QMSR: FDA Quality Management System Regulation Guide

Why QMSR Matters Now

February 2, 2026 marked a pivotal shift in medical device regulation in the United States.

FDA’s Quality System Regulation (QSR) has been replaced by the Quality Management System Regulation (QMSR) in 21 CFR Part 820. The final rule was published in the Federal Register on February 2, 2024. That two-year runway is now over for medical device manufacturers that delayed action.

Firms operating only under legacy QSR assumptions after February 2, 2026 are now out of compliance. FDA inspections under the new framework carry real risk. Non-compliance renders devices adulterated under the federal food, drug, and cosmetic act.

This guide covers:

• QMSR vs QSR differences
• ISO 13485 integration and what it means for your firm’s quality management system
• Four major change areas affecting quality systems
• Impacts on different company types
• Concrete compliance steps for the next 30, 90, and 180 days

Understanding the QMSR Transition

QMSR is an amendment to 21 CFR Part 820 that incorporates ISO 13485:2016 and Clause 3 of ISO 9000:2015 by reference. This makes an international consensus standard the backbone of U.S. medical device compliance.

What changed:

• Quality system regulation terminology is largely retired from the regulatory framework
• New sections 820.1, 820.3, 820.7, 820.10, 820.35, and 820.45 define the updated structure
• ISO 13485 now serves as the primary set of quality management system requirements
• Definitions from ISO 9000:2015 Clause 3 apply, though FD&C Act Section 201 definitions supersede any conflicts

Timeline facts:

• FDA issued the rule January 31, 2024
• FDA published the rule in the Federal Register on February 2, 2024
• Effective date was February 2, 2026
• No additional grace period exists

Why this matters:

U.S. regulatory requirements now align with major markets using ISO 13485 as internationally recognized standards. This reduces duplicate audits for global manufacturers. It also forces U.S.-only firms to adopt ISO practices fully.

FDA’s Quality System Inspection Technique (QSIT) was withdrawn on February 2, 2026. It has been replaced by Compliance Program 7382.850 as the inspection playbook.

Although QMSR and old QSR are similar in intent, FDA expects firms to update documents, training, and evidence. All quality management systems must clearly map to ISO 13485 clauses and new Part 820 sections.

 

The Four Critical QMSR Changes You Must Understand

These four areas create the most practical work for quality, regulatory, and operations leaders:

1. ISO 13485 as a legal requirement
2. Terminology and documentation shifts
3. Expanded inspection authority
4. Deeper risk-based thinking in every process

The tone here is practical. Focus on what you should do in the next 6-12 months.

 

Change 1: ISO 13485 Becomes a Regulatory Requirement

• Before QMSR, ISO 13485:2016 was widely adopted but treated as a voluntary standard rather than a U.S. legal requirement
• QMSR incorporates ISO 13485:2016 by reference, making its clauses enforceable under 21 CFR Part 820 as of February 2, 2026
• FDA confirmed alignment between 21 CFR Part 820 and ISO 13485 in 2020, then formalized it in the 2024 final rule through the proposed rule and final rulemaking process
• The American National Standards Institute (ANSI) Incorporated by Reference portal provides read-only access to the standard

Action step: Run a formal gap analysis comparing your current QMS against every ISO 13485 clause. Document evidence and gaps with dated records.

Example gap: Your quality manual may lack required content on quality policy scope. Your supplier evaluation criteria may not include risk-based factors as required by the International Organization for Standardization’s approach.

Change 2: New Terminology and the Medical Device File (MDF)

• Legacy terms Device Master Record (DMR), Device History Record (DHR), and Design History File (DHF) are no longer the primary regulatory terms under QMSR
• ISO 13485’s Medical Device File (MDF) concept replaces these three terms as the anchor for product documentation
• Firms can keep legacy labels internally as synonyms, but regulatory definitions now rely on ISO terminology
• Section 820.3 definitions now rely on ISO 9000:2015 Clause 3

Practical impact:

Old QSR Term	New QMSR Equivalent
Design History File (DHF)	Design and development file
Device Master Record (DMR)	Technical documentation
Device History Record (DHR)	Production/service records

Procedures, forms, and training materials must be updated to reference MDF and ISO 13485 terminology. Keep cross references for staff and auditors during the transition.

Review your internal glossary and reconcile it with these regulatory definitions.

Change 3: Expanded FDA Inspection Authority and New Process

• Older QSR section 820.180(c) limited FDA access to internal audits, management reviews, and some supplier audit records
• Under QMSR this exemption is gone
• FDA may now review management review minutes, internal audit reports, and supplier audits created both before and after February 2, 2026
• FDA now uses Compliance Program 7382.850 for device inspections
• FDA will not follow Medical Device Single Audit Program (MDSAP) audit plans, even though both are ISO 13485 based

Key action: Treat all QMS records as inspection-ready. They must be clear, dated, signed or approved per procedure, and easy to retrieve by clause or process.

Example management review agenda now in scope for FDA review:

• Quality objectives and KPI performance
• Risk trends and mitigation status
• Complaint and adverse event analysis
• CAPA effectiveness review
• Supplier performance metrics
• Resource needs and audit findings

Regulatory authorities from other regulatory bodies may also request similar documentation during their inspection process.

Change 4: Risk-Based Thinking Across the Entire QMS

• QSR mentioned risk mainly in design controls
• ISO 13485 and QMSR expect risk management thinking in purchasing, production, post-market surveillance, and management review
• QMSR does not incorporate ISO 14971:2019 by reference but expects firms to apply risk management principles across the product lifecycle
• Design and development requirements now flow from ISO 13485 clause 7.3
• Risk is a central theme in design inputs, outputs, verification, and validation

CAPA impact: Corrective and preventive actions should document:

• Risk evaluation of the issue
• Risk reduction decisions made
• Verification that risk is acceptable after actions complete

Update procedures so risk evaluation questions appear in forms for nonconformances, complaints, supplier issues, and change control. This supports patient safety throughout your device quality management systems.

Who QMSR Hits Hardest: Impact by Company Type

Different companies face different QMSR challenges based on their size, history, and market position. This section addresses early-stage startups, mid-sized MedTech manufacturers, international manufacturers, and contract manufacturers or consultants.

Early Stage Startups

• Startups founded after 2024 often have no legacy QSR baggage
• You can build a QMSR-compliant, ISO 13485 aligned system from day one
• Challenges include limited regulatory staff, pressure to align QMSR work with 510(k) timelines, and dependence on a small group of suppliers

Priority focus areas:

• Design controls under ISO 13485
• Supplier qualification procedures
• Complaint handling processes
• Basic internal audits before first FDA interaction

Building QMSR alignment early avoids expensive rework later. This is especially true for venture-backed companies targeting exits or partnerships with larger medical device companies.

Startups have a unique advantage. You can consistently manufacture devices under a modern system without retrofitting decades of legacy processes.

Mid Sized MedTech Manufacturers

• Many mid-sized U.S. manufacturers have mature QSR systems with partial ISO 13485 alignment
• You likely have multiple Class II and Class III medical devices on the market
• The main challenge is converting existing procedures and records to QMSR language while keeping operations running

Key tasks:

• Staff retraining on ISO 13485 requirements and new terminology
• Updated management review formats that include risk, CAPA, and supplier performance
• Broader internal audit program mapping to ISO 13485 and new Part 820 sections
• Reworked supplier qualification programs showing risk-based criteria
• Clear re-evaluation cycles and documented performance reviews that FDA can inspect

Industry estimates suggest 80% of QSR-based quality systems need documentation overhauls for legacy terminology alone.

International Manufacturers

• Manufacturers already certified to ISO 13485:2016 for EU Medical Device Regulation or other markets start from a stronger position
• ISO 13485 certification alone is not a shield from FDA inspections
• Certification does not remove the need to meet U.S.-specific applicable requirements

What you still need:

• FD&C Act definitions and cosmetic act related requirements
• Device labeling rules per U.S. standards
• Complaint handling expectations under FDA regulations
• Comparison of your ISO 13485 system to 21 CFR Part 820 QMSR-specific sections (820.10, 820.35, 820.45)
• Alignment of eSTAR submissions and technical documentation with QMSR terminology

Maintain compliance with both international standards and applicable FDA requirements to avoid delays in market access or regulatory approval.

 

Contract Manufacturers and Regulatory Consultants

• Contract manufacturers now need to show OEM clients a QMSR and ISO 13485 aligned system
• This includes risk-based purchasing controls and robust traceability to stay competitive
• Consultants must update their methodologies, templates, and training offerings

Service priorities:

• Reflect QMSR, ISO 13485, and the loss of 820.180(c) record exemptions in all client deliverables
• Build clear service packages around QMSR transition projects and gap analysis
• Develop internal audit services that map to new regulatory expectations
• Create QMSR-themed white papers, webinars, and educational content to attract medical device industry clients

The regulated industry is actively searching for help with the 2026 change. Position your services accordingly.

Practical QMSR Action Plan: 30, 90, and 180+ Days

Since QMSR is already effective, this plan mixes urgent catch-up tasks with longer-range improvements. External partners, including specialized regulatory consultants, can support specific steps along the way.

Next 30 Days: Triage and Visibility

• Complete a focused QMSR gap analysis against ISO 13485:2016 and new Part 820 sections
• Use a simple scoring system with owner assignments for each gap
• Perform a documentation sweep to identify QSR terms (QSR, DHF, DMR, DHR, QSIT)
• Plan controlled updates to QMS documents through your change control process
• Schedule a leadership briefing to explain QMSR changes and risks of non-compliance
• Define needed resources for the next 12 months
• Contact existing suppliers and contract manufacturers to confirm their QMSR and ISO 13485 status

 

Documentation review checklist:

 

Document Type	Review Focus
Quality Manual	ISO 13485 scope and policy alignment
Procedures	Terminology updates, risk integration
Forms	ISO clause references, MDF structure
Training Records	Competency checks on new requirements
Supplier Files	Risk-based evaluation criteria

 

Next 90 Days: Implementation and Training

• Update key procedures for design and development, supplier control, CAPA, complaint handling, management review, and internal audits
• Map procedures clearly to ISO 13485 clauses and CGMP requirements
• Conduct targeted staff training sessions on new terminology, inspection expectations, and risk-based decision making
• Record attendance and competency checks
• Run at least one internal audit using a QMSR and ISO 13485 based checklist
• Include review of internal audits and management reviews themselves as audit subjects
• Convert forms and templates to support risk fields, ISO clause references, and traceability into the Medical Device File structure

Your quality assurance team should verify that all updates flow through proper document control and that effective medical devices continue to be produced during the transition.

 

Next 6–12 Months: Optimization and Inspection Readiness

• Perform a full system audit covering all ISO 13485 clauses and QMSR sections
• Use an external expert if possible and apply results to finalize remediation
• Strengthen management review content to include:
  • Performance metrics against quality objectives
  • Risk trends and mitigation actions
  • Supplier performance data
  • Complaint statistics and trending
  • CAPA effectiveness with clear action items
• Build a repeatable pre-inspection readiness process
• Conduct mock FDA inspections
• Establish document room practices
• Define clear roles for responding to inspector requests
• Monitor FDA communications and guidance documents
• Watch for changes to Compliance Program 7382.850
• Keep your QMS and training current as future revisions appear

Finished devices marketed in the U.S. must be manufactured in systems that meet all regulatory requirements. Prepare now for the scrutiny that comes with devices subject to FDA oversight.

 

Clearing Up Common QMSR Misconceptions

Many teams still rely on assumptions that were true under QSR but no longer apply under QMSR. These myths can lead to costly gaps during FDA inspections.

 

Myth 1: ISO 13485 Certification Replaces FDA Inspections

• Having an ISO 13485:2016 certificate does not prevent FDA from inspecting your facility under QMSR
• FDA will not issue ISO 13485 certificates
• FDA will not follow MDSAP audit plans during its own inspections
• Treat ISO 13485 audits as preparation, not a substitute for FDA readiness
• Keep FDA-specific procedures and records inspection-ready at all times

The Safe Medical Devices Act and implementing regulations give FDA authority to inspect regardless of third-party certifications. Your voluntary compliance with international standards supports but does not replace federal food, drug, and cosmetic act obligations.

 

Myth 2: QMSR Only Applies to New Products

• QMSR applies to all finished devices marketed in the U.S. after February 2, 2026
• This is true regardless of when products were first cleared or approved
• FDA may review QMS records created before the effective date
• These records should demonstrate ongoing control and compliance with QMSR-aligned processes
• Update procedures and records for existing product lines, not just new development projects
• Communicate to customers that your entire portfolio is managed under a QMSR-aligned system

The only exempt manufacturers are those specifically excluded by regulation. For most medical device companies in the U.S. market, QMSR compliance is mandatory for high quality medical devices.

 

QMSR and 510(k) Submissions

QMSR does not change the basic 510(k) framework. It does affect expectations around design control and quality evidence behind submissions.

• Full QMS documentation is not attached to most 510(k) files
• FDA expects design control records, verification, validation, and risk management to reflect ISO 13485 and QMSR practices
• Verify QMSR alignment of design planning, design reviews, risk analyses, and design verification protocols before referencing them in a 510(k)
• CAPA and complaint trend data used to support safety and performance claims should be based on QMSR-compliant processes

Timing matters:

• Complete QMS updates so critical records are fully aligned before key submissions
• This helps avoid inspection findings triggered around the same time as your submission review
• Device labeling and packaging controls should also reflect QMSR-aligned procedures
• Labeling and packaging activities must be documented per ISO 13485 requirements

Combination products may have additional regulatory jurisdictions and other FDA regulations to consider beyond QMSR. Consult applicable guidance documents for your specific product type.