×
RAPS Learning Portal will be under maintenance on 12 June 2026 between 10 PM - 12 AM ET. Learning Portal functionality and profile access may be unavailable during this window.
We apologize for any inconvenience caused during this time.
  1. You are here:
  2. Homepage
  3. News & Insights Search
  4. Risk management systems should be constantly evolving, FDA official says

rf-fullcolor.png

 

Regulatory News
10 June 2026
by Ferdous Al-Faruque

Risk management systems should be constantly evolving, FDA official says

Thomas_Keisha_260610_ALF.jpg
FDA's Keisha Thomas spoke at the RAPS Quality Conference in Baltimore (credit: Ferdous Al-Faruque)

BALTIMORE – Risk management remains the top reason the US Food and Drug Administration (FDA) investigators cite medical device makers for failing to meet their quality management requirements, according to a top agency official. She emphasized that companies need to treat risk management as an ever-evolving responsibility.

Keisha Thomas, associate director for compliance and quality at the Center for Devices and Radiological Health (CDRH), spoke to attendees at the RAPS Quality Conference about FDA's new compliance program using CPM 7382.850, which replaced its Quality System Inspection Technique (QSIT), to ensure medtech manufacturers comply with the new Quality Management System Regulation (QMSR) that has been in effect for four months. She explained that the new medical device risk-based inspection system is based on two inspection models and focuses on six quality management system (QMS) areas, as well as other applicable FDA requirements.

"Our inspection approach is risk-based, not only the selection model for determining who gets inspected, but also the approach itself," said Thomas. She noted that element selection is based on firm-specific risks. Investigators also review pre-inspection information, such as medical device reports (MDR), recalls, and complaints, and there are no standardized sampling tables.

Thomas emphasized that while FDA has aligned with the International Organization for Standardization's ISO 13485, the international QMS standard for medical devices, it's important to remember that its inspections are not audits. She said that means inspections are intended to ensure companies comply with FDA requirements, not to look for conformity. She also noted that the new inspection model means investigators now look at all six QMS areas rather than just specific ones.

Based on the latest inspections and Form 483s, Thomas said the top QMSR issues cited against firms are risk management, followed by corrective action, risk-based approach, complaint handling, and purchasing process. She noted that it's a little early to draw any conclusions about trends, but the agency is seeing the same citations it saw before QMSR was implemented, but in a different order.

In terms of risk management, Thomas said investigators are citing firms for a lack of processes and evidence that demonstrate that risk management is rooted in their decision-making. She said that they're finding that companies may have risk management files and processes but aren't applying them holistically or systematically across all QMS areas.

Thomas also noted that in the past, investigators looked at corrective and preventive actions (CAPA) together and preventive actions followed corrective actions. However, she said that under the new standard, corrective actions and preventive actions have been decoupled.

"The way we're viewing it is based off of what the interpretation of the standard is that you should have preventative actions being considered in your QMS that don't necessarily follow your corrective action," said Thomas. "You won't hear us say CAPA too much anymore.

“We've kind of outlawed it inside the agency, but it's going to take everyone else a little bit of time to get there,” she added. "We will say it when we're in mixed company, but we will explain that there is that separation, and so what we're seeing here with corrective actions is poorly executed corrective actions, but it's not associated with the preventative side of it."

Thomas was asked how the new inspection processes are being applied to companies that participate in the Medical Device Single Audit Program (MDSAP). She noted that typically MDSAP firms are not inspected because they are audited, but under QMSR they may be inspected because investigators are looking for new types of information based on their risk-based assessment site selection system.

Thomas noted that there are three times as many MDSAP audits each year as FDA inspections, and that they use the same type of intelligence data.

"We put all of that in the model, so MDSAP firms may see us coming," she said. "If we've got any type of signal that's telling us we should be there, [such as] increasing complaints, MDRs, number of recalls, those types of things may signal that an MDSAP firm probably needs a little bit of visibility for us."

One attendee noted that it's been difficult to define risk for every QMSR area at their firm and asked how they should approach the issue. Thomas said that while FDA hasn't stated an explicit regulatory requirement in the past to consider risk in every category, the agency expected companies to treat each category that way. With that in mind, she emphasized that risk shouldn't be treated as a single incident but rather as something that constantly evolves as part of the company's quality management.

"Your risk management system should be fluid, living, breathing, moving, evolving constantly, it should be in a state of continuous improvement all the time, because there are risks introduced, whether it's system risk, whether it's product risk, whether it's clinical risk, those things are there," said Thomas. "It should be fluid and evolving, and I think that's the message that you take back."

RAPS Quality Conference

Related topics

Audit/FDA inspection Quality Risk management
Return to listing

Recommended content

DiPietro_Kerri_260609_ALF.png
09 Jun 2026

Expert offers tips on developing a thriving quality culture

BALTIMORE – Kerri DiPietro, chief quality officer at Integra LifeSciences, said that drug and device makers need to be methodical and purposeful when considering elevating their companies' quality cultures. She noted that it involves getting buy-in from key leadership, measuring the progress, and implementing a plan that may take years to accomplish.

Regulatory News
FDA_Badges_260421_ALF.png
04 Jun 2026

FDA warns drugmakers for GMP and BIMO violations, records refusal

The US Food and Drug Administration (FDA) recently sent warning letters to two facilities in the United States and Mexico for failing to comply with current good manufacturing practices (cGMPs) related to contamination issues and data integrity problems. The agency also warned a company in Brazil for failing to respond to a request for written records and to a laboratory in the US for nonclinical study violations.

Regulatory News
FDA_Badges_260421_ALF.png
26 May 2026

FDA warns drugmakers in US, Japan, and India for GMP issues

The US Food and Drug Administration (FDA) recently issued warning letters to drugmakers in Japan and the US, as well as a producer of active pharmaceutical ingredients (APIs) based in India, citing the firms for violations of current good manufacturing practice (cGMP). Additionally, the agency warned a clinical investigator for informed consent, participant screening, and other issues related to the conduct of a clinical trial.

Regulatory News