Quick Answer
FDA review teams generally need clear, relevant, submission-ready evidence that supports the regulatory question being reviewed. That evidence may come from controlled quality records, but teams should avoid submitting raw QMS record dumps unless specifically appropriate or requested. The goal is traceable, approved, and focused evidence.
Key Takeaways
- Quality records are source evidence, not automatically submission content.
- Reviewers need evidence organized around safety, effectiveness, quality, performance, manufacturing, labeling, and regulatory requirements.
- Submission teams should use approved records and controlled summaries.
- The best QMS data is structured so it can be traced to products, markets, applications, and submission sections.
- Assyro helps teams prepare quality evidence for regulatory use.
- Quality records are essential to regulated product development and manufacturing. They may support drug, biologic, and device submissions, but they must be used carefully.
- The regulatory submission should answer the review question. It should not expose unnecessary internal material, irrelevant details, or uncontrolled drafts.
- The better operating model is to treat QMS records as controlled source evidence. The submission team should use the approved record to support a precise regulatory statement, then preserve traceability so the company can explain later where that evidence came from and what changed after filing.
- That distinction matters. A quality record is created to document a regulated process. A submission artifact is created to answer an agency review question. Sometimes the same document can be attached directly. Often, the submission needs a controlled summary, table, protocol, report excerpt, or response narrative that traces back to the underlying record without dumping the entire internal file.
What Review Teams Need
FDA review teams need information that supports the applicable statutory, regulatory, and scientific review standard for the submission type.
Depending on product and submission type, this may include:
- Product description and intended use
- Manufacturing process and control strategy
- Specifications and analytical methods
- Validation data
- Stability data
- Design verification and validation
- Risk analysis
- Software documentation
- Biocompatibility, sterilization, packaging, and shelf-life evidence
- Labeling
- Corrective action or change rationale when relevant
- Responses to agency questions
The source records behind these items often live in QMS, laboratory, manufacturing, engineering, or regulatory systems.
For drugs and biologics, quality evidence often supports CMC sections of an eCTD submission: manufacturing process descriptions, control strategy, specifications, analytical procedures, process validation, stability, facilities, comparability, and batch information. For devices, quality evidence may support design controls, risk management, performance testing, sterilization, software, labeling, manufacturing, or quality management system information. FDA's eSTAR program is especially explicit about structured device submission content, which makes source evidence discipline more important rather than less important.
The common thread is relevance. The reviewer needs enough evidence to evaluate the submission question. The company needs enough traceability to prove that the submitted evidence was controlled, approved, current for the stated purpose, and not contradicted by later quality events.
What Review Teams Usually Do Not Need
Unless relevant or requested, submissions should not include:
- Entire CAPA files with unrelated internal discussion
- Draft investigations
- Unapproved documents
- Excessive raw operational notes
- Duplicative records that do not answer a review question
- Internal commercial or strategy commentary
- Unmapped exports from QMS systems
The submission team should convert source evidence into a clear regulatory package.
This is not about hiding quality issues. It is about making the submission reviewable and accurate. If a deviation, complaint trend, CAPA, or change control is relevant, the submission should address it clearly. But a raw QMS export can include unrelated attachments, informal discussion, duplicate versions, draft text, personal data, or commercially sensitive internal strategy that does not help the review question and may create confusion.
Source Record vs. Submission Artifact
The source record and the submission artifact should have different jobs.
| Item | Primary Job | Control Expectation |
|---|---|---|
| Source QMS record | Prove what happened inside the regulated quality process | Approved, versioned, attributable, complete, retrievable |
| Controlled summary | Translate source evidence into a review-ready explanation | Approved by accountable functions and traceable to source |
| Submission attachment | Provide the exact report, table, or evidence requested or needed | Current for the submission purpose and placed in the right section |
| Response narrative | Answer an agency question using selected evidence | Consistent with source records and prior commitments |
Confusing these jobs is a common cause of late submission churn. Teams either attach too much and create a review burden, or they summarize too loosely and lose traceability back to the controlled record.
Common Quality Records Used as Evidence
| Record Type | How It May Support a Submission |
|---|---|
| Approved SOP | Shows controlled procedure or process governance |
| Specification | Supports product quality, release, or performance requirements |
| Validation report | Supports method, process, software, packaging, or sterilization claims |
| Risk assessment | Supports change rationale or device risk management |
| CAPA summary | Supports corrective action and recurrence prevention when relevant |
| Deviation impact assessment | Supports batch, process, or product quality explanation |
| Design verification report | Supports device performance evidence |
| Labeling approval record | Supports current labeling and claims control |
| Change control | Supports lifecycle change rationale and implementation timing |
The key is that the record must be approved and relevant.
Examples by Submission Context
Device eSTAR or Premarket Submission
A device submission may need evidence from design controls, risk management, verification and validation, usability, software documentation, biocompatibility, sterilization, packaging, labeling, supplier controls, or manufacturing. After the QMSR effective date of February 2, 2026, device quality-system language also needs to be understood in the context of FDA's amended 21 CFR Part 820 and its incorporation by reference of ISO 13485:2016.
For example, a design change to a device component may require the submission team to trace from change control to updated risk analysis, verification protocol, verification report, labeling assessment, supplier qualification, and regulatory impact assessment. The reviewer may not need the entire internal change package, but the submitted rationale should match the approved evidence.
Drug or Biologic eCTD Submission
A drug or biologic application may use quality records to support CMC content in Module 3, including manufacturing process descriptions, batch records, analytical method validation, specifications, stability, process validation, container closure, facility information, and control strategy. ICH Q10 frames the pharmaceutical quality system as a lifecycle model, which means quality records should support development, technology transfer, commercial manufacturing, and continual improvement.
For example, a process change may require a controlled rationale, validation evidence, comparability data, stability plan, and implementation timing. If those records are approved in quality but not mapped to the affected application sections, regulatory teams still have to reconstruct the evidence under deadline pressure.
Health Authority Response
When an agency asks a question, the team often needs a narrow evidence package quickly. That package may include an approved investigation summary, a validation report, a revised SOP, a batch-impact conclusion, a risk assessment, or a CAPA effectiveness check.
Speed matters, but so does discipline. A response package should not rely on an email explanation if the controlled record says something different. The response owner should be able to show exactly which source record supports each answer.
How to Prepare Quality Records for Submission Use
- Identify the regulatory question.
- Identify the exact source record that supports the answer.
- Confirm the record is approved and current for the submission purpose.
- Remove irrelevant internal material unless it is required or requested.
- Create a controlled summary where appropriate.
- Link the record to the submission section or response.
- Maintain traceability for future inspection and lifecycle work.
Minimum Metadata for Submission-Ready Quality Records
Quality records become much easier to reuse when the QMS captures regulatory metadata early. For high-impact records, teams should consider structured fields such as:
- Product, device family, SKU, dosage form, strength, or presentation
- Manufacturing site, testing site, supplier, or contract organization
- Market or region affected
- Application, registration, submission, or master file reference
- Affected process, specification, method, labeling, software, or design input
- Record status, approval date, effective date, and superseded date
- Related deviation, CAPA, complaint, audit, change control, validation, or risk record
- Regulatory impact assessment result and approver
- Submission section, response package, or commitment where evidence was used
These fields should be configured carefully. Not every low-risk record needs every field. The point is to make the records that matter discoverable before a filing, agency response, or inspection.
Data Integrity Checks Before Submission Use
Before a quality record becomes submission evidence, teams should run a short data integrity review:
- Is the record final and approved?
- Is the version current for the submission purpose?
- Is there a later superseding record that changes the conclusion?
- Are open deviations, CAPA, complaints, or changes relevant to the statement being made?
- Does the record contain internal-only material that should be summarized instead of attached?
- Does the submission narrative match the source record without overstating the conclusion?
- Are electronic signatures, audit trails, and record retention handled under the company's procedures?
This review is operationally small, but it prevents avoidable problems: draft evidence in a filing, mismatched version numbers, claims not supported by source data, and attachments that answer a different question than the one being reviewed.
Common Failure Modes
The Record Is Approved But Not Regulatory-Ready
A record can be complete for quality purposes but still weak for regulatory use. It may not identify affected markets, may not explain why the change does not alter a filed process, or may not include a clear product-impact statement.
The Submission Uses a Stale Copy
PDF exports are easy to email and hard to govern. If a document is exported before final approval or copied into a shared drive without version control, the submission team can use the wrong version without realizing it.
The Summary Loses the Evidence Trail
Regulatory summaries are useful, but they must trace to the controlled source. A summary that says "validation passed" should identify the approved protocol, report, acceptance criteria, deviations, and approval status that support the statement.
The Team Discovers Impact Too Late
If regulatory impact assessment happens after quality approval, the team may find that a change has already been implemented before the required filing path was confirmed. For high-impact changes, regulatory assessment belongs inside the quality workflow.
How Assyro Fits
Assyro can help teams treat quality records as controlled evidence:
- Connect source records to submission sections.
- Map quality evidence to product and market context.
- Maintain traceability from submission statements back to approved records.
- Prepare quality evidence packets for eCTD, eSTAR, and health authority responses.
Assyro helps with regulatory readiness and evidence organization by keeping source records tied to the submission questions they support.
The strongest product promise is not "upload everything." It is: find the approved evidence, understand the regulatory context, create the right evidence packet, and preserve the relationship between the submission claim and the source record.
Related Reading
Only when appropriate for the submission or requested by the agency. In many cases, a focused summary, controlled report, or specific attachment is better than a full raw QMS export.
References
This guide is general educational content and is not legal or regulatory advice.
About the author
Assyro Team
Expert regulatory operations consultants helping pharmaceutical companies navigate complex compliance challenges.
See Assyro in action
Catch eCTD and eSTAR errors before your FDA review cycle.
Book a 20-minute demo this week. We'll validate a sample of your submission live and show you exactly where Assyro catches what your current QC misses.