At a Glance
- MDR has enforced a performance-based framework since 2021;
- MDSAP adoption remains low due to its rigorous standards; and
- Mock audits (including mock FDA inspections) are crucial for smooth certification processes.
Medical device manufacturers face a labyrinth of audit and inspection regimes, each with unique demands that can make global compliance feel like a high stakes balancing act. This article examines the key requirements under the EU (European Union) Medical Device Regulation (MDR), the Medical Device Single Audit Program (MDSAP), and FDA (United States Food and Drug Administration) inspections, drawing on practical experiences as a former TUEV SUED Lead Auditor and Head of Regulatory Affairs. By highlighting similarities in risk-based approaches and quality system evaluations, as well as differences in scope and enforcement, it offers actionable preparation strategies. Insights from real-world audits underscore the importance of tailored examples to avoid common pitfalls, ensuring smoother processes amid the impending FDS QMSR transition in February 2026.
Introduction
In the world of medical devices, audits and inspections are not just checkboxes — they are the gatekeepers to market access, patient safety, and business viability. Over the past few years, I have led Regulatory Affairs teams through the thick of these processes, from the exhaustive EU MDR Audits to the collaborative MDSAP reviews and the unpredictable FDA inspections. At Drägerwerk AG, where we manage a portfolio of more than 2,500 products in hospital consumables and accessories, the transition to the EU MDR was a wake-up call. It was not just about checking boxes; it was about rethinking how we prepare, respond, and learn from each encounter.
This article breaks down the core requirements of these three (3) systems [being EU MDR, MDSAP, and FDA], points out where they overlap and diverge, and shares preparation tips grounded in hands-on experience. As FDA gears up for its Quality Management System Regulation (QMSR) in February 2026, which aligns more closely with international standards like ISO 13485:2016, understanding these nuances becomes even more critical. Drawing from recent IMDRF [International Medical Device Regulators Forum – a voluntary group of global medical device regulators working to harmonize regulations, making them more consistent worldwide to protect public health and streamline market access for safe, effective devices. It builds on the work of the Global Harmonization Task Force (GHTF) and focuses on areas like adverse event reporting, software as a medical device (SaMD), and Quality Management Systems (QMS), developing Guidance Documents and standards for its members (including the US, EU, China, Japan, etc.) to adopt] reports and FDA data, we will explore how manufacturers can turn these challenges into opportunities for efficiency.
EU MDR audits: A deep dive into EU scrutiny
The EU (European Union) Medical Device Regulation (MDR, Regulation (EU) 2017/745) has upended the landscape since its full enforcement in 2021, shifting from the directive-based MDD (Medical Device Directive) to a performance-based framework that demands comprehensive clinical evidence and lifecycle management.
Notified Body audits under the EU MDR are far more intrusive than their predecessors, covering everything from design and development (Annex I, General Safety and Performance Requirements [GSPR]) to post-market surveillance (PMS) under Article 83. In practice, auditors zero in on risk management (ISO 14971 [7] integration) and clinical evaluation reports, requiring manufacturers to demonstrate not just compliance but ongoing conformity.
For instance, during a recent EU MDR Audit for a portfolio of respiratory accessories, the focus was on traceability from design inputs to PMS data, with auditors requesting full chains of evidence for 10–15 product samples.
The audit can last three (3) to five (5) days on-site with more Auditors in parallel, depending on company size, and findings often lead to corrective action plans that extend six (6) to twelve (12) months.
According to MedTech Europe’s 2024 report, 60% of SMEs struggled with these Audits due to data gaps, resulting in an average 18-month delay to certification.
The Audit time is set clearly, the prioritized chapters of the Audit are described in the Audit plan; however, the Auditor can jump between the chapters if necessary. By studying the Audit Plan, the preparation is easily possible and should be mandatory.
From my experience overseeing more than 50 Audits as an Auditor, the key is Pre-Audit mock runs. In two (2) out of five (5) cases, when I let the customer choose an example, it led to a nonconformity as this example turned out to be incomplete or misleading. Preparation is not optional — it is the difference between smooth sailing and a year-long remediation.
MDSAP audits: The promise of single-audit efficiency
The Medical Device Single Audit Program (MDSAP), launched by the International Medical Device Regulators Forum (IMDRF) in 2015, aims to streamline compliance by allowing one (1) audit to satisfy regulators in five countries: the US (United States of America), EU (European Union), Canada, Australia, and Brazil. Audits follow the MDSAP Audit Model, structured around ISO 13485 process requirements, divided into phases: opening meeting; process audits (e.g., design controls, PMS); and closing meeting. The Auditors are not able to open the next session before the last session is closed (e.g., Design and Development Session must be closed before Production and Service Controls are audited).
A typical MDSAP audit spans four (4) to six (6) days, depending on company size, with Auditors from accredited bodies like TÜV SÜD evaluating against a standardized checklist that maps to FDA QSR (QMSR, Feb. 2026) and EU MDR. The 2024 IMDRF Harmonization Report notes that MDSAP has reduced audit costs by up to 20% for participating firms,; however, adoption remains low at 25% globally due to the program’s rigor — Auditors score non-conformities on major/minor levels, with majors requiring immediate CAPAs.
The Audit Plan gives a clear structure on which questions will be asked. The whole audit system is based on checklists, the audit approach, with pre-formulated questions. Divided into three-year durations with Surveillance Audit 1, Surveillance Audit 2, and Recertification Audit (full audit), you see and know which questions the Auditor would ask, as she is bonded to the approach.
Prepared with that knowledge, it is easy to understand why the Auditor is asking that and what your answer should be. An easy example, if you had a Recertification Audit last year and you did not change the process, the Auditor will easily see that the revision number did not change, and the answer of how the process works should be identical. Shifts can only occur when the revision of the process has changed, and with a 95% chance, she will check the process for these changes.
FDA inspections: The U.S. enforcement lens
FDA inspections under the Quality System Regulation (QSR, 21 CFR Part 820) are surveillance or for-cause events, often announced (for surveillance with a good FDA compliance history) or unannounced (for-cause). These FDA inspections typically last three (3) to seven (7) days; however, can be extended, if necessary, focusing on manufacturing practices, complaint handling, and CAPA systems. Unlike MDR’s Notified Body audits, FDA Investigators (from CDRH [10]) emphasize enforcement, issuing Form FDA-483, Inspectional Observations for deficiencies, which can escalate to Warning Letters if not addressed (FDA issued 47 to medical device manufacturers in FY 2024, up nearly 100% from 24 in FY 2023).
The process involves opening meetings, document reviews (e.g., Device History Records for five to 10 batches), interviews, and exit discussions. Recent FDA data shows average inspection times of four (4) days for Class II/III devices, with 30% resulting in observations related to design controls or PMS (Post Market Surveillance – complaint handling).
As QMSR approaches in February 2026, FDA Investigators will increasingly align with ISO 13485:2016, blending QSR’s U.S.-specific elements with international standards. The FDA Investigator can extend her stay if it is necessary.
This gives her the possibility to stay as long as needed on one topic and search for the root cause if he finds a nonconformity. This situation makes it uncomfortable as the FDA Investigator often finds more than one (1) evidence for a nonconformity, which could lead to a Warning Letter with high impact to prestige and sales.
The company needs to be inspection-ready every day. This definitely can increase the quality. With recent changes in 2025, like the unannounced audit worldwide, the system gets fairer to American companies, which have not had the privilege of preannouncing.
Similarities and differences across the triad
At first glance, EU MDR audits, MDSAP, and FDA inspections seem like variations on a theme — all centered on Quality Systems and risk management.
Similarities abound: All draw from ISO 13485 for core processes (design controls, CAPA, PMS), and they share a risk-based approach, with Auditors/FDA Investigators sampling five (5) to ten (10) products to assess conformity. MDSAP explicitly bridges them, mapping its checklist to MDR Annex XI and FDA QSR Part 820, reducing duplication for multi-market players. The 2024 IMDRF report highlights this overlap, estimating 20% cost savings for firms using MDSAP to satisfy multiple regulators.
Differences, however, can trip up the unprepared.
EU MDR audits are proactive and certification-focused, conducted by Notified Bodies every year, with a heavy emphasis on clinical data (Annex XIV) and economic viability (Article 6).
FDA inspections are reactive and enforcement-oriented, often triggered by complaints or post-market data, prioritizing U.S.-specific elements like complaint files under 21 CFR 803 for reporting of adverse medical device events.
MDSAP sits in the middle — collaborative but rigorous, with a fixed sequence (opening, process, closing) and scoring system that feeds into all three.
In my audits, the biggest divergence is scope: MDR demands full lifecycle traceability, while FDA homes in on manufacturing deviations. MDSAP harmonizes this; however, requires auditors to note jurisdiction-specific gaps, which can lead to follow-up actions in one country but not another.
Preparation strategies: lessons from the front lines
Preparation is where theory meets reality, and in my years leading audits and inspections, one truth stands out: The examples you choose can make or break the process. Auditors and FDA Investigators do not want to see your entire portfolio — they pick 5–10 samples, and if those are flawed, the whole system looks shaky. I have seen it firsthand: During an MDSAP audit, a client’s selected risk management examples lacked traceability, turning a minor note into a major non-conformity that delayed certification by months.
Start with a mock audit/mock inspection framework. Simulate the sequence: For MDR, map your technical documentation to Annexes I – III; for MDSAP, practice the process walkthrough (e.g., design input to output); for FDA prepare unannounced internal Audits, drill complaint handling with real files. Invest in software for PMS tracking (e.g., integrating ISO 14971 with QSR CAPA). And always have backups: If an example fails, pivot to a stronger one without hesitation.
As QMSR looms, U.S. firms should lean into MDSAP for its alignment with ISO 13485 — it is not just a shortcut; it is a survival tool in a harmonized world.
Conclusion
Audits under EU MDR, MDSAP, and FDA inspections are not hurdles to dread — they are opportunities to refine and prove your systems. By understanding their shared risk-based core and unique edges, and preparing with real-world examples, manufacturers can turn compliance into a competitive advantage. The path ahead, especially with QMSR on the horizon, demands proactive RA leadership to bridge these regimes and keep innovation flowing to patients who need it most.
REFERENCE: Medical Device and Diagnostic Industry (MD+DI); 31 DEC 2025; Holger Wagner