search
Services Areas
Regulatory Affairs
Quality Assurance
Clinical Operations
Solutions
Consultancy
Audits & Assessments
Global Market Access
Regulatory Intelligence
Training
Interim Support
Clinical Research
Expertise
Medical Devices
Combination Devices
In Vitro Diagnostics (IVD)
Companion Diagnostics (CDx)
Global Market Access
Mergers & Acquisitions
Start-Ups
Resource Center
Featured
Blogs
Events
About us
Careers
Englishexpand_more
No other languages available
Contact us
search
ENG
No other languages available for now
Contact us
Blog Hero
Blog

Preparing for FDA QMSR: Recommended Actions Based on Your Current Quality System Maturity

Risk management integration across the entire quality system is a central expectation under ISO 13485 and QMSR. With February 2, 2026 fast approaching, read how to prepare for the FDA QMSR.

With the FDA Quality Management System Regulation (QMSR) becoming effective on February 2, 2026, medical device manufacturers must ensure their quality systems are aligned with ISO 13485:2016 as incorporated into 21 CFR Part 820 and meet applicable FDA-specific QMSR provisions. There is no grace period beyond the effective date. Firms that are not aligned by February 2, 2026, may be at increased risk during FDA inspections.

Under the QMSR:

  • FDA inspections will assess compliance against ISO 13485:2016, which becomes the primary quality system framework for FDA compliance. On the effective date, 21 CFR Part 820 as currently written will no longer apply.
  • Certain FDA-specific requirements (e.g., complaint handling, reporting, records, and enforcement provisions) are retained where necessary.
  • The goal is to reduce regulatory burden, streamline global compliance, and improve consistency across jurisdictions.

While all manufacturers marketing devices in the U.S. are affected, the path to compliance looks very different depending on your current QMS maturity. Broadly, companies fall into one of two categories:

  1. Companies already certified to ISO 13485 and MDSAP
  2. Companies operating with a QMS compliant only to legacy 21 CFR 820

Understanding your starting point is critical to defining the right transition strategy.

 

1. Companies with ISO 13485 and MDSAP certification

Organizations with ISO 13485 certification - and especially those participating in MDSAP - are generally well positioned for QMSR. However, QMSR compliance is not automatic, and assumptions can create inspection risk. For this group, the FDA expects ISO 13485:2016 to be the core QMS framework and FDA-specific requirements to be layered on top, similar to the MDSAP model. Companies should focus on confirming and aligning their QMS, rather than redesigning it.

Key Recommended Actions

  • Confirm ISO 13485 is the “primary” QMS structure
    • Procedures, records, and process maps should clearly follow ISO 13485 clause logic
    • Avoid parallel or legacy 820-only processes that bypass the ISO framework
  • Verify FDA-specific requirements are fully addressed
    • Complaint handling and complaint files
    • Medical Device Reporting (MDR) linkages
    • Records retention and FDA inspection readiness
    • Unique Device Identification (UDI), where applicable
  • Leverage the MDSAP model
    • MDSAP already demonstrates how ISO 13485 requirements are supplemented by regional regulations
    • FDA QMSR should be treated similarly - as a regional overlay rather than a separate QMS
  • Ensure risk management is fully integrated
    • Risk management should not be limited to design and development
    • Confirm risk-based thinking is embedded across:
      • Purchasing and supplier controls
      • Production and process validation
      • Change management
      • CAPA and post-market surveillance
    • Risk management activities should align with ISO 14971 and be clearly linked to QMS processes
  • Update internal audit and management review programs
    • Internal audits should explicitly assess QMSR alignment
    • Management review inputs should reflect risk, performance, and regulatory compliance across markets, including the U.S.

For ISO 13485 and MDSAP-certified companies, a targeted gap assessment and focused remediation is typically sufficient to achieve QMSR readiness. Early preparation will help minimize disruption and inspection risk as the FDA fully transitions to the QMSR.

 

2. Companies with a QMS compliant only to CFR 820

For companies that operate solely under the legacy FDA Quality System Regulation, QMSR represents a more substantial transformation. The transition is not a simple “update” to existing procedures, it requires adopting ISO 13485:2016 as the foundation of the QMS, with FDA QMSR requirements incorporated into that framework. Companies should focus on transforming their QMS and expect a structured implementation effort similar to preparing for initial ISO 13485 certification.

Key Recommended Actions:

  • Implement ISO 13485:2016 as the core QMS
    • Re-structure the quality manual and process architecture around ISO 13485 clauses
    • Harmonize procedures to reflect ISO terminology, structure, and intent
    • Address gaps where ISO requirements go beyond legacy 21 CFR 820 expectations
  • Incorporate FDA QMSR-specific requirements
    • Maintain FDA expectations related to:
      • Complaint handling and MDR
      • FDA recordkeeping and inspection access
      • Enforcement and regulatory definitions
    • Ensure FDA requirements are clearly embedded—not managed as standalone processes
  • Embed risk management throughout the QMS
    • ISO 13485 requires risk-based thinking across all QMS processes
    • Companies transitioning from 21 CFR 820 often need to expand risk management beyond product design
    • Risk management should be systematically applied to:
      • Supplier qualification and monitoring
      • Process changes and validation
      • Nonconforming product control
      • CAPA prioritization and effectiveness
      • Post-market activities
  • Align design controls with ISO and risk management expectations
    • Ensure design and development processes integrate risk management from concept through lifecycle
    • Strengthening traceability between risks, design inputs, verification, validation, and post-market feedback
  • Update training, audits, and management review
    • Train personnel on ISO 13485 concepts and risk-based thinking
    • Redesign internal audit programs to ISO 13485 and QMSR criteria
    • Ensure management review addresses QMS performance, risks, and regulatory obligations holistically

For this group, early action is critical. Implementing ISO 13485-aligned systems, embedding risk management, and demonstrating maturity will take time.

Final thoughts

The FDA’s QMSR is a major regulatory milestone, harmonizing its requirements with the internationally recognized QMS standard used worldwide, but the path forward is not the same for every organization. Companies already operating under ISO 13485 and MDSAP should prioritize confirmation and alignment, while those relying on legacy 21 CFR 820 will need to prepare for a more fundamental QMS transformation.

Across all organizations, risk management integration across the entire quality system is a central expectation under ISO 13485 and QMSR. With February 2, 2026 fast approaching, now is the time to assess your current state and plan next steps. Early, deliberate action will enable a smoother transition and allow organizations to realize the long-term benefits.

If you have questions about QMSR readiness, gap assessments, or implementation strategies, feel free to contact us.