.svg "\"\"")
From February 2, 2026, all medical device manufacturers and importers selling their products in the USA will need to comply with the FDA’s new Quality Management System Regulation (QMSR). Are you ready to transition?
The QSR and the QMSR; what’s the difference
The FDA’s current QSR (Quality System Regulation) and the requirements of the ISO 13485:2016 standard were already closely aligned. However, the new QMSR brings the FDA and ISO 13485 requirements into even tighter lock-step.
|
|
QSR |
QMSR |
|
Scope and application |
Applies mainly to medical devices marketed in the US, focusing specifically on manufacturing processes and quality assurance. |
Broadens the scope to include additional stakeholders like contract sterilisers and remanufacturers, aligning more closely with international standards. |
|
Regulatory alignment |
Follows older FDA-specific regulations, tailored primarily to US requirements. |
Seeks to harmonise US regulations with global standards, particularly ISO 13485:2016, facilitating easier compliance for global market access. |
|
Terminology and definitions |
Utilizes FDA-specific terminology, including terms like DHF, DMR, and DHR. |
Adopts international terminology from ISO 13485:2016 updating many traditional terms to align with global standards (e.g. the medical device file) while maintaining the requirements under new terminologies. |
|
Documentation and record keeping |
Focuses on detailed FDA-specific documentation requirements. |
Emphasises system-wide documentation and record-keeping in line with ISO 13485, incorporating broader criteria for maintaining and protecting records. |
|
Labelling and packaging |
Contains specific and detailed FDA requirements for labelling and packaging, with a focus on ensuring compliance with US standards. |
Incorporates FDA-specific labelling requirements while also integrating ISO 13485 standards, adding enhanced global consistency and focusing on ensuring traceability and risk mitigation. |
|
Risk management |
Risk only mentioned once in the QSR under design and development. |
Places a stronger emphasis on integrating risk management throughout the ISO 13485 elements and the device lifecycle, aligning with ISO 14971 standards (although compliance with ISO 14971 is not directly required but is identified as the source). |
|
Inspection and compliance |
Uses the FDA’s Quality System Inspection Technique (QSIT) for inspections. |
Updates inspection methodologies to better align with ISO 13485, although specific changes are still being finalised. |
|
Certification and compliance |
Requires compliance with FDA-specific regulatory standards. |
Does not require ISO 13485 certification but encourages compliance to facilitate market access globally. For those companies that do not currently follow ISO 13485 should consider taking the additional step of certification. |
|
Implementation timeline |
Established with periodic updates over the years. |
QMSR final rule was published on Feb 2, 2024, with a transition period ending on Feb 2, 2026, allowing organisations time to adjust to the new regulations. Any affected company that has not started its transition should start with a gap analysis now. |
|
Regulatory priorities |
Focuses on ensuring product safety and effectiveness with rigorous FDA oversight. |
Aims to reduce regulatory redundancies and simplify processes by aligning more closely with international standards, promoting a more unified approach to global market access. |
How easy will transition be for those who have already gained ISO 13485?
In their detailed examination of the regulation the FDA group say:
“Businesses already certified or aligned with ISO 13485:2016 will encounter minimal adjustments due to the introduction of the QMSR. Their main tasks involve updating documents to reference the QMSR and making minor modifications to ensure complete compliance.”
And they go on to add
“These companies, particularly those marketing devices in jurisdictions where ISO 13485 is the accepted GMP standard (such as the EU, Australia, Canada, and Japan), will likely see a reduction in both the complexity and cost of QMS compliance."
But what about developers who have not gained ISO 13485?
However, for medical device companies that have not previously aligned with ISO 13485, transitioning to the upcoming QMSR may expose significant gaps in their existing quality management systems.
As Brian Newbery, founder of Fast-Track QMS Consultants, highlights, medical device developers who structured their quality management systems (QMS) to meet the FDA’s QSR requirements - without pursuing ISO 13485 certification - may find their systems falling short under the new QMSR:
“While the FDA QSR and ISO 13485:2016 share many similarities, there are significant differences, particularly in how they address risk,” Brian explains. “For instance, risk is mentioned only once in the QSR, whereas it is referenced twenty times in ISO 13485.”
To align with ISO 13485, US medical device developers must now adopt a risk-based approach to quality management that integrates more closely with ISO 14971, the standard for risk management in medical devices.
This shift will require many organizations to embed risk management practices more deeply into their quality processes, ensuring that risk assessment and mitigation are not isolated tasks but integral to their product lifecycle management.
Brian Newbery’s recent LinkedIn posts point out some other key areas where those without ISO 13485 may struggle to meet the new requirements of the QMSR.
- Purchasing and supplier management processes may need strengthening to ensure robust vendor selection, approval, oversight and documentation.
- Areas such as training, management review, and feedback loops may need to be bolstered to satisfy QMSR requirements for thorough recordkeeping, communication, and continual improvement.
And the challenges may not stop there.
Other potential gaps include internal communications, quality planning, internal audits, design and development controls, contamination control measures, and the validation of sterilisation and software — all of which are integral to achieving both compliance and high-quality outcomes under the new QMSR framework.
What steps should developers take?
As Brian points out, the clock is ticking on the February 2, 2026 transition deadline. He recommends a systematic approach to tackle the QMSR challenge:
1. Understand the requirements
Familiarise yourself with the QMSR and its alignment with ISO 13485:2016. Knowing the specifics is crucial to mapping out your path to compliance.
2. Perform a gap analysis
Take the time to conduct a thorough assessment of your current quality management system to identify all gaps. Prioritise and focus on risk management, supplier controls, and documentation to ensure a clear plan for bridging gaps. Brian’s website has a comprehensive QMSR checklist available to help you identify the gaps in your current QMS.
3. Develop a QMSR transition plan
Work together as an organization to prioritise the changes you need to make. Ensure you have the right templates and eQMS tools in place to help you build the documentation and processes necessary for compliance. Using an eQMS system will make it a lot easier to manage, track and trace the many QMS system changes that can be involved in the QMSR transition.
4. Ensure you leave time for internal audits and corrections
Regular audits are essential to identify issues early and refine your processes. Implementing a strategy for continual improvement is an important part of the QMSR requirements.
Finally, Brian says - don’t underestimate the workload:
"Transitioning to QMSR can present unexpected challenges, particularly in understanding regulations, identifying gaps, implementing new processes, and training your team.
He continues:
"It's crucial to allocate enough time for these changes, conduct audits, address any corrective actions, and maintain adequate records to demonstrate compliance. Ensure you are not caught unprepared as the QMSR deadline approaches."
%20(1).webp?width=133&height=76&name=ISO%20IEC%2027001%20(1)%20(1).webp)