FDA’s New Quality Management System Regulation (QMSR)

What It Means for Global Medical Device Quality Management

Changes to the FDA medical devices regulatory framework, as announced in February 2024, have now been brought into effect. The Quality Management System Regulation (QMSR) replaces the long‑standing Quality System Regulation (QSR) under 21 CFR Part 820 for the quality management of medical devices, now incorporating ISO 13485:2016 Medical devices — Quality management systems, signalling a step towards international harmonisation.

The FDA has confirmed that inspections will move to a new compliance program from 02 Feb 2026, retiring prior manuals and the QSIT approach.

As a reminder of our previous review of impact to medical device manufacturers, this blog will review the why, what, who and how of implementing this changed regulation.

Why the QMSR – and why now?

For nearly three decades, US device quality requirements remained largely anchored to a 1996‑era QSR. Meanwhile during this time international frameworks have converged on ISO 13485.

By aligning with ISO 13485, the FDA is reducing duplicative compliance burdens for companies marketing devices across multiple jurisdictions, while preserving US-specific statutory obligations such as Medical Device Reporting (MDR), Unique Device Identification (UDI), and labelling controls.

In simple terms, the QMSR allows a single, ISO‑centred Quality Management System to serve global markets more efficiently – providing that firms maintain the FDA’s additional expectations.

Key drivers behind the change include:

• Global harmonisation, reducing regulatory fragmentation for manufacturers operating across multiple jurisdictions.
• Modernised quality expectations, reflecting the evolution of device technologies and supply chains.
• Improved clarity and consistency, particularly regarding terminology and record‑keeping.
• Stronger alignment with risk‑based quality management, as emphasised in ISO 13485.

Key changes manufacturers will notice

The QMSR fundamentally amends the existing medical device Current Good Manufacturing Practice (cGMP) requirements under 21 CFR Part 820, integrating ISO 13485:2016 and ISO 9000:2015 terminology and concepts.

Terminology: Formal incorporation of ISO 13485:2016 and ISO 9000:2015 vocabulary enables convergence of documentation and terminology across markets. The shift away from US-centric terms like Design History File (DHF), Device Master Record (DMR), and Device History Record (DHR) towards ISO concepts such as the Medical Device File and Design & Development File will help unify records across global operations.

Transparency: A notable change is that of expanded transparency. The FDA can now review internal audit reports, management review outputs, supplier audit records, and training documentation during inspections, heightening expectations for objective, evidence‑based records.
Concurrently, there is no dilution of FDA‑specific obligations; MDR, UDI, and detailed labelling/traceability expectations continue to apply alongside ISO 13485.

Finally, the FDA will conduct inspections Compliance Program Manual 7382.850 rather than QSIT, updating the way investigators assess conformity.

Manufacturers should expect:

• More consistent documentation structures across markets.
• Less duplication between U.S. and international audits.
• Increased reliance on established ISO concepts such as the Medical Device File.

Who is likely to feel the most impact?

Multinationals already certified to ISO 13485 or operating under Medical Device Single Audit Program (MDSAP) may find the transition relatively smooth. Smaller US‑focused manufacturers and combination product firms may experience a steeper curve.

New expectations around management responsibilities, supplier controls, and integrated risk management may identify gaps where organisations historically relied on narrower or less formalised approaches. Companies that have not previously exposed internal audits or management reviews to external scrutiny will particularly benefit from prompt implementation of the QMSR requirements.

Specific groups likely to feel the greatest impact include:

• Small and medium U.S. manufacturers unfamiliar with ISO 13485
• Combination product manufacturers, who may mistakenly assume QMSR does not apply
• Firms with historically limited supplier management oversight
• Companies with gaps in risk management integration, given differing expectations between ISO 14971 and U.S. legacy approaches

Global implications and opportunities for the QMSR

For manufacturers serving the EU, Canada, Australia, Brazil, and Japan, ISO 13485 has long provided the core quality framework. By aligning with that foundation, the US is reducing administrative burden and creating opportunities to rationalise documentation structures, harmonise change control practices, and coordinate audit readiness across markets.

Organisations already subject to MDSAP audits should find that the cadence, emphasis on process effectiveness, and reliance on ISO concepts translate smoothly into the FDA’s revised inspection approach. This may open the door to more efficient audit strategies that leverage one body of evidence for multiple regulators – a clear advantage in complex supply chains with numerous legal manufacturers and critical suppliers.

Practical steps to implementations

Manufacturers should ensure their compliance with the QMSR:

• Conduct a QMSR–ISO 13485 gap assessment.
  • Map procedures to ISO clauses and amended Part 820.
  • Pay special attention to risk management integration, supplier controls, complaint handling linkages to MDR, and data integrity within training and competency records.
• Check internal audit and management review procedures.
  • Ensure objectivity, evidence trails, and action tracking.
• Ensure document architecture and terminology alignment to ISO requirements.
• Reinforce supplier management with right‑to‑audit language and risk‑based monitoring.
• Train staff for the new inspection model and the broader scope of accessible records.

Guidance for QA/RA leaders

The change to QMSR could be an opportunity to embed stronger risk‑based thinking, elevate management accountability, and streamline cross‑functional governance.

Ensure you document personnel responsibilities, not only to implement the compliance changes, but take advantage of these opportunities to make efficiency improvements. Examples include reducing duplicate procedures, shortening change control cycle times, and improving supplier performance metrics. Synchronising QMSR work with ERP or eQMS upgrades, data integrity programmes, or supplier rationalisation initiatives can minimise disruption and accelerate the realisation of benefits.

Common pitfalls to avoid

The implementation of the QMSR isn’t a mere renaming exercise. The spirit of the change emphasises integrated risk management, robust oversight, and inspection‑ready records.

• Do not overlook US‑specific obligations; ISO 13485 alignment does not replace MDR, UDI, or detailed labelling controls.
• Do not neglect supplier controls. Transparency expectations extend into the supply chain, so ensure critical suppliers are contractually and practically aligned with your QMS.
• Finally, prepare staff for new inspection dynamics. Ensure that teams understand that auditors may examine internal audits and management reviews, making accuracy, candour, and evidence trails evermore essential.

QMSR timeline and regulatory housekeeping

The effective date for the QMSR is 2 February 2026. The FDA has issued technical amendments updating references across numerous parts of Title 21 to ensure consistency with the new rule.

Manufacturers should ensure regulatory references consistently cite the amended Part 820 and ISO 13485 in their local documents. For global teams, PharmOut recommends maintaining a reference table indicating where ISO clauses are supplemented by FDA‑specific requirements. This should include MDR reporting, UDI, and device labelling.

Looking ahead – measuring success

Beyond day‑one compliance, organisations might measure QMSR success through practical indicators:

• reduction in duplicate procedures across markets;
• improved first‑time‑right rates for submissions and inspections;
• cycle time improvements in change control;
• stronger supplier performance metrics.

The ultimate goal is a quality system that is simpler to operate globally, more transparent to regulators, and more effective at identifying and controlling risk throughout the device lifecycle.

PharmOut Services & Training

The introduction of the QMSR represents a significant shift for medical device manufacturers in, or supplying to, the US.

PharmOut can support organisations in navigating this change through practical, risk-based consulting and targeted training services. Our support can include QMSR and ISO 13485:2016 gap assessments, Quality Management System remediation, change control and risk management integration, supplier quality programme enhancement, and inspection readiness activities.

PharmOut also delivers tailored training and workshops for executive leaders, quality and regulatory professionals, and operational teams. We can help organisations embed QMSR requirements effectively while strengthening overall quality maturity. Explore our elearning and public courses via onlinegmptraining.com, or contact us via the website or via email to tailor workshops to your needs.

Frequently Asked Questions (FAQ)