It started innocently enough: People who sell medical devices in the US get inspected by FDA. Makes sense, right? But if they want to sell outside the US, they get audited for ISO standards. If they want to sell in Europe, they get audited for ISO standards and the European regulations. Want to sell in Canada, Brazil, Australia, Japan? Have fun! Each country I mentioned has its own regulations. (For example, a single device can be Class 2 in the US, Class 3 in Canada, and Class 2b in Europe.)
In short, depending on where you want to sell your medical device, you can have quite a parade of auditors and inspectors walking in and out of your office. Not only is this a big time sink – preparing for the audit, hosting the audit, responding to the audit findings – but the company also has to pay thousands (sometimes tens of thousands) of dollars to the visiting auditors.
In an effort to ease this burden, the Medical Device Single Audit Program (MDSAP) was invented a few years back. The theory was that a company could choose to have most (not all) of its audits and inspections replaced by a single audit that simultaneously looks at all the relevant regulations and standards. As I say, that was the theory. But after a long pilot program, we still don’t know whether MDSAP will actually be any less time-consuming and expensive than the current system. Good thing MDSAP is voluntary, right?
Nope. As they say on South Park, blame Canada. Starting on January 1, 2019, in order to sell a medical device in Canada, you’ll have to be certified for MDSAP. This requirement applies to about 3,500 medical device companies worldwide. And as of April 2017, only 215 of those companies had signed up for MDSAP, and not all of those 215 had even been audited yet. So for the medical device industry, the year 2018 will be a full-scale, Canadian cattle stampede.
Driving those dogies into the corral on time will require deep knowledge and experience in medical devices, which most of those companies already have. But preparing for an MDSAP audit is also a daunting documentation task. Every medical device company has thousands of technical documents (specifications, validation studies, hardware and software configuration histories, risk assessments, etc.). An MDSAP audit assesses those documents against multiple standards and regulations, each of which is a technical document in its own right, ranging from FDA’s Quality System Regulation (a slim, trim 16 pages) to the brand new European Medical Device Regulation (566 pages of thrill-packed adventure). Who in the world has the skills necessary to help juggle all of those technical documents?