MDSAP allows one audit by a recognized auditing organization to satisfy regulatory requirements for five markets simultaneously — the US, Canada, Australia, Brazil, and Japan. Affinity QMS provides the ISO 13485-aligned QMS infrastructure that MDSAP audits assess, so you enter your audit with complete, organized evidence across all seven MDSAP processes.
The Medical Device Single Audit Program (MDSAP) is a cooperative program administered by the participating regulatory authorities that allows a single on-site audit of a medical device manufacturer's quality management system to satisfy the requirements of multiple regulatory jurisdictions simultaneously. The MDSAP audit is conducted by MDSAP-recognized auditing organizations (AOs) against ISO 13485:2016 with country-specific regulatory requirements layered on top.
United States
FDA
CDRH & CDER
Canada
Health Canada
Required since 2019
Australia
TGA
Therapeutic Goods Administration
Brazil
ANVISA
Brazilian Health Regulatory Agency
Japan
MHLW / PMDA
Ministry of Health, Labour and Welfare
The Seven MDSAP Audit Processes
Management
Measurement, Analysis & Improvement
Design
Purchasing
Production & Service Controls
Supporting Processes
Complaint Handling & Post-Market Surveillance
Every MDSAP audit process maps to Affinity QMS modules. Enter your MDSAP audit with complete, organized evidence — not a scramble to locate records.
| MDSAP Process | What Auditors Assess | Affinity QMS Module | Evidence Generated |
|---|---|---|---|
| Process 1: Management | Quality policy, management review, organizational roles, QMS planning | QMS Core + Document Control | Quality Manual, management review records, organizational charts, QMS scope documentation |
| Process 2: Measurement | Internal audits, CAPA, data analysis, management review inputs | Audit Management + CAPA Management | Audit plans, audit reports, CAPA records, trend analysis reports, effectiveness verification records |
| Process 3: Design | Design and development planning, inputs, outputs, review, verification, validation, transfer | DHF / DMR + Risk Management | Design History File, Device Master Record, risk management file, design reviews, V&V records |
| Process 4: Purchasing | Supplier evaluation, qualification, monitoring, purchasing controls | Supplier Management | Approved vendor list, supplier qualification records, purchasing specifications, incoming inspection records, supplier audit records |
| Process 5: Production | Production planning, process validation, device history records, device identification and traceability | Validation Protocol Engine + QMS Core | Process validation records (IQ/OQ/PQ), batch/DHR records, device traceability records, process monitoring data |
| Process 6: Supporting | Document control, training, infrastructure, work environment, measurement equipment | Document Control + Training Management | Document library, training records, competency assessments, equipment calibration records, change control records |
| Process 7: Complaint Handling | Complaint intake, MDR/vigilance reporting, post-market surveillance, field corrections and recalls | Complaint Management | Complaint records, MDR report documentation, PMS data, trending reports, field correction/recall records |
Three buyer profiles are actively searching for MDSAP-ready QMS solutions. Affinity QMS serves all three.
Device Company Entering the Canadian Market
Health Canada has required MDSAP since 2019 for most medical device manufacturers. A company with FDA clearance seeking Health Canada medical device licensing must undergo MDSAP. Needs an ISO 13485-compliant QMS that generates MDSAP audit evidence across all seven processes — without building a second QMS for Canada.
Multi-Market Device Manufacturer
Selling or planning to sell in multiple MDSAP-participating countries (US, Canada, Australia, Brazil, Japan). Wants one audit cycle to satisfy all five regulatory bodies. Recognizes that maintaining separate QMS documentation for each country is operationally unsustainable. MDSAP consolidates five compliance programs into one.
Contract Manufacturer Winning Global Clients
Contract device manufacturer whose OEM clients include global brands requiring MDSAP certification as a supplier qualification standard. Needs MDSAP-ready documentation and record management across all seven MDSAP processes. MDSAP certification differentiates the CMO in competitive bid situations.
MDSAP sits at the intersection of ISO 13485, FDA QMSR, and international device regulatory requirements. Explore the related frameworks.
MDSAP is currently recognized by five regulatory authorities: the United States (FDA), Canada (Health Canada), Australia (TGA — Therapeutic Goods Administration), Brazil (ANVISA — National Health Surveillance Agency), and Japan (MHLW — Ministry of Health, Labour and Welfare). A successful MDSAP audit conducted by a recognized auditing organization satisfies the regulatory requirements of all five jurisdictions simultaneously. Additional countries may join the program in the future — Brazil and Japan joined after the initial US, Canada, Australia pilot.
MDSAP is not required by FDA for domestic US device manufacturers — it is voluntary from FDA's perspective. However, FDA recognizes MDSAP audit reports as a substitute for FDA routine surveillance inspections. Manufacturers who participate in MDSAP are less likely to receive a separate FDA inspection. For Health Canada, MDSAP has been effectively mandatory since 2019 for most medical device manufacturers seeking a Medical Device Establishment License (MDEL) — making MDSAP a practical requirement for any manufacturer intending to sell devices in Canada.
MDSAP audit duration depends on the complexity of the manufacturer's quality management system, the number of sites, and the scope of devices manufactured. A typical initial MDSAP audit for a single-site manufacturer takes 5–8 audit days. This includes the document review phase and the on-site assessment. Subsequent surveillance audits (conducted annually) are typically shorter — 2–4 days. Recertification audits (every three years) are similar in scope to the initial audit. The auditing organization calculates the specific audit duration using the MDSAP audit time model before scheduling.
The MDSAP audit model is a structured, process-based assessment of the manufacturer's QMS organized into seven process areas (Management, Measurement, Design, Purchasing, Production and Service Controls, Supporting Processes, and Complaint Handling). The auditing organization follows a standardized audit approach developed by the participating regulatory authorities. Audit findings are graded on a five-level scale (Grade 1–5) rather than the binary acceptable/not acceptable. Health Canada, FDA, and other participating regulators review the MDSAP audit report and take regulatory action — if needed — based on the findings. A clean MDSAP audit effectively functions as regulatory approval of your QMS across all five participating jurisdictions.
Affinity QMS is organized around the same seven process areas that MDSAP auditors assess. When your auditing organization requests evidence for each process, Affinity QMS generates audit-ready report packages: Process 1 (Management) — Quality Manual, management review records, quality policy; Process 2 (Measurement) — internal audit reports, CAPA records, trend analysis; Process 3 (Design) — complete Design History File, risk management file; Process 4 (Purchasing) — approved vendor list, supplier qualification records; Process 5 (Production) — validation records, batch records, traceability; Process 6 (Supporting) — document library, training records, calibration records; Process 7 (Complaint Handling) — complaint records, MDR reports, PMS data. Having all of this organized and immediately accessible is the difference between a smooth MDSAP audit and a stressful one.
MDSAP audits are generally considered more rigorous than standard ISO 13485 third-party certification audits because: (1) MDSAP incorporates country-specific regulatory requirements from five jurisdictions on top of ISO 13485, which adds additional assessment criteria; (2) MDSAP auditing organizations are evaluated and recognized by actual regulatory authorities — not just accreditation bodies — which creates additional accountability; (3) The MDSAP audit model includes specific process linkages and traceability requirements that go beyond what a typical ISO 13485 certification audit assesses; and (4) Audit findings are reviewed by regulatory authorities, not just accreditation bodies. Manufacturers who pass MDSAP audits consistently have robust, well-documented QMS systems — which is exactly what Affinity QMS is designed to support.
One audit. Five regulatory bodies. Affinity QMS organizes your QMS documentation across all seven MDSAP processes so your audit team walks in ready — not scrambling.