The FDA Has Changed Medical Device Quality System Audits

Here is what is happening with the new QMSR, why it matters, and how manufacturers must respond. 

In early 2026, the U.S. Food and Drug Administration finalized and activated a major overhaul of its medical device quality system regulations. This overhaul replaced the decades-old Quality System Regulation (QSR) under 21 CFR Part 820 with a modernized framework called the Quality Management System Regulation (QMSR). The new regulation became effective on February 2, 2026, and represents a foundational shift in how quality expectations are set, how compliance is assessed, and how FDA inspections are conducted. (U.S. Food and Drug Administration) 

This change is not cosmetic. It fundamentally alters the baseline regulatory requirements and requires manufacturers to rethink how they prepare for and execute FDA audits. Up until recently, many firms treated the QSR as a discrete set of checklists. The QMSR makes quality strategy, risk management, and documented evidence of effectiveness the centerpiece of compliance.

In this blog, we unpack: 

• What QMSR actually is and why FDA did it 

• How FDA inspections are changing 

• What manufacturers must focus on now to stay audit-ready 

• Practical steps to prepare your quality system 

What is the QMSR and Why It Matters 

The Quality System Regulation (QSR) in Part 820 of Title 21 had been the backbone of U.S. device quality requirements since the 1990s. Designed as a current good manufacturing practice framework, it spelled out specific subsystems and record requirements for device makers. (U.S. Food and Drug Administration) 

Over time, however, the international quality landscape evolved. Regulators around the world adopted ISO 13485:2016 as the global standard for medical device quality systems. That standard integrates risk management, design controls, supplier oversight, and post-market feedback into a cohesive management system. (U.S. Food and Drug Administration) 

The FDA’s QMSR incorporates ISO 13485:2016 by reference directly into Part 820, aligning U.S. regulatory requirements more closely with international standards. This harmonization reduces duplication for manufacturers operating globally and ensures a consistent quality baseline worldwide. (U.S. Food and Drug Administration) 

Importantly, while the ISO standard forms the backbone of the new regulation, the QMSR is not identical to ISO 13485. The FDA adds explicit requirements and clarifications where needed to satisfy U.S. statutory authority and regulatory expectations. Compliance with ISO 13485 alone does not exempt a manufacturer from QMSR requirements or FDA inspections. (U.S. Food and Drug Administration) 

The final rule also incorporates clause 3 of ISO 9000:2015, which standardizes quality management system terminology. This ensures a consistent understanding of terms such as nonconformity, corrective action, and preventive action at both an international and U.S. regulatory level. (U.S. Food and Drug Administration) 

The Audit Reality: New Inspection Program and Strategy 

One of the most significant changes for the industry is not just the regulation itself, but how the FDA inspects compliance under it. 

The End of QSIT 

For decades, FDA inspectors used the Quality System Inspection Technique (QSIT) as a structured, checklist-based methodology for auditing device firms. Under QMSR, that technique is gone. As of February 2, 2026, the FDA has retired QSIT and no longer uses the previous inspection manuals tied to it. (U.S. Food and Drug Administration) 

In its place, the FDA issued an updated and standalone compliance inspection framework in Compliance Program Manual 7382.850, titled Inspection of Medical Device Manufacturers. This new manual guides investigators in planning and executing inspections under the QMSR.

Instead of ticking through a fixed set of subsystems, investigators apply a risk-based, systems-focused approach. They will evaluate selected quality system elements based on the firm’s devices, the potential risk to patients, historical compliance performance, and other contextual factors. That is a far cry from looking solely for the presence of documented procedures.

What This Means in Practice 

Under the new inspection model, FDA investigators will: 

• Review at least one element of each of the six core QMS areas (including management oversight, design and development, change control, purchasing controls, product and service provision, monitoring and measurement). 

• Evaluate additional applicable FDA requirements not covered by ISO 13485, such as medical device reporting and unique device identification. 

• Prioritize areas where product risk could adversely impact patients. 

• Apply critical thinking rather than rigid sample tables to determine what records to review.

This approach places a premium on evidence of effective implementation, not just the existence of documentation. Firms must demonstrate outcomes and decisions, not just checkboxes. 

Management Reviews, Internal Audits, and Supplier Audits Are Now in Scope 

Under the old QSR, some elements, such as management reviews, internal audit reports, and supplier audit records, were often de-emphasized during routine inspections. In practice, they were sometimes exempt or received minimal scrutiny.

Under the QMSR, these records are now squarely within the scope of inspections. Investigators have explicit authority to request and examine them. The removal of QSIT structures means FDA can use a broad set of records to tell the story of how your quality system functions.

This alone should change how manufacturers prepare for audits. Rather than focusing only on procedures tied to specific subsystems, compliance programs must document how leadership engages with quality performance, how internal quality checks are executed and followed up, and how suppliers are vetted and monitored over time. 

Good quality management is holistic. The FDA’s new approach treats it that way. 

Risk Management is Central, Not Optional 

Risk management is now baked into the entire QMS framework. ISO 13485 integrates risk-based thinking across design, production, supplier control, and post-market activities. By incorporating ISO 13485, the QMSR reinforces that risk management is not a standalone task but a continuous, system-wide expectation.

For audit readiness, this means your records must clearly reflect: 

• How risks are identified and documented 

• How risk decisions influenced design, change control, and supplier evaluations 

• What controls were put in place to mitigate identified risks 

• Evidence that those controls are effective 

Investigators will ask pointed questions about how risk considerations shaped quality decisions. If your documentation shows the what but not the why, you can expect follow-up requests and potential observations. 

What Manufacturers Need to Do Now 

The shift to QMSR is not optional. It is effective and FDA is already inspecting under the new regime. Here are practical steps manufacturers should prioritize: 

1. Conduct a QMS Gap Assessment Benchmark your existing quality management system against ISO 13485:2016 and the QMSR provisions in Part 820. Identify differences, missing procedures, or areas where documentation does not show effective implementation. 

2. Update Documentation to Reflect Practice Regulators will judge your quality system by what your records actually show. Ensure procedures, risk assessments, audit reports, and supplier oversight files tell a complete and accurate story of compliance and quality outcomes. 

3. Train Internal Teams on QMSR Expectations Everyone involved in quality, regulatory, design, and production needs to understand that inspections now reach across functional areas. Cross-training on risk management principles and how they tie back to ISO 13485 and QMSR requirements is essential. 

4. Improve Risk Documentation and Traceability Risk decisions must be traceable. That means risk logs, risk control measures, and evidence of risk monitoring must be organized, accessible, and understandable to an auditor. 

5. Integrate Internal Audits and Management Reviews Make internal audit findings and management review outcomes components of your overall quality narrative. These are no longer back-room exercises that never see the light of an inspection. 

6. Review Supplier Control Activities Supplier evaluations and ongoing monitoring must match the risk profiles of their work. For critical suppliers, maintain thorough audit and performance records. 

Common Misunderstandings About QMSR 

As firms adapt, a few misconceptions have emerged: 

ISO 13485 certification equals QMSR compliance This is false. You must comply with the FDA’s QMSR requirements and cannot use ISO 13485 certification in lieu of an FDA inspection or to demonstrate compliance. (U.S. Food and Drug Administration) 

FDA will issue ISO 13485 certificates This is also false. FDA audits under the QMSR do not result in ISO certification. They are FDA compliance inspections focused on U.S. regulatory requirements.

Old QSR audit approaches still work They do not. The checklist mentality that worked under QSIT is outdated. Risk-based, system-wide evaluation is the new reality.

Conclusion: Compliance is Now About Evidence, Not Just Procedures 

The shift from QSR to QMSR is one of the most significant regulatory changes in the U.S. medical device space in decades. It harmonizes U.S. requirements with global quality standards, modernizes how quality systems are evaluated, and forces manufacturers to move beyond procedural compliance toward evidence of effective quality management. 

FDA’s new inspection regime is now live and being applied in real audits. Preparedness requires thoughtful quality system design, meticulous documentation, clear articulation of risk decisions, and a true integration of quality into organizational culture. 

Manufacturers that adapt proactively will not only survive this transition but also build more resilient quality systems that streamline compliance and support product excellence. Those who cling to old inspection preparation habits risk findings and increased regulatory scrutiny. 

The QMSR era is here. Prepare accordingly.