for each participating country. These participating countries include the US, Canada, Japan, Australia and Brazil.
As with any new program, customer seeking certification will have challenges meeting all the requirements, raising non-conformances.
The process used to identify and grade non-conformance have changed significantly. What was once based off “major” and “minor” non-conformances, the MDSAP introduced a grading system that scores non-conformances from one to five.
SAI Global Assurance’s Global Scheme Owner for Medical Devices, Dale Morgan, reveals 3 common non-conformances found when conducting MDSAP audits.
1. Document Control and Documentation Errors.
Throughout the MDSAP audit, you will be required to demonstrate evidence of conformity to the program. Document control sits at the centre of providing this evidence, as it tracks what records are in place from product design to post-market activities. According to Dale, non-conformances are usually found here, due to procedures that have not been adapted, rewritten or added to, to meet MDSAP requirements. “We still see those examples where the company hasn’t done the gap analysis well enough or understood some of the things they need to adapt to make MDSAP requirements work for them”.
2. Risk Management and Risk-Based Thinking.
The concept of risk management was first introduced in ISO 13485:2016, requiring organizations to think about risk in the processes that go into design, development, manufacturing, etc. MDSAP takes risk management and risk-based thinking to the next level as it is now considered to underlie every process. Manufacturers struggle to demonstrate how they link their interrelated processes as manufacturing is only a function of what’s happened in design, and design transfer. “Risk Management has to weave its way through all of those processes into a risk management plan that helps the company and auditor see, where have they actually examined risk in their system.”
3. Purchasing and Supplier Control.
Previously thought of as a separate element to design and development design-transfer, quality monitoring and measurement, and services and sales, purchasing now sits as a bedrock process that underlies everything. This is a fundamental shift where now you have to consider how this affects your supply chain, how does it affect the delivery of the product to the customer to the specifications you’re claiming. “The challenge is transforming your quality system to consider how risk management and supply chain affects all of your procedures and processes… and then demonstrate that to an auditor.”