mdi Consultants
FDA UPDATE
The new QMSR and the FDA inspections – be aware!!!!
IN a few short weeks, a major change in the FDA regulations pertaining to the manufacturing of medical devices since 1997 will go into effect. The FDA is changing the Quality System Regulations (QSR) to the Quality Management System Regulations (QMSR). What does this mean to the medical device industry and why is FDA doing this?
With this being the only change in the medical device regulations in almost 30 years, FDA will align its requirements with the ISO13485:2016 standard. For some time now, FDA has been moving in the direction of trying to have its US regulations more in line with the international organizations standards. A recent example of this approach was the adoption of Medical Device Single Audit Program (MDSAP) and FDA acceptance of MDSAP certification in lieu of an FDA inspection.
Different stakeholders may have different opinions about this movement. However, whether you feel this is the right direction for the FDA to be headed in or not does not really matter because FDA begins its enforcement of new QMSR as soon as next month, on February 2, 2026.
Though we anticipate the new QMSR compliance will be inspected by FDA similar to how they handled the old QSR audits, pay attention to the new ISO terminology and references to ISO clauses instead of 21 CFR Part 820 sections that the FDA will be using and expecting to find in your quality system documents.
For the most part, if your company is MDSAP certified, you will have no problem in meeting the new regulatory requirements. If you are ISO13485 certified, you are pretty close but will need to beef up certain sections of your quality system to assure you are meeting additional QMSR requirements. Now, if you have previously complied with the QSR only, you would have had the most work in upgrading your quality system to meet the ISO 13485 standard and additional FDA QMSR requirements.
One of the major aspects that is changing is the FDA access to certain internal documents. Since the implementation of the original QSR in 1978, FDA had honored the fact that they were not entitled to review the following documents:
- Management review meeting notes
- Internal audit reports
- Supplier audit reports
Now, that the FDA is following the ISO standard for the quality system, they have not given the same exception and the FDA investigators will be allowed to review these documents. One has to remember that the ISO standard is a “voluntary” standard and is not a legal document. But the new QMSR, like the old QSR, has now become a legal requirement and has to be adhered to or you will be found in violation of the ACT. In an ISO audit, the ISO auditor is supposed to review the above documents as part of the company’s certification. However, the impact of these documents review in obtaining an ISO certification is a lot different than when being evaluated by FDA for legal compliance.
It is possible the FDA felt that if an auditor can review these records during an ISO or MDSAP audit, so why shouldn’t FDA also look at these documents? As a former US FDA investigator and supervisor of field operations and an ISO certified lead assessor, I have a full appreciation that an ISO audit and an FDA inspection are a lot different. They have different objective, purposes and are documented differently. An ISO audit is looking for certification and the FDA audit is looking for a legal compliance. One ends in a certification or no certification while the other could end in a warning letter or injunction.
The original FDA regulations realized that the reports of internal audits and management review are basically internal company documents. FDA agreed to keep these documents immune to FDA inspections so that companies did not have to restrict their documentation to hiding the internal audit findings or other quality system problems. The intent was to enable the companies to have a clear picture of their quality system effectiveness and if necessary, implement corrective actions and remedy the problems.
NOW WHAT? Must companies accept this self-disclosure and provide the above documents to FDA investigator voluntarily? Will companies be prepared to hand the detailed management review meeting minutes and internal audit notes to FDA?
Once the FDA has access to this documentation, does it mean their work is done because a road map to company’s problems is right in front of them without FDA lifting a finger to do their own research?
In the past if a company wanted to protect certain documents from disclosure, they would have their attorney retain a third party auditing organization that would supply all audit outcomes to the attorney under the attorney client privilege. Will companies still be able to do this in the future?
We are not sure why FDA decided to remove this clause from their regulations and believe this self- disclosure will cause a major stress to top management during upcoming inspections. Previously, companies have used the management review meetings and internal audits to their betterment but now they have to be careful on what is included in these documents.
Many questions remain in light of this changing situation and until FDA publishes the new QSIT manual and starts performing the actual inspections, it is difficult to make recommendations on how the companies can best position themselves. We will continue to follow this aspect of new QMSR and provide additional updates in the future.
If you would like more info on the new QMSR please contact mdi at:
info@mdiconsultants.com and ref: QMSR requirements