A single quality management system audit can influence market access across Australia, the United States, Canada, Brazil and Japan. That is the commercial appeal of MDSAP. For medical device manufacturers managing multiple jurisdictions, it can reduce duplicated audit activity while creating a more disciplined approach to quality, risk and post-market obligations.
What is MDSAP?
The Medical Device Single Audit Program, or MDSAP, allows recognised auditing organisations to assess a manufacturer’s quality management system against the requirements of participating regulatory authorities. The program is built on ISO 13485, but it goes further by incorporating country-specific regulatory requirements into one audit model.
The participating regulators are Australia’s Therapeutic Goods Administration (TGA), the US Food and Drug Administration (FDA), Health Canada, Brazil’s ANVISA, and Japan’s Ministry of Health, Labour and Welfare and Pharmaceuticals and Medical Devices Agency. Each authority applies MDSAP differently, so the value of a successful audit depends on the products you make, the markets you serve and your intended regulatory pathway.
An MDSAP audit is not simply an ISO 13485 certification audit under another name. Auditors assess how the quality management system operates in practice, including how it meets applicable regulatory requirements for device registration, adverse event reporting, product recalls, traceability, purchasing controls and management oversight.
A process-based audit, not a document review
MDSAP follows a process-based approach. Rather than reviewing procedures as isolated documents, an auditor traces how your organisation controls activities across the device lifecycle. A design change, for example, may be assessed through design controls, risk management, supplier controls, production records, complaint handling and regulatory reporting.
This approach can expose gaps that are not visible in a desktop review. A well-written procedure is of limited value if staff cannot demonstrate that the process is understood, records are incomplete, or quality data is not reaching management for effective decision-making.
Where MDSAP fits in an Australian market strategy
For manufacturers supplying medical devices in Australia, MDSAP can provide valuable evidence of quality management system compliance. The TGA recognises the program and may rely on MDSAP audit reports in relevant conformity assessment and market entry processes. However, the appropriate route will still depend on device classification, the manufacturer’s location, existing evidence and the specific ARTG inclusion requirements.
For businesses with Canada in their commercial plan, the position is more direct. Health Canada requires an MDSAP certificate for manufacturers seeking or maintaining medical device licences for most Class II, III and IV devices. This makes MDSAP a practical requirement, rather than a future consideration, for many Canadian market entry plans.
The program is also relevant to manufacturers with US, Japanese or Brazilian ambitions. It may support regulator confidence and reduce the likelihood of separate routine inspections in some circumstances, but it does not remove every inspection risk or every local obligation. Regulatory authorities retain the right to inspect manufacturers, investigate complaints and take action where patient safety or compliance concerns arise.
MDSAP does not replace product registration, technical documentation, clinical evidence, labelling review, local representation or post-market obligations. It is one part of the regulatory framework, albeit a significant one for manufacturers operating across participating markets.
The commercial case for MDSAP
The main advantage is not simply having fewer audits. The stronger case is better control of compliance activity across markets. A single, well-managed audit program can reduce competing audit schedules, minimise repeated preparation work and give leadership a clearer view of quality system performance.
For a growing manufacturer, that can mean less disruption to engineering, production and regulatory teams. For an established business, it can provide a common framework across sites, suppliers and product families. It may also offer distributors, investors and commercial partners greater confidence that quality processes are being independently assessed against recognised international requirements.
There are trade-offs. MDSAP audits are thorough, and the preparation burden can be considerable where systems have evolved unevenly or records are spread across different sites. The audit duration is calculated according to factors such as employee numbers, device activities and site complexity. A manufacturer that only supplies Australia and has a straightforward product portfolio may find another conformity assessment route more proportionate.
The decision should therefore be based on a realistic market roadmap, not on the assumption that MDSAP is automatically the best option. If Canada, the United States, Japan or Brazil are credible near-term markets, the investment is often easier to justify. If expansion is uncertain, the timing and scope require closer consideration.
How to prepare for an MDSAP audit
Preparation should begin with a gap assessment against the MDSAP audit model, not a generic ISO 13485 checklist. The aim is to identify where existing processes meet the standard but do not yet address the regulatory requirements applied through MDSAP.
Particular attention is usually needed around complaint handling, adverse event reporting, advisory notices, recalls, supplier controls and management review. These processes must be documented, but they must also be evidenced through complete, consistent and timely records. Auditors will test whether escalation decisions were appropriate, whether trends were identified and whether corrective actions were genuinely effective.
A practical preparation program should focus on four areas:
- Confirm the scope of the audit, including legal manufacturers, sites, device activities and participating markets.
- Map quality system procedures and records to the MDSAP audit tasks and country-specific requirements that apply.
- Conduct internal audits that follow process trails across departments, rather than reviewing each procedure in isolation.
- Address nonconformities through root cause analysis, corrective action and effectiveness checks before the external audit begins.
Management involvement matters. MDSAP places meaningful emphasis on the role of senior management in quality policy, resource allocation, quality objectives and review of system performance. Leadership should be able to explain how quality information informs business decisions, particularly where product performance, complaints or supplier issues indicate a potential patient safety risk.
Manufacturers should also prepare the people who will meet the auditor. Staff do not need scripted answers, but they should understand their responsibilities, know where relevant records are held and be able to explain how their work supports device quality and regulatory compliance. Conflicting explanations between teams can draw attention to gaps in training, governance or process ownership.
Common pressure points during an MDSAP audit
Post-market processes frequently create the most difficult findings. A manufacturer may have a complaints procedure, yet lack clear evidence that complaints were assessed for reportability in each applicable market. Likewise, a corrective and preventive action system may record actions taken but fail to demonstrate that the action resolved the underlying problem.
Supplier controls are another common focus, especially where outsourced activities affect product quality. Manufacturers remain accountable for critical suppliers, contract manufacturers, sterilisation providers and testing laboratories. Supplier approval alone is not enough. Ongoing monitoring, quality agreements, change notification and risk-based re-evaluation must be proportionate and documented.
Change control also requires careful coordination. Changes to software, materials, manufacturing processes, labels or intended purpose can affect technical documentation, risk files, validation, regulatory submissions and ARTG details. A quality system that treats change control as a narrow engineering activity can create avoidable regulatory exposure.
Turning audit preparation into a market advantage
The best MDSAP preparation is not a short-term exercise designed to pass an audit. It is an opportunity to establish clearer ownership, stronger records and more reliable decision-making across the organisation. That foundation supports faster responses when a distributor requests evidence, a regulator asks questions or a product issue requires urgent assessment.
For businesses balancing Australian obligations with international expansion, C|M|S can help assess whether MDSAP aligns with the intended commercial pathway, identify system gaps and coordinate the work needed before an audit. The right approach is proportionate, evidence-based and aligned with the markets that matter to your business.
A successful audit should leave more than a certificate on file. It should leave your team better equipped to demonstrate that product quality, patient safety and market growth are being managed with the same level of care.