Preparing for the New FDA Quality Management Standards

The U.S. FDA has taken another step towards global harmonization for medical device regulation. February 2026 marks the official transition to the new Quality Management Systems Regulation (QMSR). This regulation aligns with ISO 13485:2016, which serves as the foundation for regulatory bodies in the EU, Canada, Australia, Japan, Korea, China, and other major regional markets.

For diagnostic firms, early-stage startups, and all device makers seeking FDA approval, this transition necessitates immediate action. Below are four critical areas where QMSR raises expectations beyond the legacy FDA Quality System Regulation (QSR).

1. Risk Management Moves from Support to Center Stage

In the legacy QSR, risk management played a supporting role, with explicit requirements only for Design Verification. Under QMSR—harmonized with ISO 13485:2016 and 14971:2019—risk management is now a core operational function that must be integrated into every development decision.

What this means for your submissions:

•    Document and justify every assay design choice in relation to identified risks

•    Maintain a clear decision trail that auditors can follow

•    Keep Design History Files (DHFs) and Risk Management Files (RMFs) updated

throughout the entire product lifecycle

2. Usability Engineering Becomes Formalized and Essential

QMSR no longer accepts generic claims that users were trained with a protocol. Instead, the FDA expects you to identify, document, and mitigate use-related hazards throughout the product lifecycle.

Common use-related hazards in diagnostics include:

•   Mis-pipetting or incorrect sample volume

•   Misinterpretation of invalid or borderline results

•   Misuse of controls or improper reagent storage

Your submissions must include clear explanations of how your user interface design, warnings, labeling, and training protocols reduce each specific risk.

3. Software and Cybersecurity Are Lifecycle Risks

Software is no longer treated as a standalone component. QMSR treats software changes, cybersecurity posture, and software risk classification as integral lifecycle risks. The FDA will expect documented responses to questions such as:

•   How do you classify the risk level of each software change?

•   What is your secure update mechanism?

•   How do you track and manage software versions?

•   Do you have a policy for determining when a software change requires a new

submission?

4. Inspection Readiness Is Part of Pre-Market Review

Under QMSR, the FDA emphasizes post-market inspection expectations as a key aspect of pre-market review. This is a significant shift: even if your assay works perfectly, FDA inspectors may raise concerns about gaps in your quality management processes.

Common inspection concerns include:

•    Inadequate change control systems

•    Gaps in supplier risk management and vetting

•    Missing traceability between design decisions and identified risks

A Note on ISO 13485 Certification

ISO 13485 certification is important but not sufficient. While this certification is required in most global markets (EU, Canada, Australia, Japan, Korea, China), the FDA has country-specific interpretations and expectations. Passing an ISO audit does not guarantee FDA approval. Many early-stage companies discover compliance gaps only when facing an FDA inspector. Internal audits and mock inspections aligned to QMSR expectations are essential.

Your Transition Strategy

Diagnostics firms, particularly early-stage startups, should take the following steps to prepare for submissions under QMSR:

Step 1: Build an ISO 13485-Aligned Quality Management System

From day one, build your QMS on ISO 13485:2016 principles, but explicitly map all procedures and records to FDA expectations. Avoid “CLIA-only” or minimal QSR approaches if commercialization is your goal.

Step 2: Treat Each Assay or Platform as a Complete Device

The FDA expects each assay or platform to have comprehensive documentation:

•   Defined intended use and documented user needs

•   Risk-informed design inputs

•   Verification and clinical validation studies

•   Controlled design transfer to manufacturing

Critically, all downstream changes must flow through structured design change control. This includes software updates, cutoff shifts, reagent substitutions, algorithm refinements, and UI modifications. Each change should be assessed for risk impact and traced to your original design and risk files.

Step 3: Prepare for QMSR-Style Inspections

Even if you are ISO 13485 certified, internal audits focused on QMSR expectations will likely reveal gaps. Schedule mock FDA inspections that emphasize:

•  Risk-based management reviews and decision-making

•  CAPA prioritization based on risk assessment

•  Post-market data feeding back into design and risk file updates

The Bottom Line

The transition to QMSR raises the stakes for a mature, well-documented product development process. Risk management, design history, and post-market surveillance must be visibly connected and traceable throughout your entire quality system.

Companies that invest in robust risk management, usability engineering, and lifecycle management now will be well-positioned for faster approvals and scalable growth under QMSR. Those who delay will face longer review times, more information requests, and more intensive inspections.

Assessing your readiness for diagnostic device approvals under QMSR? The Landrich Group has proven expertise supporting industry leaders through successful quality management implementations and regulatory approvals with the FDA.

Contact us today to discuss your pathway to compliance.