The Ultimate Guide to Medical Device Quality Assurance: Understanding Quality Assurance Processes in Canada

By: Ivy Tang, PRINCIPAL REGULATORY CONSULTANT, email

What is Medical Device Quality Assurance?

Medical devices in Canada encompass a broad spectrum of instruments utilized in the treatment, diagnosis, mitigation, and prevention of disease or physical ailments. These devices can vary from simple items like dental floss or bandages, to complex systems such as an ultrasound system or cardiac implantable electronic device.

Under the Canadian Food and Drugs Act, medical devices must meet stringent quality requirements to enter the Canadian market. The Medical Device Regulations require Class II, III, and IV devices to have a quality assurance system in place for their lifecycle (including design, production, installation, etc.) to ensure patient safety and product effectiveness.

Quality Management Systems (QMS) for Medical Devices

Previously, the Canadian Medical Device Conformity Assessment System (CMDCAS) was the regulatory framework ensuring that medical devices met safety and efficacy standards in Canada. Manufacturers needed to implement a Quality Management System (QMS) compliant with ISO 13485:2003, which involved document management, quality control, risk management, third party assessment by a Registration Body accredited by the Standards Council of Canada (SCC), certification, and auditing. This system was specific to Canada, requiring businesses to navigate multiple regulatory pathways for licencing and approval in other jurisdictions.

In efforts to move towards an internationally harmonized approach to medical device regulation, CMDCAS was replaced by the Medical Device Single Audit Program (MDSAP) in 2019. MDSAP incorporates ISO 13485:2016 standards and allows a single audit to satisfy the regulatory requirements of multiple countries, including Canada, US, Brazil, Australia, and Japan, thus reducing time and costs. The European Union and the World Health Organization participate as Official Observers but are not included in MDSAP.

In the MDSAP framework, Registration Bodies have been replaced by MDSAP-recognized Auditing Organization (AO), who can be contracted by manufacturers to conduct a QMS audit. However, it is important to note that regulatory requirements continue to vary by country. For example, Canada requires MDSP certification and will not accept an EN ISO 13485:2016 certificate used in the EU, while in Japan, MDSAP certification is not required if an on-site Japanese QMS audit is conducted.

Receiving MDSAP/ISO 13485:2016 Certification in Canada

To become MDSAP certified in Canada, the following broad steps should be taken:

1. Familiarize your organization with ISO 13485:2016: Understand the Quality Management System (QMS) requirements for medical devices outlined in this standard. MDSAP procedures, guidance documents, and training materials are available on the US FDA website and Health Canada website.

2. Plan and document your QMS: Develop and document your QMS, including standard operating procedures (SOPs). Train employees and conduct necessary internal audits or gap analyses. As a part of the document management, ensure that documented information is reviewed and updated regularly, and that personnel have the necessary qualifications and defined roles. Periodically review the QMS for continuous improvement, and ensure that you have the required resources, including human resources and infrastructure (facilities, equipment, etc.)

3. Select and contract an MDSAP Auditing Organization: Choose an MDSAP- recognized AO and be mindful of timeline and costs involved in the audit. A list of recognized AOs in Canada can be found here.

4. Prepare for the MDSAP Audit: The audit consists of two stages:
   1. Document Review: The auditor will review QMS documentation such as policies, procedures, and records to ensure compliance with regulatory requirements.
   2. On-Site Inspection. This stage includes interviews with personnel, observations of key processes and operations, and examination of records.

5. Address findings and non-conformities: The auditor will document findings and non-conformities. Your business must create and implement corrective action plans, document these actions along with root cause analysis, and address any identified issues. The auditor will follow up to ensure corrective actions have been properly implemented.

6. Obtain certification: If your QMS meets all requirements, the AO will issue an MDSAP certificate, valid for three years, with periodic surveillance audits. Updates to the certificate such as addition or removal of manufacturing sites, must be notified to Health Canada.

MDSAP Audit

The MDSAP audit sequence is designed to ensure a focused and efficient evaluation. It includes four primary processes and two supporting processes:

1. Management audit
   1. Purpose: To verify that the organization has an effective QMS for device design, quality assurance (QA), manufacturing, distribution, and servicing. It also assesses management’s commitment to the QMS.
   2. Example of activities: May include interviews with management to confirm their engagement and understanding of the QMS.

2. Device marketing authorization and facility registration audit:
   1. Purpose: To ensure compliance with regulatory requirements for licensing device facilities and performing necessary marketing authorization activities with regulatory authorities. For example, if a device is discontinued in Canada, the licensee must inform the Canadian Minister within 30 days as per the MDR.

3. Measurement, analysis, and improvement audit:
   1. Purpose: To verify that methods are in place to collect and analyze information related to the product design and development to identify non-conformities and take the appropriate corrective actions.
   2. Example of activities: Reviewing customer complaints and checking procedures to identify a ‘significant change’ for Class III or IV devices.

4. Adverse Events and Advisory Notice Reporting:
   1. Purpose: To verify that the business is reporting device-related adverse events to regulatory authorities and maintaining accurate records.

5. Design and development audit:
   1. Purpose: To verify that controls are in place to ensure the device meets user needs, intended uses, and specific requirements.
   2. Example of activities: Reviewing design inputs, outputs, and results to ensure they align with specified criteria.

6. Production and Service Controls audit
   1. Purpose: To confirm that controls (such as testing, infrastructure, and equipment) can ensure the product meets specifications.
   2. Example of activities: Checking documentation related to product cleanliness and work environment.

7. Purchasing audit:
   1. Purpose: To verify that processes for purchasing and subcontracting products and services conform to specified requirements.
   2. Example of activities: Reviewing records of how a contracted supplier are evaluated to ensure compliance. Such activities are often outlined in comprehensive Supplier Management process and the associated supplier controls.

Quality Control Teams for Medical Device Quality Assurance

Quality control (QC) teams play a crucial role in ensuring medical devices meet safety, regulatory, and performance standards, making them essential for maintaining internal compliance. Their primary goal includes inspecting materials, testing products throughout production, and performing final checks before market release.

QC teams identify defects, address non-conformities, and validate critical manufacturing processes. They also audit suppliers, analyze quality data to drive continuous improvements, and monitor product performance after launch.

By identifying and resolving issues early, QC teams help prevent costly recalls, ensure compliance with ISO 13485, and build customer trust. Most importantly, they safeguard patient safety and protect your brand’s reputation, making them invaluable to any quality assurance strategy.

Post-Market Surveillance and Vigilance

MDSAP certification is valid for three years. During this period, the organization undergoes periodic surveillance audits to ensure ongoing compliance with the MDSAP requirements. These surveillance audits are typically conducted annually to monitor the effectiveness and maintenance of the QMS.

FAQ: Medical Device Quality Assurance in Canada

1. What is Medical Device Quality Assurance? Medical Device Quality Assurance refers to the processes and systems put in place to ensure that medical devices meet safety, effectiveness, and regulatory requirements throughout their lifecycle. In Canada, this is crucial for devices ranging from simple products like bandages to complex equipment like cardiac implants.

2. What are the regulatory requirements for medical devices in Canada? In Canada, medical devices must comply with the Medical Device Regulations under the Food and Drugs Act. Class II, III, and IV devices require a Quality Management System (QMS) to ensure product safety and effectiveness throughout the device’s lifecycle, including design, production, and post-market monitoring.

3. What is the Medical Device Single Audit Program (MDSAP)? The MDSAP is an international program that allows a single audit to satisfy the regulatory requirements of multiple countries, including Canada, the US, Brazil, Australia, and Japan. It incorporates ISO 13485:2016 standards and replaced the older Canadian Medical Device Conformity Assessment System (CMDCAS).

4. How do I become MDSAP certified in Canada? To become MDSAP certified, you need to:

• Familiarize yourself with ISO 13485:2016 and MDSAP requirements.
• Develop and document your QMS, train employees, and conduct internal audits.
• Select and contract a recognized MDSAP Auditing Organization (AO).
• Prepare for a two-stage audit: document review and on-site inspection.
• Address any non-conformities and, if successful, obtain certification.

5. What is the role of an MDSAP Auditing Organization? An MDSAP Auditing Organization (AO) conducts audits to assess your QMS. They review documentation, observe processes, and ensure compliance with the required standards. If your system passes, they issue an MDSAP certificate valid for three years.

6. What happens during an MDSAP audit? An MDSAP audit involves reviewing four primary processes—management, device marketing authorization, measurement and analysis, and adverse events reporting—as well as two supporting processes: design and development, and purchasing controls. Auditors ensure your business complies with the standards necessary for medical device safety and effectiveness.

7. How often are MDSAP surveillance audits conducted? Once certified, your organization undergoes annual surveillance audits to monitor compliance and the effectiveness of your QMS throughout the three-year certification period.

How Dell Tech can help

Obtaining MDSAP certification requires a significant investment of time and resources. To ensure a successful audit, contact Dell Tech today. Our experienced Associate Consultants can assist with a preliminary audit and gap analysis, helping to address any deficiencies and prepare your Quality Management System (QMS) for formal assessment. MDSAP is a critical factor in device licensing in Canada.

Let Dell Tech support you in bringing your products to market! Learn more about our services by visiting our Medical Device service page.

Dell Tech has provided professional, confidential consulting services to
the specialty chemical industry in Canada, the USA, Europe, and Asia for the last 40 years.

Contact Us