Playbook and Q&A for the QMSR Update

By incorporating ISO 13485:2016 principles and ISO 9000:2015 references, the FDA’s transition from the Quality System Regulation (QSR) to the Quality Management System Regulation (QMSR) aims to harmonize U.S. requirements with global standards, reduce regulatory burden, and strengthen risk-based quality practices.  

This change introduces new expectations for manufacturers, including expanded inspection, and access to internal audits and supplier evaluations. Preparing for QMSR requires a structured approach, which includes understanding regulatory changes, performing gap analyses, updating procedures, validating systems, and training personnel, while leveraging best practices from industry experts and software providers. 

We’ve gathered some of the most asked questions about QMSR, along with best practices for companies to prepare for this update. 

Frequently Asked Questions about QMSR

1. Why is FDA replacing the old QSR with QMSR?

FDA aims to harmonize U.S. regulations with international standards, specifically ISO 13485:2016. This reduces regulatory burden for manufacturers operating globally, improves consistency in quality systems, and enhances patient safety. The old QSR (21 CFR Part 820) was effective but increasingly out of sync with global norms, creating inefficiencies for companies that had to comply with both U.S. and international requirements. 

2. What is the timeline for implementation?

The final rule was first published: February 2, 2024 

The enforcement will begin: February 2, 2026 

While this update was originally proposed to take effect one year after its publication in the Federal Register, the FDA reconsidered the proposed effective date after stakeholder feedback and moved back the effective date by one year. This two-year transition period allows manufacturers to update their systems and processes to meet QMSR requirements. 

3. What significant changes will manufacturers see? 

QMSR incorporates ISO 13485:2016 by reference, meaning compliance with ISO 13485 largely, but not completely, satisfies FDA requirements.  

The FDA retains certain unique provisions that are not found in ISO 13485. As an example, the QMSR updates the scope of complaint handling to the requirements of ISO 13485, but there are also additional FDA requirements outlined, including those found in part 803 (MDR), which includes a requirement for procedures that outline information recording, evaluations, investigations, regulatory reporting criteria, product handling, and corrections and corrective actions. 

Additionally, after the QMSR becomes effective, the FDA intends to review records that were previously exempt from review under QS Regulation 820.180(c), including internal audits, supplier audits, and management review reports. 

4. How will FDA inspections change?

FDA will retire QSIT (Quality System Inspection Technique) and adopt a new inspection protocol aligned with QMSR. Inspections will focus on risk-based approaches, similar to ISO audits, but remain regulatory in nature. FDA inspectors will review internal audit records, supplier evaluations, and management reviews, which were previously off-limits. 

5. What about records created before Feb 2026?

FDA may review pre-update records if they are relevant to compliance with the QMSR. Manufacturers should map old QSR requirements to QMSR and perform a gap analysis to ensure prior documentation can also meet QMSR requirements. 

6. Will ISO certification replace FDA inspections?

No. ISO 13485 certification does not exempt a manufacturer from FDA inspections. While the Medical Device Single Audit Program (MDSAP) is a certification program that allows for QMS audits based on ISO 13485 in addition to other applicable FDA device regulatory requirements, the FDA utilizes the audit reports that are generated from MDSAP audits, rather than the certificate, as an additional tool for regulatory oversight. FDA inspections remain mandatory and enforceable under U.S. law. 

7. What happens if ISO 13485 is updated?

FDA will evaluate any future revisions to ISO 13485 and decide whether to update QMSR through rulemaking. If deemed appropriate, the FDA will update this regulation in accordance with Federal law and being on the ISO technical committee responsible for ISO 13485, the FDA is aware of any changes to the standard. This ensures regulatory stability while maintaining global alignment. 

8. Where can manufacturers access ISO standards?

Some firms might not have readily available access to ISO standards referenced in this update. The FDA provides read-only access to ISO 13485:2016 via the ANSI IBR portal. For operational use, it is suggested that full copies are purchased through ISO.  

9. How are conflicts between QSMR and ISO 13485 resolved?

The FDA has stated that the Federal Food, Drug, and Cosmetic (FD&C) Act and/or its implementing regulations will take control in cases clauses of ISO 13485 that conflict with any provisions of the FD&C. Furthermore, the generally applicable part 820 regulations will apply to the extent that they do not otherwise conflict with the specifically applicable regulations. 

10. How should manufacturers prepare?

• Understand what’s changing and when: QMSR will be made effective on February 2nd, 2026. Understand the core changes, including incorporation of ISO 13485:2016 and FDA specific requirements for inspection access, risk management, and complaints. 

• Build your QMSR transition plan: Appoint a quality leader as the QMSR program owner and define transition milestones, such as gap analysis and SOP updates, and set risk-based priorities based on production, processes, and business impact. Also note to include supplier and outsourced process readiness in the scope of the plan. 

• Perform a formal gap analysis from QSR → QMSR/ISO 13485: Map each current procedure and record to ISO 13485 clauses and QMSR sections (e.g., QMS requirements in §820.10 and record controls in §820.35) as well as continued application of other parts like MDR (Part 803). Ensure that definitions are aligned and records are readily accessible for audits.  

• Prepare records for FDA inspection: FDA may review records created before Feb 2, 2026, to determine QMSR compliance; perform a comparative analysis showing how legacy records meet QMSR/ISO requirements. It would be helpful to organize and index internal audits, supplier audits, and management review files for quick retrieval. Using an eQMS with strong document control capabilities, such as ACE Docs, can be valuable in organization and record tracking. 

• Train personnel: QMSR awareness training should be made available for all QA/RA/design/manufacturing/servicing staff covering changes from QSR, ISO linkages, record accessibility, and inspection expectations. Tracking training effectiveness through quizzes and maintaining training records can be done with an LMS-equipped eQMS, such as ACE LMS. 

• Conduct a QMSR-Style internal audit & mock FDA inspection: After the previous steps have been completed, execute a full internal audit mapped to ISO 13485 clauses and QMSR provisions, and if available, use the expected QMSR inspection approach. Document objective evidence and CAPAs in your eQMS for audit findings. 

Conclusion 

Successfully navigating the QMSR transition requirements manufacturers to prioritize governance, documentation readiness, and lifecycle risk management while ensuring supplier oversight and digital system validation. Leveraging tools and insights from eQMS providers and other SMEs can make compliance more efficient and inspection readiness more predictable. By using gap assessments, SOP updates, and mock inspections, companies can painlessly comply with QMSR and jumpstarting an opportunity for operational excellence and global alignment.