As regulations and standards evolve, one trend is continually sharpening in focus. ISO 13485 for medical device quality management systems is becoming the international standard for streamlining the regulatory process.

Requirements in the ISO 13485 standard serve as the basis for the MDSAP to create greater alignment of regulatory approaches and technical requirements based on international standards and best practices.

While the FDA does not publish a list of medical device manufacturers participating in MDSAP, the program is growing rapidly. In 2019, the Regulatory Affairs Professionals Society (RAPS) identified 4,095 known sites participating in Canada.  Another report from Brazil indicates that over half of all medical device manufacturing sites (5,002) received GMP certificates through MDSAP in 2020. This underscores the rapid growth of MDSAP and the rising prominence of ISO 13485.

This article examines how the transition is playing out and how medical device companies can come out ahead with quality process automation.

ISO 13485 as the Basis for MDSAP Compliance

MDSAP certification involves auditing the quality management system (QMS) against the requirements of ISO 13485 for medical devices. While a manufacturer may not be ISO certified, they are still held to meeting ISO requirements to get an MDSAP certificate.

Conversely, having an ISO 13485 certificate does not mean a manufacturer will meet MDSAP requirements. So, while it provides the basis for compliance, you’ll still need to go through the MDSAP process through an accredited AO.

FDA Replacing QSIT with MDSAP

The U.S. Food and Drug Administration (FDA) officials plan to release an updated Medical Device Good Manufacturing Practices Quality System Regulation (QSR) that harmonizes requirements with ISO 13485:2016 in 2021. Risk management regulations are likely to expand, aligning with the total product lifecycle approach used in the ISO standard.

There is good news for medical device and diagnostics manufacturers. The FDA has pointed out that there is already a roughly 95 percent overlap between existing quality system regulation and the ISO 14385 medical device QMS standard. The agency will also likely focus on the least burdensome principles as it makes the transition. Companies with an existing ISO 13485 certificate will probably find the transition much more manageable, having already met the basic requirements.

MDSAP Global Activity Underscores Growing Influence of ISO 13485

A raft of countries has adopted MDSAP, including Australia, Brazil, Canada, Japan, and the United States. This makes ISO’s medical device QMS standard a key driver for companies that sell products in multiple markets and want to streamline inspections and product submissions.

Regulatory agencies that accept an MDSAP certificate as part of their process include:

  • Australia’s Therapeutic Goods Administration (TGA): In Australia, TGA uses MDSAP audit reports as part of conformity assessment evidence, with specific exclusions.
  • Brazil’s National Health Surveillance Agency (ANVISA): Brazilian regulators use MDSAP reports within their pre-market and post-market assessment process, accelerating time-to-market for certificate holders.
  • Canada’s Health Canada: Health Canada has required MDSAP certification since 2019 to market and sell devices in Canada.
  • The EU’s European Commission (EC): The EC’s Medical Device Coordination Group (MDCG) encourages notified bodies to use MDSAP audit reports in creating surveillance audit programs. For example, a notified body might spend less time looking at QMS aspects covered by MDSAP.
  • Japan’s Ministry of Health, Labour, and Welfare (MHLW) and Pharmaceuticals and Medical Devices Agency (PMDA): Manufacturers selling devices in Japan can submit a current MDSAP certificate to reduce some inspection requirements. In 2021, requirements of MHLW M0169 regulations for medical device QMS were also harmonized with ISO 13485.
  • S. FDA: The Center for Devices and Radiological Health (CDRH) accepts an MDSAP certificate in place of routine inspections, except for situations like for-cause inspections, compliance follow-up, and pre-market approval (PMA) applications.

The EU and UK’s Medicines and Healthcare products Regulatory Agency (MHRA) are also designated as official observers, while Argentina, Korea, and Singapore are listed as affiliate members.

Many regulatory agencies have adopted MDSAP as a clear sign of the standard’s growing prevalence in the medical device industry. Although ISO certification is not formally required in these countries, doing so makes regulatory compliance for new product submissions far simpler and less expensive.

Using the EQMS for ISO 13485 Compliance

Complying with the ISO medical device QMS standard has significant advantages in reducing audit resources and streamlining regulatory approvals globally. Whether a company pursues official certification or aligns its QMS to the standard, an automated enterprise quality management system (EQMS) helps by:

  • Providing software solutions for processes required under the standard such as corrective action, monitoring and inspection, document control, reporting, training, and complaint handling
  • Incorporating jurisdiction-specific tools such as automated manufacturer incident report (MIR) submission for adverse event reporting under the EU Medical Device Regulation (MDR) or eMDR submissions for FDA
  • Improving audit readiness by making documentation and training, reporting instantly accessible
  • Establishing a digital framework and repository for ensuring products meet customer requirements and ensure patient safety from a quality perspective
  • Creating a foundation for continuous improvement that reduces audit findings, supports process and product improvements, and accelerates the audit process

ISO 13485 requirements form the basis for MDSAP certification, with a growing number of countries accepting MDSAP certificates in lieu of certain inspections. Even if medical device manufacturers don’t certify to the standard, complying with it can significantly reduce the regulatory burden and create industry standardization for medical device development and product quality.

An EQMS plays a critical role, helping automate processes, capture data digitally for improved data integrity, streamline compliance efforts, and achieve a state of audit readiness. Ultimately, achieving these goals allows companies to bring products to market faster while demonstrating quality meets the customer and product safety requirements.

Download the AssurX Automating Your Quality Management System: Pitfalls & Essential Strategies for Success Whitepaper