1 Medical Device Single Audit Program MDSAP Suzan

1 Medical Device Single Audit Program (MDSAP) Suzan S. Davis President & CEO Global Regulatory Partners-LLC

2 Agenda § What is IDMRF § What is MDSAP § MDSAP Benefits § Regulatory Authorities Usage of MDSAP § How MDSAP Works? § Medical Device Manufacturers Audit Criteria and Cycle under MDSAP § Medical Device Manufacturers Audit Sequence and Process under MDSAP § Medical Device Manufacturers Audit Outcome § Auditing Organization Assessment & Recognition under MDSAP § Auditing Organization Assessment Criteria and Cycle under MDSAP § Auditing Organizations Assessment Process under MDSAP § Auditing Organization Assessment Outcome § Conclusion

3 What is IDMRF? (International Medical Device Regulators Forum) § IMDRF is a voluntary group of medical device regulators from around the world that was created in 2011: Ø to replace the Global Harmonization Task Force on Medical Devices (GHTF) and build on its strong foundations and previous work. Ø to accelerate international medical device regulatory harmonization and convergence. § The IMDRF Management Committee comprises regulatory authority representatives from Australia, Brazil, Canada, China, Europe, Japan, Russia and United States of America. § The roles of IMDRF Chair and Secretariat rotate annually.

4 What is IDMRF ? § The IMDRF Management Committee : § Provides guidance on strategies, policies, directions, membership and activities of the Forum. § Oversees Working Groups formed with experts from various stakeholder such as industry, academia, healthcare professionals, consumer and patient groups. § IMDRF Official Observers : The World Health Organization (WHO) and the APEC LSIF Regulatory Harmonization Steering Committee § IDMRF Affiliate Organizations : The Asian Harmonization Working Party (AHWP) and the Pan American Health Organization (PAHO).

5 What is IDMRF ? § IMDRF Working Groups Ø Responsible for developing technical documents, Ø Involve the participation of stakeholders that have significant involvement in the development, manufacture or use of medical devices including, but not limited to, regulated industry, international entities and associations, academia, patient and consumer groups, medical professionals, and other regulatory authorities. § Currently 4 Working Groups : - Medical Device Single Audit Program (MDSAP), - Software as a Medical Device (Sa. MD), - Regulated Product Submission, - A review of the NCAR system.

6 What is MDSAP ? (Medical Device Single Audit Program) MDSAP is a program that allows a single regulatory audit of a medical device manufacturer’s quality management system to satisfy the needs of participating regulatory authorities. The single audit is performed by authorized third party organizations. The single audit of a medical device manufacturer’s quality management system will include the assessment of the quality management system processes including management responsibility, resource management, product realization, measurement, analysis and improvement, and adverse event reporting; as well as compliance with Good Manufacturing Practices (GMPs) or other applicable requirements specific to a participating regulatory authority.

7 What is MDSAP? § The participating medical device regulatory authorities in the pilot program : Ø Ø Therapeutics Goods Administration (TGA) of Australia, Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA), Health Canada, U. S. Food and Drug Administration § MDSAP Pilot phase started in January 2014 and runs until the end of 2016 § The final MDSAP will be implemented in 2017

8 MDSAP Benefits § Single Audit used instead of multiple separate audits/ inspections by participating regulatory authorities: Ø Reduction of Number of audits/ inspections Ø Optimization of time and resources spent/used in audits activities. Ø Reduction of audit costs Example: Currently, manufacturers might have a CMDCAS audit every year, an FDA inspection every other year and still waiting for an ANVISA inspection, so they can launch a product in Brazil. Instead of 3 audits/inspections in one year, the mdsap program will enable companies to schedule a single audit to address each major market at one time. When Japanese and Europeans will adopt mdsap as well, then companies will realize an even greater overall reduction in the number of audit days each year.

9 MDSAP Benefits § Flexibility : Medical device manufacturers are free to choose among all authorized auditing organizations to perform the audits. Ø Routine audits are announced and planned with the manufacturer. Ø Audits performed by auditors who know the company already (notified bodies) § Improved predictability of audits’ outcomes : Ø Auditing organizations monitored by the participating Regulatory Authorities, Ø Usage of a standard MDSAP audit model, Ø Usage of same grading process of nonconformities Ø Usage of standard report template to report audits’ outcomes § Commitment to quality and compliance : enrolling in the MDSAP is considered as an evidence of a medical device manufacturers’ commitment to product quality and regulatory compliance.

10 Regulatory Authorities Usage of MDSAP § United States : FDA will accept MDSAP audit reports as substitutes for the agency’s own routine 21 CFR Part 820 quality system inspections. § Inspections conducted “For Cause” or “Compliance Follow-up” by FDA will not be affected by this program. § MDSAP program would not apply to any necessary pre-approval or post approval inspections for Premarket Approval (PMA) applications § Australia: the TGA will use MDSAP audit reports to help determine compliance with Australian medical device registration requirements

11 Regulatory Authorities Usage of MDSAP § Brazil: ANVISA will use MDSAP audit reports and other components of the program in its pre- and post-market medical device evaluations. § Canada: HC will use a MDSAP audit as part of their Canadian Medical Device Conformity Assessment System (CMDCAS) certification program. Upon the successful conclusion of the pilot, Health Canada's intent to implement the MDSAP as the mechanism to achieve regulatory compliance for quality management system requirements in Canada.

12 How MDSAP Works ? § MDSAP uses approved third party auditing organization only in addition to regulatory authority inspectorates Greater coverage in auditing manufacturers around the globe. § Government resources can focus on high risk and problematic medical devices, manufacturers that are not in compliance with regulations, and oversight of third party auditing organizations § A manufacturer may exclude the requirements of a jurisdiction if not intend to supply medical devices to it.

13 How MDSAP Works? § The MDSAP program will not replace ISO certification programs or standards; the program will not be an accredited program as the regulators do not recognize IAF (International Accreditation Forum) principles, policies or requirements. § It is expected that the MDSAP program will eventually replace Health Canada’s CMDCAS program and the US FDA’s Accredited Persons Inspection program.

14 Medical Device Manufacturers Audit Criteria ISO 13485: 2003 + Specific Requirements of: (TGA, ANVISA, HC, FDA) = One Comprehensive Audit Model Longer audits : 35 -100% longer in duration. The typical ISO 13485 audit might be two days. MDSAP audit can last four days.

15 Medical Device Manufacturer Audit Cycle § The Medical Device Single Audit Program is based on 3 year audit cycle. § The Initial Audit called also the “Initial Certification Audit” : a complete audit of a medical device manufacturer’s quality management system (QMS) consisting of a Stage 1 Audit and a Stage 2 Audit. § Stage 1 – Documentation review, evaluation of preparedness for Stage 2 audit. § Stage 2 – Evaluation of QMS Implementation and Effectiveness. § The initial Audit is followed by a partial Surveillance Audit in each of the following 2 years and a complete Re-audit (“Recertification Audit”) in 3 rd year. § Special audits and unannounced audits are conducted by Regulatory Authorities that may occur at any time within the audit cycle in case of noncompliance.

16 Medical Device Manufacturers Audit Sequence

17 Medical Device Manufacturers Audit Process § MDSAP audits are process based audits and follow the 7 processes here below : § § § § Management. Measurement, analysis and improvement. Design and development. Production and service controls; and supporting process. Purchasing. Device Marketing Authorization and Facility Registration Medical Device Adverse Events and Advisory Notices Reporting. § The audit sequence was designed and developed to allow for the audit to be conducted in a logical, focused, and efficient manner.

18 Medical Device Manufacturers Audit Outcome § The Auditing Organization writes an audit report for each audited site, using a standard template specifically designed for medical device regulatory audits. § Auditing Organizations share the audit outcomes with the participating Regulatory Authorities to support their pre-market or post market or routine compliance. § Upon successful certification or recertification audits, Auditing Organizations issue MDSAP specific certification documents stating compliance to MDSAP audit criteria (See MDSAP AU P 0026). § Nonconformities identified during an audit are graded on a scale from 1 (least critical) to 5 (most critical), according to explicit criteria as defined in GHTF/SG 3/N 19.

19 Medical Device Manufacturers Audit Outcome § Nonconformities are graded based on their degree of impact on the QMS and the frequency of their recurrence. § In some cases, high grade nonconformities may trigger the performance of an unannounced audit; § The manufacturer provides – and the Auditing Organization reviews – remediation plans and evidence of implementation of these plans according to a specified timeline (see MDSAP AU P 0027).

20 Auditing Organization Assessment & Recognition § During the Pilot, the only Auditing Organizations that will be allowed to apply to the MDSAP program for recognition will be the accredited organizations/registrars currently utilized in the Health Canada CMDCAS Program. § Many of CMDCAS registrars are also designated as Notified Bodies under the European regulatory scheme. § The list of Registrars Recognized by Health Canada can be found at: http: //www. hc-sc. gc. ca/dhp-mps/md-im/qualsys/list_liste_regist-eng. php § After Pilot period (end of 2016) additional Auditing Organizations may be eligible to apply to the MDSAP

21 Auditing Organization Assessment Criteria MDSAP assessment criteria: § IMDRF MDSAP WG N 3 – “Requirements for Medical Device Auditing Organizations for Regulatory Authority Recognition” § IMDRF MDSAP WG N 4 – “Competency and Training Requirements for Auditing Organizations” § Particular regulatory requirements published by the recognizing Regulatory Authority : audit model or technique, audit duration calculations, sampling of product technical documentation, audit planning to include determination of sites to be audited, audit report requirements.

22 Auditing Organization Assessment Cycle

23 Auditing Organization Assessment Process Assessment Program Initial Assessment Surveillance Assessment Re-Recognition Assessment Activities Application Review Stage 1 Assessment Including Documentation Review Stage 1 Assessment including Documentation Review for Changes Stage 2 On-Site Assessment (Head Office) Surveillance On-Site Surveillance On Site Assessment (Head Office) ) (Head Office Re-Recognition On-Site Assessment (Head Office) Witnessed Audits Witnessesd Audits Witnessed Audits On-Site Assessment of Critical Locations (as necessary) On-Site Assessment of. Critical Locattions(as necessary) On-Site Assessment of Critical Locations (as necessary)

24 Auditing Organization Assessment Outcome § Grade 1 nonconformity : is a nonconformity that is unlikely to have a direct impact on the Auditing Organization’s ability to routinely operate an effective, ethical, impartial and competent organization that produces acceptable audit conclusions, audit reports, and certification documents. § Grade 2 nonconformity : is a nonconformity that is likely to have a direct impact on the Auditing Organization’s ability to routinely operate an effective, ethical, impartial and competent organization that produces acceptable audit conclusions, audit reports, and certification documents; and is unlikely to allow deficiencies in the manufacturer’s quality management system, or its implementation, to have a direct impact on the safety and performance of the medical device. It’s a recurrence of a Grade 1 nonconformity.

25 Auditing Organization Assessment Outcome § Grade 3 nonconformity: is a nonconformity that is likely to have a direct impact on the Auditing Organization’s ability to routinely operate an effective, ethical, impartial and competent organization that produces acceptable audit conclusions, audit reports, and certification documents; and is likely to allow deficiencies in the manufacturer’s quality management system, or its implementation, to have a direct impact on the safety and performance of the medical device. It’s a recurrence of a Grade 2 nonconformity. § Grade 4 nonconformity – Involves fraud, misrepresentation or falsification of evidence of conformity per IMDRF/MDSAP WG/N 3 Final: 2013 clause 5. 1. It’s a recurrence of a Grade 3 nonconformity.

26 Conclusion § MDSAP eliminates the need of four separate regulatory audits : § Better use of human and financial resources § Reduced time required for regulatory audits § MDSAP allows the usage of authorized third parties: § More flexibility and better planning for the audits § Build relationship with auditing organizations. § MDSAP uses One Audit Model § Uniformity of the requirements § Better predictability of the audits’ outcome.

27 Recommendations To Medical Device Manufacturers § Be part of the process during the pilot to help shape the policies and procedures for the operational program scheduled to begin in 2017. § Contact the Auditing Organization of their choice to determine if they are – or when they expect to be – authorized to perform MDSAP Pilot audits. § Perform a gap analysis between what you have now and the MDSAP audit criteria requirements and set up the appropriate strategy and action plan for compliance.

28 Source of Information § International Medical Device Regulators Forum (IMDRF): http: //www. imdrf. org § FDA website : http: //www. fda. gov/downloads/Medical. Devices/International. Program s/MDSAPPilot/UCM 372066. pdf § Health Canada Website : http: //www. hc-sc. gc. ca/dhp-mps/md im/activit/int/mdsap_pilot_notice_avis-eng. php

29 Source of Information § IMDRF MDSAP WG N 3 -“Requirements for Medical Device Auditing Organizations for Regulatory Authority Recognition” § IMDRF MDSAP WG N 4 -“Competency and Training Requirements for Auditing Organizations” § IMDRF MDSAP WG N 5 -“Regulatory Authority Assessment Strategy for the Recognition and Monitoring of Medical Device Auditing Organizations” § IMDRF MDSAP WG N 6 - “Regulatory Authority Assessor Competency and Training Requirements” § IMDRF MDSAP WG N 11 - document that “grades” nonconformities resulting from a Regulatory Authority assessment of an Auditing Organization and document the decision process for recognizing an Auditing Organization or revoking recognition

30 Questions ? For any questions please send an email to sdavis@globalregulatorypartners. com Or contact Global Regulatory Partners-LLC via www. globalregulatorypartners. com

31 Thank You from Global Regulatory Partners-LLC