Quality Services
Most quality systems have gaps — procedures that don't reflect current practice, documentation that doesn't satisfy regulatory requirements, and processes that look compliant on paper but won't hold up under inspection. A gap assessment finds them before FDA does.
Assess Your QMSAssessment Methodology
A QMS gap assessment is not a document review exercise. Reviewing procedures against the regulatory requirements is only the first layer. The second layer — and the one that matters for FDA inspection readiness — is evaluating whether the documented procedures are actually implemented in practice. A procedure that describes a 5-Why root cause analysis process that no one on the quality team knows how to conduct is a gap. A CAPA system that requires effectiveness verification but has 30 open CAPAs with no effectiveness check on record is a gap. The distinction between documented compliance and implemented compliance is exactly what FDA investigators probe when they arrive at your facility.
Our gap assessments combine document review with staff interviews and records sampling. The document review identifies missing or deficient procedures. The staff interviews reveal whether the procedures are understood and followed. The records sampling — pulling a representative sample of CAPAs, complaints, nonconforming products, and change controls — tests whether the process produces compliant records. The combination of these three methods produces an assessment that reflects the real state of the QMS, not just the paper state.
The scope of a gap assessment is defined by the regulatory frameworks the company must satisfy. For US-only manufacturers, the assessment scope is 21 CFR Part 820 and the QSIT major subsystems: management controls, design controls, CAPA, and production and process controls. For companies with ISO 13485 certification or pursuing certification, the assessment also covers the ISO 13485:2016 requirements, which have additional requirements beyond 21 CFR 820 in areas including risk management integration, software validation, and customer-related processes.
For companies selling into the EU under MDR 2017/745, the gap assessment may also assess the technical documentation and QMS requirements under Annex IX, X, and XI of the regulation. EU MDR has stricter requirements than 21 CFR 820 in several areas, particularly post-market surveillance, clinical evaluation, and QMS documentation depth. Companies maintaining both FDA clearance and CE marking must satisfy both frameworks — and gap assessments for these companies address both in parallel.
The output of a gap assessment is a document that is useful for action, not just for awareness. We structure gap reports with each finding categorized by regulatory framework requirement, severity (critical, major, minor), and remediation complexity. Critical findings — those that would likely generate a 483 observation or a notified body nonconformity — are addressed first in the remediation roadmap. The roadmap includes specific remediation actions, responsible parties, and a timeline that accounts for the company's resource constraints and any upcoming inspection or audit dates.
Get Started
An FDA 483 is a list of gaps in your quality system. A gap assessment is the same list, found before the investigator arrives, with time to fix what needs to be fixed.