FDA QMSR Remediation Mandate: Pre-2026 Findings Now Require ISO 13485

A New FDA Precedent That Affects Every Manufacturer With Open 483s

On February 24 and February 26, 2026, the FDA issued two warning letters — to IsoTis OrthoBiologics, Inc. and Longhorn Vaccines and Diagnostics LLC — that contain identical standardized language establishing what enforcement professionals are calling the "QMSR remediation mandate."

Both firms were inspected in October 2025 under the old Quality System Regulation (QSR, 21 CFR Part 820). Both received their warning letters after the Quality Management System Regulation (QMSR) took effect on February 2, 2026. And both letters include this directive:

"Any corrective actions you propose or implement must be pursuant to the QMSR requirements in effect as of February 2, 2026."

This is not a suggestion. It means that any manufacturer with an open Form 483 observation or warning letter from a pre-QMSR inspection must now remediate to QMSR/ISO 13485:2016 standards, not the legacy QSR framework under which the inspection was conducted.

The implications extend far beyond these two companies. Any medical device manufacturer that received FDA observations before February 2, 2026, and has not yet closed its corrective actions, must now demonstrate compliance with ISO 13485 — even if the original inspection was conducted entirely under the old QSR.

The QMSR Remediation Mandate Explained

What Happened

The FDA's Quality Management System Regulation became effective on February 2, 2026, replacing the decades-old QSR and incorporating ISO 13485:2016 by reference as the core quality framework for medical devices sold in the United States. On the same day, the FDA retired the Quality System Inspection Technique (QSIT) and activated Compliance Program 7382.850, a 78-page operational guide that fundamentally restructures how inspectors evaluate manufacturers.

The IsoTis and Longhorn warning letters were the first enforcement documents to bridge the transition. Both were inspected under QSR but received their formal warning letters under QMSR.

What the Mandate Means

The standardized language in both letters establishes three principles:

1. Retroactive compliance standard: Corrective actions for pre-QMSR findings must now meet QMSR/ISO 13485 requirements, regardless of when the underlying inspection occurred
2. No legacy remediation path: Manufacturers cannot close pre-2026 observations by demonstrating compliance with the old QSR provisions that were cited
3. Systemic correction required: The letters explicitly require that corrective actions "address systemic problems," not just the individual observations

Who Is Affected

This mandate potentially affects any manufacturer that:

• Received a Form 483 with observations between 2024 and January 2026
• Has a warning letter with open corrective actions from any date
• Is currently responding to FDA observations from a pre-February 2026 inspection
• Has pending pre-approval inspection findings

RegulatoryIQ's analysis of FDA enforcement data identified that, as of early 2026, the warning letter pipeline from late 2025 inspections was still working through the system. Any of those letters that issue after February 2, 2026, will carry the same remediation mandate language.

What Changed With QMSR: Beyond Terminology

Terminology Shifts That Affect Your Documentation

The QMSR adoption of ISO 13485 changes the vocabulary of FDA compliance. PCBCart and other regulatory analysts have documented the key terminology shifts:

Manufacturers remediating pre-QMSR observations must update their documentation to reflect these terminology changes, even when the underlying requirements are substantively similar.

Internal Audit Records Are No Longer Confidential

One of the most consequential changes under QMSR is the elimination of the record exemption that existed under the old QSR's §820.180(c). Under QSR, three categories of records were explicitly shielded from FDA review:

• Management review records
• Internal quality audit reports
• Supplier audit reports

The QMSR removes all three exemptions. King & Spalding, Ropes & Gray, and Morgan Lewis have all confirmed that FDA investigators now consider it within their inspectional authority to request and review these documents. This aligns with how ISO 13485 auditing bodies and MDSAP auditors have always operated — these documents were never off-limits in third-party conformity assessments.

The New Inspection Framework: Six QMS Areas

Under the old QSIT model, FDA inspections focused on four subsystems: Management, CAPA, Design Controls, and Production/Process Controls. CP 7382.850 expands this to six QMS areas:

1. Management Oversight — management review, quality policy, resource allocation
2. Design and Development — design controls, risk management, design transfer
3. Outsourcing and Purchasing — supplier controls, purchasing data, verification
4. Production and Service Provision — process controls, validation, traceability
5. Measurement, Analysis, and Improvement — complaints, CAPA, internal audits, data analysis
6. Document and Record Control — document control, record keeping, change control

Plus four Other Applicable FDA Requirements (OAFRs): Medical Device Reporting (MDR), Reports of Corrections and Removals, Medical Device Tracking, and Unique Device Identification (UDI).

Early Enforcement Data: What FDA Is Finding

First 90 Days of QMSR Inspections

Between February 4 and March 13, 2026, FDA completed 93 medical device inspections under the new QMSR framework, according to RegulatoryIQ's analysis of FDA's publicly available Inspectional Observation database. These inspections produced 132 Form 483 observations across 52 unique establishments.

The data reveals a clear enforcement pattern:

The transition to ISO-based citation language is functionally complete. Nearly 90% of all observations now reference specific ISO 13485:2016 clauses rather than legacy 21 CFR 820 sections.

Top Citation Areas

The most frequently cited QMS area is Management Oversight, accounting for 29.5% of all observations. This is driven primarily by risk management clauses, specifically ISO 13485 Clause 7.1 (product realization/risk management), which leads all individual clauses at 13.6% of observations.

Cloudtheapp's enforcement analysis confirms that the same three violation categories that dominated pre-QMSR enforcement continue to lead:

• CAPA deficiencies
• Complaint handling failures
• Supplier control gaps

But the citation language has shifted from QSR sections to ISO 13485 clauses, and inspectors are now evaluating process integration and system effectiveness rather than simply checking whether procedures exist.

Inspection Classification Rates

Of the 52 inspections with 483 observations, 98.1% were classified as VAI (Voluntary Action Indicated), with zero OAI (Official Action Indicated) in the published dataset. An additional 41 inspections closed with no observations at all.

The NAI (No Action Indicated) rate dropped from 52.7% pre-QMSR to 48.8% in early QMSR data, suggesting that inspectors are finding more to cite under the broader ISO 13485 framework.

The Medline/NAMIC Case: A Pre-Existing Problem Under New Scrutiny

On March 25, 2026, the FDA issued a warning letter to Medline Industries / NAMIC Division following a December 2025 inspection. The letter cited CAPA failure (complaint rates exceeded a 15.98 complaints-per-million threshold for three consecutive quarters with no remediation), design verification deficiencies, and inadequate cleaning and safety testing.

The firm subsequently initiated a removal of NAMIC Angiographic Control Syringes. This case illustrates how the same quality system weaknesses that drove pre-QMSR enforcement — particularly CAPA effectiveness and trend monitoring — are now being evaluated against a broader, risk-based standard under QMSR.

What Manufacturers Should Do Now

If You Have Open 483 Observations or a Warning Letter

1. Re-map your corrective actions to ISO 13485: Review every open observation and identify which ISO 13485 clause it maps to. Use AAMI TIR102:2019 (the FDA-to-ISO cross-reference) as a guide.

2. Update your documentation terminology: Ensure all corrective action records, CAPA documentation, and quality system procedures use ISO 13485 terminology (DDF, MDF, design and development review) rather than legacy QSR terms.

3. Address systemic issues, not just individual findings: The QMSR remediation mandate requires systemic correction. If an observation cited inadequate CAPA procedures, the corrective action should address the entire CAPA system, not just the specific case.

4. Prepare internal audit records for FDA review: Internal audit reports, management review minutes, and supplier audit reports are now inspectable. Ensure these documents are factual, complete, and do not contain unnecessary characterizations.

If You Are Preparing for a Future Inspection

1. Conduct a clause-level gap assessment: Map your current quality system against ISO 13485:2016 and identify gaps. The QMSR gap analysis checklist from existing guides provides a structured approach.

2. Verify risk management integration: ISO 13485 Clause 7.1 is the most cited provision. Ensure your risk management file is complete, current, and demonstrates that risk considerations drive design, manufacturing, and post-market decisions.

3. Separate corrective and preventive actions: If you still have a combined CAPA procedure, separate it. ISO 13485 treats corrective action and preventive action as distinct processes with different triggers, and FDA inspectors are now citing this distinction.

4. Organize newly inspectable records: Management review records, internal audit reports, and supplier audit reports should be organized, retrievable within the first day of an inspection, and free of unnecessary editorial language.

Sources

• FDA, Warning Letter to IsoTis OrthoBiologics, Inc., CMS Case 723370, February 24, 2026.
• FDA, Warning Letter to Longhorn Vaccines and Diagnostics LLC, CMS Case 726584, February 26, 2026.
• RegulatoryIQ, "FDA QMSR Town Hall: What the Enforcement Data Shows," April 2026.
• Cloudtheapp, "FDA Enforcement Trends Q1 2026: What Warning Letters and 483s Tell Quality Teams," 2026.
• King & Spalding, "The QMSR Goes Live and FDA Implements a New Medical Device Inspection Technique," February 2026.
• Ropes & Gray, "A QMSR State of Mind: FDA Adopts New Inspection Approach for Medical Devices," February 2026.
• Morgan Lewis, "February 2, 2026 Is Quickly Approaching — Are You QMSR Ready?" October 2024.
• IntuitionLabs, "FDA QMSR: Internal Audit Reports No Longer Confidential," 2026.
• FDA, Compliance Program 7382.850, "Inspection of Medical Device Manufacturers," January 30, 2026.
• FDA, Quality Management System Regulation (QMSR) webpage, updated February 2, 2026.
• FDA, "Medical Devices: Risk-Based Inspections" Town Hall, April 1, 2026.
• SGS, "ISO 13485 vs U.S. FDA Quality Management System Regulation (QMSR)," June 2026.
• PCBCart, "ISO 13485:2026 Update: What Medical Device Designers Must Know," 2026.