The QSR Is History. Your Quality System Now Speaks ISO 13485.
The Quality Management System Regulation — 21 CFR 820, rebuilt around ISO 13485:2016 and in force since February 2, 2026. One system, read by two regulators, inspected under a new program.
FDA Stopped Writing Its Own Quality Rules. It Adopted the World’s.
The Quality Management System Regulation replaced the old Quality System Regulation on February 2, 2026, and restructured 21 CFR 820 to incorporate ISO 13485:2016 by reference. For the first time, the US quality-system requirement and the standard the rest of the world already runs on are, in substance, the same document — with a thin layer of FDA-specific additions on top.
That is genuinely good news for companies that already hold ISO 13485 certification — and a real project for companies built purely to the old QSR. The vocabulary changes, the risk emphasis deepens, and a handful of FDA-specific requirements sit outside the standard. Harmonized is not identical, and the gap is exactly where the work is.
The same quality system now satisfies FDA and a notified body — if it is built to the standard, not just mapped to it.
What the Change Actually Moves.
The obligations didn’t disappear — they were re-expressed in ISO 13485’s language and structure, with FDA’s additions bolted on. Knowing which is which is the whole transition.
21 CFR 820, FDA’s Own
- A standalone US regulation, distinct from ISO 13485
- Its own terminology — “design history file,” “device master record”
- The four-subsystem QSIT inspection your team rehearsed
- Certification to ISO 13485 counted for little with FDA
21 CFR 820, Built on ISO 13485
- ISO 13485:2016 incorporated by reference, plus FDA-specific clauses
- The standard’s vocabulary and process structure
- Inspections now follow FDA’s new compliance program
- Your ISO 13485 system finally does double duty — if the gaps are closed
The trap is treating them as equivalent. Certified manufacturers still get inspected, and certification gaps against QMSR still become 483 observations — because the FDA-specific requirements and the records FDA expects are not, and never were, part of the ISO certificate.
The first QMSR inspection cycle is already underway — the transition is no longer theoretical.
The FDA-Specific Layer Is Small — and It’s Where Inspections Land.
QMSR keeps a set of requirements that ISO 13485 does not cover the same way: specific record and labeling controls, unique-device-identification obligations, and the definitions FDA needs to enforce the FD&C Act. They are a minority of the text — and a majority of where an FDA investigator will look, precisely because they are the part your notified body never audited.
We build the quality system to ISO 13485 as its spine and layer the FDA-specific requirements on top as first-class controls, not annotations — the same discipline that carries a QMS implementation and stands up to inspection.
Six Disciplines That Carry a QMSR Transition.
Whether you are converting a legacy QSR system or hardening an ISO 13485 one for FDA, the work is the same shape.
QSR-to-QMSR Gap Assessment
The line-by-line read of your current system against QMSR — what ISO 13485 already covers, what the FDA-specific clauses add, and what genuinely has to change.
System Restructuring
Procedures, records, and terminology re-expressed in ISO 13485’s structure — a real conversion, not a find-and-replace of “QSR” for “QMSR.”
FDA-Specific Controls
The record, labeling, UDI, and definitional requirements QMSR keeps beyond the standard — built as controls an investigator can find, not footnotes.
Risk Integration
ISO 13485’s deeper risk emphasis wired through the system and tied to your ISO 14971 file — because QMSR expects risk to drive the process, not decorate it.
Training & Change Management
The team re-trained to the new vocabulary and expectations — so the system on paper is the system people actually run.
First-Cycle Inspection Readiness
The system rehearsed against FDA’s new compliance program — because the first QMSR inspection cycle is already live, and certification is not a shield.
Six Failure Modes We Are Brought In to Prevent.
Most of them come from the same false comfort: “we’re ISO certified, so we’re fine.”
“Certified, therefore compliant”
Treating an ISO 13485 certificate as QMSR compliance — and meeting the FDA-specific gaps for the first time as 483 observations.
Find-and-replace conversion
“QSR” swapped for “QMSR” in the manual with nothing beneath it — a rebrand where a restructuring was required.
The FDA-specific layer forgotten
Record, labeling, and UDI requirements that live outside ISO 13485 left unbuilt — the exact controls the inspection targets.
Risk as decoration
ISO 13485’s risk emphasis acknowledged in a policy but never wired into the processes it’s supposed to drive.
A system nobody was trained on
New procedures on the shelf and old habits on the floor — the gap between the documented system and the operated one.
Waiting to see how it shakes out
Deferring the transition because the enforcement felt distant — until the first-cycle inspection arrives and the runway is gone.
QMSR Leadership That Knows Both Sides of the Harmonization.
Our quality leads have built ISO 13485 systems, held FDA quality seats, and converted legacy QSR operations to the new regulation.
“QMSR gave device companies one quality system for the whole world. The catch is that ‘harmonized’ and ‘identical’ are different words — and the difference is what FDA inspects.”
The discipline we bring to the transition.
Staring Down a QMSR Gap? Get an Honest Read Before the Inspection Does.
A senior quality lead can assess your system against QMSR — ISO spine, FDA-specific layer, and all — and hand you the gap list before an investigator writes it.
Senior-led. Embedded in your team. No junior hand-offs.
