CP 7382.850: What MedTech Quality Leaders Need to Know

If you lead quality at a medical device company and you haven't read CP 7382.850, you need to. Not because it's a regulation — it isn't. It's something potentially more consequential for your next FDA inspection: it's the operational playbook that tells inspectors exactly how to inspect you under QMSR.

CP 7382.850 is the FDA's new compliance program guide for Quality Management System Regulation inspections. It replaces the legacy compliance program that aligned with the old Part 820 framework and establishes how field investigators will plan, execute, and document inspections under the harmonized QMSR/ISO 13485 structure.

Understanding this document isn't optional. It's the difference between being prepared for an inspection and being surprised by one.

Why This Document Matters More Than You Think

Most quality leaders focus — rightly — on the regulations themselves. QMSR. ISO 13485:2016. The cross-reference table in 21 CFR 820.2. But regulations tell you what's required. Compliance program guides tell you how the FDA will verify compliance. They define inspection priorities, focus areas, investigator instructions, and the evidence trail inspectors will pursue.

CP 7382.850 is the FDA telling you, in advance, what they're going to look at and how they're going to look at it. Ignoring it would be like preparing for a deposition without reading the complaint.

The regulation tells you what to build. The compliance program guide tells you how the FDA will test it.

Key Sections: What's in CP 7382.850

The compliance program guide covers several critical areas that directly impact how your quality system will be evaluated. Here's what quality leaders need to understand.

Inspection Planning and Prioritization

CP 7382.850 establishes criteria for how inspections are prioritized. The guide outlines risk-based factors — product classification, compliance history, complaint trends, recall activity, prior inspection outcomes — that determine when and how intensively you'll be inspected.

This matters because your regulatory footprint precedes you. A company with a clean compliance history faces a different inspection profile than one with open 483 observations. The planning criteria in CP 7382.850 formalize what experienced quality leaders have always known: inspectors arrive with a hypothesis.

Process-Based Inspection Approach

This is the most significant structural change. Under the old Part 820, inspections were largely element-based — inspectors walked through regulatory sections and verified compliance element by element.

Under CP 7382.850, inspections follow a process-based approach aligned with ISO 13485. Inspectors evaluate your quality system as interconnected processes, examining how inputs flow to outputs, how process interactions are defined, and whether the system operates as an integrated whole.

This shift rewards companies with genuinely integrated quality systems and exposes those that have organized their QMS as a collection of isolated procedures. If your SOPs live in silos — design controls that don't reference risk management, purchasing procedures disconnected from supplier qualification, CAPA that doesn't feed into management review — the process-based approach will find those gaps.

Cross-Reference Requirements

QMSR incorporated ISO 13485:2016 by reference, but the cross-referencing between the regulation and the standard is not always straightforward. CP 7382.850 provides inspectors with guidance on navigating between QMSR provisions, ISO 13485 clauses, and the expectations for documented evidence at each intersection.

For quality leaders, this means your documentation needs clear traceability between your processes, the ISO 13485 clauses they satisfy, and the corresponding QMSR requirements. If your documentation doesn't map to the structure an inspector is following, you'll spend your inspection explaining your organizational logic instead of demonstrating your system's effectiveness.

Risk-Based Sampling

CP 7382.850 provides guidance on risk-based sampling for specific process areas. Inspectors won't review every record — but sampling is informed by risk signals. Processes with higher complaint rates, more complex requirements, or prior findings receive deeper scrutiny.

This means your quality metrics are effectively an inspection preview. High CAPA recurrence rates, complaint trends in specific product families, or supplier nonconformance patterns all serve as risk signals that focus inspector attention on specific process areas.

Process Areas Most Likely to Receive Early Scrutiny

Based on the structure of CP 7382.850 and the transition from old Part 820 to QMSR, several process areas are likely to receive focused attention in early inspections.

Design and Development

Design controls have always been an FDA focus area. Under QMSR, the integration of risk management into design and development — per ISO 13485 Section 7.3 and ISO 14971 — becomes even more critical. Inspectors aligned with CP 7382.850 will evaluate whether risk management is embedded in the design process, not bolted on as a separate activity.

Expect inspectors to trace from design inputs through risk analysis, design verification, design validation, and design transfer — looking for evidence that risk was considered at each stage and that design outputs address identified risks. Design history files that treat risk management as a standalone deliverable rather than an integrated activity will draw scrutiny.

Production and Process Controls

ISO 13485 Section 7.5 requires documented procedures for production and service provision, including process validation for processes where the output cannot be verified by subsequent monitoring or measurement. Under CP 7382.850, inspectors will evaluate process validation documentation with particular attention to:

• Installation qualification, operational qualification, and performance qualification records
• Revalidation criteria and evidence of periodic review
• Process monitoring and measurement — not just that it exists, but that it's effective
• Traceability from production records to specific process parameters

Companies relying on legacy process validation packages — validated once, filed, never revisited — should expect questions about ongoing performance monitoring and revalidation criteria.

Purchasing and Supplier Management

ISO 13485 Section 7.4 requires a documented process for ensuring purchased product conforms to specified requirements, with supplier evaluation criteria proportionate to the effect of purchased product on final device quality. This is an area where many companies have significant gaps.

CP 7382.850 aligns inspector focus on supplier qualification records, incoming inspection procedures, supplier performance monitoring, and the risk-based criteria for determining supplier controls. Companies maintaining an approved supplier list without documented evaluation criteria, performance metrics, or risk classifications will find this area challenging.

Management Responsibility

ISO 13485 Sections 5.1 through 5.6 cover management commitment, customer focus, quality policy, planning, responsibility and authority, and management review. Under QMSR, these aren't abstract governance requirements — they're inspectable process areas.

Inspectors aligned with CP 7382.850 will look for evidence that top management is actively engaged in the QMS — not just that a quality policy exists on paper, but that management review produces documented decisions, that resources are allocated based on quality system needs, and that quality objectives are set, measured, and reviewed.

What "Aligned with CP 7382.850" Means in Practice

When we say Qualera's methodology is aligned with CP 7382.850, we mean something specific. The platform's audit intelligence follows the same process-based structure that FDA inspectors will use. It evaluates QMS documentation not as isolated procedures, but as interconnected process areas — examining the same cross-references, process interactions, and evidence trails that CP 7382.850 directs inspectors to follow.

This is a design decision. If the FDA inspects your quality system using a process-based approach structured around specific focus areas, the analysis you use to prepare should follow the same structure. Otherwise, you're rehearsing for a different performance than the one you'll give.

The Certification Gap

Here's the uncomfortable truth: having an ISO 13485 certification does not mean you're ready for an FDA QMSR inspection.

ISO 13485 certification is granted by a notified body or registrar based on a conformity assessment — typically a multi-day audit sampling specific process areas. It's rigorous, but it's a sample. And the audit criteria are interpreted through the certifying body's lens — not through the lens of FDA enforcement.

FDA inspections under QMSR, guided by CP 7382.850, operate with different priorities, depth, and consequences. A registrar finding results in a corrective action plan. An FDA finding can result in a 483 observation, a warning letter, or enforcement action.

Certification tells you the system passed an assessment. Inspection readiness tells you the system can withstand scrutiny. They're not the same thing.

The gap lives in the details: process interactions documented but not demonstrated, risk management referenced but not integrated, management reviews conducted but producing no actionable outputs.

Practical Steps for Quality Leaders

If you're a quality leader preparing for your first QMSR inspection — or your first inspection where CP 7382.850 is the inspector's guide — here's where to focus:

• Map your processes to ISO 13485 clauses. Not a compliance matrix buried in an appendix — a working document that your team can use to navigate the system the same way an inspector will.
• Document process interactions. Show how design controls connect to risk management, how purchasing connects to production, how CAPA feeds into management review. If the connections exist in practice but not on paper, they don't exist for an inspector.
• Ensure traceability. Every process area should have a clear evidence trail from policy to procedure to record. An inspector following CP 7382.850 will trace these threads — make sure they lead somewhere.
• Prepare for process-based questions. Train your team to explain processes end-to-end, not just their individual procedures. The inspector won't ask "where is your CAPA SOP?" — they'll ask "walk me through how a complaint becomes a CAPA, how the CAPA is investigated, and how effectiveness is verified."
• Review your management review outputs. Are they decision records or meeting notes? Under CP 7382.850, inspectors will evaluate whether management review produces the outputs ISO 13485 requires — documented decisions, resource commitments, and follow-through evidence.
• Assess your supplier controls against risk. Is your supplier qualification program proportionate to the risk each supplier poses to product quality? Can you demonstrate that? If not, this is a gap.

Preparation Is Not Optional

CP 7382.850 isn't a guideline you read once and file. It's the operating manual for how the FDA will evaluate your quality system for the foreseeable future. The companies that internalize its structure — that organize their preparation around the same process-based approach inspectors will follow — will be ready. The ones that treat QMSR readiness as a documentation exercise will be caught in the gap between what they filed and what they can demonstrate.

The playbook is public. The structure is clear. The question is whether your quality system is built to perform under it.