ISO 13485 + ISO 14971 | wired to evidence, records, and an inspection-ready operating cadence.
As of Feb 2, 2026, FDA’s device quality requirements operate under the QMSR (21 CFR 820 as amended) with ISO 13485:2016 incorporated by reference. Verus FDA helps device teams build a coherent system that ties hazards → controls → verification evidence, maps records and procedures to ISO 13485 + FDA overlays, and operationalizes CAPA + audits + management review so you’re ready for submissions, scale, and inspection.
What we build (QMSR-aligned pillars, one consistent story)
We connect risk, requirements, verification/validation, records, and quality processes so your documentation is defensible, maintainable, and aligned to ISO 13485:2016 + FDA QMSR overlays.
Right-sized QMS
Procedures, records, and governance mapped to ISO 13485 clauses, tailored to device scope and maturity.
Risk Management File
Hazards, risk evaluation, risk controls, verification of controls, and residual risk justification tied to claims.
FDA Overlay Alignment
Clause mapping and targeted additions so ISO 13485 implementation stays consistent with FDA expectations under QMSR.
Design Controls + Traceability
Planning, inputs/outputs, reviews, V&V, transfer, and changes tied to risk, requirements, and objective evidence.
CAPA, Audits & Inspection Prep
Clear triggers, root cause, effectiveness checks, internal audits, management review, and “show me” evidence mapping.
Core capabilities
The building blocks that make your system reviewable under QMSR: clause mapping, traceability, and practical operating cadence.
Clause mapping + evidence architecture
- ISO 13485 clause-to-SOP map with record expectations
- Objective evidence checklist (design, purchasing, production, PMS, etc.)
- “Show me” alignment: procedures → records → outcomes
Risk-based traceability (not just a spreadsheet)
- Requirements → risks → controls → V&V → labeling/IFU claims
- Control selection rationale and residual risk logic
- Verification evidence mapping (bench/EMC/biocomp/software/cyber as applicable)
Start with a fast QMSR fit check
If you’re preparing a submission, scaling manufacturing, or expecting inspection, we’ll confirm the safest, leanest lane based on device class, software/cyber scope, supplier complexity, and what artifacts already exist.
How we run engagements
A simple, repeatable method that keeps artifacts consistent, mapped to ISO 13485 + QMSR expectations, and avoids rework.
Scope + boundaries
Confirm device scope and regulatory expectations, define “done,” and lock the clause map + evidence map + owners.
QMS backbone + risk wiring
Build/update the ISO 13485 SOP set and connect risk artifacts to requirements, V&V, records, and change control.
CAPA + audits + management review
Implement CAPA workflow, internal audit cadence, and management review package so the system runs after we exit.
Inspection readiness
Evidence mapping, mock inspection prep, and remediation plan for any gaps found (procedures, records, and implementation).
Typical pricing bands
Ranges depend on device complexity, software/cyber scope, supplier controls, and documentation maturity under ISO 13485 + QMSR overlays.
Early-stage Class I/II teams needing a credible baseline fast.
- ISO 13485 clause map + starter SOP set
- ISO 14971 plan + starter Risk Management File
- Design & development framework + templates
- Record templates + training basics
Submission/transfer stage teams needing a coherent, connected system.
- RMF build-out + control verification mapping
- Traceability: requirements → risk → V&V → labeling claims
- CAPA procedure + workflow + effectiveness checks
- Audit plan + first internal audit support
Revenue-stage teams or those expecting FDA / NB audits.
- Procedure + record completeness review against ISO 13485 + FDA overlays
- Mock inspection + remediation plan
- Management review package + evidence mapping
- Supplier controls + PMS/trending (as needed)
Prefer to start async?
Submit your details and we’ll respond with a scoped plan and pricing band based on device complexity, software/cyber scope, supplier controls, and audit needs.
FAQs
Short answers to common questions about QMSR, ISO 13485/14971, and inspection readiness.
What changed with QMSR in 2026?
FDA’s device CGMP requirements are now under QMSR (21 CFR 820 as amended), with ISO 13485:2016 incorporated by reference and FDA-specific overlays. Practically: expect ISO-style clause mapping, stronger emphasis on records/evidence, and inspection-ready implementation (not just “having SOPs”).
Do we need ISO 13485 certification to comply with QMSR?
No. Certification is optional, but your QMS still needs to meet ISO 13485 requirements (as incorporated) plus FDA overlays. We build systems that satisfy the regulation and stand up in FDA inspections—certified or not.
Do we still need ISO 14971 if we’re filing a 510(k)?
Reviewers expect hazards, risk controls, and verification evidence. We build a lean ISO 14971-aligned file that supports both submission expectations and ongoing postmarket maintenance.
Can you do this without locking us into an eQMS tool?
Yes. We can implement in your existing toolset and keep templates tool-agnostic. If you’re selecting an eQMS, we can define requirements and help evaluate fit.
Why are the price ranges so broad?
Device complexity, software/cyber scope, supplier controls, and existing artifacts change effort significantly. Intake lets us scope quickly and quote accurately.
What’s “inspection readiness” under QMSR?
It’s not only procedures—it's evidence. We prepare the clause map, “show me” record set, and team readiness so QA/R&D/Ops can demonstrate implementation consistently during an inspection.