Article Context:

1. QMSR Gap Analysis in Medtech
2. QMS Software Validation
3. CAPA Processes
4. FDA Inspection Readiness
5. FDA Audit Trails

The shift from QSR to QMSR is now in full effect. The FDA has aligned 21 CFR Part 820 with ISO 13485:2016, effective Feb 2026. While this alignment eases global compliance, many MedTech companies identify significant readiness gaps in their internal assessments.

It is important to conduct a formal FDA QMSR gap analysis to identify where legacy QSR processes do not meet the new risk-based expectations. Below, we discuss the top 10 most common gaps identified in the readiness assessment and describe how a structured checklist can address them.

Top 10 QMSR Gaps in MedTech Organizations

1. Lack of System-Wide Risk Management

Under QSR, risk management focused on design controls. QMSR extends this to all processes, requiring documented risk-management impacts that are often missing.

2. Management Review Records Unprepared for Inspection

The FDA will now look for demonstrable evidence of management involvement in risk-based decision making vs. simply looking for evidence that management reviews occurred. Many firms have informal records that lack the new required detail.

3. Inadequate Medical Device File (MDF) Structure

QMSR aligns DHF/DMR/DHR with the Medical Device File structure. Assessments find that technical files are often scattered and not cohesive as required.

4. Missing QMS Software Validation

While software validation of quality management systems such as eQMS, ERP, or compliant management, has always been required, Clause 4.1.6 of ISO 13485, now part of QMSR emphasizes this requirement. Many companies do not have validation strategies put in place for their eQMS, ERP system, or even complaint systems.

5. Combined CAPA Processes

ISO 13485:2016 distinguishes between Corrective Action (Clause 8.5.2) and Preventive Action (Clause 8.5.3), emphasizing the need for both reactive and proactive quality activities.

While many organizations continue to operate integrated CAPA systems, readiness assessments often identify gaps where preventive actions are not clearly defined, documented, or effectively implemented.

6. Weak Supplier Risk Evaluations

QMSR emphasizes the need for appropriate control of suppliers, including evaluation, selection, and monitoring based on their impact on product quality and patient safety.

Readiness assessments often identify gaps where organizations apply uniform supplier qualification and auditing approaches without adequately considering risk.

7. Outdated Terminology and Cross-Referencing

A minor but significant omission lies in using obsolete QSR terminology in SOPs. Failure to use up-to-date internal company language that aligns with the QMSR/ISO standard could cause confusion during the FDA inspection-readiness audit.

8. Incomplete Customer Feedback Systems

QMSR places greater emphasis on collecting and using customer feedback including, but not limited to, complaints as an input to the quality management system.

While complaint handling was already required under prior FDA QSR requirements, readiness assessments often identify gaps where organizations lack formal processes to capture and analyze sources of feedback, such as post-market experience, user input, and service data.

9. Training Evidence vs. Competence

QMSR emphasizes documented competence in addition to training records. Most companies have records of training events attended by individuals. However, they don't have records of the employee's understanding of the task.

10. Traceability Gaps in Design and Development

QMSR emphasizes maintaining traceability between design outputs, design requirements, and associated risk management activities. Assessments often find gaps where risk mitigation measures are documented but not clearly linked to the relevant design requirements, design outputs, or verification activities, which can weaken the overall design control process.

How Does a Checklist Power FDA Inspection Readiness?

More than a task list, the checklist is a tactical framework aligned to both the FDA QMSR revision and the clauses of ISO 13485. It directly highlights critical gaps, enabling consistent closure across the organization helping teams verify compliance, prioritize remediation, and document actions.

Ensures Granularity: This ensures teams review specific clauses (example., Clause 7.2.3 on customer communication) that may have been overlooked under the old QSR and map to process details to uncover gaps. It promotes consistency by enabling internal auditors across sites and departments to assess compliance using the same criteria.

Prioritizes Remediation: The ability to categorize objects as "Compliant," "Partial," or "Non-Compliant" helps leadership immediately identify the resources to be remediated.

Builds the Audit Trail: Completing the gap analysis checklist provides information needed to assign ownership and timelines to address each gap, track progress, and document evidence to ensure inspection readiness. This demonstrates that the organization has actively managed the transition process.

Actionable Next Steps

When preparing for a post-2026 inspection, review the FDA's official release on the QMSR Final Rule and use resources such as a comprehensive transition guide to develop your internal assessment tool.

Conclusion

Ensuring QMSR readiness requires more than identifying gaps; it requires a clear path to address them. A structured checklist can assist organizations in closing compliance gaps, evaluating their quality systems, and staying inspection ready. If your team is preparing for FDA inspections or transitioning to QMSR, Compliance Group can help assess your current state and guide remediation efforts.

Contact us at info@complianceg.com to learn how we can support your QMSR readiness.