How to Conduct a QMSR Gap Analysis (Free Template Included)
How to Conduct a QMSR Gap Analysis (Free Template Included)
A gap analysis is the first real step in QMSR transition—and possibly the most important. This guide walks you through a systematic approach with a free downloadable Excel template you can use immediately.
Free QMSR Gap Analysis Template
Complete Excel workbook with everything you need to assess your QMS against ISO 13485:2016 and QMSR requirements.
🚫 Why Most Gap Analyses Fail
Before diving into methodology, let's address why many gap analyses don't deliver value:
Problem 1: Documentation Review Only
Reviewing procedures against requirements tells you what your documents say—not what actually happens. A procedure can be perfectly aligned to ISO 13485 while the actual process completely ignores it.
✓ Solution
Include process verification. Interview process owners, observe activities, review recent records. Compare what's documented to what's done.
Problem 2: Checkbox Mentality
Going through ISO 13485 clause by clause marking "compliant" or "non-compliant" produces a list, not insight. It doesn't tell you what to do or in what order.
✓ Solution
Document specific gaps with evidence, not just compliance status. Assess risk level and prioritize accordingly.
Problem 3: Wrong Benchmarks
Some companies assess against their own procedures rather than actual regulatory requirements. Your procedure might be followed perfectly—and still not meet QMSR requirements.
✓ Solution
Use ISO 13485:2016 plus FDA-specific QMSR requirements (820.35, 820.45) as your benchmark, not your existing procedures.
Problem 4: No Ownership
Gap analyses that produce findings without assigning responsibility become shelf documents. Nobody owns the findings, so nobody closes them.
✓ Solution
Assign every gap to a specific owner with a specific target closure date. Track progress.
🔄 The Three-Phase Gap Analysis Methodology
Activities:
1. Inventory your QMS documentation:
- Quality Manual
- All SOPs and work instructions
- Forms and templates
- Design control procedures
- CAPA procedures and records
- Complaint handling procedures
- Management review procedures
- Internal audit procedures
- Training procedures and records
- Supplier qualification records
2. Map documentation to ISO 13485 clauses:
- Which document(s) address each requirement?
- Does the documented process meet the requirement?
- Are there requirements with no corresponding documentation?
3. Identify documentation gaps — Common ones include:
- No customer communication procedure (7.2.3)
- No customer feedback system procedure (8.2.1)
- Combined CAPA without clear CA/PA separation (8.5.2, 8.5.3)
- No QMS software validation documentation (820.35)
- Missing process interaction documentation (4.1)
Output: Documentation gap list with clause references.
Activities:
1. Interview process owners:
- How does this process actually work day-to-day?
- What triggers the process? What are the outputs?
- Where do you struggle with compliance?
- What would you change if you could?
2. Observe processes in action:
- Are procedures followed as written?
- Do forms capture required information?
- Are records being created as required?
3. Review recent records:
- Do records demonstrate procedure execution?
- Are all required fields completed?
- Is follow-up documented to closure?
4. Identify disconnects:
- Documented but not done — procedures that aren't followed
- Done but not documented — processes without procedures
- Done differently — procedure drift
Output: Process gap list with specific findings and evidence.
Risk Assessment Criteria:
For each gap, assess:
1. Regulatory Severity (What would FDA do?)
- Critical: Warning letter potential, product safety impact
- Major: 483 observation likely, requires corrective action
- Minor: Observation possible, limited consequence
2. Probability of Detection (How likely to find?)
- High: Obvious in routine inspection, common focus area
- Medium: May be found during detailed review
- Low: Unlikely unless triggered
3. Operational Impact (How does this affect quality?)
- High: Directly affects product quality or safety
- Medium: Affects efficiency or consistency
- Low: Administrative or documentation concern
| Priority | Criteria | Action Timeline |
|---|---|---|
| Critical | High severity + High detection probability | Immediate (within 2 weeks) |
| High | Major severity OR safety impact | Within 30 days |
| Medium | Moderate severity, no safety impact | Within 60 days |
| Low | Minor severity, limited impact | Before deadline |
Output: Prioritized gap register with ownership and target dates.
📋 Clause-by-Clause Assessment Approach
When reviewing against ISO 13485:2016, focus on these high-priority areas:
Clause 4: Quality Management System
- QMS scope documented?
- Process interactions documented?
- Outsourced processes identified and controlled?
- QMS software inventory exists? (820.35)
- Validation documentation for each QMS system?
Clause 5: Management Responsibility
- Quality policy documented and communicated?
- Quality objectives established and measurable?
- Management reviews conducted per schedule?
- All required inputs addressed?
- Records inspection-ready?
Clause 7: Product Realization
- Customer communication procedure documented? ⚠️
- Design controls implemented per procedure?
- Risk management integrated throughout design?
- Supplier evaluation risk-based?
- Supplier audit records inspection-ready?
Clause 8: Measurement, Analysis and Improvement
- Feedback system documented? ⚠️
- Internal audit findings tracked to closure?
- Audit records inspection-ready?
- Separate corrective action procedure? ⚠️
- Separate preventive action procedure? ⚠️
⚠️ The Five Most Common QMSR Gaps
Based on assessments across multiple medical device companies, these gaps appear most frequently:
Gap 1: Combined CAPA Procedure
🔧 How to Close It:
- Create separate procedures OR clearly separate sections
- Define different triggers (CA: actual problems; PA: potential problems)
- Establish different evidence requirements
- Train personnel on the distinction
Gap 2: No Customer Communication Procedure
🔧 How to Close It:
- Document how customer inquiries are handled
- Document order and contract processing
- Define responsibility for customer communication
Gap 3: No Customer Feedback System
🔧 How to Close It:
- Document feedback collection mechanisms
- Define how feedback is analyzed and trended
- Link feedback to management review and preventive action
Gap 4: QMS Software Not Validated
🔧 How to Close It:
- Inventory all QMS software
- Create validation documentation for each system
- Establish revalidation criteria for changes
Gap 5: Records Not Inspection-Ready
🔧 How to Close It:
- Review records for completeness and professionalism
- Ensure follow-up on actions is documented
- Update procedures if records are inadequate
📊 Free Template: What's Included
QMSR Gap Analysis Excel Template
Our comprehensive workbook includes everything you need:
📑 Worksheet 1: ISO 13485 Checklist
- Every ISO 13485:2016 clause
- Compliance status dropdown
- Evidence location field
- Gap description field
📋 Worksheet 2: Gap Register
- Gap ID and description
- Severity and priority rating
- Responsible owner
- Target closure date
✅ Worksheet 3: Action Tracker
- Action items from gaps
- Owner and due date
- Status tracking
- Completion documentation
⚖️ Worksheet 4: Risk Matrix
- Severity criteria
- Probability criteria
- Prioritization matrix
📈 Worksheet 5: Dashboard
- Compliance by clause
- Gap count by priority
- Progress tracking
Download the Free Template
Start your QMSR gap analysis today with our comprehensive Excel workbook.
Download Free Template →Need Help With Your QMSR Gap Analysis?
QMS.Coach provides expert-led QMSR gap analysis services. We identify your specific compliance gaps, prioritize them by risk, and create a practical implementation roadmap—backed by 41+ years of medical device quality experience.
Book a Free 15-Minute Consultation →