In 2024, the FDA released its long-awaited final rule that reshapes how U.S. medical device manufacturers manage quality.
The new FDA QMSR (Quality Management System Regulation) replaces the old QSR (21 CFR Part 820) and brings it in line with the global ISO 13485:2016 standard.
If your QMS is built around QSR, ISO 13485, or a mix of both, this change is big. Noncompliance could mean your device is considered adulterated under the FD&C Act, and inspections will reflect the new expectations.
In this post, we’ll break down what the QMSR means, how it compares to QSR and ISO 13485, and most importantly, how to get ready.
Key takeaways
Let’s dive deeper into what this all means.
What is the FDA QMSR?
The FDA QMSR stands for Quality Management System Regulation. It isn’t an entirely new framework but rather an update to the long-standing QSR (Quality System Regulation) under 21 CFR Part 820.
The final rule was published on February 2, 2024, and enforcement begins February 2, 2026.
In simple terms, the FDA QMSR:
- Incorporates ISO 13485:2016 into Part 820, making it part of U.S. regulatory requirements.
- Adds FDA-specific expectations where ISO is less detailed, creating an extra layer of obligations.
- Updates inspections and documentation rules, replacing QSIT and expanding FDA access to internal records like audits and management reviews.
Why the change? The FDA sees QSR as out of step with today’s international quality standards. Since the regulations are already very similar, FDA QSR and ISO 13485 harmonization reduces duplication and supports global consistency.
For manufacturers, this means a transition period: you’ll need to keep meeting QSR requirements now, while also preparing your QMS for QMSR.
Recommended learning:
Differences between DHF, DMR, DHR, and QMSR for medical devices.
QMSR vs QSR
Making the shift from QSR to QMSR is nontrivial. Here’s a QMSR vs QSR roadmap of what changes (and what stays) in the new regime:
*QSIT: Quality system inspection technique
A common misconception is that the FDA QMSR will make life easier for manufacturers.
In reality, if your QMS is already aligned with ISO 13485, the changes may feel more like a shift than an added burden. But for U.S.-only manufacturers with little ISO experience, the transition could be a heavy lift.
In short, QMSR and QSR have a lot in common, but not everything lines up, and the details matter. That’s why it’s so important to know how QMSR vs QSR differ.
ISO 13485 vs 21 CFR 820 (QSR)
Because the new Quality Management System Regulation (QMSR) leans on ISO 13485, it’s important to understand the key differences between ISO 13485 vs 21 CFR 820. Many manufacturers maintain QMSs mapped to both, but the update highlights gaps you might not have noticed. Some common ones include:
Risk management
Under ISO 13485 vs 21 CFR 820, the main distinction lies in how risk is approached. ISO expects a risk-based approach across the whole QMS - design, production, post-market - while QSR addresses risk mainly in design control.
Documentation and control
ISO calls for comprehensive documentation, including procedures for all processes, document versioning, and change control. QSR focuses on key records like Device History Records and complaint files. Some QMSs built on QSR may lack the structure ISO expects.
Audit and corrective actions
In the ISO 13485 vs 21 CFR 820 framework, ISO requires regular internal audits and management review with clear inputs and outputs. QSR previously exempted some of these from inspection, but the FDA QMSR removes those exemptions, so audits and reviews must now be fully defensible.
Traceability
One key difference between ISO 13485 vs 21 CFR 820 is ISO’s emphasis on traceability between user needs, design inputs, and validation. QSR implies this linkage, but it’s sometimes underdeveloped.
Supplier control
ISO requires ongoing oversight, qualification, verification, and monitoring of external providers. QSR addresses supplier controls but is less prescriptive, leaving gaps in performance tracking and change management.
Change control and configuration management
ISO requires documenting, assessing, testing, and approving changes to products, processes, and software. QSR requires change control, too, but some procedures may be lighter than ISO expects.
Continuing improvement
In ISO 13485 vs 21 CFR 820,ISO promotes a proactive, continual improvement mindset, while QSR focuses more on reactive corrective actions.
A note for the future: if ISO 13485 is revised, the FDA may update QMSR accordingly, but for now, the current ISO version is the baseline.
Why harmonize ISO 13485 and QSR?
You might wonder why it’s worth the effort to merge these two regimes. From my experience, the benefits, when FDA QSR and ISO 134585 harmonization is done thoughtfully, can be significant.
Running parallel QMSs for ISO audits and FDA inspections often leads to duplication, inconsistencies, and extra work. Harmonizing brings everything together, which can reduce administrative burden. It also makes cross-border compliance much smoother, since many markets, like the EU, Canada, and Australia, require ISO 13485.
Embedding risk management and traceability more deeply helps prevent surprises in design or post-market activities, reducing nonconformities, recalls, and 483 observations. And with FDA QMSR inspections aligned to the ISO structure, harmonization early on makes audits far less stressful.
Beyond that, having an ISO-aligned QMS positions your company to adapt more easily as global regulations continue to converge.
That said, FDA QSR and ISO 13485 harmonization isn’t a silver bullet - you’ll still need to navigate the unique aspects of the FDA regulation carefully.
Fun fact: The FDA estimates that aligning the U.S. medical device regulations with ISO 13485:2016 through the Quality Management System Regulation (QMSR) will result in annual cost savings ranging from approximately $532 million to $554 million.
Likewise, foreign establishments are projected to save about $176,000 annually by eliminating the need to comply with both ISO 13485 and the QSR.
ISO 13485 audit checklist
What’s changing? Key provisions of the FDA QMSR
The FDA QMSR final rule introduces several changes that every manufacturer should understand. One of the biggest shifts is inspection authority: FDA can now review internal audit reports, management reviews, and supplier audits - areas previously exempt under QSR 820.180(c).
While the rule leans on ISO 13485, FDA-specific requirements remain, especially for device labeling, packaging, and other areas ISO doesn’t cover. The rule also clarifies hierarchy: if ISO and FDA requirements conflict, the FD&C Act or FDA regulations take priority.
Records created before February 2, 2026, may still be scrutinized if they can be mapped to the new requirements. At the same time, the FDA estimates that consolidating overlapping requirements could reduce administrative burden, particularly for foreign companies.
Other updates include revised obligations for combination products, a stronger emphasis on lifecycle processes - like post-market surveillance, risk trending, and feedback loops - and a reminder that ISO 13485 certification does not replace FDA compliance.
In short, the FDA QMSR means your QMS can’t just look compliant on paper; it must be inspection-ready in practice.
Implementation timeline
Knowing the timeline is key to planning and avoiding a last-minute scramble.
- February 2, 2024: QMSR final rule published.
- February 2, 2026: Effective date. From this day, the FDA expects full compliance with QMSR, and QSR is superseded (though some legacy references remain).
- Transition period (2024–2026): Manufacturers must continue meeting QSR requirements while preparing for QMSR. During this time, the FDA may update guidance, revise inspection programs, and release supporting documents.
- Future ISO updates: If ISO revises 13485, the FDA may consider integrating the new version through rulemaking.
This is a relatively tight window. Many companies are already starting the transition and waiting until 2026 risks being caught off guard - especially for audits, consulting support, or supplier coordination.
How can you prepare for the QMSR?
I like to think of preparation in phases, with a mix of planning and practical lessons from the trenches.
Phase 0: Awareness and training
Make sure leadership, QA, regulatory, R&D, and manufacturing teams understand the FDA QMSR, ISO 13485:2016, and the new expectations. Run internal workshops or bring in consultants to explain the differences between QMSR, QSR, and ISO, and what inspections will look like. Start aligning terminology and mapping ISO clauses to your current QMS structure.
Phase 1: FDA QMSR gap analysis and risk assessment
Identify where your current QMS (often QSR-based) falls short of QMSR expectations. Pay special attention to areas that often challenge dual systems: risk traceability, supplier control, audit defensibility, and documentation depth.
Phase 2: Transition planning and roadmap
Draft a Quality Transition Plan that lays out tasks, responsibilities, timelines, milestones, and metrics. Coordinate across R&D, QA, regulatory, IT, and supply chain teams, and be realistic about resources - updating procedures, training, and systems usually takes more effort than expected.
Phase 3: System and process redesign
Update or create procedures, strengthen document control, and realign supplier agreements. Improve traceability from user needs through design and verification. Make audits and management reviews defensible and run mock audits against FDA QMSR expectations. Review IT systems and e-QMS tools to ensure they support the new structure.
Phase 4: Pilots, validation, and monitoring
Test your updated system with pilot audits and reviews. Track metrics, gather feedback, and make improvements. Monitor readiness across teams and suppliers.
Phase 5: Supplier and stakeholder coordination
Communicate changes to critical suppliers and subcontractors. Integrate QMSR expectations into quality agreements and assess supplier readiness where needed.
Phase 6: Final validation and readiness
Conduct mock FDA audits through a QMSR lens. Finalize documentation and ensure all teams are trained. Keep an eye on FDA guidance updates and inspection programs.
Scilife Tips:
- Start early: consulting and audit resources will be in high demand closer to 2026.
- Some companies implement QMSR early for parts of their product lines - just watch for unintended conflicts with current QSR inspections.
- Use this chance to clean up legacy documents and simplify your QMS.
- Focus on defensibility: every change, decision, and audit should be traceable.- Involve IT early - many gaps show up because e-QMS or trace-matrix systems aren’t structured for the new clause models.
Need help preparing for the QMSR final rule? Discover how Scilife can help you with FDA QMSR gap analysis, compliance, and more!
How Scilife can help
Shifting from QSR to the QMSR, harmonizing with ISO 13485, and managing inspection risks isn’t simple - but it’s a smart investment in compliance resilience and global competitiveness.
At Scilife, we’ve guided many clients through similar global FDA QSR and ISO 134585 harmonization and risk-reduction projects. We can support you with:
- FDA QMSR gap analysis and roadmap planning
- Procedure development and document alignment
- Mock audits and inspection readiness
- Supplier coordination and team training
- e-QMS and software support, including trace matrices and audit modules
With the right preparation, your QMS can not only meet the new requirements but also operate more efficiently and confidently.
