We recently hosted a webinar that generated a huge response. The reason is simple: the FDA’s Quality Management System Regulation (QMSR) is not a future planning exercise anymore. It is the operating reality, right now, for every medical device manufacturer doing business in the United States.
Our presenter, Danielle Metzger of Network Partners Group, a quality leader with over 25 years of experience across medical devices, pharmaceuticals, biotech, and SaaS-enabled sciences, walked our audience through exactly what QMSR means in practice, what has changed from the legacy QSR, and what organizations need to do today to demonstrate readiness. The conversation was rich, direct, and at times, sobering.
If you missed it, the full replay is available below. I also want to pull out the key points here because the questions we received from attendees confirmed that many organizations are still navigating significant uncertainty and that uncertainty is itself a risk.
Watch the Full Webinar Replay
Why QMSR Matters More Than Any Other Regulatory Update in Recent Memory
Danielle opened with a framing that set the tone for the entire session: this is not a routine update. “This new QMSR replaces the legacy Quality System Regulation, 21 CFR Part 820, and it shifts the US from being a prescriptive, FDA-specific framework to one that aligns with ISO 13485:2016. That means the focus is no longer just on checking boxes for compliance. We now have to demonstrate that our quality system is effective, integrated, and truly supports product quality and patient safety.”
What makes this particularly significant is the global harmonization dimension. For the first time, US-based manufacturers, and international companies selling into the US, can realistically operate under a single quality system that supports multiple markets. The EU, Canada, and Australia all recognize ISO 13485 as a foundation. QMSR now does too.
From a regulatory strategy perspective, this is meaningful. Companies that have historically maintained separate quality systems for the US versus the rest of the world now have a credible path to consolidation. But that opportunity comes with a clear requirement: you have to actually build and operate an integrated, effective system, not just relabel your existing one.
The Effective Date Is Not Coming. It Has Passed.
One of the most important clarifications from the webinar was on timing and I want to be unambiguous about this for anyone still treating QMSR as forward planning.
The FDA’s final rule was published on February 2, 2024, giving the industry a two-year transition window. That window closed on February 2, 2026.
As Danielle stated plainly: “The key message now is not preparation. It’s readiness and execution. FDA investigators can and will assess your quality system against QMSR expectations today. There is no buffer period at this stage.”
This means inspections are already being conducted against QMSR expectations, with the ISO 13485 framework as the foundation and FDA-specific overlays applied on top. Organizations that are still “planning to transition” are, right now, operating with inspection risk. That is not a comfortable place to be, and it is something I am hearing about from clients across our network.
Understanding the Hybrid Model: It Is ISO 13485 Plus FDA, Not Either/Or
A key point of confusion Danielle addressed, and one I see frequently in the organizations I work with, is the assumption that QMSR and ISO 13485 are interchangeable. They are not.
QMSR is a hybrid. ISO 13485 forms the structural foundation. But FDA authority under the FD&C Act remains fully in place. Complaint handling, medical device reporting, corrections and removals, these are retained, emphasized, and inspectable. “QMSR is ISO 13485 at its base, with FDA regulatory overlays layered on top. A compliant QMS must align with ISO, satisfy FDA regulatory authority, and incorporate those FDA-specific expectations. They’re all working together.”
Critically, ISO certification itself remains optional, but that distinction matters less than many organizations think. Whether or not you hold a certificate, the FDA will evaluate your system against ISO 13485 principles during inspection. Certification does not exempt you from FDA oversight. It can support your posture, but it is your system’s performance that ultimately determines your outcome.
What Has Fundamentally Changed: The Shift from Checklist to System Evaluation
For those of us who have been through FDA inspections under the legacy QSR, the change in inspection approach is significant and should not be underestimated.
Under the old framework, inspection readiness meant procedures in place, documents completed, responses aligned to CFR requirements. That approach, as Danielle described, is no longer sufficient. “Now the focus is on system evaluation rather than checklist verification. Inspectors are looking at how your processes are working together, how information flows across your system, and whether your QMS is actually effective in managing quality and risk.”
The shift toward open-ended, discussion-based inspection is real. Investigators want to understand how decisions are made, not just what was decided. They want to see the reasoning, the risk integration, the connections between your CAPA system and your risk files, between your complaints and your post-market surveillance data.
Three specific expanded areas of FDA access are worth highlighting:
- Internal audit records are now reviewable. Audits need to be thorough, objective, and well-documented because the FDA will evaluate not just findings but how effectively those findings were addressed.
- Management review records are now accessible. Leadership accountability is inspectable. The FDA can assess whether management is actively engaged in quality decisions, not just attending a quarterly meeting.
- Supplier audits and oversight activities are fully inspectable. Qualifying a supplier once and conducting biannual audits is no longer sufficient. Ongoing monitoring, performance metrics, and documented follow-up actions are expected.
As Danielle put it: “Nothing in your QMS should be treated as internal only anymore.”
Risk Management Is No Longer a Design Controls Function
One of the most operationally significant changes under QMSR, and one where many organizations have the largest gaps, is the expansion of risk management across the entire product lifecycle.
Under the legacy QSR, risk management was largely confined to design controls. Under QMSR, aligned with ISO 14971, risk is expected to be embedded across manufacturing, supplier management, CAPA, and post-market activities. Continuously. Not just at the design stage. “Risk management is no longer just a standalone activity. It really is the backbone of the QMS. It’s connecting your processes, and it’s ensuring that your system is proactive, not reactive.”
The practical implication: your complaint data should feed your risk assessments. Your CAPAs should address identified risk trends. Your post-market data should continuously refine your understanding of product risk. And the documentation linking all of this, what Danielle described as the “cohesive, traceable system where data flows across processes”, is exactly what inspectors will be looking for.
If your risk files, CAPA records, complaints, and post-market data live in disconnected silos, that is a gap that will be visible during inspection.
Who Is Most Impacted and Where to Start
Not every organization faces the same degree of change, and Danielle was clear about that distinction.
If your organization is already ISO 13485 certified and aligned, the QMSR transition is primarily about fine-tuning: ensuring FDA-specific expectations are fully addressed on top of your ISO foundation. The lift is manageable.
If your organization has been operating primarily under the legacy QSR-based system without ISO alignment, the transformation is more substantial. Structural updates are required. How your system functions day-to-day needs to change, not just how it is documented.
For both groups, the right starting point is the same: a structured gap assessment. “The most effective way to begin is with a gap assessment, comparing your current QMS against ISO 13485 and the QMSR overlays to clearly identify where you meet expectations and where your gaps exist. Understanding your starting point allows you to prioritize your efforts, focus on higher-risk areas, and build a practical transition plan.”
The Seven-Step Practical Roadmap
Danielle walked through a concrete, sequential roadmap for organizations working through their QMSR transition. These steps apply whether you are still in implementation or already operating under QMSR and preparing for your first inspection under the new framework.
Step 1 — Perform a Gap Assessment. Map your existing procedures to ISO 13485 clauses. Identify where requirements are fully met, partially met, or missing. Critically: look at how processes actually function in practice, not just whether documentation exists.
Step 2 — Update Documentation. Revise SOPs, quality manuals, templates, and risk management files. Approach this as a system-level update, not isolated document changes. Terminology must be standardized. Linkages between processes must be visible and traceable.
Step 3 — Strengthen Risk Management. Embed risk across the lifecycle. Connect complaint data to risk assessments. Ensure CAPAs address identified risks. Make sure risk management is a central thread, not a standalone exercise. Align with ISO 14971.
Step 4 — Train the Organization. Training must extend beyond quality teams to engineering, leadership, and all functional areas. Teams need to understand how processes are connected, how risk flows through the lifecycle, and what inspectors will expect in discussion-based audits.
Step 5 — Prepare for Inspections. Conduct internal audits and mock inspections that simulate the new discussion-based, system-focused inspection style. These should not be checklist exercises. Practice open-ended questions about how processes connect, how decisions are made, and how effectiveness is demonstrated.
Step 6 — Align Globally. Use QMSR as the catalyst to move toward a single unified QMS that supports multiple markets. Reduce duplication. Eliminate parallel systems maintained for different regions. The ISO foundation makes this achievable in a way it never was under the legacy QSR.
Step 7 — Monitor FDA Updates. QMSR is in effect, but expectations will continue to evolve. Actively monitor FDA guidance, track inspection trends, and watch enforcement focus areas. Compliance under QMSR is not static.
What to Avoid: The Four Mistakes We Are Seeing
Based on the webinar discussion and what I am hearing from organizations across our regulatory network, these are the most common and most costly mistakes in QMSR transitions right now:
Treating QMSR as a minor update. Updating procedures and mapping to ISO clauses without addressing how the system actually functions will leave gaps in integration and effectiveness that are visible during inspection.
Disconnecting risk from operations. Risk management embedded only in design controls, without linkage to CAPA, complaints, and post-market data, is a structural gap that inspectors are specifically trained to identify.
Under-training. If teams outside of quality do not understand how the system has changed, documentation may look correct while execution remains inconsistent. Inspectors will find this.
Preparing for the old inspection model. Organizations practicing checklist-style audit preparation will struggle when inspectors ask open-ended system questions. Prepare your teams for discussion, not documentation review.
The Strategic Opportunity Inside the Compliance Requirement
Let’s close with something Danielle emphasized that I think deserves more attention than it typically gets in compliance conversations.
QMSR is a compliance requirement. But it is also a genuine strategic opportunity. Organizations that have invested the time to build an integrated, risk-based, globally aligned quality system are not just inspection-ready, they are operationally stronger. They have reduced duplication across markets. They have quality embedded in leadership decision-making. They have systems that scale. “At the end of the day, this shift to QMSR is much more than a regulatory update. It’s a strategic change in how quality systems are designed, managed, and evaluated. How you respond to this change will directly impact both your compliance posture and your competitive position moving forward.”
That framing resonates with me deeply, and it reflects how I believe regulatory teams should be positioning QMSR internally, not as a burden to manage, but as a modernization initiative with lasting operational value.
How RegDesk Can Help
Navigating QMSR alignment, from gap assessment to documentation updates to inspection readiness, is exactly the kind of complex, multi-jurisdiction regulatory work where RegDesk’s AI-powered platform with built-in regulatory intelligence add the most value. Our platform helps regulatory teams prepare, manage, and publish international submissions faster and with greater confidence. If you would like to discuss your QMSR readiness posture or explore how RegDesk can support your transition, reach out to us directly. We would be glad to help.
