
MDSAP Certification Consulting
One audit, five markets — Medical Device Single Audit Program readiness for Australia, Brazil, Canada, Japan and the USA, built on your ISO 13485 system and run so the audit lands cleanly.
Service Overview
MDSAP — the Medical Device Single Audit Program — solves an expensive problem: a device company selling in several countries used to face a separate regulatory audit for each. MDSAP replaces that with a single audit, conducted by an authorised auditing organisation, that is recognised by the regulators of five participating markets — Australia, Brazil, Canada, Japan and the United States. One audit, accepted by five authorities, instead of five audits eating your calendar.
For some of those markets, MDSAP is not just convenient but effectively required. Canada, in particular, requires MDSAP certification for its medical-device licences, so for any manufacturer targeting the Canadian market it is a gateway rather than an option. For the others it is an accepted route that can replace or reduce routine regulatory inspections, which is why manufacturers with genuine multi-market ambitions gravitate to it.
The audit is built on ISO 13485, so if you already run a solid ISO 13485 quality management system you are most of the way there. MDSAP adds a specific audit model — a defined set of processes examined in a defined sequence — and layers on the particular regulatory requirements of each of the five countries. The task is less about building a new system than about extending and organising your existing one to satisfy the model and the country-specific overlays.
That country-specific layer is where inexperience shows. MDSAP does not ask you to satisfy five frameworks in the abstract; the audit weaves each participating regulator’s requirements into the process areas it examines. An auditor looking at your management or your device-marketing-authorisation processes is also checking the specific obligations of Canada, the US, Brazil, Australia and Japan as they touch those processes. Anticipating that is the difference between a smooth audit and a long list of nonconformities.
MDSAP also fits naturally into a broader regulatory strategy. The same ISO 13485 foundation supports CE marking, a CDSCO manufacturing licence, and FDA expectations under QMSR, so the work you do for MDSAP strengthens your position well beyond the five member countries. Built with the whole picture in mind, MDSAP becomes a multiplier rather than a standalone cost.
We take you from a gap assessment against the MDSAP audit model and the country-specific requirements, through the work to close those gaps, into full readiness for the audit itself — including a rehearsal that mirrors the MDSAP process sequence so the real audit holds no surprises.
Key Takeaways
- MDSAP lets a single audit satisfy the device regulators of five countries at once.
- It is mandatory in Canada and widely accepted elsewhere, so it collapses audit fatigue for exporters.
- The audit is built on ISO 13485 plus each country’s specific requirements.
One Audit, Five Markets: How MDSAP Works
MDSAP is a program under which a single audit of your quality management system, performed by an authorised auditing organisation, is accepted by the regulatory authorities of five countries. Instead of hosting Health Canada, the TGA, ANVISA, the PMDA and the FDA-recognised processes separately, you host one audit built to a common model, and the result is recognised across all of them. For a multi-market manufacturer, the saving in disruption, cost and management time is substantial.
The audit follows a defined model organised around core processes — management, measurement and analysis, design and development, production and service controls, purchasing, and the crucial device marketing authorisation and facility registration process — audited in a set sequence with defined linkages between them. Understanding that model is central to preparing well, because the auditor moves through it in a structured way rather than roaming freely.
- Participating markets: Australia, Brazil, Canada, Japan, USA.
- Canada requires MDSAP for its medical-device licences.
- One audit by an authorised auditing organisation, recognised by all five.
Built on ISO 13485 — With Additions
The foundation of MDSAP is ISO 13485, so a manufacturer with a mature 13485 system is not starting from scratch. What MDSAP adds is, first, the specific audit model and its process sequence, and second, the regulatory requirements of each participating country woven into the relevant processes. Your existing quality system provides the structure; MDSAP organises and extends it to meet the model and the overlays.
We assess your ISO 13485 system against the MDSAP model and identify precisely where it needs extending — usually in the marketing-authorisation and facility-registration process, in specific record and reporting requirements, and in the country-specific obligations. Because the base is already there, the work is targeted rather than wholesale, which keeps MDSAP proportionate for a company that has already invested in a real quality system.
The Country-Specific Requirements That Catch People Out
The genuinely MDSAP-specific challenge is the country layer. Each participating regulator has its own requirements — Canada’s licensing and reporting rules, the US expectations, Brazil’s ANVISA requirements, Australia’s TGA obligations, Japan’s PMDA requirements — and MDSAP checks these not as a separate module but as they intersect with the process areas being audited. An auditor examining your reporting processes is simultaneously checking whether you meet each country’s adverse-event and reporting obligations.
This is where a generic ISO 13485 preparation falls short and where our experience earns its place. We map each participating country’s requirements onto the specific processes where the auditor will look for them, so your system demonstrably satisfies all five as the audit moves through its sequence — rather than satisfying the model in the abstract while missing a country-specific obligation that generates a nonconformity.
Grading, Nonconformities and What They Mean
MDSAP uses a defined grading system for nonconformities, scoring findings by their nature and significance, and the grade attached to a finding affects the consequences and the follow-up required. A cluster of higher-graded nonconformities is a serious matter that can jeopardise the certification and, by extension, market access in the participating countries. Understanding how the grading works helps you prioritise your preparation on the areas where a finding would hurt most.
We prepare you with the grading model in mind, focusing effort on the processes and requirements where nonconformities carry the greatest weight. And if findings do arise, we help you respond with the corrective action and evidence the program expects, so issues are closed cleanly rather than lingering and escalating. The aim is a certification that stays solid, not one that limps through and then wobbles at the next surveillance audit.
- Nonconformities are graded by nature and significance.
- Higher-graded findings can threaten certification and market access.
- Preparation should concentrate where a finding costs the most.
Getting Audit-Ready: The Rehearsal
As with any audit that tests a live system, the best preparation for MDSAP is a genuine rehearsal. We run a mock MDSAP audit that follows the program’s actual process sequence and applies the auditor’s technique, so your team experiences the flow, the linkages between processes, and the country-specific probing before the real thing. A mock audit finds the gaps while you still control the outcome and builds the confidence that keeps a real audit calm.
Beyond the rehearsal, readiness means the everyday disciplines that make the system real: internal audits that actually look for problems, management reviews with substance, and CAPA that closes. MDSAP does not reward a system dusted off for the occasion; it rewards one that is genuinely lived. We help you build that habit so the audit is a checkpoint on a well-run system rather than an event you brace for.
MDSAP Within Your Wider Strategy
MDSAP is most powerful when it is part of a coherent global plan rather than a standalone certificate. The ISO 13485 foundation it rests on is the same foundation behind CE marking, CDSCO manufacturing and FDA compliance under QMSR, so the investment radiates outward. A manufacturer building towards several markets can treat MDSAP as one facet of a single, well-run quality system rather than another separate obligation.
We plan MDSAP with that whole picture in view, so the work reinforces your ISO 13485 certification, your FDA 21 CFR Part 820 readiness and your other market approvals. Approached this way, five markets’ worth of audit assurance comes largely as a by-product of running one genuinely good quality system — which is exactly what MDSAP was designed to reward.
Where MDSAP Audits Actually Go Sideways
When an MDSAP audit turns painful, it is almost never because the manufacturer lacked a quality system — it is because the system was ISO 13485-shaped but not MDSAP-shaped. The classic failure is treating the audit as a generic 13485 assessment and being caught out by the country-specific overlays woven into it: an adverse-event reporting obligation for one market that was never built into the process, a marketing-authorisation record another country expects, a linkage between processes the auditor follows that the company never mapped. Each is a nonconformity that a little foresight would have prevented.
The other recurring problem is the marketing-authorisation and facility-registration process, which sits at the heart of the MDSAP model and is often the least developed part of a manufacturer’s system. It is the process that ties the quality system to the actual regulatory status of the device in each market, and auditors examine it closely. We give it particular attention in preparation precisely because it is where under-prepared companies most often stumble — turning what should be a controlled process into a scramble of missing records during the audit itself.
Countries Covered by One MDSAP Audit
| Country | Regulator | Status |
|---|---|---|
| Canada | Health Canada | Mandatory |
| USA | FDA | Accepted |
| Australia | TGA | Accepted |
| Brazil | ANVISA | Accepted |
| Japan | MHLW / PMDA | Accepted |
Required Documentation
"Accurate documentation is 70% of the battle. Our experts pre-audit every file before submission."
Our Delivery Workflow
Gap Assessment
We assess your ISO 13485 system against the MDSAP model and the five countries’ requirements.
Extend & Map
We extend the system and map each country’s obligations onto the processes the auditor examines.
Mock Audit
We run a rehearsal following the real MDSAP process sequence to surface gaps early.
Audit Support
We support you through the certification audit and any corrective actions to a clean result.
Frequently Asked Questions
Have questions? Find direct, humanized answers about the regulatory approvals and timelines.

Launch Your Product In Record Time
Red tape shouldn't decide your launch date. We keep the paperwork moving and the queries answered, so approvals come through sooner.