Regulatory Open Forum

The list of MDSAP AOs is available at https://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM429978.pdf

The table has a column entitled "Authorized to Conduct MDSAP Audits" that has entries of Yes/No.

The column to the right has the title "Recognition" that has entries of Yes/No.

How does an AO achieve a Yes in the Recognition column? In particular, if an AO has a Yes in the authorized column and a No in recognition column, does this impact the validity of any MDSAP certificate the AO issues?

------------------------------
Dan O'Leary
Swanzey NH
United States
------------------------------

AOs pursue recognition. Authorization is the first step (which enables them to perform audits). Recognition is the next steps, and involves some actions, including a number of audits. In principle there's no problem if an Ao is authorized but still not recognized.

------------------------------
Marcelo Antunes
Regulatory Strategy Consultant
São Paulo
Brazil
------------------------------

Original Message:
Sent: 22-May-2018 15:58
From: Dan O'Leary
Subject: MDSAP Auditing Organization List

The list of MDSAP AOs is available at https://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM429978.pdf

The table has a column entitled "Authorized to Conduct MDSAP Audits" that has entries of Yes/No.

The column to the right has the title "Recognition" that has entries of Yes/No.

How does an AO achieve a Yes in the Recognition column? In particular, if an AO has a Yes in the authorized column and a No in recognition column, does this impact the validity of any MDSAP certificate the AO issues?

------------------------------
Dan O'Leary
Swanzey NH
United States
------------------------------

That was confusing to me as well because they have all this documentation on the FDA website, but there is no information for description of this form with the two columns that mean something.  And could mean something significant for manufacturers selecting an AO.  Marcelo is correct there are stages that an AO must go through, but they do not use the same terminology in their own procedures like P0005 or P0016.

------------------------------
Richard Vincins RAC
Vice President Regulatory Affairs
------------------------------

Original Message:
Sent: 22-May-2018 16:05
From: Marcelo Antunes
Subject: MDSAP Auditing Organization List

AOs pursue recognition. Authorization is the first step (which enables them to perform audits). Recognition is the next steps, and involves some actions, including a number of audits. In principle there's no problem if an Ao is authorized but still not recognized.

------------------------------
Marcelo Antunes
Regulatory Strategy Consultant
São Paulo
Brazil

Original Message:
Sent: 22-May-2018 15:58
From: Dan O'Leary
Subject: MDSAP Auditing Organization List

The list of MDSAP AOs is available at https://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM429978.pdf

The table has a column entitled "Authorized to Conduct MDSAP Audits" that has entries of Yes/No.

The column to the right has the title "Recognition" that has entries of Yes/No.

How does an AO achieve a Yes in the Recognition column? In particular, if an AO has a Yes in the authorized column and a No in recognition column, does this impact the validity of any MDSAP certificate the AO issues?

------------------------------
Dan O'Leary
Swanzey NH
United States
------------------------------

Hi Dan,

As Marcelo states, in principle there is no problem with a certificate that is issued by an authorized AO before they are recognized. Understand the processes for MDSAP are formally issued through IMDRF and one in particular you may want to view is the recently updated document: "Requirements for Medical Device Auditing Organizations for Regulatory Authority Recognition" (link below). Keep in mind that each AO will need to have the requisite number of witnessed audits and auditors competence as part of recognition. If your audit is witnessed, you will have a representative from at least one regulator, but they cannot participate in the audit, they are there to watch the auditor and review the AO performance.
http://www.imdrf.org/docs/imdrf/final/technical/imdrf-tech-160324-requirements-auditing-orar.pdf

------------------------------
Regards,
Mark Swanson, ASQ CBA, CMQ/OE, CQE ASQ, MBA
Becker MN
United States
------------------------------

Original Message:
Sent: 22-May-2018 16:05
From: Marcelo Antunes
Subject: MDSAP Auditing Organization List

AOs pursue recognition. Authorization is the first step (which enables them to perform audits). Recognition is the next steps, and involves some actions, including a number of audits. In principle there's no problem if an Ao is authorized but still not recognized.

------------------------------
Marcelo Antunes
Regulatory Strategy Consultant
São Paulo
Brazil

Original Message:
Sent: 22-May-2018 15:58
From: Dan O'Leary
Subject: MDSAP Auditing Organization List

The list of MDSAP AOs is available at https://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM429978.pdf

The table has a column entitled "Authorized to Conduct MDSAP Audits" that has entries of Yes/No.

The column to the right has the title "Recognition" that has entries of Yes/No.

How does an AO achieve a Yes in the Recognition column? In particular, if an AO has a Yes in the authorized column and a No in recognition column, does this impact the validity of any MDSAP certificate the AO issues?

------------------------------
Dan O'Leary
Swanzey NH
United States
------------------------------

Mark,

Thank you. This helps clear up my confusion.

------------------------------
Dan O'Leary
Swanzey NH
United States
------------------------------

Original Message:
Sent: 23-May-2018 08:57
From: Mark Swanson
Subject: MDSAP Auditing Organization List

Hi Dan,

As Marcelo states, in principle there is no problem with a certificate that is issued by an authorized AO before they are recognized. Understand the processes for MDSAP are formally issued through IMDRF and one in particular you may want to view is the recently updated document: "Requirements for Medical Device Auditing Organizations for Regulatory Authority Recognition" (link below). Keep in mind that each AO will need to have the requisite number of witnessed audits and auditors competence as part of recognition. If your audit is witnessed, you will have a representative from at least one regulator, but they cannot participate in the audit, they are there to watch the auditor and review the AO performance.
http://www.imdrf.org/docs/imdrf/final/technical/imdrf-tech-160324-requirements-auditing-orar.pdf

------------------------------
Regards,
Mark Swanson, ASQ CBA, CMQ/OE, CQE ASQ, MBA
Becker MN
United States

Original Message:
Sent: 22-May-2018 16:05
From: Marcelo Antunes
Subject: MDSAP Auditing Organization List

AOs pursue recognition. Authorization is the first step (which enables them to perform audits). Recognition is the next steps, and involves some actions, including a number of audits. In principle there's no problem if an Ao is authorized but still not recognized.

------------------------------
Marcelo Antunes
Regulatory Strategy Consultant
São Paulo
Brazil

Original Message:
Sent: 22-May-2018 15:58
From: Dan O'Leary
Subject: MDSAP Auditing Organization List

The list of MDSAP AOs is available at https://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM429978.pdf

The table has a column entitled "Authorized to Conduct MDSAP Audits" that has entries of Yes/No.

The column to the right has the title "Recognition" that has entries of Yes/No.

How does an AO achieve a Yes in the Recognition column? In particular, if an AO has a Yes in the authorized column and a No in recognition column, does this impact the validity of any MDSAP certificate the AO issues?

------------------------------
Dan O'Leary
Swanzey NH
United States
------------------------------

Dan & All,

To confuse things a little more, make sure you clients pick the appropriate AO for their needs (do they need EU NB, Brazil, other countries) as that may limit who they can go to (of the already limited list) or hopefully they are already using the proper registrar/certifier for their needs.  The reason I add this proviso is the list that ANVISA has for MDSAP AO's is not identical to the one on the FDA website.  On the ANVISA site right above the list of Audit Bodies (yes, a different term but equivalent meaning to Audit OIrganization) it says "...list of Audit Bodies evaluated and approved through the MDSAP Program that have already been recognized by Anvisa and its recognition resolution."

Best,

------------------------------
Leonard (Leo) Eisner, P.E.
The "IEC 60601 Guy"
Principal Consultant, Eisner Safety Consultants
Phone: (503) 244-6151
Mobile: (503) 709-8328
Email: Leo@EisnerSafety.com
Website: www.EisnerSafety.com
------------------------------

Original Message:
Sent: 23-May-2018 11:08
From: Dan O'Leary
Subject: MDSAP Auditing Organization List

Mark,

Thank you. This helps clear up my confusion.

------------------------------
Dan O'Leary
Swanzey NH
United States

Original Message:
Sent: 23-May-2018 08:57
From: Mark Swanson
Subject: MDSAP Auditing Organization List

Hi Dan,

As Marcelo states, in principle there is no problem with a certificate that is issued by an authorized AO before they are recognized. Understand the processes for MDSAP are formally issued through IMDRF and one in particular you may want to view is the recently updated document: "Requirements for Medical Device Auditing Organizations for Regulatory Authority Recognition" (link below). Keep in mind that each AO will need to have the requisite number of witnessed audits and auditors competence as part of recognition. If your audit is witnessed, you will have a representative from at least one regulator, but they cannot participate in the audit, they are there to watch the auditor and review the AO performance.
http://www.imdrf.org/docs/imdrf/final/technical/imdrf-tech-160324-requirements-auditing-orar.pdf

------------------------------
Regards,
Mark Swanson, ASQ CBA, CMQ/OE, CQE ASQ, MBA
Becker MN
United States

Original Message:
Sent: 22-May-2018 16:05
From: Marcelo Antunes
Subject: MDSAP Auditing Organization List

AOs pursue recognition. Authorization is the first step (which enables them to perform audits). Recognition is the next steps, and involves some actions, including a number of audits. In principle there's no problem if an Ao is authorized but still not recognized.

------------------------------
Marcelo Antunes
Regulatory Strategy Consultant
São Paulo
Brazil

Original Message:
Sent: 22-May-2018 15:58
From: Dan O'Leary
Subject: MDSAP Auditing Organization List

The list of MDSAP AOs is available at https://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM429978.pdf

The table has a column entitled "Authorized to Conduct MDSAP Audits" that has entries of Yes/No.

The column to the right has the title "Recognition" that has entries of Yes/No.

How does an AO achieve a Yes in the Recognition column? In particular, if an AO has a Yes in the authorized column and a No in recognition column, does this impact the validity of any MDSAP certificate the AO issues?

------------------------------
Dan O'Leary
Swanzey NH
United States
------------------------------