Quality Systems in the Spotlight: The FDA’s QMSR Is Now in Effect

Regulatory StrategyQuality SystemsFDA ComplianceRisk ManagementMedical Device Development
Written By Crystal Norwood

The New Era of Quality Has Begun

As of February 2, 2026, the Quality Management System Regulation (QMSR) is officially in effect—replacing the 21 CFR Part 820 framework and aligning FDA quality system requirements more closely with ISO 13485:2016.

This marks the most significant update to U.S. medical device quality regulations in decades. For manufacturers, the focus is no longer on preparing for change, but on demonstrating compliance under a modernized, globally aligned framework.

What the QMSR Is Designed to Do 

The FDA’s intent with the QMSR is to: 

  • Harmonize U.S. quality requirements with international standards

  • Reduce redundancy for companies operating in multiple markets

  • Emphasize risk-based, lifecycle-driven quality management

 Harmonization doesn’t mean rigid standardization. The QMSR provides flexibility in how manufacturers meet requirements so long as expectations for safety, effectiveness, and quality are met.

 5 Key Areas of Focus Under the QMSR 

1. ISO 13485-Aligned Structure and Terminology

Under the QMSR, FDA inspections now evaluate quality systems using the structure and terminology of ISO 13485. Quality manuals, SOPs, management reviews, and CAPA systems should reflect this alignment, while still satisfying FDA-specific statutory and enforcement requirements under U.S. law.

This change is less about rewriting procedures word-for-word and more about ensuring your quality system is organized, traceable, and auditable in an ISO-aligned format.

2. Risk Management Required but not ISO 14971-Mandated

Risk management is a core expectation under the QMSR, but compliance with ISO 14971 is not mandatory.

The regulation requires manufacturers to implement systematic, documented risk management practices throughout the product lifecycle. However:

  • ISO 14971 is not legally required under the QMSR

  • Manufacturers may use any validated risk management methodology.

  • The chosen approach must be appropriate, consistently applied, and well documented.

That said, ISO 14971 remains a widely accepted and FDA-recognized framework, and many manufacturers continue to use it because it provides a clear, structured, and defensible approach to identifying, evaluating, controlling, and monitoring risk.

The key takeaway: The FDA cares less about which framework you use and more about whether your risk management approach is robust, justified, and effective.

3. Lifecycle Integration of Risk and Quality

Regardless of methodology, risk management is expected to be integrated, not siloed.

FDA investigators will look for evidence that risk considerations inform:

  • Design and development decisions

  • Verification and validation activities

  • Supplier qualification and oversight

  • Compliant handling and CAPA

  • Post-market surveillance and trending

Standalone risk files that are disconnected from the rest of the QMS are increasingly viewed as a weakness.

4. Traceability from Design Through Post-Market

The QMSR reinforces expectations for closed-loop traceability across the product lifecycle. Manufacturers should be able to clearly demonstrate how:

  • Design inputs connect to outputs and verification/validation

  • Risks are controlled and verified

  • Post-market data feeds back into design, risk, and CAPA decisions

This traceability is central to both FDA inspections and ISO-style audits.

5. Supplier Controls Under Increased Scrutiny

Supplier qualification and purchasing controls are now evaluated through an ISO-aligned lens. FDA expects manufacturers to apply risk-based supplier oversight, particularly for critical components, software, and outsourced processes.

This includes documented qualification, performance monitoring, and re-evaluation—not just initial approval.

What Manufacturers Should Be Doing Right Now

1. Confirm QMSR Alignment

Ensure your quality system structure, terminology, and documentation reflect ISO 13485 alignment.

2. Validate Your Risk Management Approach

Whether you use ISO 14971 or another methodology, confirm it is:

  • Clearly defined

  • Consistently applied

  • Integrated across the QMS

  • Defensible during inspection

3. Update Audit and Management Review Programs

Internal audits should now evaluate compliance through a QMSR/ISO-aligned framework, not legacy 820 checklists.

4. Strengthen Supplier Oversight

Reassess supplier controls using a documented, risk-based approach.

5. Train Teams Appropriately

Staff should understand not just what changed under QMSR, but how the FDA will evaluate compliance going forward.

How NMCG Helps Manufacturers Navigate QMSR

At NMCG, we help manufacturers translate regulatory change into operational clarity. Our quality support includes:

  • QMSR readiness and gap assessments

  • Quality manual and SOP restructuring

  • Risk management strategy evaluation (ISO 14971-based or alternative)

  • FDA and Notified Body inspection preparation

  • Targeted team training on QMSR expectations

We focus on defensibility, scalability, and sustainability.

Why It Matters: Flexibility with Accountability

The QMSR gives manufacturers more flexibility than many realize, but with that flexibility comes increased responsibility. The FDA expects companies to justify their quality and risk management approaches with clear logic, documentation, and evidence.

Whether you use ISO 14971 or another validated framework, the goal is the same: a quality system that consistently delivers safe, effective products and stands up to inspection scrutiny.

At NMCG, we help ensure your QMS does exactly that.

Is your quality system defensible
under QMSR inspections?

Contact us to audit, align, and strengthen your qms
Crystal Norwood
Next

The Sales Trap That’s Costing You Clients: Q&A with Michael Nilo on The Business of Learning Podcast