ISO 13485 certified isn't the same as QMSR compliant. This checklist covers documentation, design controls, records, complaints, CAPA, and the FDA-specific provisions the standard doesn't touch.
With the February 2, 2026 compliance date behind every device manufacturer, "we're ISO 13485 certified" is not the same answer as "we're QMSR compliant." A readiness assessment needs to check three separate things: whether your quality system satisfies ISO 13485:2016 in full, whether it also satisfies the narrow set of FDA-specific provisions the standard doesn't cover, and whether your documentation actually reflects the current regulation rather than the pre-2024 subpart structure. The checklist below covers the areas where manufacturers most commonly find gaps, organized in the order worth working through.
Full detail on this section lives in the design controls crosswalk.
For the regulatory context behind each of these retained provisions, see the QMSR transition guide.
For a manufacturer already ISO 13485:2016 certified with a reasonably current quality system, a documentation-focused gap assessment against this checklist typically takes two to four weeks — most of the work is verifying cross-references and terminology rather than rebuilding processes. For a manufacturer transitioning from a Quality System Regulation-only quality system without ISO 13485 certification, expect a materially longer project, since the gap includes clauses ISO 13485 requires that the old Part 820 never did — documented quality objectives at multiple organizational levels, a formal customer feedback process, and explicit infrastructure and work environment controls among them.
Start with the FDA-facing SOP template as a structural reference point, and prioritize design controls and records first — they're the areas most likely to generate findings if your compliance date already passed without a completed gap assessment.
Coplain's Auditor Review module checks your existing quality system documentation against ISO 13485:2016 and the retained QMSR provisions, flagging gaps before an FDA investigator does. Free trial at coplain.com.
Q: What's the first thing to check in a QMSR readiness assessment?
A: Your quality manual's regulatory basis statement. If it still references 21 CFR Part 820 as a standalone FDA regulation without acknowledging ISO 13485:2016 as the incorporated standard, that's the fastest signal that the broader documentation hasn't been updated.
Q: Is ISO 13485 certification enough to be QMSR-ready?
A: It covers most of the substance but not all of it. Certification bodies audit against ISO 13485:2016 itself, not the narrow set of FDA-specific provisions — records language and retention, complaint file specifics, and FDA definitions — that exist only in the amended Part 820.
Q: What happens if we're found non-compliant during an FDA inspection now that the compliance date has passed?
A: The QMSR is enforced the same way the prior Quality System Regulation was — through 483 observations, warning letters, and, in serious or repeated cases, consent decrees. There is no separate transition-period leniency built into enforcement after February 2, 2026.
Q: Do small device manufacturers get more time to comply with the QMSR?
A: No. The final rule set a single compliance date, February 2, 2026, for all manufacturers subject to Part 820, regardless of size. FDA's small entity compliance guide provides implementation guidance but does not extend the deadline.
Coplain turns any work instruction into a print-ready, audit-proof job aid in minutes.
Try Coplain free →AS9100 Rev D Documentation Checklist: 12 Items Auditors Check First
Most audit failures aren't about process gaps. They're about documentation that doesn't reflect reality. Here's the checklist we wish existed before our first Rev D audit.
6 min readCOMPLIANCEFDA 21 CFR Part 820 Documentation Requirements: What Trips Up Manufacturers
Warning letters. 483 observations. Consent decrees. Most FDA enforcement actions have one thing in common: inadequate documentation. Here's what the agency actually looks for.
10 min readCOMPLIANCEISO 9001:2015 Documentation Guide: What You Actually Need vs What You Think
The 2015 revision eliminated the quality manual requirement and six mandatory procedures. What it added is more demanding. Here's what actually changed — and what your registrar looks for during surveillance.
7 min readRelated Tools & Templates
COPLAIN PLATFORM
See every tool that turns complex work instructions into floor-ready documents.