Supplement to the General Business Conditions of
DQS Medizinprodukte GmbH applicable for auditing and certification under
Medical Device Single Audit Program (MDSAP) - valid from May 2016


Specific conditions for the management system auditing and certification services of DQS Medizinprodukte GmbH, hereinafter referred to as “DQS MED”, with its contracting partner, hereinafter referred to as “customer”, applying for auditing and certification under the Medical Device Single Audit Program (MDSAP).

The following provisions apply in addition to the General Business Conditions of DQS Medizinprodukte GmbH. The validity of the remaining provisions of the General Business Conditions of DQS Medizinprodukte GmbH remains unaffected.

1.2. Medical Device Single Audit Program

DQS MED is an Auditing Organisation involved in the Medical Device Single Audit Program (MDSAP).

The current statutory regulations as well as the requirements of the MDSAP apply to the process within the framework of audit and certifica- tion under MDSAP. In this process, the applicable requirements of the country-specific regulatory requirements of Australia, Brazil, Canada, Japan and United States of America are considered as part of audit and certification requirements.

3. Selection of an assessor

For audits under MDSAP, the customer is not afforded an opportunity to object to the composition of the audit team. The customer may use the appeal as instrument to inform DQS MED on any concerns related to the audit team composition.

4.2. Regulatory Authorities, authorisation and recognition

The following regulatory agencies act as Regulatory Authorities (RA) under the MDSAP:

  • Therapeutic Goods Administration of Australia (TGA);
  • Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA);
  • Health Canada (HC);
  • Japan’s Ministry of Health, Labour and Welfare, and the Japanese Pharmaceuticals and Medical Devices Agency (MHLW/PMDA);
  • US Food and Drug Administration (FDA).

DQS MED is in the process of its recognition under MDSAP Pliot by the above-mentioned RA and in the following steps will become available to conduct MDSAP audits and then completed the pilot assessment criteria.

Due to its obligations according to rules of recognition, DQS MED allows employees or auxiliary persons of the RAs to participate in audits, so that they can convince themselves of the correct conduct of audits.

In so far as this is essential for recognition procedures, DQS MED allows the RAs to access to both its own documents and customer’s data. This includes any document considered by the RAs as necessary to deter- mine customer’s conformance to the auditing and certification require- ments. Such documents would include those that DQS MED and its auditors use to plan, perform, follow up, report observations or report results of an audit, or follow up on a regulatory investigation. The em- ployees of the RAs are sworn to secrecy. Wherever it is explicitly re- quired by the requirements under the MDSAP, customer-related data and audit results are passed on to the RAs. The RAs may share all documents and records related to medical device audits with other regulatory authorities that have formal established confidentiality agree- ments between governments which cover provisions for protecting proprietary information and trade secret information.

Through the conclusion of an agreement, the customer assents to the possible participation of employees the RAs in the audit in its company, as well as to their access of customer’s product documentation. The customer ensures physical access of the RAs to its own facilities and to the facilities of any of its suppliers and subcontractors included in the audit.

4.6. Effectiveness of management systems audited under MDSAP

Upon request by an RA (RAs), DQS MED shall perform a special audit of a customer under the direction of the RA(s) requesting the special audit.

DQS MED shall carry out unannounced audits if previous audits indicate serious and/or frequent nonconformities. DQS MED utilises the Noncon- formity Grading System for Regulatory Purposes and Information Ex- change (GHTF/SG3/N19:2012) to determine if the customer is receiving significant or frequent nonconformities or if a nonconformity has resulted in the release of nonconforming medical devices. An unannounced audit shall mandatorily occur following any audit that results in:

  • one or more nonconformity (nonconformities) graded as a “5”; or
  • more than two nonconformities graded as a “4”.

DQS MED shall carry our unannounced audits if specific information provides reasons to suspect serious nonconformities of the devices, or on the customer, or if an RA requests (RAs request) an unannounced audit.

Unannounced audits on premises of the client or its contracted critical suppliers may be carried out at any time and shall be foreseen in the contractual arrangements between the customer and its critical suppli- ers. If a visa is required to visit the country where the manufacturer is located, invitation(s) issued by the customer and its critical supplier(s) to visit the customer or contracted critical supplier at any time, with the date of visit left open, shall be provided to DQS MED on its request and renewed periodically. DQS MED shall end the contract.

The timing of unannounced audits shall be unpredictable and in addition to normally scheduled audits.

Should DQS MED receive information from third parties which dispute the conformity or effectiveness of a management system it has certified, it is entitled to perform additional, non-routine assessments after consult- ing with the customer concerned. For processes which come under the Directive 93/42/EEC, DQS MED has the right to perform additional unannounced audits. In the event of assessments for extra-ordinary reasons and also for unannounced audits, the audit team will be selected with particular diligence due to the fact that the customer does not have the opportunity to raise objections against members of the audit team. Costs occurred hereby are borne by the customer.

4.8. Information obligations of DQS MED as MDSAP Auditing Organisation

DQS MED complies with the information and reporting requirements for MDSAP Auditing Organisations.

This includes reporting to the RAs, including indication of reasons and circumstances as appropriate, of:

  • accepting the customer’s application for auditing and certification under MDSAP;
  • information about the audits and decision on conformity to quality management system requirements (including audit reports and their attachments);
  • becoming aware, without the obligation of establishing objective evidence, of any fraudulent activities or counterfeit products related to the customer;
  • all certificates with reductions of scope (7.5);
  • all suspended certificates (7.6);
  • all withdrawn certificates (7.7);
  • information on any complaint (e.g. whistleblowers) that DQS MED receives about the customer that could indicate an issued related to the safety and effectiveness of medical devices or public health risk.
  • The customer’s consent to this is presupposed.Upon ending its relationship with the customer, or its manufacturing site(s), DQS MED, upon request and with consent of the customer, shall make available to the next Auditing Organisation a copy of all the audit reports from the current certification cycle and a valid certificate of the customer or relevant to the manufacturing site(s).

5.1. Management system requirements under MDSAP

The customer must implement and maintain a documented management system which fulfils the requirements of the country-specific require- ments of all jurisdictions of the participating RAs (see 4.2) where the customer markets or intends to market its medical devices, unless the regulations administered by the RA(s) permit the exclusion.

7.7. Withdrawal

DQS MED is entitled to withdraw its MDSAP certificates as soon as permanent unannounced access to the premises of the client or its contracted critical supplier(s) is no longer assured.

(Document: MDSAP_Supplement_ToS_2016-05     100,10      Version 1.0)