What changed on February 2, 2026, what stayed, and exactly what your quality system needs to address now that the FDA’s QMSR is in full force.
Affiliate Disclosure: Some links in this article are affiliate links. If you purchase through them, The Standards Navigator may earn a commission at no additional cost to you.
The FDA Replaced the QSR. Here’s What That Actually Means.
On February 2, 2026, the FDA’s legacy Quality System Regulation — the QSR under 21 CFR Part 820 — was replaced.
Not updated. Not revised. Replaced.
The new Quality Management System Regulation (QMSR) restructured 21 CFR Part 820 around a single foundational document: ISO 13485:2016. The FDA incorporated the international medical device quality standard by reference — meaning ISO 13485 is now the structural backbone of U.S. medical device quality regulation. It is no longer a voluntary international standard that sophisticated manufacturers pursue for global market access. It is what the FDA expects your quality system to be built on.
If your quality system was built against the old QSR framework — DMRs, DHFs, QSIT audit language — you are now operating against a framework that has been retired. The FDA’s inspectors are using a new compliance program. The terminology has changed. The inspection scope has changed. The risk management expectations have changed.
This guide covers exactly what the QSR was, what the QMSR replaced it with, where ISO 13485 fits into the new regulatory structure, what FDA-specific requirements remain in force beyond ISO 13485, and what your quality system needs to address right now.
In This Guide
- What the FDA QSR was and why it was replaced
- What the QMSR actually is — and what it is not
- How FDA QSR, ISO 13485, and QMSR relate to each other
- The four FDA-specific requirements that ISO 13485 does not cover
- Key changes under the QMSR manufacturers need to act on
- Does ISO 13485 certification satisfy QMSR?
- The role of ISO 14971 in QMSR compliance
- QMSR gap assessment — where to start
- From the Shop Floor — what this transition actually looks like
- Getting ISO 13485 certified under the QMSR framework
Table of Contents
✅ Start Here (Top Resources)
📋 Purchase the official ISO 13485:2016 standard → ISO 13485:2016 — ANSI Webstore — use coupon CC2026 for 5% off through December 31, 2026
📋 Purchase the required companion standard → ISO 14971:2019 Risk Management — ANSI Webstore — use coupon CC2026 for 5% off
📋 Get ISO 13485 training for your team → BSI Group ISO 13485 Training
📋 Get ISO 13485 certified with an accredited certification body → ISOQAR ISO 13485 Certification
📋 Save up to 50% buying ISO standards as a bundle → ISO Standards Packages — ANSI Webstore
What Was the FDA QSR?
The FDA’s Quality System Regulation was codified under 21 CFR Part 820. First authorized in July 1978 and significantly revised in 1996, the QSR established the current good manufacturing practice (CGMP) requirements for finished medical device manufacturers distributing products in the United States.
The QSR covered the core pillars of a medical device quality management system: management responsibility, design controls, document and record controls, purchasing controls, production and process controls, corrective and preventive action (CAPA), labeling, and complaint handling. It was written in FDA-specific language and structured around FDA-specific documentation concepts:
- Device Master Record (DMR) — the compiled documentation defining how a device is manufactured
- Design History File (DHF) — records demonstrating the device was designed in accordance with an approved plan
- Device History Record (DHR) — production records for each manufactured unit or lot
- Quality System Inspection Technique (QSIT) — the FDA’s subsystem-by-subsystem inspection approach
For decades, the FDA QSR and ISO 13485 ran in parallel. They covered similar ground but used different terminology, different structural frameworks, and different documentation concepts. Manufacturers selling devices in both the U.S. and international markets often maintained two parallel compliance frameworks — one for the FDA, one for ISO 13485 or MDSAP. That dual-track approach created overhead, redundancy, and audit complexity that manufacturers had been managing for years.
That parallel structure is over.
What Is the QMSR?
The Quality Management System Regulation (QMSR) is the amended version of 21 CFR Part 820, effective February 2, 2026. The FDA issued the final rule in February 2024, providing a two-year implementation window before the regulation took effect.
The core structural change: instead of writing QMS requirements directly into the regulation, the FDA incorporated ISO 13485:2016 by reference. Part 820 now points to ISO 13485 as the source document for quality system requirements. The regulation itself became significantly shorter — most of its text now simply directs manufacturers to the relevant ISO 13485 clause.
What this means in practice: ISO 13485:2016 compliance is now a regulatory expectation under 21 CFR Part 820 — not a voluntary international best practice. Manufacturers who have never engaged with ISO 13485 are now operating under a framework built on it.
The QMSR also updated the FDA’s inspection program. As of February 2, 2026, the FDA retired the Quality System Inspection Technique (QSIT) and implemented Compliance Program 7382.850 — a revised inspection approach built around the ISO 13485 process-based structure rather than the subsystem-by-subsystem approach of the old QSR.
FDA QSR vs ISO 13485 vs QMSR — How They Relate
This is where manufacturers get confused, so it is worth being precise.
The old QSR was a standalone FDA regulation with its own requirements, its own terminology, and its own documentation structure. It has been retired.
ISO 13485:2016 is the international standard for medical device quality management systems, published by the International Organization for Standardization. It has always been used by regulatory authorities globally — including Health Canada, the EU MDR framework, and MDSAP participating countries — as the baseline for QMS requirements.
The QMSR is the new version of 21 CFR Part 820. It uses ISO 13485:2016 as its foundation by incorporating it by reference, while layering on U.S.-specific regulatory requirements that ISO 13485 does not fully address on its own.
Think of it this way: the QMSR is ISO 13485 plus the FDA-specific additions the agency determined were necessary to cover U.S. statutory obligations that go beyond what the international standard requires.
ISO 13485 does most of the heavy lifting. But QMSR is not simply “ISO 13485 with a new name.” Several FDA-specific obligations remain fully in force and cannot be satisfied by ISO 13485 conformance alone.
What the QMSR Kept — The Four FDA Bridge Requirements
The QMSR retained four categories of U.S.-specific requirements that remain unchanged and fully enforceable. These are sometimes called the QMSR “bridge requirements” — the FDA-specific obligations that ISO 13485 does not cover:
1. Medical Device Reporting (MDR)
Manufacturers must continue to report adverse events, malfunctions, and deaths or serious injuries involving their devices to the FDA under 21 CFR Part 803. ISO 13485 addresses post-market surveillance at a high level but does not specify MDR reporting timelines or mechanisms. The QMSR cross-references MDR explicitly in §820.10.
2. Unique Device Identification (UDI)
The UDI system — requiring device labeling to carry a unique identifier traceable in the FDA’s Global Unique Device Identification Database (GUDID) — continues unchanged under QMSR. ISO 13485 does not address UDI requirements. §820.10 explicitly cross-references UDI compliance.
3. Corrections and Removals
Reporting obligations for corrections and removals under 21 CFR Part 806 remain in force. Manufacturers must report corrections or removals initiated to reduce a risk to health or remedy a violation.
4. Device Tracking
Tracking requirements for certain high-risk device categories under 21 CFR Part 821 continue to apply.
A manufacturer whose QMS is fully ISO 13485 compliant but has not addressed these four areas is not QMSR compliant. This is the most important distinction in the entire QMSR framework.
What Changed Under the QMSR
Beyond the structural shift to ISO 13485, several specific changes affect how manufacturers need to operate:
Terminology Alignment
The QMSR adopts ISO 13485 and ISO 9000 vocabulary, replacing legacy QSR-specific terms:
| Old QSR Term | QMSR / ISO 13485 Term |
|---|---|
| Device Master Record (DMR) | Medical Device File (MDF) |
| Design History File (DHF) | Design and Development File (DDF) |
| Device History Record (DHR) | Manufacturing Records |
| Quality System Record | Distributed across QMS documentation |
Manufacturers are not required to rename every document immediately — but QMS documentation, training materials, and internal audit programs should be progressively aligned to ISO 13485 terminology to avoid confusion during inspections.
Risk Management Extends Across the Entire QMS
Under the old QSR, risk management was concentrated primarily in design controls. Under QMSR — consistent with ISO 13485 and its companion standard ISO 14971 — risk-based thinking now extends across the entire quality system, including supplier controls, manufacturing processes, CAPA, complaint handling, and post-market activities. This is a substantive operational shift, not a documentation update.
Internal Audits and Management Reviews Are Now Inspection Territory
Under QSR, internal audits were required but the FDA’s QSIT inspection process did not focus on them directly. Under QMSR and Compliance Program 7382.850, internal audits and management reviews are within the FDA’s inspection scope. Investigators will evaluate whether your internal audit program functions as a process-based system consistent with ISO 13485 Clause 8.2.4 requirements.
Inspection Structure Changed
The FDA’s inspection approach under CP 7382.850 evaluates how quality subsystems function as an interconnected framework rather than auditing them in isolation. Inspectors follow issues across processes — a finding in complaint handling may lead directly into CAPA, risk management, and design controls in the same inspection.
ISO 13485 Must Be Controlled as an External Document
Because QMSR incorporates ISO 13485 by reference, manufacturers are required to control the standard as an external document within their QMS under ISO 13485 Clause 4.2.4. This means purchasing the official standard and maintaining version control — a detail many manufacturers miss entirely.
📋 Buy the Official ISO 13485:2016 — ANSI Webstore — use coupon CC2026 for 5% off
Does ISO 13485 Certification Satisfy QMSR?
This is the most common question manufacturers ask after the QMSR took effect, and the answer requires precision.
ISO 13485 certification helps significantly — but does not automatically guarantee QMSR compliance.
ISO 13485 certification from an accredited certification body demonstrates that your QMS meets the international standard’s requirements. Under QMSR, that foundation now aligns with what the FDA expects at the structural level. If your organization is already ISO 13485 certified, the gap between your current QMS and QMSR compliance is substantially smaller than it was under the old QSR.
However, ISO 13485 certification does not cover the four FDA bridge requirements — MDR, UDI, corrections and removals, and device tracking. It also does not replace FDA inspections. The FDA retains full enforcement authority under U.S. law regardless of third-party certification status. An ISO 13485 certificate is not a substitute for FDA inspection readiness.
The practical position: ISO 13485 certification gets you approximately 80–85% of the way to QMSR compliance. The remaining work is ensuring the FDA bridge requirements are explicitly addressed in QMS documentation, records and labeling controls map to both ISO 13485 and FDA expectations, and your internal audit program is prepared for the process-based inspection approach under CP 7382.850.
If you are not yet ISO 13485 certified and are subject to QMSR, pursuing certification is the most efficient path to demonstrating compliance with the regulation’s foundation.
📋 Buy ISO 13485:2016 — ANSI Webstore — use coupon CC2026 for 5% off
The Role of ISO 14971 Under QMSR
ISO 14971 — Risk Management for Medical Devices — plays a critical role in QMSR compliance that is consistently underestimated.
Under the old QSR, risk management was primarily concentrated in design controls. Under QMSR, risk-based thinking is expected throughout the entire quality system. ISO 14971 provides the formal risk management framework — hazard identification, risk estimation, risk evaluation, risk control, and residual risk evaluation — that ISO 13485 requires manufacturers to implement but does not itself specify in detail.
ISO 13485 explicitly requires compliance with ISO 14971. Under QMSR, that requirement carries federal regulatory weight. FDA investigators under CP 7382.850 are expected to start inspections with the risk management file as their roadmap — following risk documentation into design controls, production controls, CAPA, and post-market surveillance.
If your QMS does not have a well-documented, lifecycle-integrated risk management program built on ISO 14971, this is your highest-priority gap under QMSR.
📋 ISO 14971:2019 — ANSI Webstore — use coupon CC2026 for 5% off
For the complete relationship between ISO 13485 and ISO 14971, see ISO 9001 vs ISO 13485 — Key Differences.
QMSR Gap Assessment — Where to Start
For manufacturers currently operating under the old QSR framework, a structured gap assessment is the most efficient starting point. Key areas to evaluate:
Documentation and terminology. Map your existing QMS documents to ISO 13485 clause requirements. Identify where legacy QSR terminology (DMR, DHF, DHR) appears and plan progressive alignment to ISO 13485 vocabulary. Your team and your auditors need to understand the mapping.
Risk management integration. Assess whether your risk management program is limited to design controls or extends across supplier qualification, production processes, CAPA, complaint handling, and post-market surveillance as ISO 14971 and QMSR require.
FDA bridge requirements. Confirm that MDR, UDI, corrections and removals, and device tracking obligations are explicitly addressed in QMS procedures and cross-referenced in §820.10 documentation.
Internal audit program. Update your internal audit program to reflect process-based auditing across interconnected QMS elements rather than subsystem-by-subsystem evaluation. Ensure auditors understand the QMSR inspection approach under CP 7382.850.
Supplier controls. ISO 13485 Clause 7.4 has more prescriptive supplier control requirements than the old QSR. Review supplier qualification procedures, quality agreements, and monitoring programs against ISO 13485 requirements.
External document control. Confirm that ISO 13485:2016 and ISO 14971 are registered as external documents in your QMS with version control — this is now a regulatory requirement, not optional housekeeping.
From the Shop Floor
After 25 years managing quality systems in heavy industrial manufacturing, I have watched more regulatory transitions than I care to count. Most follow the same pattern: the announcement creates anxiety, the implementation period creates confusion, and the actual change — once you get to it — turns out to be more manageable than the noise suggested.
The QMSR transition is no different, with one important caveat.
The manufacturers who are struggling right now are the ones who treated the QSR as a compliance exercise rather than an operational system. If your QMS was built as a documentation binder rather than a living process framework, QMSR is going to expose that gap — not because the regulation is fundamentally harder, but because the ISO 13485 process-based approach assumes your quality system actually runs your operations, not the other way around.
The manufacturers I have seen navigate transitions like this most effectively do three things. They conduct an honest gap assessment before anyone from the outside asks them to. They involve their operations team — not just regulatory affairs — in the remediation. And they treat the transition as an opportunity to clean up years of accumulated documentation debt rather than a compliance burden to minimize.
QMSR gives you a cleaner, more internationally aligned framework. The manufacturers who approach it that way will come out of this transition with stronger systems and less audit friction. The ones who treat it as a box-checking exercise will find the new inspection approach under CP 7382.850 less forgiving than the old QSIT was.
Getting ISO 13485 Certified Under the QMSR Framework
If your organization is not yet ISO 13485 certified, QMSR provides a clear incentive to pursue it. An accredited ISO 13485 certificate demonstrates to customers, regulators, and trading partners that your QMS meets the international standard that now forms the foundation of U.S. medical device regulation.
For certification: ISOQAR is a UKAS-accredited certification body with experience in medical device quality management system assessments.
📋 ISO 13485 Certification — ISOQAR
For training: BSI Group offers ISO 13485 training covering requirements interpretation, internal auditing, and implementation — suitable for quality managers, regulatory affairs professionals, and internal auditors preparing for the QMSR inspection environment.
📋 ISO 13485 Training — BSI Group
Quick Reference Comparison Table
| Element | Old FDA QSR | ISO 13485:2016 | QMSR (Current) |
|---|---|---|---|
| Effective date | 1996 (revised) | 2016 | February 2, 2026 |
| Regulatory basis | U.S. federal regulation | International standard | U.S. federal regulation |
| Structure | FDA-specific requirements | ISO Harmonized Structure | ISO 13485 by reference + FDA additions |
| Terminology | DMR, DHF, DHR | MDF, DDF, manufacturing records | ISO 13485 terms (progressive alignment) |
| Risk management scope | Primarily design controls | Full lifecycle (ISO 14971) | Full QMS — ISO 14971 expected |
| MDR requirements | Yes | No | Yes (§820.10 cross-reference) |
| UDI requirements | Yes | No | Yes (§820.10 cross-reference) |
| Inspection program | QSIT | Third-party certification audit | CP 7382.850 (process-based) |
| ISO 13485 certification | Not required | Third-party certification | Strongly recommended, not sufficient alone |
Frequently Asked Questions
What is the QMSR and when did it take effect?
The Quality Management System Regulation (QMSR) is the amended version of 21 CFR Part 820, effective February 2, 2026. It replaced the legacy FDA Quality System Regulation (QSR) by incorporating ISO 13485:2016 by reference as the foundational quality system framework for U.S. medical device manufacturers.
What is the difference between the FDA QSR and the QMSR?
The old QSR was a standalone FDA regulation with its own requirements and terminology — DMRs, DHFs, DHRs, and the QSIT inspection approach. The QMSR replaced it with a framework built on ISO 13485:2016, adopted by reference, while retaining four U.S.-specific bridge requirements: Medical Device Reporting, UDI, corrections and removals, and device tracking.
Does ISO 13485 certification satisfy QMSR requirements?
ISO 13485 certification provides approximately 80–85% of the foundation for QMSR compliance. However, it does not cover the four FDA-specific bridge requirements and does not replace FDA inspections. A targeted QMSR gap assessment is necessary even for fully ISO 13485 certified organizations.
Is ISO 14971 required under QMSR?
Yes. ISO 13485 explicitly requires risk management per ISO 14971, and under QMSR that requirement carries federal regulatory weight. Risk-based thinking under QMSR extends across the entire quality system — not just design controls as under the old QSR. ISO 14971 is the expected framework.
What are the four QMSR bridge requirements that ISO 13485 does not cover?
Medical Device Reporting (MDR) under 21 CFR Part 803, Unique Device Identification (UDI), Corrections and Removals under 21 CFR Part 806, and Device Tracking under 21 CFR Part 821. These remain fully enforceable under QMSR regardless of ISO 13485 certification status.
What happened to the old QSR terminology — DMR, DHF, DHR?
The QMSR adopts ISO 13485 terminology. Device Master Record (DMR) becomes Medical Device File (MDF), Design History File (DHF) becomes Design and Development File (DDF), and Device History Record (DHR) maps to Manufacturing Records. Manufacturers are not required to rename documents immediately but should plan progressive alignment to ISO 13485 terminology.
What is FDA Compliance Program 7382.850?
CP 7382.850 is the FDA’s new inspection program implemented February 2, 2026, replacing the retired Quality System Inspection Technique (QSIT). It uses a process-based inspection approach aligned with ISO 13485 structure, evaluating how quality subsystems function as an interconnected framework rather than auditing them in isolation.
Does ISO 9001 certification satisfy QMSR?
No. ISO 9001 and ISO 13485 share a structural framework but serve different regulatory purposes. ISO 9001 certification does not satisfy ISO 13485 requirements and is not accepted by the FDA under QMSR. See ISO 9001 vs ISO 13485 for the complete comparison.
📥 Free Resources
- 👉 ISO 9001 Roadmap — Step-by-Step Implementation Guide — build your ISO 9001 foundation before adding ISO 13485
- 👉 Manufacturing Compliance Checklist — assess your current compliance status across quality, environmental, and safety
- 👉 Supplier Quality Checklist — supplier qualification requirements applicable to medical device supply chains
Not Sure What to Do Next?
✅ You need the official ISO 13485:2016 standard 📋 ISO 13485:2016 — ANSI Webstore — use coupon CC2026 for 5% off through December 31, 2026
✅ You need the required ISO 14971 risk management companion 📋 ISO 14971:2019 — ANSI Webstore — use coupon CC2026 for 5% off
✅ You want to save buying both standards together 📋 ISO Standards Packages — Save up to 50% — ANSI Webstore
✅ You need ISO 13485 training before your gap assessment or implementation 📋 BSI Group ISO 13485 Training
✅ You are ready to pursue ISO 13485 certification 📋 ISOQAR ISO 13485 Certification
✅ You want to understand what ISO 13485 requires 📋 What Is ISO 13485? — Complete Guide
✅ You want to understand how ISO 9001 and ISO 13485 differ 📋 ISO 9001 vs ISO 13485 — Key Differences
✅ You want to understand ISO 13485 purchase options and cost 📋 Buy ISO 13485 — Complete Purchasing Guide 📋 How Much Does ISO 13485 Cost?
✅ You want to understand certification costs and timelines 📋 ISO Certification Cost Calculator 📋 How Long Does ISO Certification Take? 📋 Best ISO Certification Bodies
The QSR Is Gone. The QMSR Is What the FDA Expects Now.
The FDA replaced 21 CFR Part 820 on February 2, 2026. ISO 13485:2016 is now the structural backbone of U.S. medical device quality regulation. That is not an update to a voluntary standard — it is a fundamental shift in what federal regulation requires from every manufacturer in the U.S. medical device supply chain.
For manufacturers previously operating only under the QSR framework: your system needs to be restructured around ISO 13485. For ISO 13485 certified organizations: your certification provides a strong foundation, but the four FDA bridge requirements and the updated inspection approach under CP 7382.850 require targeted attention. For ISO 9001 certified manufacturers in the medical device supply chain: the supply chain pressure is coming. The pattern that played out in automotive and aerospace — sector-specific quality standards flowing down the supply chain — is now playing out in medical devices.
At The Standards Navigator, complex standards are translated into practical, real-world guidance you can act on.
✅ Get updates on new standards, implementation strategies, and compliance insights ✅ Be first to access new guides, tools, and checklists
Subscribe below to stay ahead.