Drugdu.com expert's response:

The U.S. FDA's new Quality Management System Regulation (QMSR) for medical devices marks a significant transformation in its regulatory framework and inspection logic. By integrating the ISO 13485:2016 international standard, QMSR drives a shift in quality management from "clause compliance" to "risk-driven" approaches, while strengthening lifecycle-wide compliance controls. Against this backdrop, FDA on-site inspections will undergo the following key changes:

I. Evolution of Inspection Basis and Process

1. Regulatory Restructuring:

QMSR incorporates ISO 13485:2016 in its entirety through "reference incorporation," while retaining FDA-specific requirements (e.g., record retention language, certain reporting obligations). Inspections will be conducted based on "ISO 13485:2016 clauses + FDA additional requirements," rather than the standalone clauses of the previous QSR.

2. Updated Inspection Manual:

The FDA has abolished the long-standing Quality System Inspection Technique (QSIT) methodology and introduced the new Medical Device Manufacturer Inspection Compliance Program Manual (7382.850). This manual categorizes QMSR requirements into six quality management system domains (e.g., management oversight, production and service provision, design and development) and four additional applicable requirements (e.g., medical device reporting, unique device identification), forming a more systematic inspection framework.

3. Inspection Model Transformation:

The approach shifts from "module sampling + clause alignment" to "process-oriented + risk traceability." Inspectors will follow a company’s actual product realization process (from design and production to supply chain and post-market activities), prioritizing high-risk areas (e.g., design validation for high-risk devices, supply chain control of critical components) and demanding traceable evidence chains for each operational step.

II. Expanded Inspection Focus and Scope

1. Lifecycle-Wide Risk Management:

QMSR mandates risk management across the entire product lifecycle, including design, production, procurement, and post-market surveillance. Inspections will focus on verifying whether companies have established systematic risk control mechanisms, such as:

Whether risk management activity plans are documented during design and development, and whether validation/verification aligns with risk assessment outcomes.

Whether specialized risk control measures are implemented for high-risk production processes (e.g., sterile product filling).

Whether post-market risk identification and闭环 management (closed-loop management) are achieved through analysis of complaints and adverse event data.

2. Customer Feedback and Complaint Handling:

ISO 13485 broadens the scope of "feedback" to require proactive information collection (e.g., surveys, research) beyond mere complaint resolution. Inspections will verify whether companies have established systematic feedback mechanisms and ensure such information feeds into improvement processes and risk monitoring.

3. Supply Chain and Outsourcing Control:

QMSR upgrades "procurement control" to "external supplier management," requiring companies to determine control methods based on external suppliers’ risk levels (e.g., high-risk components like chips or sensors) and maintain complete evaluation and re-evaluation records. Inspections will conduct penetrating supply chain risk reviews, such as:

Whether core suppliers hold FDA registration, ISO 13485 certification, and recent three-year inspection reports.

Whether high-risk suppliers undergo annual on-site audits and have alternative supplier contingency plans.

4. Data Integrity and Authenticity:

Data falsification has become an FDA "zero-tolerance" issue. Inspections will prioritize electronic data compliance, such as:

Whether systems enforce role-based access controls (e.g., operators can only input data; quality personnel can only review) and enable audit trails.

Whether raw data is "paperless" (e.g., sterilization equipment automatically generates timestamped electronic reports) to avoid timestamp discrepancies between electronic logs and paper records.

Whether discarded records retain justification and approval documentation, preventing arbitrary deletion.

III. Upgraded Inspection Methods and Technologies

1. Unannounced Surprise Inspections:

QMSR eliminates advance notice for overseas facilities, enabling inspection teams to arrive unannounced. Companies must build a "compliance-by-default" quality system, such as:

Prohibiting centralized backfilling of production logs or inspection records, requiring real-time data entry by operators.

Conducting quarterly "unannounced mock inspections" by professional agencies, following FDA protocols for penetrating reviews (e.g., random sampling of three months’ raw records, interviews with frontline workers).

2. Remote Auditing Normalization:

QMSR permits FDA remote audits via real-time MES data access, virtual plant tours, etc. Companies must prepare by:

Installing high-definition live-streaming equipment in sterile workshops, warehouses, and laboratories for remote site inspections.

Ensuring MES/LIMS systems support screen sharing and data export, enabling inspectors to retrieve batch-specific equipment parameter curves and test raw data.

3. Dynamic Data Traceability:

Class III high-risk devices must provide 12 months of CPK (process capability index) data to demonstrate production stability. Inspectors will verify record consistency with actual equipment operation, such as whether reflow oven temperature profiles are automatically stored.

IV. Direct Accountability for Corporate Leadership

1. Management Review Effectiveness:

QMSR specifies that management reviews must include core inputs like risk assessment results, complaint trends, and external supplier performance, with outputs translating into actionable improvement plans. Inspectors will directly assess leadership’s visibility into quality issues, accountability, and response efficiency, such as requiring top management to explain how risk thinking is integrated into business decisions.

2. Quality Objectives and Resource Allocation:

ISO 13485 emphasizes leadership’s role in establishing quality objectives, ensuring resources, and driving improvements. Inspections will focus on whether companies provide adequate resources for quality system operation (e.g., staff training, equipment maintenance) and align quality objectives with risk control and business performance.