PMS Inspection Preparation and Gap Analysis: What Regulators Actually Look For (2026)

PMS Inspection Preparation: What Regulators Actually Look For

Whether it is an FDA QSIT inspection, EU Notified Body audit, MDSAP audit, or Health Canada inspection, the questions regulators ask about your post-market surveillance system follow predictable patterns. RA and QA professionals who understand these patterns can prepare systematically — and identify gaps before inspectors do.

This guide provides the complete inspection preparation checklist, the gap analysis methodology, and the most common findings so you can assess your own readiness today.

What Inspectors Look For: The Universal PMS Questions

Regardless of jurisdiction, PMS inspections follow a consistent logic. Inspectors want evidence that you:

1. Collect — Have systematic processes to gather PMS data from all required sources (internal and external)
2. Analyze — Evaluate data using defined methods, including trend analysis and statistical methods
3. Act — Take appropriate actions based on analysis (report, investigate, correct, prevent)
4. Document — Record everything — especially your rationale when you decided NOT to act
5. Close the loop — Feed PMS findings back into risk management, clinical evaluation, and design

Jurisdiction-Specific Focus Areas

The Complete PMS Inspection Preparation Checklist

Use this checklist to prepare for any PMS-related regulatory inspection or audit:

A. Procedures and Plans

• ☐ PMS Plan (device-specific, per EU MDR Article 84) or equivalent PMS procedure
• ☐ Complaint handling procedure with MDR/reportability decision tree
• ☐ Adverse event reporting procedure — timelines per each jurisdiction
• ☐ CAPA procedure with clear triggers, investigation methodology, effectiveness verification
• ☐ Recall/field safety corrective action procedure
• ☐ Trend analysis procedure with statistical methods defined
• ☐ External PMS monitoring procedure — databases, literature, frequency
• ☐ PMCF plan (EU MDR) with defined clinical questions and methods
• ☐ Risk management procedure (ISO 14971) with PMS input defined
• ☐ Management review procedure including PMS data as required input

B. Records and Evidence

• ☐ Complaint register — complete, current, searchable
• ☐ Complaint investigation files — with documented root cause and rationale
• ☐ MDR/adverse event decision logs — showing evaluation of EVERY complaint for reportability
• ☐ Filed adverse event reports — copies of all submitted reports with acknowledgments
• ☐ Trend analysis reports — monthly or quarterly with identified trends and actions
• ☐ CAPA records — open and closed, with effectiveness verification evidence
• ☐ External PMS monitoring records — database search logs, literature review results
• ☐ PSUR or PMS Report — current and meeting submission schedule
• ☐ PMCF report — current with data analysis and conclusions
• ☐ Management review minutes — showing PMS data presentation and decisions
• ☐ Risk management file — with post-market risk data integrated
• ☐ Clinical evaluation report — updated with PMS and PMCF findings
• ☐ Training records — for all PMS-related personnel

C. System Capability

• ☐ Can retrieve all complaints for a specific device model within minutes
• ☐ Can demonstrate complaint trending by code, severity, and time period
• ☐ Can show the decision trail from complaint → reportability assessment → report (or documented non-report)
• ☐ Can show CAPA linkage from PMS finding → investigation → corrective action → effectiveness
• ☐ Can show PMS data flowing into risk management file updates
• ☐ Can show external monitoring results and evaluation of similar-device events
• ☐ Can produce distribution records for recall execution

PMS Gap Analysis Methodology

A systematic gap analysis evaluates your PMS system against regulatory requirements in every jurisdiction where you market your device. Here is the methodology:

Step 1: Map Your Jurisdictions

List every country/region where your device is marketed and the applicable PMS regulations for each.

Step 2: Create a Requirements Matrix

Build a matrix with regulatory requirements on one axis and your current system capabilities on the other:

Step 3: Classify Gaps

• Critical Gap: No process exists where regulation requires one (e.g., no adverse event reporting procedure for a market where you sell devices). These need immediate remediation.
• Major Gap: Process exists but does not meet specific regulatory requirements (e.g., complaint handling procedure does not include EU MDR 2-day reporting timeline). These need remediation within 90 days.
• Minor Gap: Process meets requirements but lacks documentation or evidence (e.g., trending is done but not documented per procedure). These need remediation within 180 days.
• Observation: Process is adequate but could be improved for efficiency or robustness.

Step 4: Prioritize by Risk

Prioritize gap remediation based on: (1) patient safety impact, (2) regulatory risk (upcoming inspections, history of findings), (3) effort to remediate, (4) number of jurisdictions affected.

Step 5: Build a Remediation Plan

For each gap, define: specific action, responsible person, target date, verification method.

PMS Maturity Model: Where Is Your Organization?

Most companies are at Level 1-2. Regulatory expectations (especially EU MDR) demand at least Level 3. Organizations using regulatory intelligence platforms like TrueMedDevice for automated external monitoring are at Level 3 and building toward Level 4.

Top 10 PMS-Related Audit Findings Globally

1. Inadequate complaint investigation — complaints closed without root cause analysis or with superficial investigation
2. Missing reportability determination — complaint evaluated but no documented decision on whether event is reportable
3. No trend analysis methodology — trend "analysis" consists of counting complaints without statistical methods or thresholds
4. PMS not connected to risk management — PMS data collected but not used to update ISO 14971 risk files
5. Inadequate CAPA effectiveness verification — CAPA closed without evidence that the corrective action actually prevented recurrence
6. No external PMS monitoring — relying only on internal complaints without monitoring regulatory databases or literature
7. PSUR/PMS report not current — overdue or containing outdated data
8. PMCF plan inadequate — generic plan without device-specific clinical questions or defined endpoints
9. Management review lacks PMS input — management review minutes do not show PMS data presentation or resulting decisions
10. Training gaps — PMS personnel lack documented training on reporting timelines, decision criteria, or procedure changes

Conducting a Pre-Inspection Mock Audit

Before any scheduled audit or inspection, conduct an internal mock audit focused on PMS:

1. Pull 10-15 random complaint files — verify investigation completeness, reportability determination, and timeline compliance
2. Review all filed adverse event reports — verify they match complaint records and were filed within required timelines
3. Request the current PSUR/PMS report — is it up-to-date? Does it reflect actual PMS data?
4. Ask for trend analysis output — can the team produce trending data on demand?
5. Trace one CAPA from origin to effectiveness verification — follow the complete thread
6. Ask for evidence of external PMS monitoring — show the search logs, evaluation records
7. Check management review minutes — find where PMS data was discussed and what decisions resulted
8. Verify risk management file dates — has it been updated with PMS data in the last year?