Pillarstone Quality

How to Conduct an MDSAP Internal Audit (Complete Guide) 

Book Free Consultation

An MDSAP internal audit is a critical requirement for medical device manufacturers preparing for or maintaining MDSAP certification. Internal audits help ensure your quality management system (QMS) complies with ISO 13485 and MDSAP regulatory requirements, is effectively implemented, and is ready for scrutiny by regulatory authorities such as the FDA and Health Canada. 

This guide explains how to conduct an MDSAP internal audit, who is qualified to perform one, and how PillarStone Quality can support your organization with expert MDSAP audit readiness and internal audit services. 

What Is an MDSAP Internal Audit? 

An MDSAP internal audit is a systematic, independent, and documented examination of your medical device QMS to determine whether:

  • It conforms to ISO 13485 and MDSAP audit model requirements 
  • Applicable regulatory authority requirements (FDA, Health Canada, TGA, ANVISA, PMDA) are addressed 
  • It is effectively implemented and maintained 
  • It supports regulatory compliance and patient safety objectives 

Internal audits are a mandatory requirement under ISO 13485:2016 (Clause 8.2.4) and a foundational expectation for successful MDSAP audits. 

Book Free Consultation

Who Is Qualified to Conduct an MDSAP Internal Audit? 

MDSAP does not require internal auditors to be externally certified, but auditors must be competent, objective, and independent of the activities being audited. 

Qualified MDSAP internal auditors should: 

  • Have formal training in ISO 13485, the MDSAP audit model, and regulatory requirements 
  • Understand medical device processes, risk management, and regulatory obligations 
  • Be able to conduct process-based, evidence-driven audits 
  • Remain impartial and free from conflicts of interest

Many organizations engage an external MDSAP expert to conduct internal audits—especially when internal resources are limited or independent regulatory perspective is required. 

Step-by-Step MDSAP Internal Audit Process 

1

Plan the Audit 

  • Develop an internal audit schedule aligned to the MDSAP audit cycle 
  • Define audit scope (processes, sites, and regulatory authorities) 
  • Establish audit criteria using: 
  • ISO 13485 clauses 
  • MDSAP audit model tasks 
  • Applicable country-specific regulations 
  • Assign trained, independent auditors (internal or PillarStone Quality experts) 
2

Prepare the MDSAP Audit Checklist

  • Use an MDSAP internal audit checklist aligned to the official MDSAP audit model. This ensures: 
  • Complete process coverage 
  • Regulatory traceability 
  • Consistent evidence collection 
  • Generic ISO checklists are insufficient for MDSAP audits. 
3

Conduct the Audit

  • Hold an opening meeting with management and process owners 
  • Collect objective evidence through:  
  • Interviews  
  • Record and document review 
  • Observation of processes 
  • Identify and document: 
  • Conformities 
  • Opportunities for improvement 
  • Nonconformities (minor or major) 
  • Audits should follow the process-based sequence used by MDSAP auditors. 
4

Report the Results

  • Prepare a detailed MDSAP internal audit report 
  • Clearly document: 
  • Nonconformities 
  • Regulatory impact 
  • Recommended corrective actions 
  • Communicate results to management and process owners 
5

Corrective Action and Follow Up

  • Perform root cause analysis for each nonconformity 
  • Implement and verify corrective actions 
  • Confirm effectiveness through follow-up audits or verification activities 

This step is essential for CAPA effectiveness and MDSAP surveillance audits. 

Book Free Consultation

Best Practices for Effective MDSAP Internal Audits 

  • Maintain auditor independence 
  • Audit based on risk and regulatory impact, not just documentation 
  • Use MDSAP-specific tools and templates 
  • Review results during management review 
  • Engage qualified third-party experts for objectivity and regulatory insight 
PillarStone Why Choose Us

Why Choose PillarStone Quality

When you work with PillarStone Quality

Food safety expertise

Deep knowledge of ISO 22000, HACCP, FSMA, and global food safety requirements.

Solutions

Customized FSMS solutions

Tailored to your operations never a one-size-fits-all template. 

Track Record

End-to-End Support

From gap assessment to certification and ongoing surveillance audits. 

Support

Proven Track Record

Trusted by food and beverage organizations across North America. 

Partnership

Long-term partnership

We don’t just help you get certified—we help you stay compliant and continuously improve food safety performance.