MDSAP Certification Explained: One Audit for Five Medical Device Markets
For a medical device manufacturer selling into more than one country, audits used to mean repetition. A separate inspection for each regulator, each on its own schedule, each pulling your quality team off their work for another week. The Medical Device Single Audit Program (MDSAP) was built to collapse that into one.
The idea is simple. A single audit, conducted by a recognised third-party auditing organisation, can satisfy the quality management system requirements of five regulators at once: Australia, Brazil, Canada, Japan, and the United States. The execution is where medical device manufacturers underestimate what's involved. This post explains how MDSAP certification works, where it's mandatory rather than optional, and what tends to catch teams off guard when the audit actually arrives.
What MDSAP Actually is
MDSAP lets a recognised auditing organisation conduct one regulatory audit of your QMS that meets the requirements of the participating regulators. The audit is built on ISO 13485:2016 as its foundation, layered with the specific regulatory requirements of each participating country you include in your scope.
The five participating members are Australia (TGA), Brazil (ANVISA), Canada (Health Canada), Japan (MHLW/PMDA), and the United States (FDA). Several other regulators take part as observers or affiliate members, including the EU, the UK's MHRA, Singapore, and Mexico's COFEPRIS, which is one reason the program keeps appearing in conversations about global harmonization.
You are not obliged to include every member country. If you don't sell in Japan, Japan's requirements can be excluded from your audit scope, and that country won't appear on your certificate. The audit is scaled to the markets you actually operate in.
Where it’s Mandatory, and Where It’s a Choice
This is the distinction that changes the decision for most manufacturers.
For Canada, MDSAP is not optional. Since 1 January 2019, a valid MDSAP certificate has been required to hold or obtain a Medical Device Licence for Class II, III, and IV devices. If Canada is on your roadmap, MDSAP is the QMS route to market, not one option among several.
For the other four members, MDSAP is voluntary but useful. The FDA, for instance, may accept an MDSAP audit report as a substitute for its routine inspections, with narrow exceptions such as activities tied to electronic product radiation control. That trade, one planned audit in place of an unannounced FDA inspection, is a large part of why manufacturers outside Canada still choose to participate.
How the Audit Cycle Works
MDSAP certification follows a three-year cycle. The initial certification is done in two stages: a Stage 1 review of your documentation and readiness, followed by a Stage 2 audit that checks whether the requirements are actually implemented, not just written down. After certification, a surveillance audit follows each year, with recertification at the end of the cycle.
The audits are conducted by recognised auditing organisations, not by the regulators themselves. That independence is central to how the program earns the regulators' trust, and it shapes what outside help can and cannot do, which matters for how you prepare.
Where Teams Gets Caught
The recurring problem is not that manufacturers don't know ISO 13485. It's that MDSAP audits the implementation, and against a defined task model that leaves little room for a procedure that exists on paper but isn't lived in practice.
A few patterns show up repeatedly. Documentation that is technically complete but not readily retrievable, which slows an audit built around a fixed set of tasks. Country-specific requirements that were missed because the team prepared for ISO 13485 generally rather than the specific regulatory overlay of each market in scope. Corrective actions from previous findings that were closed on paper without evidence they were effective. And a general readiness gap, where the QMS runs well day to day but hasn't been stress-tested the way an auditor will test it.
None of these are exotic. They're the ordinary distance between a working quality system and an audit-ready one, and that distance is easiest to close before the auditor is in the building.
Preparing The Right Way
The most useful preparation reads your QMS the way an auditor will, ahead of time, against the MDSAP task model and the country-specific requirements for the markets you actually include. That means confirming procedures are implemented and retrievable, that prior corrective actions hold up as effective, and that the regulatory overlay for each in-scope country is covered rather than assumed.
It also means selecting the right MDSAP Auditing Organisation (AO). Not every recognised AO has the same experience with every device type, manufacturing technology, or geographic region. Choosing an organisation that aligns with your products and timelines can make the certification process more predictable.
MDSAP Continues to Evolve
Medical device manufacturers should also remember that MDSAP is not a static program. The participating regulators continue to refine auditor competence, cybersecurity expectations, and program governance. The June 2026 MDSAP Forum and Regulatory Authority Council meetings in Kyoto, held from 15 to 19 June, focused on exactly these topics. The practical takeaway is that manufacturers should review program updates regularly rather than relying solely on how a previous audit went.
How Gladiolus Can Help
Gladiolus QRS supports medical device manufacturers across the full MDSAP certification cycle, with the emphasis on surfacing issues early rather than discovering them during certification.
Throughout, the auditing organisation stays fully independent. Our role is to help you prepare, respond, and follow through, not to influence the audit.
Whether you're pursuing MDSAP certification for Health Canada, preparing for your first audit, or expanding into multiple participating markets, Gladiolus QRS can help you assess MDSAP readiness, perform a mock MDSAP audit, strengthen your ISO 13485 QMS, and connect you with a recognized Auditing Organization. Get in touch with us today to discuss your MDSAP certification strategy.