On February 2, 2026, FDA’s revised 21 CFR Part 820 – now titled the Quality Management System Regulation (QMSR) – became effective. The key change is that FDA now incorporates ISO 13485:2016 by reference as the backbone of device CGMP requirements.

If your organization has been “ISO-ish” but not fully aligned (or you’ve relied on legacy Part 820 structure as your primary map), this is the moment to tighten up. Not because you need a total rewrite, but because FDA inspections will expect your quality system to stand on an ISO 13485 foundation with U.S.-specific overlays.

Whats changed

• ISO 13485:2016 is now the baseline standard FDA expects your QMS to follow.
• QMSR is the result of a final rule published in 2024 (effective 2026) meant to modernize and harmonize U.S. requirements.
• FDA has also published an updated QMSR FAQ (dated Feb 2, 2026) to clarify how the revised Part 820 is being implemented.

The 30-day QMSR checklist

Use this as a focused “go-live” verification list:

1. Confirm your QMS structure maps to ISO 13485
   Create/refresh a simple crosswalk: ISO clause → procedure(s) → records/evidence.

2. Quality Manual and scope
   Ensure scope is current (sites, products, outsourced processes) and exclusions are justified.

3. Design & development + risk management linkage
   Verify design controls show clear traceability from inputs → outputs → verification/validation, and that risk management is integrated and not a parallel file.

4. Supplier controls and outsourced processes
   Confirm supplier qualification, monitoring, and quality agreements reflect the reality of your supply chain (including software, cloud, and critical service providers).

5. CAPA + complaint + nonconformance alignment
   Make sure escalation thresholds, investigations, and effectiveness checks are consistent and documented.

6. Change control and configuration management
   Confirm you can demonstrate control of changes across product, process, labeling, and software.

7. Training competence evidence
   Ensure training records show competence (not just attendance), especially for critical operations.

8. Internal audits and management review
   Refresh your audit program so it can demonstrate ISO-aligned coverage and risk-based prioritization.

Common traps we’re already seeing

• “We’re certified to ISO 13485, so we’re done.” Certification helps, but FDA will still look for U.S. regulatory expectations and strong evidence trails during inspection.
• Crosswalks that exist on paper, but procedures don’t match practice (especially supplier controls, software validation, and CAPA effectiveness).
• Risk management treated as a one-time deliverable, not a lifecycle process tied to design changes, complaints, and CAPA.

How QSN can help

If you want a fast, low-disruption approach, QSN can support:

• QMSR/ISO 13485 gap assessment + prioritized remediation plan
• Inspection readiness package (evidence map, mock inspection, “show-me” training)
• Supplier quality and risk management integration across design, post-market, and change control

Please contact us if you need a hand!