What FDA investigators will look for under QMSR

Written by: Matt McFarlane
December 10, 2025 ░░░░░░

What FDA investigators will look for under QMSR

The medical device industry is counting down to an important deadline: February 2, 2026. On that date, the FDA’s new Quality Management System Regulation (QMSR) formally replaces the Quality System Regulation (QSR). 

While the full text of the QMSR has been available for some time, there are still questions around inspections under QMSR. The FDA is retiring the Quality System Inspection Technique (QSIT) document that was the guide to inspections under QSR. And given that FDA has stated there will be no “QSIT 2.0,” there has been some confusion around what inspections will look like under QMSR. 

To help answer those questions, we had Sarah Lacey Robbins, Senior Quality Manager and Auditor at Rook Quality Systems join us for a recent webinar to explain what the new investigations will look like. This article summarizes a few of her insights, but I’d encourage you to watch the full webinar on-demand to get the most in-depth explanation of the new inspection framework. 

BONUS RESOURCE: Click here to download your free QMSR readiness playbook, packed with resources to help you prepare.

QMSR: the end of checklist compliance

Robbins started by noting that under QMSR, investigators will still look at the same subsystems of your QMS, like CAPA, complaints, medical device reports, and risk management. However, there will be a stronger emphasis on how these subsystems connect with one another. Inspectors will move beyond reviewing every procedure with a checklist. They are now authorized to use data-driven, risk-based sampling, pulling records across different parts of the QMS to test the system’s real-world effectiveness.

This new inspection philosophy also coincides with the elimination of exemptions for internal audit reports, supplier audit reports, and management review records. These three areas are now subject to FDA inspection, which means you need to treat these internal quality activities as inspection-ready documents. 

As Robbins put it, under QMSR, compliance is no longer just about having the paperwork. It's about having a living, integrated, and traceable QMS that works across all subsystems.

Complaint handling under QMSR

Complaint handling under QMSR remains grounded in 21 CFR Part 820.198, which requires manufacturers to have a formally designated unit responsible for receiving, reviewing, and evaluating all complaints in a timely manner. 

However, in ISO 13485:2016, complaint handling is more than just logging issues. Complaints are treated as feedback. As defined in clause 8.2, organizations must maintain a documented complaint handling process covering receipt, evaluation, investigation (if needed), and follow-up even if a complaint isn't investigated. In the case that it isn’t investigated, a documented justification is required.

Additionally, complaints, along with other feedback and post-production data, must feed into the system’s risk management and CAPA processes. That means complaint data must now be treated not as isolated records, but as important inputs that influence risk assessment, quality decisions, CAPA triggers, and, where relevant, design or process changes.

Risk Management under QMSR

Robbins also emphasized that risk management can no longer be viewed as a one-time or design-only checkbox activity. Instead, it must be woven into every part of your QMS.

The new expectation is proactive, dynamic, lifecycle-wide risk management. Risk files must stay current and reflect actual product performance and real-world data and serve as a foundation for ongoing quality, safety, and regulatory compliance. Under QMSR:

  • Your QMS must use a risk-based approach to planning and controlling processes. 

  • The level of control validation, monitoring, and documentation should be appropriate to the risks associated with that process.

  • Risk files must be living documents updated whenever new data emerge.

  • There must be a traceable connection between your risk file,  your design controls, and your post-market data (including complaints, adverse events, CAPAs, other feedback).

Risk management under QMSR is not an afterthought. Investigators may ask you to show them how you updated your risk file after specific complaints. They may ask about residual risk and how you justified it, and your ability to quickly demonstrate closed loop integrations will be critical to your investigation performance.

Future-proofing your QMS in three steps

To prepare for QMSR-based inspections, Robbins offered a few pieces of advice that will benefit any post-market team. 

  1. Run an effective gap analysis and map responsibilities: Companies should define clear escalation criteria and decision authorities for every key function (complaint logging, MDR review, CAPA ownership). Ensure your team is trained not just on procedures, but on the new risk-based QMS mindset.

  2. Implement standardized traceability: Robbins recommends adopting standardized forms for every critical process and using unique identifiers or control numbers to explicitly link records. For instance, a complaint must link directly to an MDR evaluation decision (or non-decision), and then explicitly to the CAPA (if initiated). This turns your quality system into a coherent, traceable story.

  3. Audit like a regulator: Your internal audit program should simulate a regulator's inspection, testing the system based on its performance and integration, not just the existence of procedures. Focus on timeliness, completeness, and risk integration across the subsystems.

BONUS RESOURCE: Click here to download your free QMSR readiness playbook, packed with resources to help you prepare.

Is your QMS ready for QMSR?

While you’re thinking about the changes you need to make to comply with the QMSR, it also makes sense to take a step back and look at the QMS solution you’re using. 

Is it built specifically for medtech? Does it help you achieve truly paperless audits? Does it come with a top-notch team of medical device experts who are always ready to help?

If you answered ‘no’ to any of those questions, it’s probably time to modernize your QMS. 

At Greenlight Guru, we built our eQMS solution for medtech companies because we know that the ever-changing standards and regulations (like QMSR) are a lot to handle for even the most seasoned medical device companies. That’s why our QMS comes pre-validated per FDA and ISO best practices, so you don’t have to worry about customization for compliance. 

So if you’re ready to experience the power of a purpose-built QMS, then get your free demo of Greenlight Guru today!

 

Matt McFarlane

Matt McFarlane is the Senior Content Writer at Greenlight Guru. He is an avid reader and writer, specializing in the medical device industry and its many regulations, standards, and guidance documents.

Related Posts

Establishing a QMS

QMSR Explained: What FDA QSR & ISO 13485 Harmonization Means for Medical Device Companies

Etienne Nichols
August 15, 2024
On January 31, 2024, FDA released its Final Rule for the new Quality Management System Regulation (QMSR). Read More
Establishing a QMS

FDA Publishes Final Rule on QMSR

Matt McFarlane
February 2, 2024
On January 31st, 2024, FDA issued their final rule amending the Quality System Regulation (QSR) to better align with ISO 13485:2016, the international standard for quality... Read More
MedTech Lifecycle Excellence

QMSR & the End of DMR, DHR, DHF: How FDA’s New Rule Impacts Record-Keeping

Etienne Nichols
June 4, 2024
If you’re a MedTech professional who’s been working with the Quality System Regulation (QSR) in the US, then you’re probably familiar with the three terms FDA uses for... Read More
Your QMSR Readiness Playbook
Download now
QMSR Playbook Lead Magnet Slide-in
Subscribe Request a Demo
Search Results for:
    Load More Results
    Clinical Login Support
    Products

    A modern eQMS for product-led,
    fast-moving medtech innovators.

    • Built to fit your process, not force it
    • Stay focused on product, not paperwork
    • Built for engineers and trusted by auditors

    Learn More

    Get a personalized demo of
    Greenlight Guru Ultralight today.

    Request a Demo

    An eQMS for product-led,
    fast-moving medtech innovators.

    • Flexible to support how you work
    • Help engineers stay compliant as they build
    • Integrates with your existing tech stack

    Learn More

    An eQMS for established and
    expanding medtech teams.

    • Guardrails to guide your team
    • Built for global scale
    • Audit-tested quality workflows

    Learn More

    Data collection and management
    designed for medtech clinical trials.

    • No-code setup for any study type
    • A single platform for all your studies
    • Facilitating ISO 14155 and 21CFR Part 11 compliance

    Learn More

    Get a personalized demo of
    Greenlight Guru Clinical today.

    Request a Demo
    Solutions
    Why Us
    Customers
    Partners
    Company
    Resources
    Asset 22@3x 1

    QMSR is coming. Is your quality system ready?

    This page is your one-stop resource for understanding what’s changing, what’s at stake, and how to stay compliant.

    View Now
    Pricing
    Contact Sales Get a Demo
    Contact Sales
    Get a Demo