The Single Audit Dream: MDSAP's Original Vision vs. Reality

How the Medical Device industry's quest for "one audit to rule them all" transformed global compliance

In the early 2010s, medical device manufacturers faced a daunting reality: expanding into global markets meant subjecting their organizations to a relentless cycle of regulatory audits. 

Each jurisdiction demanded its own assessment, creating a burden that consumed resources, disrupted operations, and delayed market access for life-saving technologies.

From this frustration emerged an ambitious vision that would reshape international Medical Device regulation. As Lawrence Yeh, a senior consultant, recently explained on an AKRA TEAM webinar: "The original intention was to create a single audit that, if conducted, could satisfy the needs of more than one regulatory jurisdiction. In other words, instead of having separate audits for every single region, what if there was a way to, somehow, combine them? So, the clue is in the title, MDSAP: a Medical Device Single Audit Program, one audit to rule them all."

More than a decade later, the Medical Device Single Audit Program represents one of the most significant achievements in regulatory harmonization. Yet its journey from concept to implementation reveals both the possibilities and limitations of international cooperation in Medical Device oversight.

The Pre-MDSAP Audit Burden: Multiple Jurisdictions, Multiple Audits

Before MDSAP, manufacturers seeking global market access faced a punishing audit schedule. 

A typical company targeting major markets might undergo separate quality system audits from Health Canada, the U.S. FDA, Brazil's ANVISA, Japan's PMDA, and Australia's TGA within a single year.

Each audit brought unique requirements, different auditor expectations, and jurisdiction-specific interpretations of quality management principles. Manufacturers maintained separate documentation files and controls, prepared different presentations for each audit team, and allocated significant personnel resources to manage overlapping but distinct compliance requirements.

The pre-MDSAP era forced manufacturers to treat regulatory compliance as a series of separate, resource-intensive events rather than an integrated business process.

Small and medium-sized manufacturers suffered disproportionately from this burden. While large corporations could dedicate teams to managing multiple regulatory relationships, smaller companies often delayed international expansion or abandoned certain markets entirely due to the audit complexity and costs involved.

The inefficiency extended beyond individual companies to regulatory authorities themselves. Each agency duplicated efforts in assessing fundamentally similar quality management systems, creating redundant work that diverted resources from other critical oversight activities.

The Genesis of the Single Audit Concept

The single audit concept emerged from recognition that regulatory authorities shared common goals despite different approaches. 

All sought to ensure medical device safety and effectiveness through robust quality management systems, primarily based on ISO 13485 principles.

The breakthrough insight was distinguishing between audit harmonization and regulatory harmonization. Rather than attempting to align different countries' regulatory requirements - a politically and technically challenging endeavor - the focus shifted to creating a unified approach to assessing compliance with existing requirements.

The genius of MDSAP lay in recognizing that harmonizing how compliance is assessed could deliver significant benefits without requiring countries to abandon their regulatory sovereignty.

This approach acknowledged practical realities about international cooperation. Countries remained committed to their regulatory frameworks, which reflected unique legal traditions, risk tolerances, and healthcare system characteristics. However, they could agree on standardized methods for evaluating whether manufacturers met these requirements.

The Global Harmonization Task Force (GHTF) provided the initial forum for developing these concepts, bringing together regulatory experts from major Medical Device markets to explore harmonization opportunities.

GHTF to IMDRF: The Evolution of International Cooperation

The transition from GHTF to the International Medical Device Regulatory Forum (IMDRF) in 2011-2012 marked a critical evolution in international regulatory cooperation. 

While GHTF had successfully developed guidance documents and fostered dialogue, IMDRF represented a more formal commitment to operational harmonization programs.

MDSAP became IMDRF's flagship initiative, demonstrating that regulatory authorities could move beyond guidance development to create functional, operational programs. The MDSAP Regulatory Authority Council brought together representatives from Australia, Brazil, Canada, Japan, and the United States in an unprecedented level of cooperation.

IMDRF transformed regulatory harmonization from an aspirational concept to an operational reality with measurable benefits for manufacturers and regulators alike.

The program's structure reflected careful attention to sovereignty concerns. Each participating regulatory authority retained final decision-making power over market authorization within its jurisdiction, while agreeing to accept MDSAP audit results as satisfying their quality system assessment requirements.

This balance between cooperation and autonomy proved crucial for securing regulatory authority participation. Countries could benefit from the unified auditing system while maintaining control over their regulatory decisions.

Why Harmonizing Audits, Not Regulations, Was the Chosen Path

The decision to focus on audit harmonization rather than regulatory harmonization reflected both pragmatic and strategic considerations. 

Regulatory harmonization would have required extensive legal and policy changes within each jurisdiction, creating significant political and bureaucratic obstacles.

Audit harmonization offered a more achievable path to meaningful benefits. The MDSAP Audit Approach document could reference existing regulatory requirements from each jurisdiction while providing standardized methodologies for assessment.

Given the 80/20 rule, audit harmonization may have provided 80% of the benefits of full regulatory harmonization with just 20% of the political and technical complexity.

This approach also acknowledged the reality that different regulatory frameworks often achieved similar outcomes through different means. Rather than forcing convergence on specific requirements, MDSAP allowed auditors to assess compliance with each jurisdiction's requirements using consistent methodologies.

The process-based audit approach, incorporating risk management principles throughout, represented a sophisticated compromise that satisfied technical experts while remaining politically acceptable to regulatory authorities concerned about maintaining their distinct regulatory identities.

Implementation Challenges and Early Adoption

MDSAP's launch in 2014 faced significant implementation challenges that tested the program's viability. 

Training auditors to assess compliance with five different regulatory frameworks within a single audit required extensive education programs and ongoing performance monitoring.

Early participating manufacturers served as unofficial beta testers, helping identify gaps between theoretical audit approaches and practical implementation realities. The learning curve proved steeper than anticipated for both auditors and manufacturers.

Early MDSAP implementation revealed the difference between designing harmonized processes on paper and executing them effectively in real-world audit environments.

Health Canada's 2016 decision to require MDSAP certification for Canadian market access created a crucial inflection point. This mandate transformed MDSAP from an optional efficiency program to a market access requirement, driving rapid adoption and revealing scalability challenges.

Auditing organizations scrambled to train sufficient auditors and develop operational procedures for the more complex MDSAP assessments. Some manufacturers experienced longer-than-expected certification timelines as the system adapted to increased demand.

Current State: Promise Delivered or Compromised?

Nearly a decade after its launch, MDSAP has largely delivered on its core promise of reducing audit burden for manufacturers. 

Companies participating in the program report significant resource savings and improved predictability in their compliance processes.

However, the program's evolution also reveals limitations in the original vision. The hoped-for expansion beyond the initial five jurisdictions has been slower than anticipated, with the European Union remaining notably absent despite observer status.

MDSAP succeeded brilliantly at what it attempted but fell short of the transformational global impact many initially envisioned.

The program's focus on established medical device companies has also raised questions about accessibility for innovative startups and companies developing novel technologies like Software as Medical Device.