Skip Navigation

QMSR Is in Effect: What IVD Manufacturers Still Need to Do (Even If You Follow ISO 13485)

Dan Simpson, RAC, Director of Regulatory Affairs, DCN Dx
March 17 2026
  • Insight
QMSR

Educational content only. This article summarizes publicly available information and common quality system approaches. It is not legal advice and does not replace your organization’s procedures or regulatory counsel.

If your organization already maintains an ISO 13485:2016 quality management system, it’s tempting to treat FDA’s Quality Management System Regulation (QMSR) transition as “mostly handled.” In terms of baseline QMS structure, that’s not an unreasonable instinct: QMSR incorporates ISO 13485:2016 by reference. But QMSR is not “ISO certification, now with an FDA logo.” FDA does not require ISO 13485 certification, and certification does not exempt a manufacturer from FDA inspection.

If you’re not ISO 13485 certified today, QMSR does not require certification, but it does require that your quality management system meets ISO 13485 requirements (plus FDA’s Part 820 supplements). The readiness concepts below still apply; your “gap” may simply be larger.

From a U.S. regulatory perspective, there are three practical realities that matter right now for IVD manufacturers:

  1. You should still conduct a documented gap assessment, even if you are ISO 13485 certified.  FDA and even ISO auditors will expect to see this to prove you have systematically analyzed your QMS to the nuances of the new QMSR.
  2. You need to be able to demonstrate QMSR readiness with objective evidence (not just a statement of intent).  This readiness is typically documented with a Quality Plan that is signed by management.
  3. FDA’s inspection technique has changed, and the agency can review categories of records that were historically treated as out of scope.  Most notably, this includes Management Review minutes and Audit Reports.

Below is a straightforward way to approach QMSR readiness that keeps the work proportional and inspection ready.

What changed and what didn’t

As of February 2, 2026, the amended 21 CFR Part 820, now titled the Quality Management System Regulation (QMSR), is in effect and incorporates ISO 13485:2016 (and Clause 3 definitions from ISO 9000:2015) by reference. QMSR continues to sit inside FDA’s broader regulatory framework, meaning Title 21 requirements still apply where relevant, and FDA’s statutory authority under the FD&C Act is unchanged.

In practical terms:

  • ISO 13485 becomes the backbone of your U.S. QMS expectations.
  • FDA retained specific Part 820 requirements and clarified how “applicable regulatory requirements” map into ISO clauses.
  • Compliance is still evaluated through FDA inspections, which are now conducted under an updated Compliance Program (CP 7382.850) rather than the legacy QSIT approach.

If you’re already operating globally, this convergence is helpful. If you’re U.S.-only, it may feel like you just inherited a new vocabulary and a new inspection roadmap at the same time.

Gap assessment: what to look for even if you’re already ISO 13485 compliant

A QMSR gap assessment is not about re-auditing ISO 13485. It’s about confirming that your ISO-based system is also aligned to the specific U.S. regulatory expectations that QMSR explicitly ties into Part 820 and other Title 21 requirements.

For most IVD manufacturers, the gaps tend to cluster in four areas.

Area #1: “Applicable regulatory requirements”

QMSR explicitly requires manufacturers to comply with other applicable regulatory requirements in Title 21 to fully meet certain ISO 13485 clauses. Examples include:

  • Unique Device Identification (UDI) requirements (21 CFR Part 801 and Part 830) tied to ISO 13485 identification and traceability.
  • Medical Device Reporting (MDR) obligations (21 CFR Part 803) tied to reporting to regulatory authorities.
  • Corrections and removals (21 CFR Part 806) tied to advisory notices and device recalls.

If your ISO 13485 system was developed primarily around EU IVDR, it may already be strong in post-market and vigilance, but the details of U.S. MDR decision-making, reporting timelines, and documentation are often handled in a parallel “regulatory” lane that isn’t fully embedded into the QMS. QMSR pushes in the direction of making that integration explicit.

Area #2: Complaint handling and records

ISO 13485 includes complaint handling requirements. QMSR retains explicit FDA expectations for complaint record content (e.g., device identification, complainant info, investigation justification, and documented actions). For IVDs, this becomes especially important when the complaint investigation ties into trending, CAPA, or field corrections/removals.

Area #3: Labeling and packaging controls

QMSR retains explicit device labeling and packaging controls as a supplemental Part 820 requirement. For IVDs, that can translate into practical controls around:

  • UDI accuracy and label reconciliation
  • expiry dating and storage conditions
  • IFU revisions and translation controls
  • kit configuration controls (especially when multiple SKUs share common components)

Specific to IVD manufacturers, in addition to the general medical device labeling regulation (21 CFR, Part 801), manufacturers must ensure conformance to the detailed labeling requirements of 21 CFR Part 809 (In Vitro Diagnostics for Human Use). A prudent QMSR gap assessment should include a thorough check that labeling and labeling content procedures comply with this regulation.

If your organization treated labeling as “Regulatory owns it” and packaging operations as “Operations owns it,” QMSR inspections are likely to connect those activities back to QMS evidence (procedures, training, release records, and change control).

Area #4: Definitions and terminology changes

A surprising amount of “gap” pain comes from language. QMSR adopts ISO definitions (plus Clause 3 definitions from ISO 9000) while also specifying where FDA definitions supersede ISO terminology. The goal of a gap assessment here is simple: make sure your procedures and records are mapped clearly enough that an investigator doesn’t get lost in translation.

A practical output from the gap assessment is a crosswalk that shows, for your specific QMS, where each QMSR requirement is:

  • ISO 13485 clause → SOP/process → record type(s) → system of record (eQMS, PLM, etc.)
  • Part 820 supplemental provisions (records, labeling/packaging, etc.) → SOP/process → record type(s)

Inspection changes: what’s different now and why it matters

Two inspection changes are worth calling out because they can affect how you structure and how write certain internal records.

Change 1: QSIT is gone

FDA has implemented a new inspection process aligned to QMSR. The agency withdrew the legacy Quality System Inspection Technique (QSIT) and moved to the inspection approach described in CP 7382.850, “Inspection of Medical Device Manufacturers.”

CP 7382.850 explicitly frames inspections around evaluating whether:

  • your QMS meets FDA requirements and provides reasonable assurance devices are safe and effective, and
  • risk management and risk-based decision making are effectively used in the QMS.

For IVD manufacturers, it could mean that your risk management file(s) and your risk-based rationales (for design changes, supplier controls, CAPA scope, and verification/validation decisions) will be used as a roadmap during an inspection.

Change #2: Certain records are now within inspectional authority

FDA has stated that, on and after February 2, 2026, it intends to review records that were previously exempt under QS regulation 820.180(c), including management review, quality audits (internal audits), and supplier audit reports. Those prior inspection exceptions are not maintained in QMSR.

The practical implication is not “write for FDA.” It’s “assume these documents can be requested, and make sure they are controlled, factual, and traceable to follow-up actions.” Internal audits and management reviews should still be candid and useful, but they should also be written in a way that a third party can understand the scope, criteria, objective evidence, and outcomes.

A QMSR-ready IVD organization is consistent

When FDA inspections go well, it’s not just because the company had perfect documentation. It’s because the overall procedure is consistent:

  • Your procedures match what people do.
  • Your records show risk-based decisions that make sense for the product and the stage of the lifecycle.
  • When something goes wrong, complaints/CAPA/nonconformities connect back to risk management and management oversight.
  • Outsourced processes are controlled in a way that reflects their impact on safety and effectiveness.

If your ISO 13485 system is operating, you likely have most of the pieces already. The work is in aligning them to QMSR’s explicit FDA linkages and being prepared for the new inspection approach.

Need help with a QMSR gap assessment or inspection readiness?

DCN Dx supports IVD developers and manufacturers with QMSR gap assessments, remediation planning, and inspection readiness (including mock inspections and document/record retrieval drills). If your quality system grew faster than it was designed—or if you are trying to integrate U.S. MDR, UDI, and correction/removal workflows into an ISO-based QMS—we can help you scope the work and focus effort where it reduces regulatory risk.

If you’d like a deeper walkthrough of QMSR readiness planning and what FDA has changed in its inspection approach, please reach out. To start a conversation, visit dcndx.com/contact. Learn more about our other Regulatory Affairs services here.

References

Subscribe to the DCN Dx Newsletter

Get in touch

Contact Us

3193 Lionshead Ave
Suite 200
Carlsbad, CA 92010
USA

+1 760 804 3886
terms & Conditions
Privacy Policy 
[c] dcn dx 2026

No products in the cart.

[biospecimens_menu_source]