- Home
- Our Services
- Medical Device & IVD
- MDSAP
Our Services
Medical Device Single Audit Program
MDSAP certification (Medical Device Single Audit Program full form) is an internationally recognized audit program that allows a medical device manufacturer to complete a single quality management system (QMS) audit — accepted by five major regulatory authorities: the US FDA, Health Canada, Australia’s TGA, Brazil’s ANVISA, and Japan’s PMDA. Instead of facing five separate audits for five different countries, one MDSAP audit satisfies all of them. MDSAP is built on ISO 13485:2016 as its foundation and adds country-specific regulatory requirements for each participating nation. Since January 2019, MDSAP certification has been mandatory for Canada and is strategically critical for any medical device manufacturer targeting the US, Australian, Japanese, or Brazilian markets.
What is MDSAP?(MDSAP Full Form & Why It Matters in 2026)
MDSAP full form is Medical Device Single Audit Program. The concept was born in 2012 when the International Medical Device Regulators Forum (IMDRF) recognized a smarter way to manage global medical device compliance — instead of manufacturers going through repeated regulatory inspections from each country separately, a single, standardized audit process would satisfy all of them at once.
Think of it this way: if you manufacture medical devices and want to sell into Canada, the US, Australia, Japan, and Brazil simultaneously, you would previously need to prepare for five separate rounds of regulatory scrutiny. MDSAP changes that. You go through one structured MDSAP audit conducted by a recognized Auditing Organization (AO), and the resulting audit report and certificate is shared with all five participating regulatory bodies.
The program is process-based and risk-driven. Rather than simply checking documents, the MDSAP audit approach traces how your quality management system actually functions — from device marketing authorization through design, procurement, production, measurement, and post-market activities.
For manufacturers based in India, Asia, or anywhere globally who want access to high-value medical device markets in North America and the Pacific, MDSAP certification is not just a compliance checkbox — it is the market entry key.
MDSAP Countries — Which Regulatory Authorities Participate?
Understanding which countries participate in MDSAP is the first step in deciding whether to pursue certification.
| Country | Regulatory Authority | How They Use MDSAP |
|---|---|---|
| United States | US FDA (CDRH) | Accepts MDSAP audit reports as a substitute for routine FDA inspections |
| Canada | Health Canada | MDSAP certification is mandatory for Class II, III & IV device licenses since January 2019 |
| Australia | Therapeutic Goods Administration (TGA) | Uses MDSAP audit reports as key evidence for Conformity Assessment Certificate applications |
| Brazil | ANVISA | Uses MDSAP reports in GMP certification decisions; on-site ANVISA inspection typically not required |
| Japan | MHLW / PMDA | Recognizes MDSAP audits for manufacturers seeking market access |
MDSAP Affiliate Members (who utilize MDSAP reports without being full program members) include Argentina, Indonesia, Israel, South Korea, and Singapore. This means your MDSAP certification could support market access in up to 10 countries worldwide — from a single audit.
The MDSAP Audit Approach — How Does an MDSAP Audit Actually Work?
The MDSAP audit approach is significantly more structured and rigorous than a standard ISO 13485 audit. It is organized into defined process chapters, each covering specific areas of your QMS, and uses a unique nonconformity grading system that regulators across all five countries use for their own assessments.
The 7 MDSAP Audit Process Chapters
The MDSAP audit approach covers your organization’s QMS through seven interconnected process chapters:
Chapter 1 — Quality Management System Auditors evaluate your QMS documentation structure, quality policy, quality objectives, and management review processes. This chapter lays the foundation for everything else.
Chapter 2 — Device Marketing Authorization & Facility Registration This chapter assesses whether your organization has correctly obtained all required marketing authorizations and facility registrations in each MDSAP country you are selling into. Country-specific regulatory differences matter here significantly.
Chapter 3 — Measurement, Analysis & Improvement Covers your complaint handling, adverse event reporting, regulatory reporting, internal audits, nonconforming product control, corrective action, and preventive action (CAPA) processes.
Chapter 4 — Design & Development Evaluates your entire device design process — from inputs and outputs to design reviews, verification, validation, and design transfer. This is one of the most intensive chapters for manufacturers of complex devices.
Chapter 5 — Production & Service Controls Covers manufacturing processes, process validation, infrastructure and work environment, equipment calibration, and control of production records.
Chapter 6 — Purchasing Examines how you select, qualify, and monitor your suppliers and the products they supply. Supplier qualification is a frequent source of nonconformities.
Chapter 7 — Customer-Related Processes Reviews how you handle customer requirements, product information, and feedback loops.
The MDSAP 3-Year Audit Cycle
Unlike ISO 13485 which also follows a 3-year cycle, MDSAP is structured as:
- Stage 1 (Initial Certification) — Documentation review: Auditors evaluate your QMS documentation and assess your readiness for the Stage 2 on-site audit.
- Stage 2 (Initial Certification) — Full on-site audit: A comprehensive assessment of all seven process chapters against ISO 13485 requirements plus country-specific regulatory requirements of your target MDSAP markets.
- Year 1 Surveillance Audit: On-site review of key process chapters and follow-up on any nonconformities from the initial audit.
- Year 2 Surveillance Audit: Remaining process chapters reviewed; ongoing compliance assessed.
- Year 3 Re-certification Audit: Full recertification audit covering the complete scope of MDSAP requirements.
The MDSAP Nonconformity Grading System
This is where MDSAP is genuinely different from a standard ISO 13485 audit, and understanding it is critical for any manufacturer preparing for an MDSAP audit.
MDSAP does away with traditional “major” and “minor” nonconformity labels. Instead, it uses a points-based grading system from 1 to 5 (grades 5 and 6 are treated equally, capped at 5), developed from the Global Harmonization Task Force (GHTF) nonconformity grading framework.
How grades are assigned:
The grading works in two steps:
Step 1 — Base grade using a 2×2 matrix:
- Occurrence axis: First-time nonconformity vs. repeat nonconformity (seen in either of the two previous MDSAP audits for that same ISO 13485 sub-clause)
- Impact axis: Indirect impact (lower risk — doesn’t directly affect device safety/performance) vs. direct impact (higher risk — directly influences device design, manufacture, safety and performance)
Indirect first-occurrence nonconformities typically receive a grade of 1. Direct repeat-occurrence nonconformities start at grade 4.
Step 2 — Escalation rules (add +1 per occurrence if applicable):
- Absence of a documented process or procedure related to the nonconformity
- Nonconforming medical device released to market as a result
What happens at higher grades:
- Grades 1–3: Manufacturer submits a corrective action plan; normal follow-up cycle applies.
- Grade 4 (three or more) or Grade 5 (one or more): The Auditing Organization must notify the relevant regulators within 5 business days. The manufacturer must then submit a remediation plan within 15 calendar days and provide evidence of implementation within 30 days from the audit end date.
This grading system is why preparation matters enormously. A single poorly-controlled supplier qualification process, for instance, could receive a direct-impact nonconformity that escalates quickly if it is a repeat finding. At TraccGlobal, we prepare our clients thoroughly for every chapter and task of the MDSAP audit approach before a single auditor walks through the door.
Who Needs MDSAP Certification?
MDSAP certification is relevant for you if:
- You manufacture medical devices and want to sell in Canada — MDSAP is legally mandatory for Class II, III, and IV device licenses.
- You manufacture medical devices and target the US market — MDSAP reduces your FDA inspection frequency significantly.
- You want multi-country market access (US + Canada + Australia + Brazil + Japan) without the cost and disruption of five separate audits.
- You are an ISO 13485-certified manufacturer looking to upgrade your certification to satisfy multiple regulatory authorities simultaneously.
- You are an Indian, Asian, or European manufacturer exporting to North American or Pacific markets and need to demonstrate QMS compliance to Western regulators.
- Your US or Canadian buyer or distributor is requiring MDSAP as part of their supplier qualification.
You are not required to pursue MDSAP if you only sell within markets that are not MDSAP participants, or if your devices fall within specific exclusions (Class I devices in Canada, certain device categories exempt from MDSAP requirements).
MDSAP vs ISO 13485 — What's the Difference?
This is one of the most common questions we receive. Here is the honest comparison:
| Feature | ISO 13485:2016 | MDSAP Certification |
|---|---|---|
| Scope | Global QMS standard for medical devices | QMS audit accepted by 5 regulatory authorities simultaneously |
| Audit rigor | Standard 3-year certification audit cycle | More intensive — structured process chapters, detailed task-based auditing |
| Regulatory recognition | Not directly accepted by regulators as market authorization | Accepted by FDA, Health Canada, TGA, ANVISA, PMDA |
| Canada requirement | Not sufficient for Class II–IV device license | Mandatory since January 2019 |
| Nonconformity grading | Major/Minor classification | 1–5 point grading system (GHTF-based) |
| Country-specific requirements | Not included | Explicitly covered for all 5 MDSAP countries |
| Audit days | Fewer days required | More audit days — more thorough coverage |
| Market benefit | Demonstrates QMS compliance | Opens 5 major markets + affiliate countries |
If you already hold ISO 13485 certification, MDSAP builds on it — you will not start from scratch. However, MDSAP does require additional documentation, country-specific procedure coverage, and more rigorous audit evidence than ISO 13485 alone. Most BSIs and accredited auditing organizations can combine your ISO 13485 recertification with MDSAP, reducing disruption.
MDSAP Certification Process — Step by Step
Here is exactly what the MDSAP certification journey looks like, and where TraccGlobal fits into each stage:
Step 1 — Gap Assessment Against MDSAP Requirements
Before anything else, you need to know where your current QMS stands relative to MDSAP requirements. This is not just a gap against ISO 13485 — it is a gap analysis against the specific regulatory requirements of every MDSAP country you intend to sell into.
TraccGlobal conducts a structured gap assessment, reviewing your current QMS documentation, procedures, records, and country-specific regulatory coverage. We identify exactly what needs to be built, fixed, or documented before your audit.
Step 2 — QMS Remediation & Documentation
Based on the gap assessment, we work with your team to build or remediate the required documentation and processes. This typically includes:
- Quality Manual aligned to MDSAP process chapter structure
- Country-specific regulatory procedures (adverse event reporting timelines differ between the US, Canada, Australia, Brazil, and Japan)
- Supplier qualification and purchasing control documentation
- Design and development records (if applicable to your device scope)
- CAPA system aligned to MDSAP grading requirements
- Post-market surveillance and vigilance procedures per country requirements
- Device marketing authorization and facility registration documentation
Step 3 — Select an Accredited Auditing Organization (AO)
MDSAP audits can only be conducted by Auditing Organizations officially recognized by the MDSAP program. Recognized AOs include BSI, TÜV SÜD, UL Solutions, GMED, and others. TraccGlobal helps you select the right AO based on your geography, device scope, existing certifications, and timeline. We also help you coordinate with the AO so your audit is scoped correctly from day one.
Step 4 — Stage 1 Documentation Audit
The AO conducts a desktop review of your QMS documentation. The primary purpose is to determine whether your documentation is ready for the on-site Stage 2 audit, and to confirm that your procedures adequately address all seven MDSAP process chapters and applicable country-specific requirements.
TraccGlobal prepares and reviews all Stage 1 documentation packages before submission to the AO, ensuring completeness and alignment.
Step 5 — Stage 2 On-Site Audit
The AO sends a qualified MDSAP auditor (or audit team for larger organizations) to your facility for the comprehensive on-site assessment. Every process chapter is evaluated. Audit trails are followed from one chapter to the next. The auditor is looking at whether your processes actually work — not just whether you have procedures written.
TraccGlobal’s team prepares your key staff for every question they will face, conducts internal mock audits, and supports you on-site during the audit if needed.
Step 6 — Nonconformity Response & Closure
If the AO identifies nonconformities, you will need to respond with a documented root cause analysis and corrective action plan. The grade of each nonconformity determines how quickly you must respond and what evidence is required.
TraccGlobal prepares all nonconformity responses, ensuring they are technically sound, satisfy auditor requirements, and genuinely address the underlying process gaps to prevent repeat findings.
Step 7 — Certificate Issuance & Regulatory Submission
Once nonconformities are resolved and the AO is satisfied, your MDSAP certificate is issued. This certificate — along with your audit reports — is then submitted to the regulatory authorities in your target MDSAP countries as part of your market authorization applications.
TraccGlobal supports the subsequent regulatory filings in Canada (Health Canada device license), Australia (TGA Conformity Assessment), and other countries as required.
Benefits of MDSAP Certification — Why It's Worth the Investment
The upfront investment in MDSAP certification delivers returns across multiple dimensions:
1. Multi-Market Access from One Audit Instead of managing five separate regulatory audit cycles, one MDSAP cycle satisfies US, Canadian, Australian, Brazilian, and Japanese regulatory requirements. This is both time-saving and cost-effective over a 3-year horizon.
2. Reduced FDA Inspection Frequency For manufacturers without a history of quality deficiencies, the FDA accepts MDSAP audit reports as a substitute for routine FDA facility inspections. Fewer unannounced inspections means fewer disruptions to your manufacturing operations.
3. Mandatory Requirement for Canada Since January 1, 2019, any manufacturer of Class II, III, or IV medical devices seeking or maintaining a Canadian Medical Device License must hold a valid MDSAP certificate. There is no alternative pathway for these device classes.
4. Strengthened QMS Across Your Organization The rigorous MDSAP audit approach forces genuine improvements to your quality management system. Manufacturers who complete MDSAP consistently report stronger complaint handling, better supplier controls, and more robust CAPA processes — which reduces product quality issues in the market.
5. Competitive Advantage Holding MDSAP certification signals to distributors, hospital procurement teams, and buyers in MDSAP countries that your quality system has been validated to the highest international standard. In tender processes and supplier qualification, it often becomes a decisive differentiator.
6. Transparency in Regulatory Relationships The MDSAP creates a shared, standardized audit report accessible to all five regulatory authorities. This transparency builds trust and can accelerate review timelines for marketing authorization applications in MDSAP countries.
MDSAP Certification Cost — What to Expect
We are asked about MDSAP certification cost frequently. The total investment depends on several factors:
Auditing Organization Fees: AO fees vary based on your organization’s size, number of sites, device complexity, and which MDSAP countries are in scope. Expect the audit fee alone to range from approximately USD 5,000 to USD 20,000+ for the initial certification, depending on scope. Surveillance audits are typically lower in cost than the initial.
QMS Preparation Costs: If your QMS needs significant remediation to meet MDSAP requirements, preparation costs — including consultant time, document development, and internal training — should be factored in. The better your existing ISO 13485 QMS, the lower your preparation cost will be.
Country-Specific Filing Fees: After MDSAP certification, country-specific license fees apply — for instance, Health Canada Medical Device License application fees for Canadian market authorization.
TraccGlobal Consulting Fees: We provide transparent, fixed-scope consulting engagements. Contact us at traccglobal.com/contact/ for a free gap assessment and cost estimate tailored to your organization.
The key insight on cost: MDSAP certification typically costs less over a 3-year period than maintaining five separate national audits — especially when you factor in the value of reduced FDA inspection frequency.
How TraccGlobal Supports Your MDSAP Certification Journey
At TraccGlobal, we have guided manufacturers across India, Europe, Asia, and North America through MDSAP certification. Our regulatory consultants understand not just the ISO 13485 foundation but the specific country-level regulatory nuances that make MDSAP more demanding than a standard QMS audit.
Here is what working with TraccGlobal on MDSAP looks like:
| TraccGlobal Service | What We Deliver |
|---|---|
| MDSAP Gap Assessment | Structured analysis of your current QMS vs. MDSAP process chapter requirements for your target countries |
| QMS Remediation | Procedure development, documentation rebuilding, country-specific regulatory coverage |
| Mock MDSAP Audit | Internal audit using MDSAP audit process and grading system — so you know exactly what to expect |
| AO Selection Support | Help choosing the right Auditing Organization for your geography, device scope, and timeline |
| Stage 1 Documentation Review | Full review and correction of all documents before AO submission |
| On-Site Audit Support | TraccGlobal regulatory expert available during the audit to support your team |
| Nonconformity Response | Root cause analysis, corrective action planning, and AO response preparation |
| Post-Certification Regulatory Filing | Support for Health Canada license, TGA Conformity Assessment, and other country-specific filings |
| Annual Surveillance Preparation | Ongoing QMS support and readiness for Year 1 and Year 2 surveillance audits |
| ISO 13485 + MDSAP Combined | If you need both simultaneously, we plan and execute the integrated journey |
Our team also supports MDSAP certification in combination with CE Marking (EU MDR), US FDA 510(k), and CDSCO registration in India — so if you are building a global market entry strategy, TraccGlobal provides a single point of expertise across all jurisdictions. Visit traccglobal.com/services/ to see our full regulatory services portfolio.
Frequently Asked Questions (FAQ) — CDSCO Medical Device Registration
Q1. What is MDSAP full form and what does it stand for?
MDSAP full form is Medical Device Single Audit Program. It is an international audit program developed under the International Medical Device Regulators Forum (IMDRF) that allows a single quality management system audit of a medical device manufacturer to satisfy the regulatory requirements of five participating countries: the USA, Canada, Australia, Brazil, and Japan.
Q2. Which MDSAP countries participate in the program?
The five full MDSAP countries are the United States (FDA), Canada (Health Canada), Australia (TGA), Brazil (ANVISA), and Japan (MHLW/PMDA). Additionally, five affiliate member countries — Argentina, Indonesia, Israel, South Korea, and Singapore — accept MDSAP reports for their own regulatory purposes, giving manufacturers potential access to up to 10 markets from one audit.
Q3. Is MDSAP certification mandatory?
MDSAP certification is legally mandatory in Canada for manufacturers of Class II, III, and IV medical devices seeking to obtain or maintain a Canadian Medical Device License. In the US, Australia, Brazil, and Japan, it is not legally mandatory but is highly strategic — the FDA accepts MDSAP reports in place of routine inspections, and Australia’s TGA uses MDSAP reports as key conformity assessment evidence.
Q4. What is the MDSAP audit approach?
The MDSAP audit approach is a structured, process-based, risk-driven audit methodology organized into seven process chapters: Quality Management System, Device Marketing Authorization & Facility Registration, Measurement/Analysis/Improvement, Design & Development, Production & Service Controls, Purchasing, and Customer-Related Processes. Auditors trace audit trails between chapters, evaluating how your QMS actually functions rather than just reviewing documentation. Nonconformities are scored using a 1–5 point grading system based on direct vs. indirect QMS impact and first vs. repeat occurrence.
Q5. How long does MDSAP certification take?
For a manufacturer with a well-established ISO 13485 QMS, the MDSAP certification process typically takes 9–14 months from engagement to certificate issuance. Organizations with significant QMS gaps may require 12–18 months. TraccGlobal has helped organizations with strong QMS foundations achieve MDSAP certification in as few as 7–8 months through structured preparation and focused remediation.
Q6. What is the difference between MDSAP and ISO 13485?
ISO 13485 is an international QMS standard for medical devices. MDSAP is a regulatory audit program built on the ISO 13485 foundation but adding country-specific requirements for each of the five participating regulatory authorities. MDSAP audits are more rigorous, involve more audit days, use a different nonconformity grading system (1–5 points vs. major/minor), and produce reports that are shared directly with regulators. ISO 13485 alone does not satisfy Health Canada’s mandatory MDSAP requirement for Class II–IV device licenses.
Q7. Can manufacturers outside the USA and Canada get MDSAP certification?
Yes. Any manufacturer anywhere in the world can pursue MDSAP certification, as long as at least one of their products falls under the regulatory scope of at least one MDSAP participating country. Indian, European, Chinese, and Southeast Asian manufacturers commonly pursue MDSAP to support market entry into North American and Pacific markets.
Q8. What is the MDSAP nonconformity grading system?
MDSAP uses a unique points-based nonconformity grading system ranging from 1 to 5. Nonconformities are scored based on two factors: their impact on device safety and performance (direct or indirect QMS impact) and their frequency of occurrence (first-time or repeat). Escalation rules add additional points if there is an absence of a documented procedure or if a nonconforming device was released to market. If an AO finds three or more Grade 4 nonconformities, or one or more Grade 5 nonconformities, it must report to regulators within five business days.
Q9. How does the FDA use MDSAP audit reports?
The US FDA accepts MDSAP audit reports as a substitute for routine FDA facility inspections. This means that manufacturers with a valid MDSAP certificate and a clean compliance history are significantly less likely to receive an unannounced FDA inspection. The FDA still reserves the right to inspect in cases of product recalls, adverse event investigations, or other enforcement triggers.
Q10. Does Australia require MDSAP certification?
Australia’s TGA does not make MDSAP mandatory, but it uses MDSAP audit reports as key evidence in the assessment of Conformity Assessment Certificate applications. Manufacturers who hold a TGA Conformity Assessment Certificate and are MDSAP-certified benefit from a streamlined ‘desktop review’ process by the TGA, rather than a full on-site assessment.
Q11. How does Health Canada use MDSAP?
Since January 1, 2019, Health Canada requires all manufacturers applying for or maintaining a Canadian Medical Device License for Class II, III, or IV devices to hold a valid MDSAP certificate. The MDSAP certificate has effectively replaced the ISO 13485 certificate for this purpose in Canada. Class I device manufacturers are not required to hold MDSAP certification in Canada.
Q12. How does TraccGlobal help with MDSAP certification?
TraccGlobal provides end-to-end MDSAP consulting — from initial gap assessment and QMS remediation through Stage 1 documentation preparation, on-site audit support, nonconformity response management, and post-certification regulatory filings in MDSAP countries. Our team has direct experience with MDSAP country-specific requirements for the US, Canada, Australia, Brazil, and Japan. Contact us at traccglobal.com/contact/ for a free initial consultation.
Our Services
Let Us Know Your Requirements
Call Emergency
+918868886774
What Our Clients Says
Real feedback from our happy clients about our quality and service.
