qmsWrapper is a medical-device eQMS built specifically for SMEs facing increasing regulatory complexity under MDR, FDA QMSR, EUDAMED, cybersecurity, and AI governance requirements.
Unlike traditional document-centric eQMS systems, qmsWrapper uses a log-driven, event-to-evidence architecture that connects quality events, CAPA, risk, technical documentation, training, vigilance, and AI governance into a unified operational compliance system.
The result is an eQMS that not only stores documents, but helps SMEs understand, organize, execute, and maintain regulatory operations with clarity and confidence.
Audience:
QMS Manager, RA Lead, PRRC, SME executive sponsor, Notified Body liaison, FDA submission lead.
Date: 2026-05-14.
0. Background — the regulatory landscape
A medical-device manufacturer cannot sell a product in the EU, US, or UK without proving that an enforceable Quality Management System (QMS) governs every step from design through post-market surveillance. The QMS itself is audited; the device is then separately assessed. For an SME shipping into all three markets, four regulators matter:
- European Notified Body (NB) under EU MDR 2017/745. The NB performs the conformity assessment (Annex IX, X, or XI route depending on device class) before the manufacturer can apply the CE mark. The NB returns annually for surveillance audits and can arrive unannounced (MDR Annex IX §3.4). NB certificates are valid 5 years maximum and must be renewed via a fresh audit.
- US Food and Drug Administration (FDA). The FDA clears or approves devices via three pathways — 510(k) (substantial equivalence, low-to-moderate risk), De Novo (novel low-to-moderate risk), and PMA (Premarket Approval, high-risk Class III). On top of any pathway the FDA inspects the manufacturer’s QMS under the QMSR (21 CFR 820 as amended, effective 2 February 2026) incorporating ISO 13485:2016 by reference.
- MDSAP audit organisations (Medical Device Single Audit Program). A single MDSAP audit covers regulator requirements for the US, Canada, Australia (TGA), Brazil (ANVISA), and Japan (PMDA).
- UK MHRA (Medicines and Healthcare products Regulatory Agency) post-Brexit. The UK runs its own UKCA mark and a separate device registry under UK MDR 2002 (as amended by SI 2019/791 and SI 2023/627). Non-UK manufacturers must appoint a UK Responsible Person (UKRP) distinct from any EU AR.
Four 2026 deadlines drive urgency: (1) FDA QMSR replaces 21 CFR 820 on 2 February 2026; (2) EUDAMED Actors / UDI / NB-Certificate / Market-Surveillance modules become mandatory 28 May 2026; (3) EUDAMED Vigilance and Clinical-Investigation modules become mandatory Q3 2026; (4) EU AI Act (Regulation 2024/1689) high-risk obligations take effect on 2 August 2026, with full applicability 2 August 2027.
A regulatory pathway, in plain English, is the ordered sequence of submissions, audits, certificates, and post-market obligations a device passes through: design controls → technical-file compilation → conformity-assessment audit → certificate / clearance → market placement → post-market surveillance → periodic safety-update reports → surveillance audits → recertification.
Regulatory pathways supported (callout)
CE marking under MDR 2017/745 via Notified Body conformity assessment (Annex IX product-QMS-and-TF, Annex X type-examination, Annex XI production-QA — Art. 52); FDA 510(k) / De Novo / PMA (21 CFR 807, 21 CFR 812) on top of the FDA QMSR (21 CFR 820 effective 2 Feb 2026, incorporating ISO 13485:2016); MDSAP single-audit (US/Canada/Australia/Brazil/Japan); ISO 13485:2016 surveillance + 3-year recertification; EU AI Act (Reg. 2024/1689) conformity assessment for high-risk AI medical devices (high-risk obligations 2 Aug 2026); UKCA marking + MHRA device registration under UK MDR 2002 (as amended by SI 2019/791 and SI 2023/627); EUDAMED six-module compliance (Actor/UDI/Cert mandatory 28 May 2026, Vigilance/MS/CI Q3 2026); ISO 27001:2022 ISMS certification + SOC-2 Type-2 attestation; FDA Cybersecurity in Medical Devices (final guidance Sept 2023) + MDR Annex I §17 + MDCG 2019-16 + IEC 81001-5-1 + IEC 62304.
Out of scope: ANVISA except via MDSAP, TGA except via MDSAP, PMDA Japan except via MDSAP, Health Canada CMDR except via MDSAP, Swissmedic, China NMPA, Russia Roszdravnadzor, India CDSCO, Korea MFDS.
What Wrapper Is
Wrapper is the end-to-end electronic Quality Management System for medical-device SMEs. It carries a device from first design sketch through CE certificate, FDA clearance, EUDAMED registration, post-market vigilance, supplier oversight, AI conformity, and cybersecurity certification — under one architecture, with one audit trail, with one user model.
Where other eQMS products require an SME to stitch together a document-management vendor, a CAPA vendor, a training vendor, an audit-readiness consultant, and a separate AI-governance solution, Wrapper produces one signed log per regulated artefact, lifecycle-controlled, AI-augmented, and inspector-ready. Every screen the user opens is the same screen the regulator will open during an audit.
This document covers twenty-two modules across four layers (Foundation, Design-Cycle, Post-Market, Governance) plus four cross-cutting capabilities. Each module section answers six questions: what it is, what regulatory pathway it supports, what the user sees, which regulation applies to which feature, which concrete regulatory problem each feature solves, which conformity-assessment milestone each feature unlocks. Every claim is anchored to a specific article, clause, or section number.
