In 2024, the FDA released its long-awaited final rule that reshapes how U.S. medical device manufacturers manage quality.
The FDA’s new Quality Management System Regulation (QMSR) represents the most significant overhaul of U.S. medical device quality requirements in more than 25 years. Replacing the long-standing Quality System Regulation (QSR / 21 CFR 820), the new rule aligns closely with ISO 13485:2016 and introduces updated expectations for documentation, risk management, and quality system maturity.
This guide walks you through everything manufacturers need to achieve FDA QMSR compliance, what has changed, how to prepare, and how to conduct a QMSR gap analysis to ensure a smooth transition.
Key takeaways
Let’s dive deeper into what this all means.
What is the FDA Quality Management System Regulation (QMSR)? A quick refresher
The FDA QMSR stands for Quality Management System Regulation. It isn’t an entirely new framework but rather an update to the long-standing QSR (Quality System Regulation) under 21 CFR Part 820.
The final rule was published on February 2, 2024, and enforcement begins February 2, 2026.
In simple terms, the FDA QMSR:
- Replaces the previous Quality System Regulation (QSR)
- Incorporates ISO 13485:2016 into Part 820, making it part of U.S. regulatory requirements.
- Adds FDA-specific expectations where ISO is less detailed, creating an extra layer of obligations.
- Updates inspections and documentation rules, replacing QSIT and expanding FDA access to internal records like audits and management reviews.
Why the change? The FDA sees QSR as out of step with today’s international quality standards. Since the regulations are already very similar, FDA QSR and ISO 13485 harmonization reduces duplication and supports global consistency.
For manufacturers, this means a transition period: you’ll need to keep meeting QSR requirements now, while also preparing your QMS for QMSR.
Recommended learning:
Differences between DHF, DMR, DHR, and QMSR for medical devices.
What FDA QMSR compliance means for medical device companies
Achieving FDA QMSR compliance means your Quality Management System must fully align with the structure, terminology, and expectations of ISO 13485:2016, while still meeting FDA-specific requirements. In practice, manufacturers must ensure that their QMS:
- Aligns with ISO 13485 processes and framework, including documentation hierarchy, lifecycle focus, and quality planning.
- Demonstrates risk-based decision making across all processes, from design and development to production and post-market surveillance.
- Maintains complete, traceable documentation and objective evidence to show that quality processes are defined, implemented, and effective.
- Implements supplier controls proportionate to supplier risk, including qualification, monitoring, and re-evaluation activities.
- Ensures all quality processes (from design controls to complaint handling) reflect QMSR’s updated harmonized expectations.
- Validates all software used within the QMS, including eQMS platforms, spreadsheets, automated workflows, and production-support tools.
- Provides role-based training and competency evidence, ensuring personnel are qualified for their responsibilities under the new rule.
- Maintains inspection-ready records, aligned with ISO 13485’s structure and FDA’s requirements for traceability, documentation, and evidence.
Key changes introduced by QMSR
At a high level, here’s a QMSR vs QSR roadmap of what changes (and what stays) in the new regime:
-
Full incorporation of ISO 13485 principles
-
Stronger emphasis on risk management across all quality processes
-
Updated requirements for document control and validation
-
Closer alignment with global regulatory expectations
-
A shift from prescriptive procedures to process- and evidence-based quality management
But let's take a more in-depth look.
The FDA QMSR final rule introduces several changes that every manufacturer should understand. One of the biggest shifts is inspection authority: FDA can now review internal audit reports, management reviews, and supplier audits - areas previously exempt under QSR 820.180(c).
While the rule leans on ISO 13485, FDA-specific requirements remain, especially for device labeling, packaging, and other areas ISO doesn’t cover. The rule also clarifies hierarchy: if ISO and FDA requirements conflict, the FD&C Act or FDA regulations take priority.
Records created before February 2, 2026, may still be scrutinized if they can be mapped to the new requirements. At the same time, the FDA estimates that consolidating overlapping requirements could reduce administrative burden, particularly for foreign companies.
Other updates include revised obligations for combination products, a stronger emphasis on lifecycle processes - like post-market surveillance, risk trending, and feedback loops - and a reminder that ISO 13485 certification does not replace FDA compliance.
In short, the FDA QMSR means your QMS can’t just look compliant on paper; it must be inspection-ready in practice.
QMSR vs QSR: key differences
Making the shift from QSR to QMSR is nontrivial. Here’s a QMSR vs QSR roadmap of what changes (and what stays) in the new regime:
*QSIT: Quality system inspection technique
A common misconception is that the FDA QMSR will make life easier for manufacturers.
In reality, if your QMS is already aligned with ISO 13485, the changes may feel more like a shift than an added burden. But for U.S.-only manufacturers with little ISO experience, the transition could be a heavy lift.
In short, QMSR and QSR have a lot in common, but not everything lines up, and the details matter. That’s why it’s so important to know how QMSR vs QSR differ.
ISO 13485 vs 21 CFR 820 (QSR): what's different?
Because the new Quality Management System Regulation (QMSR) leans on ISO 13485, it’s important to understand the key differences between ISO 13485 vs 21 CFR 820. Many manufacturers maintain QMSs mapped to both, but the update highlights gaps you might not have noticed. Some common ones include:
Risk management
Under ISO 13485 vs 21 CFR 820, the main distinction lies in how risk is approached. ISO expects a risk-based approach across the whole QMS - design, production, post-market - while QSR addresses risk mainly in design control.
Documentation and control
ISO calls for comprehensive documentation, including procedures for all processes, document versioning, and change control. QSR focuses on key records like Device History Records and complaint files. Some QMSs built on QSR may lack the structure ISO expects.
Audit and corrective actions
In the ISO 13485 vs 21 CFR 820 framework, ISO requires regular internal audits and management review with clear inputs and outputs. QSR previously exempted some of these from inspection, but the FDA QMSR removes those exemptions, so audits and reviews must now be fully defensible.
Traceability
One key difference between ISO 13485 vs 21 CFR 820 is ISO’s emphasis on traceability between user needs, design inputs, and validation. QSR implies this linkage, but it’s sometimes underdeveloped.
Supplier control
ISO requires ongoing oversight, qualification, verification, and monitoring of external providers. QSR addresses supplier controls but is less prescriptive, leaving gaps in performance tracking and change management.
Change control and configuration management
ISO requires documenting, assessing, testing, and approving changes to products, processes, and software. QSR requires change control, too, but some procedures may be lighter than ISO expects.
Continuing improvement
In ISO 13485 vs 21 CFR 820,ISO promotes a proactive, continual improvement mindset, while QSR focuses more on reactive corrective actions.
A note for the future: if ISO 13485 is revised, the FDA may update QMSR accordingly, but for now, the current ISO version is the baseline.
The reasons behind the FDA's QMSR and ISO 13485 harmonization
You might wonder why it’s worth the effort to merge these two regimes. From my experience, the benefits, when FDA QSR and ISO 134585 harmonization is done thoughtfully, can be significant.
Running parallel QMSs for ISO audits and FDA inspections often leads to duplication, inconsistencies, and extra work. Harmonizing brings everything together, which can reduce administrative burden. It also makes cross-border compliance much smoother, since many markets, like the EU, Canada, and Australia, require ISO 13485.
Embedding risk management and traceability more deeply helps prevent surprises in design or post-market activities, reducing nonconformities, recalls, and 483 observations. And with FDA QMSR inspections aligned to the ISO structure, harmonization early on makes audits far less stressful.
Beyond that, having an ISO-aligned QMS positions your company to adapt more easily as global regulations continue to converge.
That said, FDA QSR and ISO 13485 harmonization isn’t a silver bullet - you’ll still need to navigate the unique aspects of the FDA regulation carefully.
Fun fact: The FDA estimates that aligning the U.S. medical device regulations with ISO 13485:2016 through the Quality Management System Regulation (QMSR) will result in annual cost savings ranging from approximately $532 million to $554 million.
Likewise, foreign establishments are projected to save about $176,000 annually by eliminating the need to comply with both ISO 13485 and the QSR.
ISO 13485 audit checklist
Implementation timeline
Knowing the timeline is key to planning and avoiding a last-minute scramble.
- February 2, 2024: QMSR final rule published.
- February 2, 2026: Effective date. From this day, the FDA expects full compliance with QMSR, and QSR is superseded (though some legacy references remain).
- Transition period (2024–2026): Manufacturers must continue meeting QSR requirements while preparing for QMSR. During this time, the FDA may update guidance, revise inspection programs, and release supporting documents.
- Future ISO updates: If ISO revises 13485, the FDA may consider integrating the new version through rulemaking.
This is a relatively tight window. Many companies are already starting the transition and waiting until 2026 risks being caught off guard - especially for audits, consulting support, or supplier coordination.
How can you and your team for QMSR compliance
I like to think of preparation in phases, with a mix of planning and practical lessons from the trenches.
Phase 0: Awareness and training
Make sure leadership, QA, regulatory, R&D, and manufacturing teams understand the FDA QMSR, ISO 13485:2016, and the new expectations. Run internal workshops or bring in consultants to explain the differences between QMSR, QSR, and ISO, and what inspections will look like. Start aligning terminology and mapping ISO clauses to your current QMS structure.
Phase 1: FDA QMSR gap analysis and risk assessment
Running an FDA QMSR gap analysis means understanding where your current QMS (often QSR-based) falls short of QMSR expectations. Pay special attention to areas that often challenge dual systems: risk traceability, supplier control, audit defensibility, and documentation depth.
Phase 2: Transition planning and roadmap
Draft a Quality Transition Plan that lays out tasks, responsibilities, timelines, milestones, and metrics. Coordinate across R&D, QA, regulatory, IT, and supply chain teams, and be realistic about resources - updating procedures, training, and systems usually takes more effort than expected.
Phase 3: System and process redesign
Update or create procedures, strengthen document control, and realign supplier agreements. Improve traceability from user needs through design and verification. Make audits and management reviews defensible and run mock audits against FDA QMSR expectations. Review IT systems and e-QMS tools to ensure they support the new structure.
Phase 4: Pilots, validation, and monitoring
Test your updated system with pilot audits and reviews. Track metrics, gather feedback, and make improvements. Monitor readiness across teams and suppliers.
Phase 5: Supplier and stakeholder coordination
Communicate changes to critical suppliers and subcontractors. Integrate QMSR expectations into quality agreements and assess supplier readiness where needed.
Phase 6: Final validation and readiness
Conduct mock FDA audits through a QMSR lens. Finalize documentation and ensure all teams are trained. Keep an eye on FDA guidance updates and inspection programs.
Scilife Tips:
- Start early: consulting and audit resources will be in high demand closer to 2026.
- Some companies implement QMSR early for parts of their product lines - just watch for unintended conflicts with current QSR inspections.
- Use this chance to clean up legacy documents and simplify your QMS.
- Focus on defensibility: every change, decision, and audit should be traceable.- Involve IT early - many gaps show up because e-QMS or trace-matrix systems aren’t structured for the new clause models.
Need help preparing for the QMSR final rule? Discover how Scilife can help you with FDA QMSR gap analysis, compliance, and more!
QMSR transition timeline: what to expect
The FDA provides a transition window for manufacturers; however, QMSR’s impact is broad enough that early preparation is highly recommended. Remember: the earlier you begin, the more predictable and less disruptive the transition will be. You should plan for:
- Immediate awareness and gap assessment
- 6–12 months of remediation work, depending on system maturity
- Internal audits and management review updates
- Supplier requalification where necessary
- Training completion and documentation updates
How Scilife helps you with the FDA QSR and ISO 13485 harmonization, and switching to QSMR
Understanding the differences between QMSR vs QSR an switching from one to the other, harmonizing with ISO 13485, and managing inspection risks isn’t simple - but it’s a smart investment in compliance resilience and global competitiveness.
At Scilife, we’ve guided many clients through similar global FDA QSR and ISO 134585 harmonization and risk-reduction projects. We can support you with:
- FDA QMSR gap analysis and roadmap planning
- Procedure development and document alignment
- Mock audits and inspection readiness
- Supplier coordination and team training
- e-QMS and software support, including trace matrices and audit modules
With the right preparation, your QMS can not only meet the new requirements but also operate more efficiently and confidently.
