Tony Parise, Product Strategist—Life Sciences, ETQ03.07.19
Product recalls frequently make headlines and tarnish brand reputations as a result. In today’s digital world, one bad customer experience with quality can be broadcast in seconds, giving brands little time to react. Not prioritizing quality is both a risk to a brand’s reputation and—more importantly—can be detrimental to consumer health, which is particularly true when considering medical device production. In fact, the U.S. FDA recently reported over 80,000 flagged medical device injuries since 2008.
Participating in quality audits is certainly nothing new to medical device manufacturers, though the nature of how they are conducted has changed drastically in the last few years with the introduction of the Medical Device Single Audit Program (MDSAP). Under the MDSAP, manufacturers can participate in a single audit of their quality management system (QMS) that will satisfy the compliance requirements and standards of all five participating medical device markets: Australia, Brazil, Canada, Japan, and the U.S. The initial pilot ran from 2014 to 2016, and after a successful demonstration of the program’s effectiveness, the MDSAP Regulatory Authority Council decided to formalize it.
Eliminating multiple audit cycles is an obvious benefit of the MDSAP, but the program’s long-term goals also include:
These challenges are being further reviewed now that Canada has made the MDSAP its sole audit requirement as of Jan. 1, 2019. As a result, any medical device manufacturer not compliant with MDSAP—or does not have plans to become compliant soon—will no longer be allowed to sell devices in the Canadian market. The FDA has similar plans to move to the MDSAP and will provide a guidance document by September. And yet, a 2018 KPMG survey of regulatory and quality leaders at major medical device companies found 30 percent of mid-sized companies and 52 percent of small companies had yet to initiate their MDSAP programs. Perhaps even more alarming, only 8 percent of respondents noted they had achieved ISO certification, completed a successful MDSAP audit, and had a strategy in place for addressing QMS requirements.
With the MDSAP well underway, manufacturers outside of that 8 percent are forced to evaluate whether they plan to move forward with their compliance plans or back out of participating markets. To avoid opportunity loss and the costs (both monetary and in brand equity) associated with non-compliance, medical device companies that have yet to undergo an MDSAP audit should ask the following questions.
1. Does the Entire Organization Understand MDSAP and What It Entails?
While quality managers and internal auditors will be responsible for ensuring the QMS is MDSAP-ready, driving a quality-first mindset should start from the top. C-suite executives must become well-educated on the parameters around the MDSAP to articulate its impact to the entire company, ensuring each employee focuses on creating quality processes and workflows adhering to the audit requirements.
Regulators made this easy for business C-suite executives by creating the MDSAP Audit Model comprehensive guide. This guide outlines everything organizations can expect from the audit, including all 90 questions they will be asked. For the purposes of educating the entire organization, business leaders should focus on specific areas the audit will grade them on and how the audit works.
For starters, each audit is conducted in a defined sequence to ensure consistency and provide AOs with a logical, efficient roadmap for assessing QMS. Throughout the three-year, three-stage audit cycle, AOs focus on identifying and addressing potential risks by evaluating seven different interrelated processes: management; measurement, analysis, and improvement; design and development; production and service controls; purchasing; device marketing authorization and facility registration; and medical device adverse events and advisory notice reporting. C-suite executives should understand the ins and outs of each of these processes and how they work to fully understand on what they will be evaluated.
C-level executives should understand and communicate the audit processes to employees and also adequately understand the grading process, as well as the consequences of non-conformities (NCs). AOs leverage a grading matrix that divides the clauses of ISO 13485:2016 into two categories: those that directly and indirectly impact product safety and performance.
Once an organization has been graded based on the matrix, that grade point is subject to escalation as the AOs evaluate areas of higher risk that could impact product safety and performance (such as a lack of documented process or procedure, or the release of a nonconforming medical device, indicating a direct QMS failure). The final NC grade will be between one (least critical) and six (most critical). Any grade of five or above requires immediate intervention from the AOs and regulatory authorities, who will check up on the manufacturer both immediately and sporadically throughout the year to ensure their QMS issues are fixed.
Top-down education of the audit requirements and grading system ensures everyone in the organization makes quality an everyday priority, helps pass the initial certification audit, and ensures continual conformity moving forward.
2. What Are the Organization’s NC Risks?
To prepare for the initial certification audit, organizations should leverage the MDSAP Audit Model guide and report card to conduct their own QMS audit. The first step should be conducting a gap assessment of all standard operating procedures (SOPs) and processes with an eye toward identifying risks.
Potential risks include:
3. How Can Those Risks Be Resolved (and How Quickly Can It Be Done)?
Unfortunately, time is of the essence when it comes to MDSAP, and any organization that hasn’t scheduled its initial audit is already behind. Those concerned with NCs or continual compliance should consider how an electronic tracking system and automated solution could help quickly assess, identify, and solve any risks.
The key to evaluating a software solution to help manage MDSAP’s impact is finding features that are highly customizable to each manufacturer’s QMS processes and needs, and flexible enough to scale with them and support future growth. Investing in a solution with these features could help configure customer forms and workflows that set up internal audits that automatically verify individual standards, audit methods, and audit qualification—saving huge amounts of time and resources. By automating this process, medical device manufacturers can significantly reduce the waiting period for registering certain product types; improve staff efficiency by eliminating redundant, manual, and paper-intensive labor; and generate massive cost savings as a result. Moreover, a system will be set up enabling them to automatically facilitate audit processes—both for MDSAP and other traditional Quality Systems Inspection Technique (QSIT) audits—from start to finish. The system will also enable them to flag potential risks along the way and keep an organized, traceable audit trail to quickly solve for risks.
In addition to identifying a software solution with key features, manufacturers should also qualify vendors based on compliance with ISO 13485:2016. Certified companies have a distinct advantage when adopting the MDSAP, as the program’s underlying structure is based on the ISO 13485 standard.
MDSAP is the new audit reality. Despite its perceived challenges, the benefits of adhering to a global standard outweigh the cons, as long as manufacturers put the time and effort behind adequately training the entire organization and establishing an internal assessment process to help identify risks. To help streamline this process, businesses should consider the value of automated QMS software that can mitigate MDSAP preparedness challenges and deliver greater, long-term audit efficiency—which will be crucial as more countries adopt the MDSAP standard and regulations become increasingly complex. By answering these three questions, medical device manufacturers can diminish the potential for NCs and ensure continual conformity for years to come.
Anthony Parise is a product strategist for life sciences at ETQ , a Burlington, Mass.-based leading provider of quality, EHS, and compliance management software trusted by some of the world’s strongest companies to secure brand reputation, transform insight into action, and help them focus on what matters most.
Participating in quality audits is certainly nothing new to medical device manufacturers, though the nature of how they are conducted has changed drastically in the last few years with the introduction of the Medical Device Single Audit Program (MDSAP). Under the MDSAP, manufacturers can participate in a single audit of their quality management system (QMS) that will satisfy the compliance requirements and standards of all five participating medical device markets: Australia, Brazil, Canada, Japan, and the U.S. The initial pilot ran from 2014 to 2016, and after a successful demonstration of the program’s effectiveness, the MDSAP Regulatory Authority Council decided to formalize it.
Eliminating multiple audit cycles is an obvious benefit of the MDSAP, but the program’s long-term goals also include:
- Reducing costs associated with multiple audit cycles, which require prep, hosting, and post-audit analysis, which can accumulate to millions of dollars in staffing costs
- Streamlining new product registration by eliminating the hurdles posed by multiple audits
- Creating clear global alignment around regulatory approaches and technical requirements based on international standards and best practices
- Promoting regulatory program consistency, predictability, and transparency by standardizing audit practices and procedures
- The Initial Certification Audit—at this stage, MDSAP Auditing Organizations (AO) thoroughly review the QMS to verify products are safe, effective, and meeting performance standards
- The Surveillance Audit—the goal here is to verify the QMS continues to meet the required standards; however, this stage isn’t necessary if there have not been any significant changes since the last audit
- The Recertification Audit—this evaluates the QMS once more to confirm it is effective and suitable to satisfy all standards and regulations
These challenges are being further reviewed now that Canada has made the MDSAP its sole audit requirement as of Jan. 1, 2019. As a result, any medical device manufacturer not compliant with MDSAP—or does not have plans to become compliant soon—will no longer be allowed to sell devices in the Canadian market. The FDA has similar plans to move to the MDSAP and will provide a guidance document by September. And yet, a 2018 KPMG survey of regulatory and quality leaders at major medical device companies found 30 percent of mid-sized companies and 52 percent of small companies had yet to initiate their MDSAP programs. Perhaps even more alarming, only 8 percent of respondents noted they had achieved ISO certification, completed a successful MDSAP audit, and had a strategy in place for addressing QMS requirements.
With the MDSAP well underway, manufacturers outside of that 8 percent are forced to evaluate whether they plan to move forward with their compliance plans or back out of participating markets. To avoid opportunity loss and the costs (both monetary and in brand equity) associated with non-compliance, medical device companies that have yet to undergo an MDSAP audit should ask the following questions.
1. Does the Entire Organization Understand MDSAP and What It Entails?
While quality managers and internal auditors will be responsible for ensuring the QMS is MDSAP-ready, driving a quality-first mindset should start from the top. C-suite executives must become well-educated on the parameters around the MDSAP to articulate its impact to the entire company, ensuring each employee focuses on creating quality processes and workflows adhering to the audit requirements.
Regulators made this easy for business C-suite executives by creating the MDSAP Audit Model comprehensive guide. This guide outlines everything organizations can expect from the audit, including all 90 questions they will be asked. For the purposes of educating the entire organization, business leaders should focus on specific areas the audit will grade them on and how the audit works.
For starters, each audit is conducted in a defined sequence to ensure consistency and provide AOs with a logical, efficient roadmap for assessing QMS. Throughout the three-year, three-stage audit cycle, AOs focus on identifying and addressing potential risks by evaluating seven different interrelated processes: management; measurement, analysis, and improvement; design and development; production and service controls; purchasing; device marketing authorization and facility registration; and medical device adverse events and advisory notice reporting. C-suite executives should understand the ins and outs of each of these processes and how they work to fully understand on what they will be evaluated.
C-level executives should understand and communicate the audit processes to employees and also adequately understand the grading process, as well as the consequences of non-conformities (NCs). AOs leverage a grading matrix that divides the clauses of ISO 13485:2016 into two categories: those that directly and indirectly impact product safety and performance.
Once an organization has been graded based on the matrix, that grade point is subject to escalation as the AOs evaluate areas of higher risk that could impact product safety and performance (such as a lack of documented process or procedure, or the release of a nonconforming medical device, indicating a direct QMS failure). The final NC grade will be between one (least critical) and six (most critical). Any grade of five or above requires immediate intervention from the AOs and regulatory authorities, who will check up on the manufacturer both immediately and sporadically throughout the year to ensure their QMS issues are fixed.
Top-down education of the audit requirements and grading system ensures everyone in the organization makes quality an everyday priority, helps pass the initial certification audit, and ensures continual conformity moving forward.
2. What Are the Organization’s NC Risks?
To prepare for the initial certification audit, organizations should leverage the MDSAP Audit Model guide and report card to conduct their own QMS audit. The first step should be conducting a gap assessment of all standard operating procedures (SOPs) and processes with an eye toward identifying risks.
Potential risks include:
- Limited access to internal subject matter experts who uniquely understand the ins and outs of the QMS and product lifecycle. From procurement to production, preparing for MDSAP audits is a huge lift requiring participation from people across the organization who can quickly and accurately answer any AO questions
- A lack of transparency and security in internal audit records, making it harder for manufacturers to trace sources of potential NCs. Transparency is a major factor for the MDSAP; it aims to make the product development and quality assurance processes clearer for regulators, clinicians, and patients
- Disorganization, which can severely hinder a manufacturer’s ability to efficiently access data and documentation requested during the MDSAP audit process
- Establishing an internal assessment program will enable manufacturers to quickly identify risks that might jeopardize conformity. However, this requires a great deal of documentation and internal training, and addressing any identified risks is not an overnight task. Manufacturers should consider the tools at their disposal to expedite the process.
3. How Can Those Risks Be Resolved (and How Quickly Can It Be Done)?
Unfortunately, time is of the essence when it comes to MDSAP, and any organization that hasn’t scheduled its initial audit is already behind. Those concerned with NCs or continual compliance should consider how an electronic tracking system and automated solution could help quickly assess, identify, and solve any risks.
The key to evaluating a software solution to help manage MDSAP’s impact is finding features that are highly customizable to each manufacturer’s QMS processes and needs, and flexible enough to scale with them and support future growth. Investing in a solution with these features could help configure customer forms and workflows that set up internal audits that automatically verify individual standards, audit methods, and audit qualification—saving huge amounts of time and resources. By automating this process, medical device manufacturers can significantly reduce the waiting period for registering certain product types; improve staff efficiency by eliminating redundant, manual, and paper-intensive labor; and generate massive cost savings as a result. Moreover, a system will be set up enabling them to automatically facilitate audit processes—both for MDSAP and other traditional Quality Systems Inspection Technique (QSIT) audits—from start to finish. The system will also enable them to flag potential risks along the way and keep an organized, traceable audit trail to quickly solve for risks.
In addition to identifying a software solution with key features, manufacturers should also qualify vendors based on compliance with ISO 13485:2016. Certified companies have a distinct advantage when adopting the MDSAP, as the program’s underlying structure is based on the ISO 13485 standard.
MDSAP is the new audit reality. Despite its perceived challenges, the benefits of adhering to a global standard outweigh the cons, as long as manufacturers put the time and effort behind adequately training the entire organization and establishing an internal assessment process to help identify risks. To help streamline this process, businesses should consider the value of automated QMS software that can mitigate MDSAP preparedness challenges and deliver greater, long-term audit efficiency—which will be crucial as more countries adopt the MDSAP standard and regulations become increasingly complex. By answering these three questions, medical device manufacturers can diminish the potential for NCs and ensure continual conformity for years to come.
Anthony Parise is a product strategist for life sciences at ETQ , a Burlington, Mass.-based leading provider of quality, EHS, and compliance management software trusted by some of the world’s strongest companies to secure brand reputation, transform insight into action, and help them focus on what matters most.