FDA Is Taking on Water and MDSAP Is a Life Raft
FDA upheaval isn’t news. Through tactics like mass firings and forced return to ill-equipped offices, Trump 2.0 has knee-capped agency operations. Expected results – lost expertise, review delays, and low morale – are emerging.
A better topic is how device firms can maintain predictable, ongoing FDA engagement. This includes postmarket oversight – such as site inspections, import and export checks, and regulatory reviews. One response is clear: firms should choose the Medical Device Single Audit Program (MDSAP) in place of standard FDA inspections.
What is MDSAP?
MDSAP uses a single audit of device sites to satisfy regulators from Australia, Canada, Brazil, Japan, and the US. The EU and the UK are “Official Observers” and they’ll join MDSAP soon.
One MDSAP audit serves all these regulators, reducing disruption from multiple audits that may overlap and produce inconsistent results. MDSAP audits follow ISO 13485:2016, the internationally-recognized quality standard.
To be clear, MDSAP replaces FDA surveillance inspections, but the agency still conducts other appraisals, such as for-cause and directed inspections.
Many device firms participate in MDSAP, especially ones selling devices in the US and abroad. Firms selling in the US alone are less likely to join MDSAP, in part because participants pay for audits.
But with FDA transitioning to the Quality Management System Regulation (QMSR), now’s the time for these firms to act. The QMSR aligns FDA’s Quality System Regulation (QSR) with ISO 13485:2016. FDA will replace the QSR with the QMSR in February 2026, and the move includes tying MDSAP to the QMSR. FDA hasn’t explained how it will make this connection, but aligning the two models is manageable because they both follow ISO 13485:2016.
What this means for device firms selling in the US alone is that, come February, the ground will shift. The QSR will be replaced by the QMSR and, given the upheavals at FDA, that change may be bumpy. For example, the QMSR requires FDA to re-train its investigators and update internal and external documents. But staff that typically handles these tasks has been fired, begging the questions who’ll do the work and how it’ll get done.
By contrast, MDSAP operates today and the QMSR transition won’t affect it much. FDA has backed MDSAP for more than a decade, with steady growth in participating firms and regulators. Given the choice between a functional system (MDSAP) and a system to be launched with unknown bugs and hiccups (QMSR), MDSAP is the way to go.
Three reasons that device firms should adopt MDSAP
First is the uncertainty of competent, comprehensive FDA oversight. Even before the administration gutted FDA, it was struggling to get back to pre-pandemic inspection levels. With staff and expertise now gone, that goal is further away. Drug inspections are waning for reasons that apply equally to device inspections. Unannounced foreign inspections and AI won’t close those gaps. It’s risky for device firms not to know when inspectors will show up or whether they’re properly trained.
Second, foreign device oversight isn’t going away. Foreign regulators – from Canada, Australia, and elsewhere – will continue monitoring device firms, which must meet quality requirements to sell in these markets. MDSAP is a single, widely-accepted model to meet these requirements.
Third, industry needs effective quality oversight. Oversight can be a pain, but it helps keep bad actors off the market. Otherwise, patients and healthcare providers lose confidence in device quality, which means lost sales and waning goodwill. MDSAP avoids this with an established, accepted model that works even if a participating regulator’s capability slips.
What should device firms do?
Firms that aren’t MDSAP participants should sign up, even if they’re selling products only in the US. With the QMSR months away, firms must align their operations with ISO 13485:2016. The QMSR relies heavily on this standard and firms that meet ISO 13485:2016 won’t struggle with the QMSR. MDSAP, which follows ISO 13485:2016, gives program participants a clear path to QMSR compliance.
So, why not just comply with the QMSR and bypass MDSAP? That’s an option I’ve written about, but the QMSR launch comprises many steps and there are unknowns about whether, when, and how those steps will occur. By contrast, MDSAP is known, operational, and widely accepted. As important, it satisfies regulators’ preference for a single quality model. These factors support leveraging MDSAP while the QMSR evolves.