What FDA Inspectors Are Actually Checking Under the New QMSR — MDI’s First-Hand Findings
The single biggest focus area in every QMSR inspection that MDI has participated in is not your quality manual, SOPs/work instruction, documentation structure or your terminology — it is your organizations ability to demonstrate risk-based thinking embedded throughout your entire quality management system, from design controls to supplier qualification to CAPA to complaints. If your QMS still treats risk analysis as a standalone activity confined to the design history file, FDA inspectors under the new framework will find that gap within the first hour.
As a leading regulatory expert we recommend all our clients to proactively evaluate their Quality Management Systems to ensure that risk management principles are embedded throughout all quality processes and that objective evidence of this integration is readily available during FDA inspections.
Background: what changed on February 2, 2026
The FDA’s Quality Management System Regulation (QMSR) became effective on February 2, 2026, replacing the legacy Quality System Regulation (QSR) framework that had governed medical device manufacturing since 1996. The QMSR amends 21 CFR Part 820 by incorporating ISO 13485:2016 by reference — making ISO 13485 a US legal requirement for the first time, not just an internationally recognized best practice.
The same day, FDA retired the long-standing Quality System Inspection Technique (QSIT) guide and replaced it with a new compliance program: CP 7382.850 — Inspection of Medical Device Manufacturers. This is not a cosmetic update. The inspection framework, the questions investigators ask, and the records they review have all changed to align with the QMSR.
MDI Consultants Inc., has been actively involved in supporting clients through the transition to the FDA’s Quality Management System Regulation (QMSR) or setting up the Quality system to be in compliance with the FDA QMSR requirements. During the spring of 2026, MDI consultants participated in QMSR-based FDA inspections for domestic as well as foreign firms. These firsthand experiences provided valuable insight into how FDA investigators are interpreting and applying the new requirements in practice.
While the regulatory text provides the framework for compliance, our observations during these inspections revealed several practical areas of focus that may not have been fully apparent from the regulation alone. FDA investigators are placing significant emphasis on how manufacturers have implemented risk-based thinking throughout their quality systems, how effectively processes are integrated with ISO 13485 principles, and whether organizations can demonstrate objective evidence of compliance across their operations.
As a regulatory consulting firm with extensive experience supporting medical device firms worldwide, MDI continues to monitor FDA inspection trends and emerging enforcement expectations under QMSR. By leveraging direct inspection experience and ongoing engagement with industry and regulatory developments, MDI helps clients assess readiness, identify compliance gaps, strengthen quality systems, and prepare for successful FDA inspections under the evolving regulatory landscape.
What FDA inspectors are actually focusing on
1. Risk-based thinking throughout — not just in design controls
This is the most significant shift in how inspections are being conducted. Under the old QSR, risk analysis was primarily associated with design controls and the design history file. Under the QMSR, inspectors expect to see evidence of risk-based decision making woven through every element of the quality system.
Based on MDI’s firsthand participation in recent QMSR-based FDA inspections, our team observed investigators repeatedly focus on how risk management is applied across the quality system—not merely whether a risk management procedure exists. During these inspections, FDA investigators specifically requested objective evidence demonstrating how risk analysis was used to support critical quality decisions, including:
- Design changes — not just original design, but every subsequent design change throughout the product life cycle
- CAPA decisions — was the severity of each corrective action commensurate with the risk level of the underlying issue?
- Complaint evaluation — how does the company determine whether a complaint warrants escalation to an MDR and if a risk based decision was used by the company?
- Supplier qualification — is the level of supplier oversight proportional to the criticality and the risk associated with the product or services that the supplier provides?
In our experience, investigators were not simply looking for completed risk analysis documents. Rather, they expected to see a clear and consistent connection between risk management activities and the decisions being made throughout the Quality Management System. Organizations that could demonstrate this linkage were generally better positioned to support their compliance with QMSR requirements and ISO 13485 principles.
2. QMS policy manual — inspectors checked this first
During the inspections MDI observed, the investigators asked to see the QMS policy manual early in the first day. Based on our observations, the QMS Policy Manual served as one of the primary documents used by investigators to gain an understanding of the organization’s quality system structure and approach to compliance under the new QMSR framework.
MDI observed that investigators paid close attention to how the quality system was organized and whether the documentation reflected the transition from the legacy Quality System Regulation (QSR) framework to the FDA’s harmonized QMSR approach. Companies presenting a policy manual that still used the old QSR subpart structure (Subpart C — Design Controls, Subpart D — Document Controls, etc.) were flagged immediately.
The QMSR policy manual should be organized around ISO 13485 sections (Section 4 — Quality Management System, Section 5 — Management Responsibility, Section 6 — Resource Management, Section 7 — Product Realization, Section 8 — Measurement, Analysis and Improvement) or explicitly cross-reference ISO clauses throughout.
This is not a documentation exercise for its own sake. Inspectors use the policy manual as a roadmap for the rest of the inspection — if the manual is still structured around the old QSR, it signals that the underlying system may not have been updated either. As a result, the manual should clearly demonstrate how the organization’s quality system is structured, how QMSR requirements have been incorporated, and how ISO 13485 principles are integrated into day-to-day operations. A well-organized and updated Quality Policy Manual can help establish confidence in the maturity of the quality system and facilitate a more efficient inspection process.
3. ISO 13485 clause language in SOPs and work instructions
Investigators were specifically looking for ISO 13485 clause references in SOPs and work instructions rather than “21 CFR 820.XX” section citations. This is consistent with the QMSR’s structure: Part 820 no longer contains written requirements for most quality system elements — it simply points to the corresponding ISO 13485 clause.
This means SOPs referencing “21 CFR 820.50 Purchasing Controls” now need to reference “ISO 13485 Section 7.4 Purchasing” instead. For companies with large SOP libraries, this is a significant documentation project — but it is a project with a clear end state, not an ambiguous compliance question.
4. Management review and quality audit records — newly reviewable by FDA
Under the old QSR, there was an explicit exception that limited the FDA’s ability to review certain management review and quality audit records. The QMSR removed that exception, aligning with how ISO auditors have always operated.
In both inspections MDI observed, investigators reviewed management review records as part of their standard inspection scope. Companies that had been treating management review as a checkbox exercise with minimal documentation were caught off guard. The FDA is looking for evidence that management is actively engaged with quality data — complaint trends, CAPA effectiveness, audit findings — and making documented decisions based on that data.
5. The distinction between QMSR and ISO 13485 — don’t assume they’re identical
A critical point that several companies in our network have misunderstood: ISO 13485 certification does not mean full QMSR compliance. The QMSR retains FDA-specific requirements in Subpart B of Part 820 that ISO 13485 does not address. These include:
- Labeling and packaging controls — the FDA requires inspection of device labels for accuracy prior to release, going beyond ISO 13485’s requirements
- MDR (Medical Device Reporting) — mandatory adverse event reporting under 21 CFR Part 803, which has no ISO equivalent
- UDI (Unique Device Identification) — FDA-specific requirement under 21 CFR Part 830
Companies that are ISO 13485 certified and assumed they were QMSR-compliant without reviewing the Subpart B additions are carrying compliance risk they may not be aware of.
What companies were flagged for
Across the inspections MDI participated in and cases we have been brought in to support, the most common QMSR 483 observations in spring 2026 have been:
| Observation | Root cause |
| QMS policy manual does not reference ISO 13485 clauses | Documents not updated after February 2 deadline |
| Risk analysis not documented for design changes | Risk process confined to original design only |
| CAPA records lack documented risk assessment of issue severity | Old QSR CAPA format carried forward unchanged |
| Supplier approval records do not reflect risk-based qualification criteria | “Approved supplier list” maintained without documented risk criteria |
| Management review records insufficient to demonstrate quality trend analysis | Management review treated as an annual checkbox, not a data-driven review |
What to do if your QMS hasn’t been updated yet
The compliance deadline passed on February 2, 2026. If your QMS documents, SOPs, and policy manual have not been updated to reflect the QMSR structure and ISO 13485 clause language, you are at risk in your next FDA inspection.
Based on MDI’s QMSR transition projects and inspection observations, we recommend prioritizing the following actions:
- Update the Quality Management System Policy Manual to align with ISO 13485 clause structure and terminology rather than the legacy QSR subpart framework.
- Review and revise SOPs, work instructions, and quality records to ensure appropriate alignment and cross-referencing to applicable ISO 13485 requirements and QMSR expectations.
- Integrate risk-based thinking throughout the Quality System, ensuring that risk management activities extend beyond the Design History File (DHF) and are incorporated into design changes, supplier controls, CAPA, complaint handling, change management, and post-market activities.
- Evaluate compliance with FDA-specific QMSR requirements, including provisions retained within Part 820 that are not directly addressed by ISO 13485.
- trengthen Management Review processes by ensuring management reviews include meaningful analysis of quality data, quality objectives, complaint trends, CAPA effectiveness, supplier performance, audit results, and documented management decisions.
- Conduct a comprehensive QMSR gap assessment and internal audit to identify remaining compliance gaps before your next FDA inspection.
- Train personnel on QMSR and ISO 13485 expectations to ensure employees understand not only revised procedures but also the underlying risk-based approach expected by FDA investigators.
MDI Consultants has extensive experience assisting medical device firms with QMSR implementation, ISO 13485 alignment, quality system remediation, inspection readiness, and FDA compliance strategies. Prior to the February 2026 compliance deadline, MDI successfully supported numerous clients in updating and transitioning their quality systems to meet the new regulatory requirements. In addition, our participation in recent QMSR-based FDA inspections has provided valuable insight into how investigators are evaluating compliance under the new framework.
Whether your QMSR transition is complete, currently underway, or has not yet begun, MDI can help assess your readiness, identify gaps, and develop a practical roadmap to achieve and maintain compliance. Contact MDI Consultants at info@mdiconsultants.com to schedule a complimentary consultation with one of our regulatory and quality system experts
Related resources: