The US-Mexico-Canada (USMCA) treaty calls for the three countries to “recognize audits” performed under the Medical Device Single Audit Program. MDSAP is already used by device makers in the US and Canada so they can undergo one audit by an accredited third party to satisfy quality regulations. That leaves Mexico as the odd country out when it comes to using the popular program – and that means it has some catching up to do after the USMCA is ratified by all three nations. Former longtime FDA official Kim Trautman weighs in on how Mexico can incorporate MDSAP into its regulatory framework.
A short blurb tucked inside an annex of the new US-Mexico-Canada (USMCA) free-trade agreement aims to make it easier for the three countries to align on inspecting medical device manufacturing facilities.
Annex 12.E.4 of the treaty says each country must “recognize audits” performed under the Medical Device Single Audit Program.
MDSAP, created by the International Medical Device Regulators Forum (IMDRF), allows firms to undergo one audit by an accredited third party to satisfy quality regulations. The US and Canada (along with Brazil, Japan and Australia) have been involved with MDSAP for years.
In the US, the Food and Drug Administration accepts a company’s MDSAP results in place of conducting its own inspections, while Health Canada went even further a year ago when it began requiring all device makers to undergo an MDSAP audit if they sell product there. (Also see "Canada's Switch From CMDCAS To MDSAP Went Off Without A Hitch – Despite 403 Firms Leaving The Market" - Medtech Insight, 1 Feb, 2019.)
That leaves Mexico as the odd country out when it comes to using the popular single-audit program – and that means it has some catching up to do after the USMCA is approved by all three nations.
Mexico has already ratified the treaty, and President Trump will sign it into US law on 29 January. Canada has not yet given its approval but is expected to shortly.
How Mexico’s COFEPRIS Can Incorporate MDSAP
COFEPRIS – Comisión Federal para la Protección contra Riesgos Sanitarios, or the Federal Commission for the Protection against Sanitary Risk – is the authority that controls and regulates health products in Mexico.
In the past, COFEPRIS has relied on regulatory authority information and work performed by other countries and standards groups, including fast-tracking device marketing applications if the FDA already approved a particular product via its 510(k) or PMA pathways, and accepting ISO 13485 certificates in lieu of performing independent inspections.
ISO 13485:2016 from the International Organization for Standardization (ISO) is used by device firms to ensure quality systems compliance with regulators in a variety of countries, including Canada, Japan, Australia and the 28 member states of the European Union.
“There are different ways that COFEPRIS has available to become familiar with the MDSAP audits and program requirements for them to gain the assurances they need to understand how best they might use MDSAP in their regulatory framework,” said Kim Trautman, a former longtime FDA official who is now executive VP of medical device international services for consulting firm NSF International.
While at the FDA, Trautman was chair of the IMDRF MDSAP working group that developed the program.
“Similar to US FDA and Health Canada, COFEPRIS may incorporate MDSAP into their regulatory scheme,” she told Medtech Insight. “For Mexico, this could be done in several ways.”
Trautman said the “most straightforward” way for Mexico to come up-to-speed on MDSAP would be for COFEPRIS to “accept MDSAP certificates in addition to, or in lieu of, ISO 13485 certificates in their existing regulatory scheme.”
Another option is for the country to request MDSAP audit reports from manufacturers as part of Mexican Marketing Applications.
That would “possibly negate the need for an independent COREPRIS GMP audit,” Trautman said.
A third possibility – wherein COFEPRIS would have its medical device inspectorate apply for, and be recognized as, an auditing organization (AO) under MDSAP – could prove tricky.
Such an approach “would allow the COFEPRIS audits to possibly count for both MDSAP and COFEPRIS simultaneously,” Trautman said. “This option is already currently available, but regulators have not chosen this route because it's resource-intensive for their inspectorates and they often choose to use their inspectorates on high-risk matters.”