QMSR Is Live. Here's What Your First Inspection Will Look Like.

On February 2, 2026, the FDA's Quality Management System Regulation officially took effect. If you work in medical device quality, you already know the date. What you may not know — what most teams don't fully appreciate yet — is how fundamentally this changes the way inspections will be conducted, what inspectors will expect to see, and where the gaps in your current quality system are most likely to show.

This isn't a minor update. QMSR represents the biggest change to FDA device regulation in thirty years. The old 21 CFR Part 820 — the prescriptive framework that defined device quality systems since 1996 — is gone. In its place: ISO 13485:2016 as the harmonized standard, with FDA-specific requirements layered on top. If your quality system was built to check Part 820 boxes, you're operating on an expired map.

The Old Framework Is Gone. The New One Is Process-Based.

Part 820 was prescriptive. It told you what to have: a design history file, a device master record, specific document control procedures. Inspectors walked through a checklist. If the documents existed and looked right, you generally passed.

QMSR flips that model. ISO 13485 is a process-based standard. It doesn't just ask whether you have a procedure — it asks whether your processes are defined, interacting, measured, and effective. The shift is from "do you have it?" to "does it work, and can you prove it?"

The question is no longer whether your SOP exists. It's whether your process produces the outcomes you claim it does — and whether you have the evidence to back that up.

This distinction matters enormously when an inspector walks through the door. Under the old model, a well-organized binder could get you through. Under QMSR, the inspector is looking at how your processes connect, where risk management feeds into design controls, and whether your management review actually drives decisions — not just documents them.

CP 7382.850: The New Inspection Playbook

The FDA's Compliance Program Guide CP 7382.850 is the operational framework inspectors will use when conducting QMSR inspections. Think of it as the inspector's playbook — it defines priorities, focus areas, and the evidence trail they'll follow.

This is not a standard you audit against. It's the lens through which inspectors will evaluate your quality system. Understanding its structure and priorities is critical to preparation. The organizations that align their readiness efforts with CP 7382.850 will be the ones that handle inspections with confidence.

What Inspectors Will Ask for First

Based on the structure of CP 7382.850 and the priorities embedded in the QMSR transition, there are three areas inspectors are most likely to focus on in early inspections:

Management Responsibility

ISO 13485 Clause 5 puts management responsibility front and center. Inspectors will want to see evidence that top management is actively engaged in the quality system — not just signing off on management reviews, but making resource decisions, setting quality objectives, and driving continuous improvement. If your management review is a quarterly slide deck that gets recycled with updated dates, that's a problem.

Design Controls and Risk Management

Design and development (Clause 7.3) and risk management (Clause 7.1) have always been high-scrutiny areas. Under QMSR, the expectation is that risk management isn't a standalone activity — it's integrated throughout the product lifecycle. Inspectors will look for evidence that risk analysis informed design inputs, that risk controls are verified, and that post-market data feeds back into the risk file. Disconnected risk files are one of the most common gaps we see.

Process Interactions

ISO 13485 requires organizations to determine the "sequence and interaction" of quality system processes (Clause 4.1). This is not a theoretical exercise. Inspectors will want to see how your processes connect — how design outputs feed into production controls, how supplier management links to incoming inspection, how complaint handling drives CAPA. If your quality system is a collection of siloed procedures, the seams will show.

Document Expectations Have Changed

Under Part 820, the document expectations were largely about existence and control — do you have the right documents, are they approved, are they current? Under QMSR, the bar is higher. Inspectors will look for:

• Process interaction maps that show how quality system processes connect and influence each other
• Effectiveness evidence — not just that a process was followed, but that it produced the intended result
• Management review outputs that demonstrate real decisions, resource allocations, and follow-through on action items
• Risk management records that show integration across design, production, and post-market activities
• Supplier controls mapped to specific ISO 13485 clauses, not just a generic approved supplier list

The documentation burden hasn't necessarily increased in volume. But the quality of that documentation — its specificity, its traceability, its evidence of effectiveness — is under a fundamentally different microscope.

Where Most Quality Systems Have Gaps

After working with dozens of device manufacturers through the QMSR transition, the same gaps appear again and again. They're not obscure. They're structural.

• Risk file integration. Risk management exists as a separate deliverable rather than a thread running through design, production, and post-market processes. The risk file doesn't reference design verification results. Post-market surveillance data doesn't flow back into residual risk analysis.
• Process validation documentation. Many companies have validated processes, but the documentation doesn't meet ISO 13485 expectations for demonstrating that the validation protocol was scientifically sound, that acceptance criteria were predetermined, and that revalidation triggers are defined.
• Supplier controls mapped to ISO clauses. The approved supplier list exists. Supplier audits are on file. But the purchasing controls don't explicitly address the ISO 13485 requirements for the type and extent of control based on product risk and supplier capability.
• Management review substance. The meeting happened. The minutes exist. But the outputs don't demonstrate that management actually made decisions about resource needs, process improvements, or quality objective adjustments based on data.

These aren't edge cases. These are the gaps that will generate observations under the new inspection paradigm.

What to Do Now

If you haven't started preparing, you're already behind. But behind isn't the same as too late. Here's what practical preparation looks like:

• Run a gap analysis against ISO 13485:2016 — not a high-level crosswalk, but a clause-by-clause assessment of your current quality system against the standard's requirements, with specific attention to the FDA-specific additions in QMSR.
• Update your SOPs to reflect process-based language and requirements. Remove Part 820 references. Ensure each procedure addresses inputs, outputs, process interactions, and effectiveness criteria.
• Train your teams on the new inspection cadence. Your quality team needs to understand not just what QMSR requires, but how CP 7382.850 structures the inspection — what inspectors will ask, in what order, and why.
• Strengthen your risk file. Make risk management a living, integrated system — not a binder that gets updated before audits.
• Review your management review process. Ensure it produces documented decisions, not just meeting minutes.

How Qualera Helps

Qualera was built for exactly this moment. Our AI-native audit intelligence platform delivers 100% document coverage analysis — every SOP, work instruction, form, and record template in your quality system, read and assessed against the requirements that matter.

Where traditional readiness assessments sample a fraction of your documentation, Qualera reads everything. The platform identifies gaps in traceability, flags process interactions that don't connect, and surfaces the specific areas where your quality system falls short of ISO 13485 and QMSR expectations — all aligned with the priorities of CP 7382.850.

During beta, Qualera's capabilities are delivered exclusively through MB&A engagements. Our team runs the analysis, interprets the findings, and works alongside your quality leadership to build a remediation roadmap. The AI does the heavy analysis. Your team stays in command of every decision.

The regulation has changed. The inspection model has changed. The question is whether your quality system has changed with it.