Fundamental Concepts of QSIT
QSIT, which stands for “Quality System Inspection Technique,” represents a systematic inspection methodology that the U.S. Food and Drug Administration (FDA) adopted for inspecting medical device facilities. Development of this technique began in 1998 when FDA assembled a Quality System Inspections Reengineering Team that included staff members from the Center for Devices and Radiological Health (CDRH) and the Office of Regulatory Affairs (ORA). The technique was unveiled at a public meeting in Rockville, Maryland, in May 1998, and the initial QSIT Handbook was released to the public via FDA’s reengineering website in September 1998. Following a validation study conducted between October 1998 and February 1999, involving 42 inspections across three FDA districts (Denver, Minneapolis, and Los Angeles), the final version was published in August 1999 as the “Guide to Inspections of Quality Systems.” FDA began widely implementing QSIT in the fall of 1999, and it was officially adopted in January 2000 for routine inspections of medical device manufacturers.
This methodology was specifically developed to assess manufacturers’ compliance with the Quality System Regulation (QSR, 21 CFR Part 820). Its primary purpose was to verify whether manufacturers had appropriately established and operated quality systems to ensure product safety and effectiveness.
Structure and Characteristics of QSIT
QSIT was constructed around seven subsystems within a quality management system, though inspections primarily focused on four major subsystems:
The Four Major Subsystems:
Management Controls evaluated how effectively senior management established, maintained, and monitored the quality system, including policy development, resource allocation, and management review processes.
Design Controls assessed whether companies followed appropriate procedures for device design, verification, and validation, ensuring that products met user needs and regulatory requirements.
Corrective and Preventive Actions (CAPA) examined how systematically organizations identified, addressed, and prevented quality issues, including complaint handling and medical device reporting.
Production and Process Controls (P&PC) verified compliance with manufacturing processes, personnel training, process validation, and control of production and process changes.
The Three Supporting Subsystems:
The remaining three subsystems—records, documents, and change controls; equipment and facility controls; and material controls—were evaluated through their linkages or pathways from the four major subsystems rather than being inspected separately.
QSIT distinguished itself from traditional checklist-based audits by emphasizing verification of the quality system’s essential effectiveness. Through a systematic and in-depth inspection approach, it evaluated not only superficial compliance but also whether actual operations functioned as designed within the system. A defining characteristic of QSIT was its “top-down” approach, which began by examining the quality system’s overall structure, policies, and management review mechanisms at the highest level, then progressively delved into lower-level procedures and records.
The inspection technique was designed to be scalable, with three defined levels:
| Inspection Level | Description | Duration | Subsystems Covered |
|---|---|---|---|
| Level 1 (Abbreviated) | Surveillance and initial inspections | 2 days | CAPA plus one other subsystem (P&PC or Design Controls) |
| Level 2 (Comprehensive) | Class II manufacturers, initial inspections | 4 days | All four major subsystems |
| Level 3 (For-Cause) | Triggered by specific concerns | Variable | All relevant subsystems with emphasis on problem areas |
This scalability allowed FDA investigators to adjust the inspection depth and scope based on factors such as company size, product risk level, and past compliance history.
Official Announcement of QSIT Retirement: A Historical Turning Point at MedCon 2025
At MedCon 2025, held in Columbus, Ohio in April 2025, FDA officials made a historic announcement regarding the future of QSIT. During presentations by FDA representatives, including Karen Masley-Joseph, Senior Advisor in the Office of Medical Device and Radiological Health Inspectorate, and Shannon Thomas from the Office of Product Evaluation and Quality, FDA formally confirmed that QSIT would be completely withdrawn effective February 2, 2026, coinciding with the implementation of the Quality Management System Regulation (QMSR).
Significantly, FDA clarified that there would be no standalone successor document such as “QSIT No. 2” or “QSIT 2.0.” Instead, the new inspection process would be documented within a revised version of the Compliance Program (CP) titled “Inspection of Medical Device Manufacturers.” This revised CP would be available on the FDA device CP webpage no later than the QMSR effective date of February 2, 2026.
This announcement marked the end of a quarter-century of service for QSIT, which had been the primary framework for FDA medical device inspections since January 2000.
Transition to QMSR: Harmonization with International Standards
The retirement of QSIT occurs as part of a broader regulatory reform initiative. On January 31, 2024, FDA published the final QMSR rule in the Federal Register, with publication dated February 2, 2024. This new regulation, which will replace the existing QSR, becomes fully effective on February 2, 2026. The primary features of this new regulation include:
Alignment with ISO 13485:2016: The QMSR incorporates by reference ISO 13485:2016 (Medical devices—Quality management systems—Requirements for regulatory purposes), which is already widely used by regulatory authorities internationally. The regulation also incorporates Clause 3 of ISO 9000:2015 (Quality management systems—Fundamentals and vocabulary), as these terms and definitions are necessary to understand and apply ISO 13485:2016.
Strengthened Risk-Based Approach: While ISO 14971 (Medical devices—Application of risk management to medical devices) is not incorporated by reference within the QMSR, ISO 13485:2016 incorporates terms and principles from ISO 14971. Therefore, manufacturers must ensure their risk management processes and procedures comply with ISO 14971 to demonstrate compliance with ISO 13485:2016.
Harmonization with MDSAP Audit Approach: The new inspection methodology will align with the Medical Device Single Audit Program (MDSAP) audit approach. FDA officials have recommended that companies reference the MDSAP audit plan to understand what FDA investigators might review during QMSR-related inspections. Companies participating in MDSAP will continue to be exempted from routine FDA surveillance inspections.
Adoption of More Flexible, Process-Oriented Inspection Methodology: The new inspection approach will move away from the prescriptive, checklist-oriented nature of QSIT toward a more process-based audit methodology consistent with ISO 19011:2018 (Guidelines for auditing management systems), which governs how Notified Bodies and other Conformity Assessment Bodies conduct ISO 13485:2016 audits.
Additional Requirements to Satisfy U.S. Law: The QMSR includes provisions that are additional, clarifying, or superseding to ISO 13485:2016 where necessary to comply with the Federal Food, Drug, and Cosmetic Act (FD&C Act). For example, FDA extends ISO 13485:2016 traceability requirements for implantable devices to devices that support or sustain life. Additionally, FDA gains authority under QMSR to inspect management review records, quality audit records, and supplier audit reports—records that were previously protected under exceptions in the QSR at § 820.180©.
Inheritance and Evolution of the Top-Down Inspection Philosophy
The core philosophy of QSIT’s “top-down approach” will fundamentally be carried forward into the new inspection framework. This approach involves beginning with examination of the quality system’s overall structure, policies, and management review processes, then systematically drilling down into lower-level procedures and records.
However, the new approach will differ in several important ways:
The process-based audit methodology will follow an organization’s procedures from start to finish, taking audit trails to supporting processes such as competence verification, resource allocation, purchasing activities, and document and record control. This approach can identify gaps in the quality management system that may have been overlooked using the more structured QSIT subsystem approach.
Investigators will have greater flexibility to adjust inspection depth and scope based on factors including company size, product risk level, past compliance history, pre-inspection information gathered from post-market surveillance data, and observed signals during the inspection itself.
The risk-based approach will enable more efficient resource utilization and concentrated inspection of higher-risk areas, rather than following a predetermined subsystem examination sequence.
FDA has emphasized that this transition represents a cultural shift in the approach to quality management system audits. Organizations unfamiliar with process-based auditing should prepare for this change in audit methodology. For companies accustomed to QSIT’s predictable subsystem-by-subsystem review, the process approach may initially feel less structured, as investigators will follow business processes across multiple functional areas rather than examining discrete subsystems in isolation.
Company Responses During the Transition Period
As medical device manufacturers prepare for the complete transition by February 2, 2026, they must undertake several critical preparation activities:
ISO 13485:2016 Compliance Verification: Conduct comprehensive gap analyses comparing existing quality systems against ISO 13485:2016 requirements. This assessment should go beyond obvious items such as documentation formats to examine definitions, process consistency, risk management throughout the product lifecycle, supplier management practices, and labeling and packaging controls.
Risk Management Enhancement: Review and strengthen risk management processes based on ISO 14971. Since ISO 13485:2016 incorporates risk management principles throughout the quality management system, manufacturers must ensure their risk management file demonstrates appropriate integration with quality system activities, including design and development, production, post-market surveillance, and CAPA processes.
Documentation Requirements Update: Develop document system structures that address new QMSR requirements. This includes updating quality manuals, procedures, work instructions, and forms to reflect ISO 13485:2016 terminology and requirements while addressing additional FDA-specific provisions in the QMSR.
Internal Audit Program Revision: Modify internal audit methodologies to reflect the new process-based inspection approach. Internal auditors should receive training on ISO 19011:2018 auditing guidelines and practice following processes across functional boundaries rather than conducting isolated subsystem audits.
Training Implementation: Ensure thorough communication of new regulatory requirements to all employees. This training should cover not only specific QMSR requirements but also the philosophical shift from a compliance-focused quality system to a process-oriented quality management system that emphasizes risk-based decision-making and continual improvement.
Engagement of Senior Leadership: Involve top management early in the transition process to ensure that culture, resources, and oversight are appropriately aligned. Under ISO 13485:2016, top management has specific defined responsibilities that may differ from previous management control requirements under the QSR.
Development of a Transition Roadmap: Based on gap analysis findings, create a detailed plan for remediating deficiencies that must be addressed by the February 2, 2026 effective date. This roadmap should prioritize changes based on risk and compliance impact, with particular attention to areas requiring significant system modifications or changes to established business processes.
Supplier Management Update: Work with suppliers to amend quality agreements to align with new QMSR requirements. Consider which suppliers may require updated supplier audits to assess their QMSR readiness, particularly for critical components or outsourced processes.
Mock Inspection Preparation: Companies should plan to complete living with their new quality system for six to nine months prior to the effective date, culminating in a mock FDA inspection to identify any remaining gaps or areas requiring improvement.
FDA officials have been clear that manufacturers should not wait until February 1, 2026, to begin preparation. Shannon Thomas emphasized at MedCon 2025 that although FDA provided two years for the transition (which she described as “very generous”), companies need to assess their quality systems immediately, conduct gap analyses, and understand where they are meeting QMSR requirements with their current systems.
Summary: Preparing for a New Era
The retirement of QSIT after 25 years of serving as the standard for medical device inspections represents more than simply a change in inspection methodology. It marks a significant step toward global harmonization of medical device regulations and presents an important opportunity for companies to align their quality systems with international standards.
While the top-down inspection philosophy is being maintained, the adoption of a more flexible, risk-based, and process-oriented approach is expected to further promote continuous improvement in medical device safety and quality. The shift from the QSR to the QMSR, incorporating ISO 13485:2016 by reference, represents the most significant revision to FDA’s quality system requirements for medical devices since the original QSR was established in 1996.
For the medical device industry, this transition presents both challenges and opportunities. Companies already certified to ISO 13485:2016 may find the transition more straightforward, though they should not assume automatic compliance—the QMSR includes additional requirements specific to FDA’s regulatory framework. Companies currently complying only with the QSR will need to undertake more substantial quality system modifications.
It is critical to note that ISO 13485 certification alone does not exempt manufacturers from FDA inspections. Companies participating in MDSAP will continue to be exempted from routine FDA surveillance inspections, but FDA may still conduct for-cause inspections when specific concerns arise. For companies not participating in MDSAP, FDA cannot ensure that other applicable device requirements—such as those outlined in 21 CFR Parts 803 (Medical Device Reporting), 806 (Medical Devices; Reports of Corrections and Removals), 821 (Medical Device Tracking Requirements), and 830 (Unique Device Identification)—are audited during ISO 13485 certification audits.
The economic impact of this transition is expected to be positive overall. FDA estimates that the QMSR will result in annualized net cost savings of approximately $532 million at a 7 percent discount rate ($540 million in cost savings minus $8.2 million in costs) and approximately $554 million at a 3 percent discount rate ($561 million in cost savings minus $7.29 million in costs). Beyond these quantifiable cost savings, the qualitative benefits include faster access to newly developed medical devices for patients, leading to improved quality of life for consumers.
For companies to successfully navigate this historic transition by February 2026, they must begin preparations urgently. The effective date is approaching rapidly, and the magnitude of changes required—from documentation updates to process modifications to cultural shifts—demands immediate attention and sustained effort over the coming months. Organizations that proactively embrace this transition and view it as an opportunity to strengthen their quality management systems, rather than merely a compliance exercise, will be best positioned to succeed in the new regulatory environment.
Comment