QSIT is Over. Now What?
FDA’s new QMSR inspection model shifts the focus from isolated procedures to integrated risk management across the product lifecycle.
For years, most medical device companies prepared for FDA inspections using a familiar framework: QSIT.
Teams focused on subsystems. Mock audits followed predictable paths. Inspection readiness often centered on documentation and procedural compliance.
That approach is changing.
With the implementation of QMSR and FDA’s new inspection framework, inspections are becoming more integrated, more risk-driven, and far more focused on how a company’s quality system functions in practice — not just on paper.
This is more than a replacement for QSIT. It’s a shift in how FDA evaluates operational maturity across the total product lifecycle.
Under the new model, investigators are no longer reviewing quality processes in isolation. Instead, they are expected to assess how risk information moves across the organization. That means connecting complaint handling to CAPA, postmarket data to risk management, manufacturing changes to regulatory impact, and quality signals to leadership oversight.
The question is no longer simply, “Do you have the procedure?”
It’s increasingly, “Does the system work together to identify and control risk?”
FDA is also placing greater emphasis on real-world signals — including complaints, MDRs, recalls, servicing data, and corrections/removals — to determine where inspections go deep. In practice, that makes inspections less predictable and significantly harder to “stage” for.
One of the more important aspects of QMSR is FDA’s emphasis on management responsibility and “culture of quality.” Historically, many organizations treated quality as a function primarily owned by QA/RA teams. The newer framework pushes beyond that.
Investigators are increasingly evaluating whether leadership is actively engaged in quality oversight, whether risk management is used in operational decision-making, and whether regulatory, clinical, manufacturing, and commercial teams are aligned across the product lifecycle.
In practice, companies with siloed decision-making often struggle the most — even when their procedures appear compliant.
This is especially important for startups and growth-stage MedTech companies that built their systems around achieving clearance. FDA clearance alone does not guarantee operational readiness.
Common gaps include complaint processes disconnected from risk management, manufacturing changes that outpace documentation updates, evidence strategies optimized for clearance but not adoption, or quality systems that function reactively rather than proactively.
Under the new inspection model, those disconnects become much easier for FDA to identify.
And because FDA increasingly reviews MDRs, recalls, UDI data, and other postmarket signals before inspections begin, investigators often arrive with a fairly clear understanding of where potential risks may exist.
For companies preparing for inspections under QMSR, the most effective preparation is no longer a short-term audit exercise. Organizations should be evaluating their QMS by risk rather than by department, stress-testing how information flows across functions, tracing products from design through postmarket surveillance, and ensuring leadership can clearly articulate quality and risk oversight.
Ultimately, FDA’s new framework is evaluating whether organizations can sustain control across the lifecycle of the device — not simply whether they can prepare for inspection week.
That distinction is where many companies will either struggle… or stand out.
