Guidance Document: Requirements in the Recognition Process for Medical Device Single Audit Program (MDSAP) Auditing Organizations

Download the alternative format
(PDF format, 622 KB, 11 pages)

Organization: Health Canada

Date published: 2018-11-21

Date adopted: 2018-30-10
Effective date: 2019-01-01

Health Canada is responsible for helping Canadians maintain and improve their health. It ensures that high-quality health services are accessible, and works to reduce health risks.

Également disponible en français sous le titre :
Ligne Directrice : Exigences du processus de reconnaissance pour les Organismes d’audit du Programme d’Audit Unique pour le Matériel Médical (PAUMM)

To obtain additional information, please contact:

Health Canada
Address Locator 0900C2
Ottawa, ON K1A 0K9
Tel.: 613-957-2991
Toll free: 1-866-225-0709
Fax: 613-941-5366
TTY: 1-800-465-7735

© Her Majesty the Queen in Right of Canada, as represented by the Minister of Health, 2018
Publication date: November 2018

This publication may be reproduced for personal or internal use only without permission provided the source is fully acknowledged.


Guidance documents are meant to provide assistance to industry and health care professionals on how to comply with governing statutes and regulations. Guidance documents also provide assistance to staff on how Health Canada mandates and objectives should be implemented in a manner that is fair, consistent, and effective.

Guidance documents are administrative instruments not having force of law and, as such, allow for flexibility in approach. Alternate approaches to the principles and practices described in this document may be acceptable provided they are supported by adequate justification. Alternate approaches should be discussed in advance with the relevant programme area to avoid the possible finding that applicable statutory or regulatory requirements have not been met.

As a corollary to the above, it is equally important to note that Health Canada reserves the right to request information or material, or define conditions not specifically described in this document, in order to allow the Department to adequately assess the safety, efficacy, or quality of a therapeutic product. Health Canada is committed to ensuring that such requests are justifiable and that decisions are clearly documented.

This document should be read in conjunction with the accompanying notice and the relevant sections of other applicable Guidance documents.

Table of Contents

1. Introduction

1.1 Purpose/Overview

The purpose of this document is to outline the requirements that the Therapeutic Products Directorate (TPD) will use in the recognition process for Auditing Organizations.

1.2 Scope and application

This policy applies to the quality management system (QMS) certification requirements applicable to Class II, III and IV medical devices in the Medical Devices Regulations.

For the purposes of this policy, the term ‘Auditing Organization’ has the same meaning as the term ‘registrar’ found in the Medical Devices Regulations.

1.3 Policy objectives

To outline the requirements that TPD will use in the recognition process for Auditing Organizations, as per sections 32.1, 32.5, 32.6, and 32.7 of the Medical Devices Regulations.

1.4 Background

To sell a medical device in Canada, manufacturers must meet the regulatory requirements as defined in the Medical Devices Regulations.

Under Section 32(2)(f) of the Medical Devices Regulations, manufacturers of Class II medical devices must provide a copy of the QMS certificate certifying that the QMS system under which their devices are manufactured satisfies the quality management system requirement ISO 13485.

Under Sections 32(3)(j) and 32(4)(p) of the Medical Devices Regulations, manufacturers of Class III and IV medical devices must provide a copy of the QMS certificate certifying that the QMS system under which their devices are designed and manufactured, satisfies the quality management system requirement ISO 13485.

To verify that these processes meet the required standard, TPD will require manufacturers to have their QMS certificate issued by an Auditing Organization recognized under the Medical Device Single Audit Program (MDSAP) program.

The MDSAP was designed and developed so that a single audit, performed by an authorized Auditing Organization, meets the QMS requirements of multiple regulatory agencies, derived from the International Organization for Standardization (ISO) 13485. Employing a single audit program allows regulatory agencies to efficiently leverage resources, reduce regulatory burden on industry without compromising public health, and promote more aligned and consistent technical requirements.

2. Guidance for implementation

2.1 MDSAP Consortium responsibilities

Regulatory Authorities that are part of the MDSAP Consortium include: Therapeutic Goods Administration of Australia (TGA); Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA); Health Canada (HC); Japan’s Ministry of Health, Labour and Welfare (MHLW), and the Japanese Pharmaceuticals and Medical Devices Agency (PMDA); and the U.S. Food and Drug Administration (FDA). All Regulatory Authorities are equal partners in the program.

MDSAP Regulatory Authorities are responsible for developing and maintaining the regulatory requirements and procedures that comprise the MDSAP.

The MDSAP audit process was designed and developed to ensure that a single audit would provide efficient yet thorough coverage of the requirements for a quality management system for medical devices derived from: ISO 13485 - Medical devices - Quality management systems - Requirements for regulatory purposes, the Brazilian Good Manufacturing Practices (RDC ANVISA 16/2013), the Quality System Regulation (21 CFR Part 820), and other specific requirements of medical devices regulatory authorities participating in the MDSAP including registration, licensing, advisory notices or recalls and mandatory problem reporting. The program does not add any new requirements to existing requirements from ISO 13485 or from the medical device regulations related to quality management system requirements of the participating Regulatory Authorities.

Audits of medical device manufacturers are performed by MDSAP Auditing Organizations. The Regulatory Authorities oversee the Auditing Organizations’ compliance with MDSAP standards and requirements.

The MDSAP program includes a robust plan and schedule for assessing the competence and compliance of MDSAP Auditing Organizations. This plan includes assessments of their head office and critical sites, and performing assessments during witnessed audits, as part of a four-year recognition process.

The sequence of all assessment activities follows a 4-year cycle. The cycle begins with an initial authorization, followed by annual surveillance assessments for three consecutive years.

MDSAP Regulatory Authorities will base their recognition and assessment processes on the International Medical Device Regulators Forum (IMDRF) MDSAP documents in addition to other documents approved by the Regulatory Authority Council. Refer to Appendix C for a general overview of MDSAP’s Auditing Organization assessment and recognition decision-related processes.

If an Auditing Organization disagrees with an unfavourable recognition decision or a nonconformity issued by the Regulatory Authorities, it may formally file for an appeal to the participating Regulatory Authorities (further information on this appeal process is defined in MDSAP AS P0021: Appeals Procedure). Also, please see section 32.5(2) of the Medical Devices Regulations which outlines the provisions under which an Auditing Organization has an opportunity to be heard when TPD intends to cease to recognize an Auditing Organization.

2.2 TPD’s responsibilities

The TPD is Canada's regulator of medical devices for human use. As the national regulatory authority, TPD evaluates and monitors the safety, effectiveness and quality of medical devices available to Canadians.

TPD participates in the Regulatory Authority Council (RAC) which makes the final recognition decision of auditing organizations and participating regulatory authorities for the purposes of the MDSAP initiative.

TPD participates as assessors and technical experts in the MDSAP recognition assessment, reassessment or surveillance audits of Auditing Organizations. TPD will provide input to the recommendations regarding the scope of recognition of an Auditing Organization.

TPD recognizes in its medical device licensing process the registration of a manufacturer’s quality management system by an Auditing Organization recognized under MDSAP, unless there is reason to suspect that the MDSAP certificate is not valid.

Information held by TPD from an MDSAP recognition assessment, reassessment or surveillance audit of an Auditing Organization, and from an Auditing Organization’s audit, reaudit, or surveillance audit of a manufacturer will be treated in accordance with appropriate federal legislation and guidelines dealing with the handling of information under the control of HC.

TPD may provide, or make available, training to Auditing Organizations on the requirements found in the Medical Devices Regulations, and any significant changes.

If TPD determines, based on objective evidence obtained with respect to the performance or behaviour of an auditing organization, that an MDSAP recognized Auditing Organization is not complying with the requirements of MDSAP or if public health and safety is being compromised, TPD will not recognize that Auditing Organization and will recommend that the MDSAP Consortium take corrective actions, suspend or revoke the Auditing Organization’s MDSAP recognition. TPD will notify the RAC and the Auditing Organization in writing if it does not recognize an MDSAP recognized Auditing Organization.

The recognition decision of the Minister of Health will be demonstrated by way of a letter from HC to the Auditing Organization and by maintenance of a list of Auditing Organizations recognized by the Minister on the HC website.

2.3 Auditing organizations

Audits are conducted by Auditing Organizations authorized or recognized by the participating Regulatory Authorities to audit under MDSAP requirements.

Auditing Organizations must conform to the requirements of MDSAP and the requirements of the Medical Devices Regulations.

If an Auditing Organization is a corporate body which is part of a larger organization or uses the services of a subcontractor, it maintains responsibility for all contracted actions of the larger organization or its subcontractor and would be liable for them as if the Auditing Organization performed the actions.

Auditing Organizations will perform the third-party conformity assessment audits of medical device manufacturer’s quality management system to satisfy the quality management system requirements of the Medical Device Regulations.

Medical device manufacturers will be audited according to the scope of facilities, activities and medical devices declared in their application for certification services. Based on the countries where the manufacturer sells (or intends to sell) or has devices registered, the Auditing Organizations will determine the regulatory requirements applicable to that manufacturer.


Appendix A – Glossary

Auditing Organizations:
An organization that audits a medical device manufacturer for conformity with quality management system requirements and other medical device regulatory requirements. Auditing Organizations may be an independent organization or a Regulatory Authority which perform regulatory audits (IMDRF/MDSAP WG/N3).

Regulatory Authority:
A government body or other entity that exercises a legal right to control the use or sale of medical devices within its jurisdiction, and that may take enforcement action to ensure that medical products marketed within its jurisdiction comply with legal requirements. (IMDRF/MDSAP WG/N3)

Regulatory Authority Council:
The RAC consists of representatives from all participating regulatory authorities and provides direction, oversight, and resources to support the MDSAP development, implementation, maintenance, and expansion.

Appendix B – References

Stakeholders may purchase the current 13485 standard at:

Transition to the Medical Device Single Audit Program (MDSAP), Health Canada,

  • MDSAP AS P0005: Assessment Program
  • MDSAP AS P0010: AO Application for Recognition
  • MDSAP AS P0012: Witnessed Audit
  • MDSAP AS P0013: Stage 1 Assessment
  • MDSAP AS P0014: Special Remote Assessment
  • MDSAP AS P0015: AO Nonconformity Process
  • MDSAP AS P0016: On-Site Assessment
  • MDSAP AS P0017: Technical Review & Recognition Decision
  • MDSAP AS P0020: Special On-Site Assessment
  • MDSAP AS P0021: Appeals
  • IMDRF/MDSAP WG/N3: Requirements for Medical Device Auditing Organizations for Regulatory Authority Recognition
  • IMDRF/MDSAP WG/N4: Competence and Training Requirements for Auditing Organizations

Appendix C – General overview of Auditing Organization assessment and recognition decision related processes

Long Description

Appendix C: General Overview of Auditing Organization Assessment and Recognition Decision Related Processes


Read AO Application for Recognition, MDSAP AS P0010.

Then read Assessment Program, MDSAP AS P0005 and Stage 1 Assessment, MDSAP AS P0013.

Then decide which assessment type applies. If it’s Stage 2 Surveillance, Re-recognition, at Head Office or Critical Location, read On-Site Assessment, MDSAP AS P00016. If it’s Witnessed Audit, read Witnessed Audit, MDSAP AS P0012. If it’s Special On-Site Assessment, read Special On-Site Assessment, MDSAP AS P0020. If it’s Special Remote Assessment, read Special Remote Assessment, MDSAP AS P0014.

Then you need to determine whether nonconformities were identified. If yes, read AO Nonconformity Process, MDSAP AS P0015. Following the AO nonconformity process, or if no nonconformities were identified, read Technical Review and Recognition Decision, MDSAP AS P0017.

Then if there is an appeal, read Appeals, MDSAP AS P0015. Following the appeals process, or if there is no appeal, identify which type of decision applies. If it is a refusal of recognition, that is the end of the process. If the decision is one of recognition, the process loops back to the assessment program; read Assessment Program, MDSAP AS P0005. If the decision is to temporarily suspend or revoke recognition, read Implementing Suspension and Revocation of Recognition MDSAP AS P0022. Then if this leads to a revocation of recognition, the process ends. If this leads to a temporary suspension, the process loops back to the assessment program; read Assessment Program, MDSAP AS P0005.

Page details

Date modified: