How to Conduct an MDSAP Internal Audit: Complete Guide
An MDSAP internal audit is a critical requirement for medical device manufacturers striving to maintain MDSAP certification. These audits verify that your Quality Management System (QMS) complies with ISO 13485 and specific regulatory requirements from authorities like the FDA and Health Canada. As a mandatory requirement under ISO 13485:2016 (Clause 8.2.4), internal audits ensure your organization is ready for high-intensity regulatory scrutiny.
What Is an MDSAP Internal Audit?
This systematic and independent examination determines whether your medical device QMS:
- Conforms to ISO 13485 and the official MDSAP audit model.
- Addresses country-specific requirements for FDA (USA), Health Canada, TGA (Australia), ANVISA (Brazil), and PMDA (Japan).
- Is effectively implemented to support patient safety objectives and regulatory compliance.
Who Is Qualified to Audit?
While auditors do not require external certification, they must be competent, objective, and independent. Qualified internal auditors should:
- Have formal training in the MDSAP audit model and ISO 13485.
- Understand complex medical device processes and risk management.
- Be capable of conducting process-based, evidence-driven audits.
Many organizations engage external MDSAP experts to gain an independent regulatory perspective and supplement limited internal resources.
The 5-Step MDSAP Internal Audit Process
Plan the Audit
- Develop a schedule aligned with the MDSAP audit cycle, defining the scope across processes, sites, and specific regulatory authorities.
Prepare the MDSAP Audit Checklist
- Use a checklist aligned with the official MDSAP audit model to ensure regulatory traceability; generic ISO checklists are insufficient.
Conduct the Audit
- Collect objective evidence through interviews, document reviews, and process observations. Identify conformities and nonconformities using the process-based sequence favored by regulatory auditors.
Report the Results
- Prepare a detailed report documenting nonconformities, their regulatory impact, and recommended corrective actions.
Corrective Action and Follow Up
- Perform root cause analysis, implement solutions, and verify effectiveness to ensure CAPA success during future surveillance audits.
Best Practices for Effective Auditing
- Prioritize Risk : Audit based on regulatory impact rather than just documentation.
- Independence is Key : Ensure auditors remain impartial and free from conflicts of interest.
- Use Specialized Tools : Leverage MDSAP-specific templates to track findings efficiently.
- Review with Leadership : Discuss all audit results during management review meetings.
Why Choose PillarStone Quality
Proven MDSAP Framework
Structured, audit-aligned implementation roadmap
Regulatory Expertise
Deep experience with FDA, Health Canada, and global MDSAP authorities
End-to-End Support
From gap analysis through certification and surveillance audits
Cost-Effective Solution
More efficient than hiring and training internal regulatory staff
Audit-Focused Approach
Built around how MDSAP auditors actually audit