Top management at MedTech companies must ensure a culture of quality is systemically embedded within their organization, the US Food and Drug Administration’s (FDA) new Quality Management System Regulation (QMSR) makes clear.
In fact, the preamble of the QMSR – the FDA’s elaboration on the regulation published along with the final rule in 2024 – explains that a company’s embrace of a quality culture is key to “ensuring the manufacture of safe and effective medical devices.”
The FDA gives more details on this in its recently updated Compliance Program Manual (CPM) for the Inspection of Medical Device Manufacturers (CPM7382.850), which carries an implementation date of Feb. 2, 2026. The CPM tells agency investigators that a “culture of quality meets regulatory requirements through a set of behaviors, attitudes, activities, and processes.” What’s not clear at this early point in the QMSR’s implementation is the type of objective evidence investigators will expect to see from a company to demonstrate that it has a quality culture and how perceived cultural inadequacies will be cited on FDA-483 inspectional observation forms.
Manufacturers must be prepared to answer difficult questions from investigators about how the company has implemented a quality culture and provide evidence in support, which means going beyond anemic responses that merely point to a quality policy or a procedure for quality planning.
Below, Rebecca Fuller, QualityHub’s VP of Regulatory Compliance, outlines six red flags that signal a MedTech company isn’t truly committed to building and sustaining a culture of quality – and shares best practices for turning things around.
🚩 Red Flag No. 1: Employees are unhappy and have a perception that they aren’t valued.
QHub’s Rebecca Fuller Says: Manufacturers with a good culture of quality have happier employees and less employee turnover because they feel like their comments and concerns as they relate to quality are being recognized and there is attention being paid. People who work in Quality Assurance should feel like they have value and they’re not just overhead. That feeling of value means you’re a happier employee and you’re going to stick around longer.
Turnover costs a company a lot of money in retraining people and they lose tribal knowledge that is difficult to get back. People leave companies because they don’t feel heard when they’re raising a quality issue or concern, or they feel like the company is not doing the right thing and they don’t want to be liable for it. They may even perceive the lack of concern for quality to contrast with their own ethical and moral character.
“There’s going to be some real learning that we’ll all have to do as the FDA’s expectations for a culture of quality are more fully realized.” – Rebecca Fuller
Symptoms that flag an investigator to culture issues might include organizational charts that show a abundance of open positions, higher-than-expected turnover in the area of quality management, CAPAs [corrective and preventive actions] that have had repeated turnover in ownership due to attrition, and even employees making direct statements to the investigator regarding their lack of authority and slow response to concerns they have escalated to higher levels of management.
Ultimately, if you’re taking a quality culture seriously, you’re fixing products; you’re putting resources where they need to be put in a timely manner to remediate an issue as soon as possible. Employees feel empowered and heard. And when that happens, customers are benefit from fewer product problems, and ultimately, fewer injuries and deaths reported.
Best Practice: Invest more in employees. Provide evidence that those in quality management positions have independence for decision-making, both on organizational charts and in records that document timely attention to issues raised by employees through management reviews and ad-hoc escalation of product risks through the CAPA system. Organizational charts need to demonstrate that quality positions are quantitatively sufficient to sustain the quality system. Quality and Compliance leadership roles need to be at equivalent levels to those in Finance, Operations, and Product Development.
🚩 Red Flag No. 2: Continuous training is not offered to employees and there is no investment in workers.
QHub’s Rebecca Fuller Says: Every company will say, “Oh, yes, we have a culture of quality. We have a quality policy. And here’s our quality manual, which everyone has read and understands.” But it’s not tangible when you just talk about culture in a general sense. So, how does one define “quality culture”? This is a bit of a challenge, and the real issue is, how are you going to demonstrate to the FDA that you have successfully implemented and are sustaining a quality culture? There’s going to be some real learning that we’ll all have to do as the FDA’s expectations for a culture of quality are more fully realized.
One area to consider is training. Can you demonstrate that there are training plans for different groups of people to ensure they’re getting continuous training, that the company is investing in their professional development, and advancing their skills in ways that can advance quality and compliance? I don’t mean basic training on SOPs [standard operating procedures]. I’m talking about ensuring that budgets and personnel development plans include educational opportunities afforded through participation in industry conferences and symposiums and in leadership training. Not just for high-level managers, but also for people who will eventually be in leadership roles. This would include providing employees who are in technical roles or engineering roles with training in subjects outside of their direct area of responsibility, such as Regulatory Affairs, Quality Assurance, risk management, technical writing, responsible use of AI, et cetera.
Best Practice: Have proactive programs for employee education and training that provide opportunity for professional development. Be able to provide evidence of training and professional advancement plans for employees in supervisory and management positions across all functional areas. Consider opportunities for cross-training so personnel in operations and engineering roles develop a better understanding of regulatory, quality, and compliance. Further worker education by sending them to industry conferences where relevant topics around regulatory, quality, and engineering for medical devices are being discussed. This investment in employees is an investment in the business and one way to demonstrate a quality mindset on a cultural level.
🚩 Red Flag No. 3: Failing to periodically audit your company’s audit program.
QHub’s Rebecca Fuller Says: Internal auditors repeatedly see the same systems and same processes, and interview the same personnel. They’re intimately familiar with company operations and may have relationships with the people they’re auditing, After a while they’re not going to be as effective as they could be at recognizing problems that may have become, over time, the most acceptable way to do things.
Over time, an unintentional bias can develop. They’re not seeing things from the viewpoint of an external auditor who is routinely exposed to many different quality systems and sees a variety of ways to implement requirements. As someone with more than 30 years of auditing experience, it’s surprising how seldomly I am asked to audit the audit process and outputs of that process. This is usually the last area discussed in a routine QMS [Quality Management System] audit; much of that time is spent confirming audit schedules have been met.
Best Practice: Companies with an internal audit program should set aside resources to occasionally have a third party come in and take a fresh look at quality systems, production practices, and various procedures and policies. Consider when and how the audit program itself should be audited. Be able to demonstrate that audit schedules include periodic external reviews and dedicated time for the audit process itself. Dedicating an external audit to the internal audit process can help detect areas where auditor outputs are not as effective as they could be.
An independent, third-party audit will help identify nonconformances that may not have been identified in historical internal audits. Routinely scheduling an independent audit provides a valuable opportunity to have discussions about what is standard practice across industry or what puts the “current” in Current Good Manufacturing Practices, or cGMPs. While auditors can’t provide direct recommendations during the audit process, their line of questioning provides great insight into current expectations and audit trends.
🚩 Red Flag No. 4: Established compensation plans award employees based on no product recalls, limited adverse event reports, or no audit findings.
QHub’s Rebecca Fuller Says: An absolute red flag that a company doesn’t understand quality is when staff are bonused – monetarily compensated – for few recalls or not having recalls, not having MDRs [Medical Device Reports], and not having audit findings or FDA inspectional findings. This creates an environment that makes communication of quality problems punitive. It puts employees in a difficult situation when they know that escalating quality or safety concerns will likely impact their earnings.
If management is offering these incentives, it’s a key sign that they don’t understand and value quality. Identifying product defects that require a recall, prompt submission of MDRs, and internal audit findings showing areas that need improvement are examples of your system working.
Best Practice: Set up programs that reward identification of quality issues and their effective mitigation. Establish a means for employees to communicate quality and compliance concerns and allow this communication to be anonymous if the employee chooses.
Invest more in your employees by creating space to give them a voice, hear their questions, suggestions, and concerns, and take visible action – or explain inaction – to address those. Employees who feel heard and see their suggestions acted on will be more satisfied and feel valued.
Have a cross-functional group of people participate in the evaluation of reported quality and compliance concerns and make it clear that the issues are being taken seriously by opening CAPAs, for example, to resolve such issues. Further, it might be helpful to provide a financial incentive to employees who take the lead in resolving a potential problem or championing a quality goal, especially when these individuals are outside of the QA function. Make achievement around quality improvements public, with demonstrated appreciation by top executives.
If your organization is bonusing based on not having recalls or MDRs, or zero audit findings, or no major audit findings, immediately consider removing those incentives from annual objectives for personnel in favor of challenges that move the business forward through improvement of systems, processes, data analysis, and personal skills.
🚩 Red Flag No. 5: Lack of annual business objectives that raise the bar by improving an existing process, even if it is not clearly “broken.”
QHub’s Rebecca Fuller Says: ISO 13485 expects that manufactures demonstrate efforts toward continuous improvement. The CAPA system can show that problems are mitigated and therefore “improved,” but efforts need to go beyond the CAPA program.
Best Practice: Be able to provide at least one significant annual objective that focuses on improving processes, systems, QMS software tools, analytical methodologies, products, and/or the customer experience beyond fixing a recognized quality or compliance problem. This can help demonstrate quality culture through continuous improvement. It’s important to provide objective evidence of progress on achieving the objective and progress should be discussed during management review. (Related Story: “Successful MedTechs Use Management Controls to Oversee Quality Systems, Avoid FDA Risk. Here’s How Yours Can, Too,” QualityHub, Dec. 4, 2025.)
🚩 Red Flag No. 6: Systemic risk management activities don’t occur.
QHub’s Rebecca Fuller Says: The ISO 13485 standard and the preamble to the FDA’s QMSR emphasize the need to apply risk management principles within all areas of the Quality Management System. During inspections and audits a company will need to show examples of how risk-based thinking is used in decision-making and how risk information is fed back into risk management files. Failure to fully understand how to use risk to drive decisions and accurately and consistently connect risk information to and from the risk management file will be an indication that that company does not fully support a culture seated in quality.
Best Practice: Consider, as an exercise, developing a matrix that shows every point across the QMS, by subsystem, where risk information is collected, evaluated, or used to drive a decision point. Are there some subsystems where risk is not assessed or risk management used? It may be helpful to proceduralize this information or include it in the quality manual as a quick reference for responding to inspection and audit questions regarding system-wide deployment of risk-based thinking.
Correlate this emphasis on risk-based thinking to the initiatives to sustain a culture that values continuous monitoring and mitigating risk as means of ensuring product quality at all levels. A company should be able to say, “Here are the points across our quality system where risk is identified, the risk is used in decision-making, and/or the risk is escalated back to the risk management system for potential updates and necessary changes.” You must know where those points are.
