A Quick Guide to MDSAP's New Nonconformity Grading System

The Medical Device Single Audit Program (MDSAP) stands to unify regulatory requirements and auditing activities for medical devices around the world. The program largely relies on adherence to ISO 13485:2016, which while more closely aligned to FDA's QSR than its earlier version, is still prompting device companies to make major changes to their Quality Management Systems (QMS).

One such change unique to the MDSAP is a new nonconformity grading system.

In an effort to make nonconformity grading more consistent, the MDSAP does away with traditional grading criteria such as “significant finding,” “regular finding,” and “significant opportunity for improvement,” and instead uses a point system described at length in the Global Harmonization Task Force (GHTF)’s Quality management system - Medical devices - Nonconformity Grading System for Regulatory Purposes and Information Exchange.

We’ve summarized this complex reference guide in simpler terms below.

The Point-Based Nonconformity Grading System

The grading system works in two steps — first by assigning points to nonconformities written against requirements in ISO 13485:2016 using a 4-point grading matrix and then applying that initial point score to a series of escalation rules that may or may not result in a higher final point grade.

Let’s explore the key concepts for each step.

Step One: The Grading Matrix

Point grades in step one are determined by using the grading matrix shown below. This divides the clauses of ISO 23485:2016 into two categories: those that indirectly impact the QMS and those that directly impact the QMS.

MDSAP Nonconformity Grading Matrix

“Indirect QMS impact” — encompassing clauses 4.1 through 6 — is categorized as the “administrative enabler” section of ISO 13485:2016. These requirements make it possible or feasible for QMS processes to operate and are considered to have indirect influence on medical device safety and performance.

"Direct QMS impact" — encompassing clauses 6.4 through 8.5 — is the category of requirements that have a direct influence on design and manufacturing controls, which in turn, directly impacts product safety and performance.

The occurrence of the nonconformity also plays a factor in the grading system, as illustrated in the visual matrix above. The details of what constitutes a first or repeat occurrence can get somewhat complicated, so we’ve summarized the key concepts in the simplest terms possible.

● A “first” occurrence is a nonconformity in a particular sub-clause (X.X.X) of ISO 13485:2016 that has not been observed in the two previous QMS audits which evaluated the same sub-clause.

● A “repeat” occurrence is a nonconformity that has been identified within either of the two previous QMS audits that evaluated that same sub-clause (X.X.X). These have been determined to pose a higher risk because they indicate corrective action hasn’t been adequately taken or implemented, and as such, receives a higher (or worse) grade.


It’s important to note that an “occurrence” is directed at the frequency of a nonconformity cited from one audit to the next performed by the same auditing organization. It is not the occurrences of examples within a given sample size that the auditor may take to determine if a nonconformity exists during an audit.

Since nonconformities can be written up against more than one clause, it’s up to the auditor to determine the impact of the nonconformity on the QMS and assign the appropriate clause. The GHTF document offers helpful examples that illustrate how grading works in this initial step.


Step Two: Grading Escalation Rules

Once a point grade (1 through 4) is determined using the matrix, it’s then subjected to an escalation process to address areas of higher risk that could affect product safety and performance. The grade determined by step one is increased by 1 point for each rule that applies in the...

• Absence of a documented process or procedure 

(In this case, a processes or procedure is “absent” when it hasn’t been documented for the requirement.)


• Release of a Nonconforming Medical Device

(If a nonconformity resulted in the release of a nonconforming medical device to the market, it’s direct evidence of a QMS failure. However, if a nonconforming device is released with adequate technical and scientific justification, the nonconformity is considered to be resolved and the rule will not apply.)

The final nonconformity grade will be between 1 and 6, however a grade of 5 or above is determined to carry a high enough risk that intervention is required. Grades of 6 will be listed as 5 since the differentiation between the two scores offers no benefit within the grading system.

Scores will be recorded on the standardized Regulatory Audit Information Exchange Form, which offers a common means of exchanging audit information between regulatory authorities. This form will be given to manufacturers following MDSAP audits during the closing meeting.

It’s important to note that grades assigned to nonconformities should not be changed following any corrective actions taken by the manufacturer, however, they may be amended on the conditions of the auditing organization’s appeals process.

This is post is a snippet taken from our white paper, Preparing for the Medical Device Single Audit Program (MDSAP).

Not sure if the MDSAP is worth pursuing, or how to prepare your QMS accordingly?

Download our free white paper to learn more about the MDSAP, including which companies stand to benefit most from certification, how to prepare for a successful initial audit, and more.
Get the Free White Paper

Topics: Medical Devices, Global Regulations, MDSAP, ISO:13485:2016