The Leaders in Quality and
Regulatory Training & Consulting

Let's get started

Mar 28, 2022

Understanding the MDSAP Grading System: Nonconformity Grading Matrix & Scoring

Oriel STAT A MATRIX can help answer your questions about the Medical Device Single Audit Program.

In this game, a high score is not the goal!

The MDSAP grading system (MDSAP AU P0037) was established to address inconsistencies from traditional audit grading approaches like “major finding,” “minor finding,” and “opportunity for improvement” by establishing objective criteria to characterize the significance of findings that can be easily shared among participating Regulatory Authorities (RAs).

How It Works

During an MDSAP Audit, nonconformities are assigned a grade/score of 1 to 5 that is calculated using a two-step grading system.

Step 1: Nonconformity Grading Matrix

During Step 1, a 4-point nonconformity grading matrix is applied to come up with an initial score.

The matrix divides the clauses of ISO 13485:2016 into two categories:

  • QMS clauses that have an indirect impact on the device’s safety and performance (Clauses 8.2.4 and 4.1 through 6.3 (except 4.2.3)– e.g., Quality Manual, Documentation, Management, Resources, Internal Audits).
  • QMS clauses that have a direct impact on the device’s safety and performance (Clauses 4.2.3 and 6.4 through 8.5 (except 8.2.4) – e.g., Work Environment, Design, Purchasing, Production, CAPA, Medical Device File).

A nonconformity would be graded a 1 or a 3, based on its potential to affect safety or performance.

The matrix also considers the frequency of occurrence by increasing the score if a nonconformity is “reoccurring,” where reoccurring is defined as a nonconformity that has been identified within the same subclause (X.X.X) in either of the two previous MDSAP Audits – such nonconformities have been determined to pose a higher risk. A repeat nonconformity would be graded 2 or 4 if it had been previously identified, because it indicates that corrective action hasn’t been adequately taken or implemented and thus the device represents a higher risk.

Step 2: Escalation Rules

In Step 2, the Step 1 score may be increased by +1 for the absence of a documented process and/or by +1 for procedure and/or the release of a nonconforming medical device.

Your Final Grade

The final nonconformity grade will be between 1 and 6; however, a grade of 4 or above is determined to carry a high enough risk that intervention is required.

Grades of 6 will be listed as 5 since the differentiation between the two scores offers no benefit within the grading system.

Reporting High Scores

If an Auditing Organization (AO) finds three or more 4’s or one or more 5+’s, it has five working days (MDSAP 5-Day Notice) to notify the appropriate RAs (FDA, Brazil, etc.).

The manufacturer must provide a remediation plan for each nonconformity within 15 calendar days of the date the nonconformity report was issued?. The plan must include ?outcomes of the investigation of the nonconformity and its cause(s)?, planned correction(s), ?and planned corrective action(s) to prevent recurrence?.

The evidence of implementation of the remediation actions addressing any Grade 4 or 5 nonconformity must be provided within 30 calendar days after the audit ?end date?.

Recording Scores

Scores are recorded on the standardized Nonconformity Grading and Exchange Form, which offers a common means of exchanging audit information between RAs. A draft of this form will be given to manufacturers during the MDSAP closing meeting.

The form covers nonconformity grading, including details of how the final nonconformity grade was obtained specifically against ISO 13485. The list of nonconformities in the form should be identical to the nonconformities provided in the audit report and include country-specific regulatory nonconformities that are outside the specific requirements of ISO 13485.

So How Is It Going?

To help our customers prepare for their Certification Audits, Oriel STAT A MATRIX has developed and is using a grading tool during MDSAP Preassessment Audits like the one AOs use. Our customers find that the resulting MDSAP grades provide them with a better understanding of where problems exist as compared to traditional assessment approaches. This, in turn, allows them to better allocate resources to the higher-risk areas first.

Customers who have completed their MDSAP Audits are also reporting that given the level of detail required during the MDSAP Audit as well as its timed nature, it is critical to prepare for the MDSAP Audit well in advance – lack of preparation may result in higher scores. In this particular scoring game, a high score does not make you a winner.

For a more general overview of MDSAP, read our blog post: The Medical Device Single Audit Program (MDSAP): What You Need to Know.

For more about the MDSAP Process-Based Audit Approach, read our blog post: MDSAP’s Process-Based Audit Approach.

Contact us if you would like to schedule an MDSAP Preassessment Audit, or if you would like to attend our training course Internal Auditing to MDSAP class. This class is designed for experienced auditors who need to learn how to apply MDSAP’s process-based audit approach and align current internal audit programs to the MDSAP requirements.

Originally posted 11/4/2017. Updated 3/28/2022

Our team is here to help. Contact us online


Get answers right now. Call

US OfficeWashington DC


EU OfficeCork, Ireland

+353 21 212 8530