Entering the medical device industry is an exciting venture—but it comes with a maze of regulatory requirements that can feel overwhelming, especially for startups and new manufacturers. One acronym you’ll encounter early and often is MDSAP: the Medical Device Single Audit Program.
Designed to streamline regulatory audits across multiple countries, MDSAP offers a unified approach to compliance that can save time, reduce costs, and open doors to global markets.
The Medical Device Single Audit Program (MDSAP) is an international initiative that allows medical device manufacturers to undergo a single regulatory audit that satisfies the requirements of multiple countries.
This program was developed by the International Medical Device Regulators Forum (IMDRF) to reduce the burden of multiple audits while maintaining high standards for patient safety and product quality.
MDSAP audits are conducted by authorised third-party auditing organisations, and the results are accepted by participating regulatory authorities. This eliminates the need for separate audits by each country, saving time and resources for manufacturers.
Currently, five major markets participate in MDSAP, these countries represent significant markets for medical devices, making MDSAP a valuable tool for global manufacturers.
Currently, Canada is the only MSDAP participating country where it is mandatory to obtain MDSAP certification.
For startups ensuring device regulatory compliance can be one of the biggest hurdles. With one audit, a company can meet the requirements of five major markets. This is especially valuable if planning to expand internationally or sell in multiple regions.
To meet the requirements of MDSAP a company’s Quality Management System (QMS) must be built on the foundation of ISO 13485:2016. This international standard outlines the essential elements of a QMS tailored for medical device manufacturers, including documented procedures for design, development, production, and servicing. It also requires robust risk management practices, effective control of outsourced processes, and a system for handling complaints and implementing corrective and preventive actions. Internal audits and management reviews must be conducted regularly to ensure the system’s effectiveness and continuous improvement.
Beyond ISO 13485, MDSAP introduces additional regulatory expectations from each participating country. For example, the United States Food and Drug Administration (FDA) emphasise medical device reporting, complaint handling, and recall procedures.
MDSAP audits are conducted by Authorised Auditing Organisations (AOs)—third-party entities accredited by the participating regulators. These organisations perform audits based on a standardised MDSAP audit model.
MDSAP AU P0002.009 Audit Approach (https://www.mdsap.global/documents/library/audit-approach) includes standardised detailed instructions for AO Auditors to conduct audits under MDSAP.
This Audit Approach document is available for all companies to use as a guideline for implementing their own Quality management systems. By designing the Quality Management System and device regulatory compliance around the requirements outlined in AU P0002.009, companies will be well on the way to ensuring a successful certification process.
The Audit Approach document is based on ISO 13485:2016 and includes additional country-specific requirements. These requirements are listed in each section, along with references to the particular regulation that drives the requirement.
The certification process for MDSAP is straightforward. Firstly, engage early with an Auditing Organisation. This is important to build a working relationship going forward, and to set realistic timelines for assessment and certification.
The certification process will take place over two stages:
Stage 1 – Documentation Review.
This initial assessment of the QMS by the AO includes a review of the QMS documents in place to ensure that processes in place are in compliance with MDSAP requirements.
This is a process-based audit, which is conducted remotely and will look at a high level to determine ‘does the company have the QMS and Regulatory processes in place to meet MDSAP requirements?’
After this audit, companies will be given an audit report and time to correct any non-conformities observed during the audit. This corrective action plan must be approved by the auditor before the Stage 2 audit can be conducted.
Stage 2 – Onsite Audit
This is the physical onsite audit of the facility, which can take up to 5 days, or may be shorter if the AO utilises more than one auditor.
This audit will look at records that are generated, and evidence supplied to verify that the QMS is being implemented and is effective. The purpose is to determine ‘does the company follow their QMS, and are they in compliance with their own processes?’
Following this audit, a report is provided that includes any non-conformities that were identified, along with a timeline to address the NCs before an MDSAP certificate is issued.
Once the certification has been obtained, the company will be audited every year as part of a surveillance audit program. Certificates will be valid for three years, with a recertification audit being performed at the end of the three years. This will mimic the Stage 2 audit and cover all elements of the QMS.
Surveillance audits will occur each year and look at a reduced scope of the QMS. This ensures that over a three-year period, each element has been assessed.
While at a less detailed level than the initial certification audit, the objective of a surveillance audit is to verify that the company continues to implement the QMS.
The MDSAP certification process is rigorous—but it’s also a powerful tool for global market access and quality assurance. For new medical device companies, investing in MDSAP early can set the foundation for quick market expansion into additional countries, and save time and money on multiple regulator audits.
In summary, the QMS requirements for MDSAP go beyond basic ISO 13485 compliance. They demand a harmonised system that satisfies the expectations of multiple regulatory authorities, backed by thorough documentation, trained personnel, and a culture of continuous improvement.
SeerPharma will be hosting a webinar on Wednesday 12th November 2025 at 12pm (AEDT) in collaboration with authorised auditing organisation – BSI to discuss MDSAP further.