Medical Device Single Audit Program (MDSAP) is a global initiative for single audit of QMS to satisfy multiple jurisdictions’ requirements. MDSAP covers the regulatory requirement of the U.S., Canada, Brazil, Japan, and Australia. Its purpose is to streamline compliance, reduce audit fatigue, and ensure consistent quality standards across international markets. Of the three major audits, MDSAP surveillance audits occur in years 2 and 3. MDSAP surveillance audits focus on evaluations of your quality management system (QMS) to confirm ongoing compliance and effectiveness.
What is the MDSAP audit cycle?
The MDSAP audit cycle spans three years and includes three main audits: initial certification, surveillance, and recertification. Each has a distinct purpose to establish compliance, monitor ongoing performance, and renew certification.
- Initial certification audit (Year 1): This is a comprehensive evaluation of the manufacturer’s quality management system (QMS), conducted in two stages: documentation review and on-site implementation check. Its goal is to establish baseline compliance with ISO 13485:2016 and country-specific requirements, thereby leading to issuance of the MDSAP certificate.
- Surveillance audits (Years 2 and 3): These are shorter, focused audits that verify the continued effectiveness of the QMS and ensure corrective actions from previous findings are sustained. They emphasize ongoing compliance with regulatory requirements, targeting high-risk processes, such as complaint handling, CAPA, and supplier management.
- Recertification audit (End of Year 3): This is a full reassessment of the QMS to confirm long-term compliance and readiness for the next three-year cycle. It ensures the organization has maintained regulatory alignment and quality discipline, thereby renewing certification for continued market access.
Important points
- Mandatory in Canada: Health Canada mandatorily requires MDSAP certification for Class II–IV devices.
- Global acceptance: Audit reports are recognized by regulators in the U.S., Canada, Brazil, Japan, and Australia.
- Audit fatigue reduction: One audit replaces multiple country-specific inspections, saving time and resources.
What is the MDSAP surveillance audit?
Of the three major MDSAP audits, MDSAP surveillance audits occur in years 2 and 3. The MDSAP surveillance audits aim to ensure that a medical device manufacturer’s Quality Management System remains effective, compliant, and continuously aligned with ISO 13485:2016 and the regulatory requirements of participating countries. Unlike the initial certification audit, these audits are shorter and more targeted, focusing on high‑risk processes, such as complaint handling, CAPA, supplier management, and post‑market surveillance. They serve as a checkpoint to verify corrective actions from previous audits are sustained and regulatory obligations are consistently met. Additionally, the surveillance audit ensures the organization is maintaining a culture of quality and vigilance in preparation for the full recertification audit at the end of the cycle.
Scope, focus area, and purpose
- Scope: The scope of MDSAP covers the entire Quality Management System (QMS) of medical device manufacturers, which should be aligned with ISO 13485:2016. It extends to regulatory requirements from participating countries, including the U.S. FDA, Health Canada, Brazil’s ANVISA, Japan’s PMDA, and Australia’s TGA. This means one audit cycle can replace multiple country-specific inspections, thereby reducing duplication and harmonizing compliance.
- Focus area: MDSAP audits concentrate on high-risk and regulatory-critical processes, such as complaint handling, CAPA, supplier management, and post-market surveillance. They also evaluate management responsibility, production controls, purchasing, and measurement/analysis activities. The emphasis is on ensuring that manufacturers maintain consistent quality and regulatory vigilance across all jurisdictions.
- Purpose: The purpose of the MDSAP surveillance audit is to confirm that a medical device manufacturer’s QMS continues to operate effectively and remains compliant with ISO 13485:2016 and the regulatory requirements of participating countries. These audits act as checkpoints between the initial certification and recertification. Thus, surveillance audits help regulators and manufacturers maintain ongoing confidence in product quality and patient safety while preparing the organization for the full recertification audit at the end of the cycle.
Characteristics of MDSAP surveillance audits
- Duration: Typically, shorter than the initial certification audit, lasting 2–3 days depending on company size and complexity. Designed to minimize disruption while still ensuring thorough oversight. Focused on efficiency, targeting only high‑risk and previously identified areas.
- Depth: Less comprehensive than the initial audit but highly targeted on risk areas and prior nonconformities. Auditors concentrate on CAPA, complaint handling, supplier management, and post‑market surveillance. Ensures that corrective actions are not only implemented but also sustained over time.
- Frequency: Conducted annually in Year 2 and Year 3 of the MDSAP cycle. Serves as a checkpoint between the initial certification and the full recertification audit. Helps maintain continuous compliance and readiness for regulatory inspections.
What to expect in MDSAP surveillance audits?
We have presented what typically happens during MDSAP surveillance audits (Year 2 and 3)
- Opening meeting: Auditors start with an introductory session to explain the audit plan, scope, and objectives. They revisit findings from the Initial Certification Audit to highlight areas requiring follow‑up. The manufacturer’s leadership team is briefed on responsibilities. This sets the tone and ensures alignment between auditors and the organization.
- Document and record review: Auditors examine QMS documentation related to high‑risk processes such as CAPA, complaint handling, and supplier management. They verify whether corrective actions from previous audits have been implemented and sustained. Records of management reviews, internal audits, and regulatory reporting are checked for completeness and accuracy. This stage ensures that the paper trail supports compliance and continuous improvement.
- On‑site process evaluation: Auditors observe key processes directly, including production controls, purchasing, and post‑market surveillance activities. Staff interviews are conducted to confirm that procedures are understood and consistently applied. Evidence of risk‑based thinking and continuous improvement is assessed during these evaluations. This provides assurance that the QMS is functioning effectively in practice and not just on paper.
- Verification of regulatory compliance: Country‑specific requirements are checked, such as FDA reporting timelines or Health Canada’s post‑market surveillance rules. Auditors ensure adverse event reporting and vigilance systems are functioning properly. Supplier qualification and monitoring are reviewed to confirm compliance with global standards. This step validates that the organization meets both ISO 13485 and regional regulatory expectations.
- Closing meeting: Findings are presented, including any nonconformities or observations identified during the audit. The team discusses corrective actions, timelines, and expectations for follow‑up. Auditors confirm whether the organization remains compliant and on track for recertification. This final session ensures transparency and provides a roadmap for continuous improvement.
Checklist for MDSAP surveillance audits
- Corrective actions follow‑up: Ensure all nonconformities from the Initial Certification Audit have documented corrective actions. Verify root cause analysis is complete and preventive measures are in place.
- Complaint handling system: Review complaint records to confirm timely investigation and closure. Ensure adverse event reporting procedures are clearly documented and followed.
- CAPA effectiveness: Evaluate CAPA logs for completeness and closure status.
- Supplier management: Ensure risk‑based supplier evaluations are documented.
- Management responsibility: Ensure top management is actively involved in quality planning and resource allocation.
- Production and process controls: Review production records for consistency with validated processes.
- Post‑market surveillance: Check vigilance reports and trend analysis of product performance.
- Internal audit program: Confirm internal audits are scheduled and completed as planned. Ensure audit reports cover high‑risk processes and regulatory requirements. Document corrective actions from internal audits and verify closure.
- Audit readiness documentation: Maintain updated QMS documentation accessible to auditors. Ensure staff are trained to correctly answer auditor questions
Need help with MDSAP surveillance audits? We have extensive expertise and regulatory knowledge of the MDSAP guidelines. From gap assessment and documentation to CAPA implementation and establishing an ISO 13845-compliant QMS, we have you covered. Drop an email at [email protected] or call/Whatsapp on 9996859227 to hire our expert.


