What Is the Quality Management System Regulation (QMSR)?
The Essential Guide to Requirements Management and Traceability
Chapters
- 1. Requirements Management
- Overview
- 1 What is Requirements Management? A Complete Guide
- 2 Why do you need Requirements Management?
- 3 Four Stages of Requirements Management Processes
- 4 Adopting an Agile Approach to Requirements Management
- 5 Status Request Changes
- 6 Conquering the 5 Biggest Challenges of Requirements Management
- 7 Three Reasons You Need a Requirements Management Solution
- 8 Guide to Poor Requirements: Identify Causes, Repercussions, and How to Fix Them
- 9 What Is a Requirements Management Plan? A Practical Guide
- 2. Writing Requirements
- Overview
- 1 Functional requirements examples and templates
- 2 What Is a Product Requirements Document? A Complete PRD Guide
- 3 What Is a User Requirement Specification (URS)? How to Write and Manage One
- 4 Identifying and Measuring Requirements Quality
- 5 How to Write a System Requirements Specification (SRS) Document
- 6 The Fundamentals of Business Requirements: Examples of Business Requirements and the Importance of Excellence
- 7 What Is a Compliance Risk Assessment? Steps, Framework, and Examples
- 8 Adopting the EARS Notation to Improve Requirements Engineering
- 9 Jama Connect Advisor™
- 10 Frequently Asked Questions about the EARS Notation and Jama Connect Advisor™
- 11 How to Write an Effective Product Requirements Document (PRD)
- 12 Functional vs. Non-Functional Requirements
- 13 What Are Nonfunctional Requirements and How Do They Impact Product Development?
- 14 What Is a Software Design Specification? Key Components + Template
- 15 Characteristics of Effective Software Requirements and Software Requirements Specifications (SRS)
- 16 8 Do’s and Don’ts for Writing Requirements
- 17 Project Requirements: Types, Process, and Best Practices
- 3. Requirements Gathering and Management Processes
- Overview
- 1 Requirements Engineering
- 2 Requirements Analysis
- 3 A Guide to Requirements Elicitation for Product Teams
- 4 Requirements Gathering Techniques for Agile Product Teams
- 5 Requirements Gathering in Software Engineering: Process, Techniques, and Best Practices
- 6 Defining and Implementing a Requirements Baseline
- 7 Managing Project Scope — Why It Matters and Best Practices
- 8 How Long Do Requirements Take?
- 9 How to Reuse Requirements Across Multiple Products
- 4. Requirements Traceability
- Overview
- 1 What Is Traceability in Product Development? A Guide for Regulated Teams
- 2 Tracing Your Way to Success: The Crucial Role of Traceability in Modern Product and Systems Development
- 3 Bidirectional Traceability: What It Is and How to Implement It
- 4 What is Engineering Change Management (ECM)? A Complete Guide
- 5 Change Impact Analysis (CIA): A Short Guide for Effective Implementation
- 6 What is Meant by Version Control?
- 7 Key Traceability Challenges and Tips for Ensuring Accountability and Efficiency
- 8 The Role of a Data Thread in Product and Software Development
- 9 Unraveling the Digital Thread: Enhancing Connectivity and Efficiency
- 10 What is a Traceability Matrix? A Guide to Requirements Traceability
- 11 How to Create and Use a Requirements Traceability Matrix (RTM)
- 12 Requirements Traceability Matrix Pros and Cons: A Practical Guide
- 13 Live Traceability vs. After-the-Fact Traceability
- 14 Overcoming Barriers to Live Requirements Traceability™
- 15 Requirements Traceability, What Are You Missing?
- 16 Requirements Traceability: Links in the Chain
- 17 What Are the Benefits of End-to-End Traceability During Product Development?
- 18 FAQs About Requirements Traceability
- 19 Product Traceability for Regulated Industries: A Complete Guide to Audit-Ready Compliance
- 5. Requirements Management Tools and Software
- Overview
- 1 Selecting the Right Requirements Management Tools and Software
- 2 Why Investing in Requirements Management Software Makes Business Sense During an Economic Downturn
- 3 Why Word and Excel Alone is Not Enough for Product, Software, and Systems Development
- 4 Can You Track Requirements in Excel?
- 5 What Is Application Lifecycle Management (ALM)?
- 6 Is There Life After DOORS®?
- 7 Can You Track Requirements in Jira?
- 8 Checklist: Selecting a Requirements Management Tool
- 6. Requirements Validation and Verification
- 7. Meeting Regulatory Compliance and Industry Standards
- Overview
- 1 Understanding ISO Standards
- 2 Understanding ISO/IEC 27001: A Guide to Information Security Management
- 3 What is DevSecOps? A Guide to Building Secure Software
- 4 Compliance Management
- 5 What Is Functional Safety (FuSa)? Standards, Lifecycle, and Where Programs Fail
- 6 What is FMEA? Failure Mode and Effects Analysis Guide
- 7 TÜV SÜD: Ensuring Safety, Quality, and Sustainability Worldwide
- 8 What is IEC 62443? A Guide to Industrial Cybersecurity
- 9 DFARS Compliance: A Guide for Defense Contractors
- 8. Systems Engineering
- Overview
- 1 What is Systems Engineering? A Guide for Modern Engineering Teams
- 2 How Do Engineers Collaborate? A Guide to Streamlined Teamwork and Innovation
- 3 The Systems Engineering Body of Knowledge (SEBoK)
- 4 What Is MBSE? Model-Based Systems Engineering Explained
- 5 Digital Engineering Between Government and Contractors
- 6 Digital Engineering Tools: The Key to Driving Innovation and Efficiency in Complex Systems
- 9. Automotive Development
- Overview
- 1 Understanding IATF 16949: A Quick Guide to Automotive Quality Management
- 2 What Is ISO 21434? Automotive Cybersecurity Engineering Explained
- 3 What Is ISO 26262? A Guide to Functional Safety in Automotive
- 4 What Is ASIL? A Guide to Automotive Safety Integrity Levels in ISO 26262
- 5 What Is SOTIF? A Guide to ISO 21448 for ADAS Safety
- 10. Medical Device & Life Sciences Development
- Overview
- 1 The Importance of Benefit-Risk Analysis in Medical Device Development
- 2 Software as a Medical Device: Revolutionizing Healthcare
- 3 What’s a Design History File, and How Are DHFs Used by Product Teams?
- 4 Navigating the Risks of Software of Unknown Pedigree (SOUP) in the Medical Device & Life Sciences Industry
- 5 What Is ISO 13485? A Guide to Medical Device Quality Management Systems
- 6 What You Need to Know: ANSI/AAMI SW96:2023 — Medical Device Security
- 7 ISO 13485 vs ISO 9001: Understanding the Differences and Synergies
- 8 What Is IEC 62304? A Guide to Medical Device Software
- 9 What Is a Device Master Record (DMR)? Definition and FDA Requirements
- 10 Failure Modes, Effects, and Diagnostic Analysis (FMEDA) for Medical Devices: What You Need to Know
- 11 Embracing the Future of Healthcare: Exploring the Internet of Medical Things (IoMT)
- 12 What Is General Safety and Performance Requirements (GSPR)? What You Need To Know
- 13 What Is IEC 62366? A Guide to Medical Device Usability Engineering
- 14 What Is the Quality Management System Regulation (QMSR)?
- 11. Aerospace & Defense Development
- Overview
- 1 What Is ARP4754A? A Complete Guide to Civil Aircraft and Systems Development Assurance
- 2 Understanding ARP4761A: Guidelines for System Safety Assessment in Aerospace
- 3 What Is DO-254? A Complete Guide to Airborne Hardware Design Assurance
- 4 What Is DO-178C? A Complete Guide to Airborne Software Certification
- 12. Architecture, Engineering, and Construction (AEC industry) Development
- 13. Industrial Manufacturing & Machinery, Automation & Robotics, Consumer Electronics, and Energy
- 14. Semiconductor Development
- 15. AI in Product Development
- Overview
- 1 What Is AI in Product Development? A Complete 2026 Guide
- 2 AI Test Case Generation: A Complete Guide for Regulated QA Teams
- 3 Using AI to Write Software Requirements: What Works and What Doesn’t
- 4 What Is the Model Context Protocol (MCP) for Requirements Management?
- 5 AI for Systems Engineering: Benefits, Risks, and How to Start
- 6 How to Automate Requirements Management
- 7 Artificial Intelligence in Requirements Management
- 16. Risk Management
- 17. Product Development Terms and Definitions
Chapter 10: What Is the Quality Management System Regulation (QMSR)?
Chapters
- 1. Requirements Management
- Overview
- 1 What is Requirements Management? A Complete Guide
- 2 Why do you need Requirements Management?
- 3 Four Stages of Requirements Management Processes
- 4 Adopting an Agile Approach to Requirements Management
- 5 Status Request Changes
- 6 Conquering the 5 Biggest Challenges of Requirements Management
- 7 Three Reasons You Need a Requirements Management Solution
- 8 Guide to Poor Requirements: Identify Causes, Repercussions, and How to Fix Them
- 9 What Is a Requirements Management Plan? A Practical Guide
- 2. Writing Requirements
- Overview
- 1 Functional requirements examples and templates
- 2 What Is a Product Requirements Document? A Complete PRD Guide
- 3 What Is a User Requirement Specification (URS)? How to Write and Manage One
- 4 Identifying and Measuring Requirements Quality
- 5 How to Write a System Requirements Specification (SRS) Document
- 6 The Fundamentals of Business Requirements: Examples of Business Requirements and the Importance of Excellence
- 7 What Is a Compliance Risk Assessment? Steps, Framework, and Examples
- 8 Adopting the EARS Notation to Improve Requirements Engineering
- 9 Jama Connect Advisor™
- 10 Frequently Asked Questions about the EARS Notation and Jama Connect Advisor™
- 11 How to Write an Effective Product Requirements Document (PRD)
- 12 Functional vs. Non-Functional Requirements
- 13 What Are Nonfunctional Requirements and How Do They Impact Product Development?
- 14 What Is a Software Design Specification? Key Components + Template
- 15 Characteristics of Effective Software Requirements and Software Requirements Specifications (SRS)
- 16 8 Do’s and Don’ts for Writing Requirements
- 17 Project Requirements: Types, Process, and Best Practices
- 3. Requirements Gathering and Management Processes
- Overview
- 1 Requirements Engineering
- 2 Requirements Analysis
- 3 A Guide to Requirements Elicitation for Product Teams
- 4 Requirements Gathering Techniques for Agile Product Teams
- 5 Requirements Gathering in Software Engineering: Process, Techniques, and Best Practices
- 6 Defining and Implementing a Requirements Baseline
- 7 Managing Project Scope — Why It Matters and Best Practices
- 8 How Long Do Requirements Take?
- 9 How to Reuse Requirements Across Multiple Products
- 4. Requirements Traceability
- Overview
- 1 What Is Traceability in Product Development? A Guide for Regulated Teams
- 2 Tracing Your Way to Success: The Crucial Role of Traceability in Modern Product and Systems Development
- 3 Bidirectional Traceability: What It Is and How to Implement It
- 4 What is Engineering Change Management (ECM)? A Complete Guide
- 5 Change Impact Analysis (CIA): A Short Guide for Effective Implementation
- 6 What is Meant by Version Control?
- 7 Key Traceability Challenges and Tips for Ensuring Accountability and Efficiency
- 8 The Role of a Data Thread in Product and Software Development
- 9 Unraveling the Digital Thread: Enhancing Connectivity and Efficiency
- 10 What is a Traceability Matrix? A Guide to Requirements Traceability
- 11 How to Create and Use a Requirements Traceability Matrix (RTM)
- 12 Requirements Traceability Matrix Pros and Cons: A Practical Guide
- 13 Live Traceability vs. After-the-Fact Traceability
- 14 Overcoming Barriers to Live Requirements Traceability™
- 15 Requirements Traceability, What Are You Missing?
- 16 Requirements Traceability: Links in the Chain
- 17 What Are the Benefits of End-to-End Traceability During Product Development?
- 18 FAQs About Requirements Traceability
- 19 Product Traceability for Regulated Industries: A Complete Guide to Audit-Ready Compliance
- 5. Requirements Management Tools and Software
- Overview
- 1 Selecting the Right Requirements Management Tools and Software
- 2 Why Investing in Requirements Management Software Makes Business Sense During an Economic Downturn
- 3 Why Word and Excel Alone is Not Enough for Product, Software, and Systems Development
- 4 Can You Track Requirements in Excel?
- 5 What Is Application Lifecycle Management (ALM)?
- 6 Is There Life After DOORS®?
- 7 Can You Track Requirements in Jira?
- 8 Checklist: Selecting a Requirements Management Tool
- 6. Requirements Validation and Verification
- 7. Meeting Regulatory Compliance and Industry Standards
- Overview
- 1 Understanding ISO Standards
- 2 Understanding ISO/IEC 27001: A Guide to Information Security Management
- 3 What is DevSecOps? A Guide to Building Secure Software
- 4 Compliance Management
- 5 What Is Functional Safety (FuSa)? Standards, Lifecycle, and Where Programs Fail
- 6 What is FMEA? Failure Mode and Effects Analysis Guide
- 7 TÜV SÜD: Ensuring Safety, Quality, and Sustainability Worldwide
- 8 What is IEC 62443? A Guide to Industrial Cybersecurity
- 9 DFARS Compliance: A Guide for Defense Contractors
- 8. Systems Engineering
- Overview
- 1 What is Systems Engineering? A Guide for Modern Engineering Teams
- 2 How Do Engineers Collaborate? A Guide to Streamlined Teamwork and Innovation
- 3 The Systems Engineering Body of Knowledge (SEBoK)
- 4 What Is MBSE? Model-Based Systems Engineering Explained
- 5 Digital Engineering Between Government and Contractors
- 6 Digital Engineering Tools: The Key to Driving Innovation and Efficiency in Complex Systems
- 9. Automotive Development
- Overview
- 1 Understanding IATF 16949: A Quick Guide to Automotive Quality Management
- 2 What Is ISO 21434? Automotive Cybersecurity Engineering Explained
- 3 What Is ISO 26262? A Guide to Functional Safety in Automotive
- 4 What Is ASIL? A Guide to Automotive Safety Integrity Levels in ISO 26262
- 5 What Is SOTIF? A Guide to ISO 21448 for ADAS Safety
- 10. Medical Device & Life Sciences Development
- Overview
- 1 The Importance of Benefit-Risk Analysis in Medical Device Development
- 2 Software as a Medical Device: Revolutionizing Healthcare
- 3 What’s a Design History File, and How Are DHFs Used by Product Teams?
- 4 Navigating the Risks of Software of Unknown Pedigree (SOUP) in the Medical Device & Life Sciences Industry
- 5 What Is ISO 13485? A Guide to Medical Device Quality Management Systems
- 6 What You Need to Know: ANSI/AAMI SW96:2023 — Medical Device Security
- 7 ISO 13485 vs ISO 9001: Understanding the Differences and Synergies
- 8 What Is IEC 62304? A Guide to Medical Device Software
- 9 What Is a Device Master Record (DMR)? Definition and FDA Requirements
- 10 Failure Modes, Effects, and Diagnostic Analysis (FMEDA) for Medical Devices: What You Need to Know
- 11 Embracing the Future of Healthcare: Exploring the Internet of Medical Things (IoMT)
- 12 What Is General Safety and Performance Requirements (GSPR)? What You Need To Know
- 13 What Is IEC 62366? A Guide to Medical Device Usability Engineering
- 14 What Is the Quality Management System Regulation (QMSR)?
- 11. Aerospace & Defense Development
- Overview
- 1 What Is ARP4754A? A Complete Guide to Civil Aircraft and Systems Development Assurance
- 2 Understanding ARP4761A: Guidelines for System Safety Assessment in Aerospace
- 3 What Is DO-254? A Complete Guide to Airborne Hardware Design Assurance
- 4 What Is DO-178C? A Complete Guide to Airborne Software Certification
- 12. Architecture, Engineering, and Construction (AEC industry) Development
- 13. Industrial Manufacturing & Machinery, Automation & Robotics, Consumer Electronics, and Energy
- 14. Semiconductor Development
- 15. AI in Product Development
- Overview
- 1 What Is AI in Product Development? A Complete 2026 Guide
- 2 AI Test Case Generation: A Complete Guide for Regulated QA Teams
- 3 Using AI to Write Software Requirements: What Works and What Doesn’t
- 4 What Is the Model Context Protocol (MCP) for Requirements Management?
- 5 AI for Systems Engineering: Benefits, Risks, and How to Start
- 6 How to Automate Requirements Management
- 7 Artificial Intelligence in Requirements Management
- 16. Risk Management
- 17. Product Development Terms and Definitions
What Is the Quality Management System Regulation (QMSR)?
Medical device teams that have spent years maintaining separate compliance systems for the Food and Drug Administration (FDA) and international markets are now operating under a more unified framework. As of February 2, 2026, the FDA enforces a revised version of 21 CFR Part 820, the regulation governing the design, manufacture, and control of medical devices in the United States.
The key change is structural: rather than maintaining a standalone U.S. quality system regulation, the FDA has aligned Part 820 with ISO 13485:2016 by incorporating the international standard directly into the regulation.
For companies already certified to international standards, the change removes a long-standing source of duplicated work. For teams that never adopted ISO 13485, it changes how the quality management system must be organized, documented, and inspected.
This guide covers why the FDA made the change, how incorporation by reference works, what differs from the old Part 820, and how to close the remaining compliance gaps. The short version: QMSR restructures Part 820 around ISO 13485, makes risk management a system-wide expectation, and leaves manufacturers with a defined set of gaps to address.
Why the FDA Replaced 21 CFR Part 820 With QMSR
The FDA restructured Part 820 to eliminate duplicative quality system work across U.S. and international frameworks. Many manufacturers were doing the same quality work twice under two different rule sets.
The Quality Management System Regulation (QMSR) reorganizes the FDA’s original Quality System Regulation (QSR) subparts with ISO 13485:2016, incorporated by reference, as the core framework for medical device quality management systems. The rule also incorporates Clause 3 of ISO 9000:2015 on terms and definitions.
The FDA kept supplemental requirements where ISO 13485 did not fully cover U.S. statutory obligations, including definitions, labeling controls, complaint records, and device tracking.
The Regulatory Redundancy That Drove Harmonization
Global medical device manufacturers have maintained two substantially similar but structurally different compliance programs for years. One centered on the FDA’s QSR subparts. The other centered on the ISO 13485 clauses that support regulatory requirements in the European Union (EU), Canada, Japan, and other markets.
The overlap created duplicate internal audit programs and parallel documentation maintained under different terminology. The FDA expects the harmonized framework to reduce administrative and recordkeeping burden across the industry, particularly for companies already operating under both systems.
What Changed in the Final Rule
The final rule replaced the self-contained FDA subparts with ISO 13485:2016 as the core framework for Part 820. The standard is incorporated by reference at § 820.7, most prior subparts are now marked [Reserved], and the FDA gave manufacturers a two-year window to transition. The FDA published the final rule on February 2, 2024, and it took effect after the transition period. Technical amendments published in December 2025 corrected formatting and cross-references shortly before the effective date.
How QMSR Incorporates ISO 13485 by Reference
QMSR makes ISO 13485 the core federal quality management system framework, with targeted additions where U.S. statutory requirements go further than the international standard.
What Incorporation by Reference Means for Manufacturers
Incorporation by reference (IBR) makes ISO 13485:2016 enforceable through U.S. federal regulation. Rather than treating the standard as a consensus document for voluntary use, IBR gives it legal effect within the regulation itself. Non-compliance can render a device adulterated under the Federal Food, Drug, and Cosmetic Act (FD&C Act). Where ISO 13485 and the FDA’s requirements or definitions differ, the FDA requirements take precedence.
Where the FDA Diverged From ISO 13485
The FDA retained several supplemental requirements beyond ISO 13485:
- Device labeling and packaging controls (§ 820.45): Pre-release label inspection, including verification of the Unique Device Identifier (UDI) and expiration date.
- Complaint and service record content (§ 820.35): More prescriptive than ISO 13485’s complaint-handling provisions, requiring UDI documentation where applicable and specific corrective action records.
- Medical Device Reporting and device tracking (§ 820.10): Cross-references to reporting, corrections and removals, tracking, and UDI requirements under other FDA regulations.
- FDA-specific definitions (§ 820.3): Terms like “component,” “finished device,” and “remanufacturer” are added, and the statutory term “safety and effectiveness” controls over ISO 13485’s “safety and performance.”
The practical model is ISO 13485 plus a layer of retained FDA-specific requirements that the standard alone does not satisfy.
Differences Between QMSR and the Old 21 CFR Part 820
QMSR changes how quality teams organize documentation, cite requirements during inspections, and integrate risk management across every phase of development. The shifts fall into three areas: terminology, design controls, and risk.
Terminology Shifts Quality Teams Need to Learn
QMSR drops the old-named QSR record categories as organizing labels, even though the underlying documentation still exists under ISO 13485. Staff trained only on the QSR’s subpart numbering will need to learn ISO 13485 clause language to respond to FDA observations:
- Device Master Record, Design History File, and Device History Record: These named records are no longer referenced. ISO 13485 consolidates equivalent documentation under the Medical Device File and its production records.
- Design History File (DHF) content: Maps to ISO 13485’s design and development requirements under Clause 7.3.
- Device History Record (DHR) content: Corresponds to production records for each batch, lot, or unit, and under § 820.35(c), the UDI must be recorded for each device or batch of devices.
- Quality System Record: Maps to ISO 13485’s documentation requirements.
Mapping each existing record type against its ISO 13485 equivalent before the first inspection under QMSR is the most straightforward way to surface where your documentation needs updating.
Design Controls Under QMSR
Design controls remain in force under QMSR, but they are now organized through ISO 13485 rather than the old stand-alone QSR structure. Expectations carry over from § 820.30 into ISO 13485’s design and development requirements, with a direct path from design inputs through design outputs, verification, validation, transfer, and design changes. One change worth noting: the independent reviewer requirement in § 820.30(e) does not appear in ISO 13485’s corresponding design review provision, which may change how independence is demonstrated during design reviews. The FDA-specific design control exemptions are preserved in § 820.10.
Risk Management Expectations
QMSR makes risk management a system-wide expectation rather than a narrow design validation activity. Under the old QSR, risk analysis appeared explicitly in only one design control sub-element, § 820.30(g) for design validation, but under QMSR, it runs throughout the ISO 13485 clauses. Risk inputs must be documented in design inputs, risk controls traced in design outputs, and verification must address those controls, with risk reassessed when a design changes. Risk-based thinking also extends to supplier evaluation, process validation, prioritization of corrective and preventive actions, and management review. ISO 14971 is not itself incorporated by reference, though the FDA recognizes it as the established framework for medical device risk management.
What QMSR Means for Medical Device Manufacturers
The practical effects split sharply between teams already running an ISO 13485-based system and teams that operated solely under the QSR.
Impact on U.S.-Only Manufacturers
Companies that operated only under the QSR face a more structural transition. They generally need a quality manual aligned with the clause structure of ISO 13485, reorganized standard operating procedures, and risk management embedded throughout the quality management system. Establishments not already complying with ISO 13485 faced substantial one-time transition costs, according to the FDA’s regulatory impact analysis.
Impact on Global Manufacturers Already Certified to ISO 13485
Already-certified companies can expect a lighter annual compliance burden under the harmonized framework. The remaining work involves ensuring that complaint records capture the UDI and other device identifiers under § 820.35(a), implementing labeling inspection procedures under § 820.45, assessing 21 CFR Part 11 compliance for electronic records where applicable, and extending traceability to devices that sustain or support life.
Inspection and Enforcement Changes
Inspections now align with ISO 13485’s structure rather than the legacy QSR framework. The FDA withdrew the Quality System Inspection Technique in favor of an updated inspection model aligned with ISO 13485 principles. Teams should be ready to present internal audit, supplier, and management review documentation within a QMSR-aligned system during inspection readiness work.
How to Prepare for QMSR Compliance
Preparation centers on three activities: a gap assessment, documentation and training updates, and design-control workflow alignment.
Conducting a Gap Assessment Against ISO 13485:2016
A baseline gap assessment compares current quality management system documentation against every clause of ISO 13485:2016 and the retained FDA provisions. Priority areas include risk management integration outside the design phase, supplier qualification, internal audit and management review records, and software validation for applications that support the quality system.
Updating Procedures, Records, and Training
Transition work goes well beyond swapping CFR references for ISO clause numbers. Corrective and preventive action (CAPA) procedures need to address corrective and preventive actions under Clause 8.5. Complaint records need UDI fields per § 820.35. Personnel training must cover the new terminology so that quality staff can respond to FDA observations that cite ISO 13485 clauses rather than QSR subparts.
Aligning Design Controls and Risk Management Workflows
Design control workflows must connect risk management to each stage of development. They should follow the design and development structure in Clause 7.3, with risk management records linked to the relevant design phases. Design inputs should reference risk analysis outputs, design outputs should trace to risk control measures, and verification and validation records should demonstrate that those controls were tested and confirmed.
Common QMSR Compliance Pitfalls to Avoid
Early readiness problems tend to follow the same three patterns.
Treating QMSR as a Documentation Update Only
Renaming a document does not make a quality system QMSR-ready. Relabeling a DHF and updating header references does not satisfy the new inspection model. FDA investigators still assess whether documentation reflects a functioning system with integrated risk management across all design phases.
Letting ISO 13485 Certification Stand In for QMSR Readiness
ISO 13485 certification and QMSR readiness are separate things. A certificate of conformance does not exempt a manufacturer from an FDA inspection. Certification does not cover § 820.45 labeling requirements, § 820.35 complaint record content, 21 CFR Part 11 electronic records obligations, or FDA traceability requirements for devices that sustain or support life. Compliance depends on meeting FDA-specific requirements, regardless of whether a manufacturer holds the certificate.
Underestimating Supplier and Subcontractor Implications
Supplier controls remain a direct compliance risk under QMSR. ISO 13485 purchasing controls and written quality agreement requirements now apply with the force of federal law. Those controls require documented follow-through, especially when manufacturers rely on external audits and evidence of corrective actions to support supplier oversight.
How Jama Connect® Supports QMSR Compliance
QMSR readiness depends on maintaining traceability across design inputs, design outputs, verification and validation records, and risk management records without losing control as documents change. Jama Connect® is a cloud-based requirements management and traceability platform for complex, regulated product development, providing medical device teams with a single place to manage linked records rather than reconciling them across disconnected files.
When a requirement changes, Live Traceability™ keeps connected design, verification, and risk records visible together, so teams can maintain audit-ready evidence throughout development rather than having to reconstruct it before an inspection.
Turning Harmonization Into a Working Quality System
The teams best positioned for QMSR are those that already run design controls, risk management, and traceability as connected workflows rather than as separate documentation exercises. QMSR did not invent new quality expectations so much as formalize the practices global manufacturers were already using, and it closed the gap for those who were not.
That shift rewards a development process where compliance evidence is a byproduct of the work, not a separate reconstruction effort at audit time. Jama Connect supports this workflow by linking requirements, test cases, and risk records so the traceability QMSR depends on stays current as the design evolves. Start a free 30-day trial of Jama Connect.
Frequently Asked Questions About QMSR
When did QMSR take effect?
QMSR became effective on February 2, 2026, two years after the FDA published the final rule in the Federal Register (89 FR 7496). The FDA began enforcing it on that date. The practical question for manufacturers shifted from whether they had a transition plan to whether they could show inspectors a working system organized around ISO 13485 and the retained FDA-specific requirements.
Does QMSR replace ISO 13485 certification?
No. QMSR incorporates ISO 13485:2016 by reference but does not require certification, and holding a certificate does not satisfy QMSR. The regulation turns conformance with the standard into a federal legal obligation. A certified manufacturer can still fall short during an inspection in FDA-specific areas such as labeling controls, complaint record content, device tracking, or electronic records.
What is the difference between QMSR and 21 CFR Part 820?
QMSR is the amended version of 21 CFR Part 820. The prior QSR used self-contained FDA subparts, while QMSR reorganized that structure by incorporating ISO 13485:2016 into Part 820. Day-to-day, Part 820 still exists, but teams now organize documentation and inspection responses around ISO 13485’s clause structure, with FDA-specific additions layered on top.
Do contract manufacturers and suppliers need to comply with QMSR?
QMSR directly regulates finished-device manufacturers, who must apply ISO 13485 purchasing controls throughout their supply chain and may use written quality agreements to oversee suppliers. Suppliers are not regulated directly, but a supplier weakness can create inspection exposure for the manufacturer when it shows up in audits, corrective actions, or poorly defined quality agreements.
This article was authored by Tom Rish and published on June 11, 2026.
Book a Demo
See Jama Connect in Action!
Our Jama Connect experts are ready to guide you through a personalized demo, answer your questions, and show you how Jama Connect can help you identify risks, improve cross-team collaboration, and drive faster time to market.