Medical Device Single Audit Program – MDSAP

« Back to Glossary Index

Medical Device Single Audit Program (MDSAP)

The Medical Device Single Audit Program (MDSAP) lets manufacturers undergo a single, structured quality‑system audit recognized by multiple regulators. Audits are performed by accredited Auditing Organizations (AOs) against ISO 13485:2016 plus jurisdiction‑specific clauses, reducing duplicative inspections and accelerating global market access.

As of October 2025, MDSAP is mandatory in Canada and voluntary (but widely beneficial) in other participating jurisdictions. Malaysia’s Medical Device Authority (MDA) joined as an Affiliate Member in September 2025 and accepts MDSAP reports/certificates to support establishment licensing and device registration under defined conditions.

ISO 13485 alignedMulti-market auditCanada mandatory

Participating regulators

  • U.S. Food and Drug Administration (FDA)
  • Health Canada — MDSAP required for licensing
  • Therapeutic Goods Administration (TGA), Australia
  • Japan — MHLW & PMDA
  • Brazil — ANVISA

Affiliate/observers (2025): Malaysia MDA (Affiliate; accepts reports/certificates with conditions); South Africa SAHPRA (Affiliate). Other authorities monitor MDSAP and may leverage audit outputs.

Audit structure & scope

MDSAP uses a process-based approach mapped to ISO 13485 plus country clauses, typically covering:

  • Management responsibility & quality planning
  • Design & development controls
  • Risk management and product realization
  • Purchasing & supplier controls
  • Production & process validation
  • Measurement, analysis & improvement (incl. CAPA)
  • Complaint handling, vigilance/advisory notices
  • Post-market surveillance & device monitoring

Key updates — October 2025

Malaysia (MDA) accepts MDSAP outputs
As of September 2025, Malaysia’s MDA (Affiliate Member) accepts MDSAP reports/certificates to support establishment licensing and device registration when audits are performed by recognized CABs/auditors and other conditions are met.
Alignment with U.S. QMSR
FDA’s Quality Management System Regulation (QMSR) aligns with ISO 13485 (taking effect in 2026). MDSAP tasking increasingly maps one-to-one to QMSR expectations, reducing duplicate FDA inspections for robust systems.
Digital audit packages
AOs submit standardized electronic audit packages, improving transparency, review efficiency, and cross-authority reliance.

Benefits for manufacturers

  • One audit, multiple markets: fewer duplicate audits and travel days
  • Predictability: standardized task sequence, grading of nonconformities (1–5)
  • Regulatory confidence: recognized by five authorities; leveraged by Affiliates
  • Future-proofing: strong fit with ISO 13485 and U.S. QMSR transition

Quick checklist

  • Current ISO 13485 QMS with process ownership and metrics
  • Clear post-market procedures (complaints, vigilance, advisory notices)
  • Supplier control & validation evidence ready
  • Design control and risk management files traceable
  • CAPA system with effectiveness checks
  • Management review outputs and internal audit coverage current

MDSAP — FAQs

Is MDSAP mandatory everywhere?
No. It is mandatory in Canada and voluntary in the U.S., Australia, Brazil, and Japan. Affiliates like Malaysia’s MDA may accept MDSAP outputs under conditions.
How does MDSAP relate to ISO 13485 and FDA’s QMSR?
MDSAP uses ISO 13485 as the baseline and adds country-specific clauses. QMSR aligns FDA’s quality regulation with ISO 13485, making MDSAP evidence directly useful for U.S. expectations.
Who performs MDSAP audits?
Only accredited Auditing Organizations (AOs) authorized by the program. Reports are shared with participating regulators; Affiliates may receive or request manufacturer-provided copies.
Does MDSAP replace country approvals?
No. MDSAP audits assess the QMS. Market authorization, registrations, and device-specific submissions remain subject to each jurisdiction’s requirements.
What if nonconformities are found?
Findings are graded from 1 (minor) to 5 (critical). Manufacturers must implement CAPA and provide evidence of correction; regulators may take additional action if issues persist.
Does Malaysia accept MDSAP now?
Yes. Malaysia’s MDA accepts MDSAP reports/certificates in support of establishment licensing and device registration subject to defined conditions (Affiliate Member since September 2025).