QMSR Implementation Strategies
Planning your transition to the QMSR
Planning for QMSR Compliance Starts Here
The FDA’s transition from the Quality System Regulation (QSR) to the Quality Management System Regulation (QMSR) represents the most significant change to U.S. medical device quality requirements in over two decades. While the QMSR aligns closely with ISO 13485:2016, achieving compliance will require more than document tweaks—it demands strategic planning, system-wide updates, and cross-functional coordination.
At MDP Medical Devices and Pharma™, we’ve developed targeted QMSR implementation strategies based on the unique needs of different types of manufacturers. Whether you’re ISO-certified or building your quality system from the ground up, we can help you assess, plan, and execute your transition—efficiently and with confidence.
Choose the Strategy that Fits Your Situation
We’ve created detailed guidance for each of the most common implementation paths. Click below to explore the approach that best matches your organization’s current state. Links will become active once we publish a post for that scenario:
Key Requirements:
U.S. Manufacturers Who Are Not ISO 13485 Compliant
Many domestic manufacturers comply with the QSR but lack ISO 13485 certification. This group will face the most extensive changes under the QMSR. Click on the link for more information.
U.S. Manufacturers Who Are Compliant with the QSR and ISO 13485: 2016
These companies are ahead of the curve—but full QMSR compliance still requires aligning FDA-specific processes and documentation. Click on the link for more information.
Foreign Manufacturers with Both QSR and ISO 13485 Compliance
You may already be in a strong position, but QMSR will still require a formal transition plan and gap analysis to align your dual-compliant system with new expectations.
Foreign Manufacturers with ISO 13485 Certification (No QSR Experience)
If you’re certified to ISO 13485 but new to the U.S. market, the QMSR may seem familiar—but don’t overlook FDA-specific expectations like complaint handling, postmarket reporting, and U.S. agent responsibilities.
New Manufacturers Establishing a Quality Management System
If you’re launching a new medical device company, now is the time to build a QMS that meets both ISO 13485 and FDA QMSR requirements from day one.
Need Help Getting Started?
Not sure which category you fall into? Reach out to Medical Devices and Pharma for a quick consultation. We’ll help you evaluate your current position and build a plan that fits your business and timeline.
Feel free to schedule a 15-minute discussion with our CEO Bruce Waldon regarding your QMSR projects.
Comparison of FDA and ISO Quality Management System Requirements
| Aspect | QMSR (21 CFR 820.10) | ISO 13485 Clause 4 |
|---|---|---|
| Documentation Requirements | Requires manufacturers to document a QMS that complies with ISO 13485 and additional FDA regulations. | Requires organizations to document, implement, and maintain a QMS to meet ISO 13485 and applicable regulatory requirements. |
| Regulatory Compliance | Explicitly ties compliance to FDA regulations (e.g., UDI, traceability, MDR reporting). | Requires compliance with applicable regulatory requirements but does not specify FDA-specific mandates. |
| Design & Development | Mandates compliance with Clause 7.3 of ISO 13485 for certain device classes. | Requires organizations to define and control design and development processes as part of the QMS. |
| Risk-based Approach | Indirectly referenced in the application of ISO 13485 requirements. | Explicitly requires a risk-based approach to QMS processes. |
| Traceability | Additional requirements for unique device identification (UDI) and traceability per 21 CFR 821 & 830. | Requires traceability for implantable devices and risk-based traceability for other products. |
| Advisory Notices | Manufacturers must comply with 21 CFR 806 (recalls & advisory notices). | Organizations must establish procedures for issuing advisory notices but without referencing specific regulatory bodies. |
| Reporting to Regulatory Authorities | Explicitly mandates reporting to the FDA per 21 CFR 803 (MDR). | Requires a process for regulatory reporting but does not specify FDA requirements. |
| Software Validation | Implicitly required through ISO 13485 adoption. | Explicitly requires validation of software used in QMS processes. |
| Outsources Processes | Must comply with FDA requirements for supplier controls. | Requires organizations to monitor and ensure control over outsourced processes, with proportionality based on risk. |
| Regulatory Enforcement | Noncompliance renders the device adulterated under the FD&C Act, subject to FDA action. | ISO 13485 compliance alone does not imply regulatory enforcement unless mandated by a jurisdiction. |