Updated for FDA CSA Feb 2026 & QMSR Transition · Verified Mar 2026

Pass your next regulatory
audit with confidence

Clause-level gap assessments and audit-ready templates built by a certified regulatory professional with 14+ years of hands-on audit experience. Covering FDA, ICH, EU MDR, ISO 13485, and 40+ frameworks globally.

Get the Gap Assessment Toolkit Book a Consultation
535
Assessable Criteria
40+
Regulatory Frameworks
6
Compliance Domains
Mar 2026
Citations Verified
0 Major Findings
Across 60+ regulatory audits
14+ Years
In regulatory affairs & quality assurance
Cross-Sector
Medical devices, pharma, SaMD & clinical trials
RAC · CMQ/OE · CPHQ · Lead Auditor · LSSBB · AiE
Certified regulatory & quality professional
Regulatory Intelligence

Current as of March 2026

Every citation verified. Every framework tracked. Our templates and assessments reflect the latest regulatory landscape.
Effective Feb 3, 2026

FDA Computer Software Assurance

Level 2 revision of the CSA final guidance. Title updated to "Quality Management System Software" aligning with the QMSR/ISO 13485 harmonization. Risk-based approach: intended use, process risk assessment, proportionate assurance activities, objective evidence. Supports unscripted testing and digital evidence over paper documentation.

FDA CSA Final Guidance (Feb 2026) · Supersedes Sept 2025 version · Replaces GPSV Section 6
Effective Feb 2, 2026

QMSR / 21 CFR Part 820 Transition

The QMSR final rule withdrew the majority of Part 820 requirements and incorporated ISO 13485:2016 by reference. All quality management system documentation should now reference ISO 13485:2016 as incorporated by 21 CFR Part 820. 21 CFR Part 11 remains independently applicable and is not affected by this change.

21 CFR Part 820 (QMSR) · ISO 13485:2016 incorporated by reference · Part 11 unchanged
Step 4 Final Guideline

ICH E6(R3) Good Clinical Practice

Finalized January 6, 2025 and published January 14, 2025. This is the definitive GCP guideline, not a draft. Step 5 regional implementation timelines vary by jurisdiction; EU implementation expected under the Clinical Trials Regulation (EU CTR 536/2014). Organizations should verify their regulatory authority's implementation date.

ICH E6(R3) Step 4 · Adopted Jan 6, 2025 · Published Jan 14, 2025
Warning Letter Analysis

What FDA is actually citing in 2024-2026

We analyzed 3,366 FDA warning letters from 2021 through March 2026 to identify where enforcement is focused and what your organization should prioritize.
3,366
Warning letters analyzed (2021-2026)
5.7x
QSR device letters surged from 6 (2021) to 34 (2025)
75%
of QSR device letters cite "Adulterated" as sole classification
4x
CDER drug letters surged from 82 (2024) to 348 (2025)

Top finding categories in QSR & BIMO letters

Design Controls (820.30)
#1
CAPA Deficiencies (820.100)
#2
Complaint Handling (820.198)
#3
Change Control / Unauthorized Changes
#4
Data Integrity / Source Documentation
#5
View the full analysis: 9 interactive charts, 8 case studies, quarterly trend data
Live FDA Data

FDA Inspection Intelligence

266,000+ inspections. 271,000+ citations. Exposed patterns the industry talks about but rarely quantifies. Data sourced directly from FDA's public inspection database.
Total Inspections
266,037
FY2009 – FY2025
Citation Records
271,567
All program areas
Official Actions (OAI)
12,685
3.9% of all outcomes
FY2025 Device OAI Rate
5.1%
125 official actions
Inspection Outcomes by Fiscal Year
Classification distribution across NAI, VAI, and OAI outcomes. COVID-19 impact visible in FY2020-2021 with recovery through FY2025.
OAI Rate by Product Type
Percentage of inspections resulting in official action, FY2021-FY2025.
Citation Volume by Program Area
Annual citation counts for regulated industries, FY2015-FY2025.
Top Device Citations (FY2023 – FY2025)
Most frequently cited CFR sections in FDA device inspections over the last three complete fiscal years.
CFR SectionDescription FY23FY24FY25 3-Year Total
Device Citation Trend (FY2015 – FY2025)
Total device-related citations issued per fiscal year. Post-pandemic volumes have stabilized near pre-2020 levels. *FY2026 is partial (through March 2026).
Top Drug Citations (FY2023 – FY2025)
Most frequently cited 21 CFR Part 211 sections in pharmaceutical inspections. Drug manufacturing consistently draws higher OAI rates than any other FDA-regulated product type.
CFR SectionDescription FY23FY24FY25 3-Year Total
Drug OAI Rate: Persistently the Highest
Official Action Indicated rate for drug inspections versus devices and biologics.
Part 820 Citation History: Now Under QMSR
The top-cited Part 820 subsections across all device inspections FY2009-FY2025. Effective February 2, 2026, the QMSR replaced the majority of Part 820 with ISO 13485:2016 incorporated by reference.
820 SectionObservation All-Time Citations
Why This Matters Now
With the QMSR effective February 2, 2026, every one of these historically cited Part 820 sections now maps to an ISO 13485:2016 clause. The top three areas alone—CAPA procedures, complaint handling, and quality audits—account for over 10,000 citations in the FDA's inspection database. Our Gap Assessment Toolkit maps each of these high-risk areas to the corresponding ISO 13485 requirement and evaluates your current state against both frameworks.
QMSR in Practice: First 30 Days
FDA inspection data through February 20, 2026 already shows the QMSR transition in enforcement. Across 13 device inspections completed after the February 2 effective date, FDA issued 33 citations. Of these, 31 cite ISO 13485:2016 clauses directly and zero reference Part 820. The most-cited clauses so far: Clause 7.1 (product realization planning, 4 citations), Clause 8.5.2 (corrective action, 3), Clause 7.5.6 (process validation, 3), and Clause 4.1.2 (risk-based QMS approach, 3). The enforcement priorities mirror the historical Part 820 patterns above—CAPA, process validation, and production controls remain top focus areas—but the citation format has shifted to ISO 13485 clause references.
EU GMP Inspection Volume (2015 – 2025)
GMP certificates, non-compliance reports, and deficiency acknowledgments issued by EEA competent authorities. Volume has more than doubled since pre-COVID levels.
Non-Compliance Rate by Year
Percentage of inspections resulting in a GMP non-compliance statement. Rate is climbing back toward pre-pandemic levels after COVID-era lows.
Non-Compliance by Country
India and China account for 59% of all EU GMP non-compliance statements issued since 2015. 97 total NC reports across 24 countries.
Geographic Risk: NC Rate by Manufacturing Origin
Non-compliance rate as a percentage of total inspections for countries with 50+ GMP inspections since 2015. Third-country manufacturers face significantly higher NC rates.
CountryInspectionsNC ReportsNC Rate
Supply Chain Risk Intelligence
EU inspection volume increased 116% from 2019 to 2024, signaling intensified regulatory scrutiny of global pharmaceutical supply chains. For organizations sourcing APIs or finished products from India or China, these non-compliance patterns should inform vendor qualification, audit frequency, and supply chain risk assessments. Our Gap Assessment Toolkit and Audit Prep Bundle include supplier qualification criteria aligned to EU GMP Annex 11 and EudraGMDP compliance expectations.
Data sources: FDA ORA Compliance Dashboards · EudraGMDP (EMA)
FDA data updated weekly; final classifications only. Excludes state-conducted, pre-approval, mammography, and nonclinical lab inspections.
EU GMP data from EudraGMDP public database. Populated by EEA national competent authorities. UK data excluded post-January 2021 per Brexit transition.
Data through March 2026
Capabilities

Six pillars of compliance intelligence

From initial gap assessment through audit preparation, every service maps to specific regulatory requirements and delivers actionable outcomes.

AI Compliance Analysis

Upload your documentation and receive instant gap analysis against any supported regulatory framework. Identifies non-conformities, maps requirements to evidence, and prioritizes findings by risk.

21 CFR Part 11 · ISO 13485 · EU MDR

Third-Party Software (TPS) / COTS Fit-for-Use Assessment

GAMP 5 2nd Edition categorization with FDA CSA (Feb 2026) risk-based evaluation framework. Vendor assessment, intended use documentation, and process risk determination for commercial off-the-shelf (COTS) and configured products.

GAMP 5 · FDA CSA · Vendor Qualification

Gap Assessment & Remediation

Automated gap identification with risk-rated findings and prioritized remediation plans. Each gap maps to specific regulatory clauses with recommended corrective actions, responsible parties, and target timelines.

Risk-rated · Clause-level · Actionable

Regulatory Intelligence

Automated monitoring of FDA, ICH, EMA, MHRA, ISO, and IEC updates. Receive notifications when guidance changes affect your compliance posture, with impact assessments and recommended actions.

FDA · ICH · EMA · MHRA · ISO · IEC

SaMD & Clinical Trial Support

IMDRF classification, IEC 62304 software lifecycle, IEC 62366-1 usability engineering, and ISO 14155 clinical investigation planning. End-to-end support from software classification through clinical evidence generation.

IMDRF · IEC 62304 · IEC 62366-1 · ISO 14155

Data Integrity & Security

ALCOA+ assessment methodology, audit trail reviews, 21 CFR Part 11 electronic records/signatures compliance. Covers the 2003 Scope and Application guidance and 2024 expanded interpretation for cloud and digital health technologies.

ALCOA+ · 21 CFR Part 11 · Audit Trails
Now Available

Gap Assessment Toolkit

$897 $499 One-time purchase

Total value if purchased separately: $897. You save $398.

Eight audit-ready templates with 535 assessable criteria covering six major compliance frameworks. Every regulatory citation has been verified against current published versions as of February 2026. Designed for FDA, EMA, and MHRA inspection preparation.

Get the Toolkit — $499

Digital delivery via email within 1 business hour during business hours (typically within minutes).

30-day money-back guarantee. If the toolkit doesn't meet your compliance needs, we'll refund your purchase.
A regulatory consultant charges $300-500/hour. This toolkit replaces weeks of manual gap assessment work.

What's Included

  • xlsx
    FDA 21 CFR Part 11 Gap Assessment
    46 assessable criteria
  • xlsx
    EU GMP Annex 11 Gap Assessment
    139 assessable criteria
  • xlsx
    ICH E6(R3) Assessment Tool
    101 assessable criteria
  • xlsx
    Data Integrity ALCOA+ Assessment
    69 assessable criteria
  • xlsx
    CSV/CSA Assessment Template
    80 assessable criteria
  • xlsx
    QMSR / ISO 13485:2016 Gap Assessment
    100 assessable criteria · Includes 820-to-13485 mapping & transition readiness
  • docx
    Remediation Plan Template
    12-column gap register · 12 regulatory references
  • docx
    Executive Summary Template
    12 sections · Placeholder variables for criteria counts

Why This Toolkit

Every regulatory citation verified against current published versions
6 major compliance frameworks in one integrated toolkit
Risk-rated criteria with built-in remediation tracking
Ready for FDA, EMA, and MHRA inspection preparation
Dual CSV/CSA framework coverage for organizations in transition
Want us to perform the gap assessment for you?
Our regulatory team conducts full compliance gap assessments across all six frameworks, delivers findings with risk-rated remediation plans, and supports you through closure. 14+ years of hands-on audit experience.
Book a Discovery Call
Now Available

CSV/CSA Package

$199 One-time purchase

Six audit-ready templates covering the FDA Computer Software Assurance (Feb 2026) framework transition from traditional CSV. Aligned to the risk-based approach: intended use, process risk, assurance activities, and objective evidence. Built for organizations transitioning from CSV to CSA or implementing CSA from scratch.

Get the CSA Package — $199

Digital delivery via email within 1 business hour during business hours (typically within minutes).

30-day money-back guarantee. If the package doesn't meet your compliance needs, we'll refund your purchase.
Aligned to FDA CSA Final Guidance (Feb 2026), GAMP 5 2nd Edition, QMSR/ISO 13485:2016, and 21 CFR Part 11.

What's Included

  • xlsx
    CSA Implementation Gap Assessment
    80 assessable criteria
  • xlsx
    Software Categorization & Risk Assessment Tool
    5 worksheets · 29 dashboard formulas
  • docx
    Computer Software Assurance Plan
    10 sections · 6-step methodology
  • docx
    Vendor Assessment Questionnaire
    61 questions · 24 critical
  • docx
    CSA Testing Protocol Template
    3 parts (scripted/unscripted/vendor) · 24-item evidence checklist
  • xlsx
    CSV-to-CSA Transition Checklist
    68 items across 4 phases · Auto-calculating dashboard

Why This Package

Updated to the Feb 2026 CSA final guidance (supersedes Sept 2025 version)
Covers both legacy CSV and modern CSA approaches for organizations in transition
Vendor assessment questionnaire with 24 critical-path questions
All templates cross-referenced by document number (RIQ-CSA-xxx)
Want us to handle your CSA transition?
We assess your current CSV practices, build your CSA implementation roadmap, categorize your software portfolio, and guide you through the transition. From gap analysis to inspection readiness.
Book a Discovery Call
Now Available

Data Integrity Pack

$179 One-time purchase

Five audit-ready templates for ALCOA+ compliance and data governance. Covers the full data integrity lifecycle from gap identification through risk assessment, with a dedicated 21 CFR Part 11 companion assessment and complete SOP and audit trail review procedures.

Get the Data Integrity Pack — $179

Digital delivery via email within 1 business hour during business hours (typically within minutes).

30-day money-back guarantee. If the pack doesn't meet your compliance needs, we'll refund your purchase.
Aligned to FDA 21 CFR Part 11, EU GMP Annex 11, MHRA data integrity guidance (2018), PIC/S PI 041-1 (2021), and WHO TRS 1033 Annex 4 (2021).

What's Included

  • xlsx
    Data Integrity Gap Assessment
    117 assessable criteria · 4 worksheets (ALCOA+ principles)
  • docx
    Data Integrity SOP
    29 sections · Full data lifecycle management
  • docx
    Audit Trail Review Procedure
    25 sections · Risk-based review methodology
  • xlsx
    Data Integrity Risk Assessment Tool
    7 worksheets · 45 pre-populated risks · 342 formulas (RPN model)
  • xlsx
    21 CFR Part 11 Companion Assessment
    55 criteria across 9 sections · 4 worksheets

Why This Pack

117 gap criteria mapped to ALCOA+ principles at the clause level
Risk assessment with 45 pre-populated scenarios and automatic RPN calculation
Covers 5 international data integrity frameworks (FDA, EU, MHRA, PIC/S, WHO)
SOP and audit trail review procedure ready for immediate deployment
Want us to assess your data integrity program?
We conduct ALCOA+ gap assessments, audit trail reviews, and Part 11 compliance evaluations across your systems. Deliverables include risk-rated findings and a prioritized remediation roadmap.
Book a Discovery Call
About

Built by a regulatory professional, not a tech startup

Zach Galloway, Founder of RegulatoryIQ
Zach Galloway
Founder, RegulatoryIQ

Quality and regulatory affairs leader with 14+ years guiding medical device, pharmaceutical, Software as a Medical Device (SaMD), and clinical trial programs through global regulatory requirements. Hands-on experience leading regulatory and quality operations across FDA, EU MDR, MHRA, TGA, Health Canada, PMDA, ISO 13485, and ICH GCP frameworks.

  • No critical findings across 60+ completed regulatory and Sponsor/CRO audits
  • Led quality operations through a $13M digital therapeutics merger, harmonizing QMS processes and maintaining multi-framework compliance
  • Built SaMD validation frameworks supporting FDA pre-submissions, 510(k), and De Novo applications
  • Compressed CAPA resolution timelines by 59% and reduced audit findings by 60% through process optimization
  • Consulting engagements spanning medical device compliance, usability engineering (IEC 62366-1), data integrity risk assessments, QMSR/ISO 13485 mock audits, and QMS buildout for healthcare technology platforms
  • Combines deep regulatory expertise with AI and machine learning capabilities, including development of this platform

"Every template and assessment is built from hands-on audit experience, not generated by AI and left unreviewed. When you buy from RegulatoryIQ, you're getting the same frameworks I use in real consulting engagements."

RAC Regulatory Affairs Certification – RAPS
CMQ/OE Manager of Quality/OE – ASQ
CPHQ Healthcare Quality – NAHQ
ACRP-CP Clinical Research – ACRP
ACRP-MDP Medical Device Professional – ACRP
Lead Auditor ISO 9001, 13485, 27001
LSSBB Lean Six Sigma Black Belt
RIMS-CRMP Certified Risk Management
AiE AI Engineer – ARTiBA
GCP ML Google Cloud Prof. ML Engineer
AWS ML AWS Machine Learning, Specialty
AIGP AI Governance Professional – IAPP
Advisory Services

Regulatory Advisory Services

Need more than templates? Work directly with a certified regulatory professional on your specific compliance challenges.

Gap Assessment Review

Have your gap assessment findings reviewed by an experienced auditor. Get a prioritized remediation roadmap with risk-rated action items and realistic timelines.

Scope: 2-4 hour engagement
Ideal for: Organizations preparing for FDA, EMA, or MHRA inspections
FDA 21 CFR Part 11 · ISO 13485 · EU MDR · ICH E6(R3) · ALCOA+

QMS & Compliance Consulting

From QMSR transition planning to SaMD classification, get hands-on guidance from someone who has done it.

Scope: Project-based or retainer
Ideal for: Pharma, biotech, and medical device companies navigating regulatory transitions
QMS buildout · CSV/CSA · Vendor qualification · Design controls · CAPA · Audit prep

Mock Audit & Inspection Readiness

Know what an auditor will find before they find it. Mock audits modeled on real FDA, Notified Body, and Sponsor/CRO audit approaches.

Scope: 1-3 day engagement
Ideal for: Companies expecting inspections within the next 6 months
Track record: No critical findings across 60+ completed audits

Typical response within 1 business hour. Initial 15-minute scoping calls are complimentary.

Prefer to book directly? Schedule a Discovery Call
Free Resource

FDA 21 CFR Part 11 Quick Assessment

Not sure where your gaps are? Start with our free 10-criteria quick assessment covering the most commonly cited Part 11 deficiencies in FDA inspections. Takes 5 minutes, identifies your highest-risk areas, and shows you exactly what auditors look for.

10-question self-assessment checklist
Based on real FDA 483s & warning letters
PDF delivered to your inbox

No spam. We only send regulatory updates and product announcements.

Questions

Frequently asked questions

What format are the templates in?
Assessment checklists are in Excel (.xlsx) with structured worksheets, dropdown selections, and built-in scoring. Implementation templates (Remediation Plan, Executive Summary) are in Word (.docx) with professional formatting and regulatory reference tables.
Are these updated for the 2026 QMSR transition?
Yes. The toolkit includes a dedicated QMSR / ISO 13485:2016 Gap Assessment with 100 criteria, a transition readiness checklist, and a full 820-to-ISO 13485 clause mapping reference. All other templates also reflect the QMSR final rule effective February 2, 2026, the FDA CSA guidance (February 3, 2026), and ICH E6(R3) finalization. Every regulatory citation was verified against current published versions in February 2026.
Can I use these across multiple sites or facilities?
Yes. Templates are delivered as editable files with no DRM or usage restrictions. Use them across as many sites, projects, or audits as needed within your organization.
Who built these templates?
RegulatoryIQ templates are developed by Zach Galloway, a certified regulatory and quality professional (RAC, CMQ/OE, CPHQ, LSSBB, Lead Auditor) with 14+ years of hands-on experience across FDA, EU, and ISO compliance frameworks. Every template reflects the same methodologies used in real consulting engagements.
What if I find an error in a regulatory citation?
We stand behind our accuracy. If you identify an incorrect or superseded citation, contact us and we'll issue a corrected version within 48 hours.
Is there a refund policy?
Yes. We offer a 30-day money-back guarantee. If the toolkit doesn't meet your compliance needs, contact for a full refund.
Do you offer consulting services?
Yes. We offer gap assessment reviews, QMS and compliance consulting, and mock audit/inspection readiness engagements. Contact for a complimentary 15-minute scoping call.
In Development

AI-Powered Compliance Platform

We're building an AI-powered regulatory compliance analysis platform with document upload, automated gap detection, and continuous monitoring. Join the waitlist for early access and founding member pricing.

No spam. We'll notify you when early access opens.

Coverage

40+ regulatory frameworks

Global coverage across FDA, EMA, MHRA, TGA, Health Canada, ANVISA, PMDA, and international standards bodies.
21 CFR Part 11 FDA CSA (Feb 2026) 21 CFR Part 820 / QMSR ISO 13485:2016 EU GMP Annex 11 EU MDR 2017/745 ICH E6(R3) ICH Q9(R1) GAMP 5 2nd Edition IEC 62304 IEC 62366-1 ISO 14971 ISO 14155 ISO 9001:2015 ISO/IEC 27001 ALCOA+ EU CTR 536/2014 PIC/S PI 041-1 MHRA Data Integrity WHO TRS 996 FDA Cybersecurity (Feb 2026) IMDRF SaMD 45 CFR Part 46 NIST AI RMF EU AI Act
256-bit TLS Encryption
GDPR-Ready
Payments via Stripe
No Credit Card Data Stored
Get in Touch

Ready to streamline your compliance?

Whether you need a gap assessment, custom templates, consulting, or full-platform access, we can help scope the right approach for your organization.