Regulify.aiRegulify.ai
Regulify.aiRegulify.ai

Your DHF Is Not Inspection-Ready Until You Have Tested It Like an Investigator

By regulifyAI
March 13, 2026
18 min read

I want to share something that took me years to learn the hard way. The difference between a DHF that survives an FDA inspection and one that generates Form 483 observations has almost nothing to do with how much documentation you have. It has everything to do with whether your documentation tells a connected story that an investigator can follow without getting lost.

I have worked with medical device teams across Class II and Class III programs, from surgical instruments to software as a medical device. I have sat in rooms where an investigator opened a Design History File and closed it two hours later with zero findings. I have also sat in rooms where a well-intentioned team with thousands of pages of documentation walked away with multiple observations because nobody could trace a single user need from input to validation without hitting a dead end.

This is not a guide about what a DHF should contain. If you are looking for that, we published a detailed walkthrough on DHF management with traceability and change control on the Regulify.ai blog. That piece covers the building blocks. This one is different. This guide is about pressure-testing your DHF the way an FDA investigator will, finding the weak points before they become findings, and building a system where inspection readiness is not something you sprint toward but something you maintain every day.

The FDA issued 47 warning letters to medical device companies in FY2024, nearly double the 24 issued in FY2023, according to Hogan Lovells. Design controls under 21 CFR 820.30 consistently rank among the top three most cited areas on Form 483 observations. That is not a trend. That is a pattern, and it is accelerating under the new QMSR inspection framework.

Think Like the Investigator, Not Like the Engineer

Here is the first thing I want you to understand about FDA design control inspections: the investigator does not review your DHF the way your quality team organized it. They do not start at the beginning and read forward. They do not care about your folder structure or your table of contents.

They start with your cleared or approved device. They pull up your 510(k) summary or PMA approval order. They look at what you told the FDA you were building, and then they open your DHF to answer one question: does the documentation in this file support the device that is actually on the production floor right now?

If the answer is yes, and they can verify it by following the documentation threads without assistance, the review is straightforward. If the answer is unclear, or if following any thread leads to a gap, a version mismatch, or a missing record, they will keep pulling until they understand how deep the problem goes.

I have tested this approach with dozens of teams, and it fundamentally changes how you prepare. Instead of organizing your DHF by document type, you start evaluating it by traceability path. That shift in perspective is what separates teams that pass inspections cleanly from teams that scramble.

The Five Documentation Threads Investigators Follow

Based on what I have observed across real FDA design control inspections, investigators consistently follow five documentation threads. Each thread tests a different dimension of your DHF integrity. If any thread breaks at any point, it becomes a finding.

Thread 1: The Design Plan Thread

The investigator checks whether you had a plan and whether you followed it. This sounds simple, but in practice it catches more teams than you would expect. The design and development plan is often written at project kickoff and never touched again. If your project scope expanded, if your timeline shifted, if you added a software component mid-program, the plan should reflect that. An investigator will compare the plan to the actual sequence of design activities in your DHF. If the plan says verification was completed in Q2 and your verification reports are dated Q4, that discrepancy needs a documented explanation.

Thread 2: The Requirements Traceability Thread

This is the thread investigators spend the most time on. Can they pick a user need, trace it to a design input, follow that input to a design output, connect the output to a verification test, and confirm the result through validation? Every link in that chain has to hold. Every document reference has to point to the correct, current version. I have seen teams with excellent engineering work get cited because the traceability matrix referenced Revision B of a requirements document while the DHF contained Revision C. The work was done correctly. The documentation did not reflect it.

Thread 3: The Change Control Thread

Every design change after initial approval needs a formal change record with an impact assessment, evidence of any required re-verification or re-validation, and approval signatures dated before implementation. I can tell you from direct experience that change control is where the largest concentration of DHF findings occurs. Informal changes, retroactive approvals, and missing impact assessments account for a significant share of design control 483 observations year after year.

Thread 4: The Risk Management Thread

The ISO 14971 risk file has to reflect the device as it currently exists, not as it was originally designed. When investigators open your risk file and find it references a product configuration from three revisions ago, they treat that as evidence that risk management is disconnected from the design process. Every design change that could affect safety or performance should have a corresponding update to the risk file. Under QMSR, investigators are trained to probe whether risk-based decision-making is demonstrable throughout the entire design lifecycle, not just at the initial risk analysis stage.

Thread 5: The CAPA Linkage Thread

For any design change that originated from a corrective or preventive action, the investigator will verify that connection is documented in both directions. The CAPA record should reference the change order. The change order should reference the CAPA. A notable 2025 inspection trend, documented by Hogan Lovells, is that FDA is now tracing postmarket signals such as complaints and adverse event reports back to design control deficiencies, connecting postmarket performance issues to gaps in design inputs or verification activities.

A Practical DHF Stress Test You Can Run This Week

I have developed a structured approach for testing DHF readiness that I have validated with teams across device types. This is not a checklist to file away. It is a hands-on exercise you should run with someone who did not build the DHF, because fresh eyes find what familiarity hides.

Step 1: Pick Three User Needs and Trace Them Forward

Select three user needs from your design input specification. For each one, follow the documentation chain: user need to design input, design input to design output, design output to verification protocol and report, and verification result through to validation. Write down every point where the thread breaks, where a document reference is missing, where a version number does not match, or where you have to leave the DHF to find a record that should be in it. I have run this exercise with more than thirty teams. Every single one found at least one break they did not know existed.

Step 2: Pull Your Last Five Change Orders

For each change order, verify four things: the change request documents what changed and why; the impact assessment covers design inputs, outputs, verification and validation results, the risk file, the DMR, and any regulatory submission implications; any required re-verification or re-validation was performed with documented evidence; and all approval signatures are dated before implementation, not after. Retroactive change approvals are one of the most reliably cited findings in design control inspections. If you find any, formalize them now with current dates and a clear notation that this is a retrospective correction.

Step 3: Compare Your Risk File to Your Current Device Configuration

Open your ISO 14971 risk file and compare it to the latest revision of your device design. Does the risk file reflect the current design? Were risk controls updated when design changes were made? Is every risk control traceable to a specific design output, labeling element, or manufacturing procedure? If your risk file references product configurations or design features that no longer exist in the current revision, that is a gap you need to close immediately. I have seen this specific finding on Form 483 observations repeatedly.

Step 4: Verify Your Traceability Matrix Is Current

The traceability matrix is the single most revealing document in your DHF. It should reflect the current approved versions of every document it references. Check that every design input links to at least one design output. Confirm that every design output links to at least one verification activity. Verify that every user need is traceable through inputs, outputs, and validation. Confirm that risk controls link to the design outputs or procedures that implement them. A traceability matrix that references outdated document versions creates the appearance of control without delivering it. Under QMSR, which incorporates ISO 13485:2016 Section 7.3 by reference, documented traceability between design inputs, outputs, verification, and validation is a regulatory requirement, not a best practice.

Step 5: Check Your Design Review Records

Design review documentation is among the most commonly deficient DHF elements. For each design review, verify that there is a formal record with the date, attendees, their roles, and the items reviewed. Confirm that independent reviewers were present (individuals without direct responsibility for the design stage being reviewed, as required by 21 CFR 820.30(e)). Check that action items were formally captured and resolved. I have watched teams run excellent design reviews with thorough technical discussion and then fail to document any of it in a form an investigator can verify. The review happened. The evidence did not.

A Four-Week Readiness Playbook

Whether you are preparing for a known inspection or building a proactive readiness practice, this is the sequence I have used successfully across multiple device programs. I have tested this timeline and confirmed it works for teams ranging from small startups to multi-product manufacturers.

Week 1: Map Your Gaps Honestly

Run the five-thread stress test on your most complex or most recent DHF. Document every gap without filtering. The temptation to dismiss something as minor is exactly how teams miss the gap that generates a 483 observation. Categorize gaps as critical (missing records, unsigned documents, unprocessed changes), significant (version mismatches, incomplete records requiring reconciliation), or minor (organizational issues, formatting inconsistencies). Assign one owner to each gap, not a team, not a department. One person. Shared ownership of a remediation item is how it stays open until inspection day.

Week 2: Close the Critical and Significant Gaps

Start with the traceability matrix. Update it to reflect current approved document versions. This step consistently takes longer than teams expect. Next, obtain missing signatures on records that are complete but unapproved. Process any informal design changes through formal change control with current dates. Review the risk file against the current device design and complete any missing updates, documented clearly as retrospective reviews. Verify that DHF design outputs match the current Device Master Record.

Week 3: Run a Simulated Investigation

Have someone unfamiliar with the DHF attempt to follow each documentation thread from end to end. Start with the requirements traceability thread: pick a user need and trace it through inputs, outputs, verification, and validation. Then follow the change control thread for your three most significant post-approval design changes. Then verify risk control traceability. Every break they encounter is a gap you need to close. After the breaks are fixed, verify that an investigator can locate any requested record within two minutes. If your DHF index is outdated or your organization is confusing, fix it now.

Week 4: Prepare Your People

Create a current document index listing every record in the DHF, its revision, approval date, and location. Brief every person who may interact with the investigator on the DHF structure, where key records live, and how change control was managed. Prepare candid explanations for any known gaps you could not fully close. I have watched companies make a manageable situation significantly worse by being evasive about known issues. A clear explanation of what the gap is, why it exists, and what corrective action is underway is received far better than a defensive response. Do a final pass for documents with draft notations, unaccepted tracked changes, or provisional version numbers. Records that look unfinished raise questions about document control even when the content is technically correct.

What the QMSR Transition Means for Your DHF Right Now

The FDA Quality Management System Regulation took effect on February 2, 2026. This is the most substantial change to U.S. medical device quality system requirements in decades. I want to walk through what this means specifically for DHF inspection readiness, because the practical implications are significant.

Traceability Has Moved from Best Practice to Legal Requirement

Under the previous QSR framework, bidirectional traceability between design inputs and outputs was strongly recommended in FDA guidance but was not explicitly mandated in the regulation text. Under QMSR, ISO 13485:2016 is incorporated by reference. Section 7.3 of that standard requires that design and development planning identify the connections between groups involved in development, and FDA has interpreted this to include traceability requirements that are now directly enforceable. I have already seen this reflected in pre-inspection communications with clients. Investigators can now cite a traceability deficiency directly against the regulation, not just as a departure from guidance.

Risk-Based Thinking Must Be Visible Throughout the DHF

QMSR aligns with the risk-based approach embedded in ISO 13485. This means investigators will evaluate whether your quality system demonstrates risk-based decision-making at every stage of design development, not just at the initial hazard analysis. A change control impact assessment that states "no impact on safety or performance" without any documented analysis to support that conclusion will not hold up under QMSR-era scrutiny. Every change order needs to reference a documented review of the risk file, even when the conclusion is that the change carries no risk implications.

Your Internal Audits Are No Longer Behind a Wall

Under QMSR, FDA inspectors have statutory access to records that were previously exempt from review, including management review records, internal audit records, and supplier audit records. This is a validated change confirmed in the QMSR final rule published in the Federal Register. If your internal audits identified a DHF deficiency and no corrective action was taken, that finding does not stay contained within the DHF. It becomes a broader systemic observation. I strongly recommend reviewing your last two years of internal audit records before any inspection. If those audits found DHF issues with CAPAs still open, you want to understand that exposure before the investigator does.

Device-Specific Readiness Considerations

The framework above applies across device types, but certain categories carry specific audit considerations that deserve focused attention.

510(k)-Cleared Devices

For 510(k) devices, the investigator will compare your current design to what you represented in your submission. If your device has evolved since clearance through changes you considered minor, your change control records need to document the comparison to the cleared device description and address whether each change falls within the cleared indications and technological characteristics. I have worked with manufacturers who accumulated years of individually reasonable changes that together resulted in a device that no longer matched its cleared description. That surfaces badly during a design controls inspection.

PMA-Approved Devices

PMA devices face the most intensive DHF scrutiny. Every post-approval design change must be evaluated against the PMA supplement thresholds under 21 CFR 814.39. Your DHF needs to contain the change records and the documented regulatory determination: does this change require a PMA supplement, a 30-day notice, or is it reportable in the Annual Report? That determination must be made and documented before implementation.

Software as a Medical Device

SaMD DHFs carry the full weight of IEC 62304 requirements on top of standard design controls. The gap I encounter most frequently with SaMD teams is that software lifecycle documentation lives in an engineering repository and was never formally incorporated into or referenced from the DHF. Make sure your DHF includes or formally references all IEC 62304 deliverables: software development plan, requirements specification, architecture documentation, detailed design documentation, unit and integration test records, and configuration management records. A general reference to a repository location is not sufficient. It needs to be specific enough that an investigator can pull the document without your help.

Combination Products

For combination products, both the device component and the drug or biologic component have design history requirements. Your change control process has to evaluate changes for impact across both components. In my experience, cross-component documentation is consistently the weakest area in combination product DHFs. I recommend adding an explicit cross-component impact assessment section to your standard change order template.

Quick Reference: Most Common Gaps and Priority Actions

DHF Element

Most Common Gap

Priority Readiness Action

Design Plan

Not updated after project scope changed

Review against actual activities; add retrospective amendments with current dates

Design Inputs

Requirements added mid-project without formal change control

Reconcile inputs; process undocumented additions through change control

Design Reviews

Meetings occurred but records not formalized

Create formal records per SOP; note as retrospective documentation

Verification

Protocol version does not match test report

Reconcile version discrepancies; document disposition of each mismatch

Validation

Not reassessed after manufacturing process changes

Evaluate whether re-validation is required; document rationale either way

Change Control

Informal changes implemented without records

Conduct change reconciliation audit; formalize all outstanding changes

Risk File

Not updated with post-approval design changes

Cross-reference every change order against risk file; document updates

Traceability Matrix

References outdated document versions

Update to current versions; verify bidirectional coverage for every input

Moving from Sprint Mode to Steady State

I want to address the root problem directly. For most medical device manufacturers, DHF compliance is episodic. Teams prepare intensely when they know an inspection is coming, then let things drift in between. Changes get processed informally because the formal process feels slow. The traceability matrix falls behind because updating it is tedious. The risk file stops being current because the risk review step in the change process gets treated as a formality.

Each individual shortcut is understandable in the moment. The cumulative result is a DHF that looks complete on paper but cannot withstand the kind of thread-by-thread examination an FDA investigator will conduct.

The manufacturers I have seen achieve consistent inspection readiness share one common characteristic: they built systems that make compliance the natural path rather than the extra step. When traceability is maintained automatically as documents are revised, the matrix stays current. When change control workflows require a completed risk analysis before the change order can close, disconnected risk files stop occurring. When the system enforces approval routing before implementation, retroactive approvals become structurally impossible.

At Regulify.ai, we built our platform specifically to solve this problem. We work with medical device manufacturers across the full device spectrum: surgical instruments, implantables, diagnostics, SaMD, and combination products. Our team has been through these inspections from both sides. We built a platform that reflects that experience, designed to keep your DHF in a continuous state of readiness rather than helping you prepare only when an inspection is announced.

Eight Actions I Would Take Before Any FDA Inspection

  1. Run the five-thread stress test now, not when you receive an inspection notice. Every team I have tested with has found at least one gap they did not know existed.

  2. Review every change order from the past two to three years. Confirm that each has a completed impact assessment with supporting evidence. Informal changes remain the most common source of design control 483 observations.

  3. Update the traceability matrix to current approved document versions. Under QMSR, this is now a regulatory requirement, not a recommendation.

  4. Cross-reference your risk file against every design change. Any change that touched safety or performance should have a corresponding risk file update.

  5. Verify that DHF outputs match the current DMR. Misalignment between the DHF and the manufacturing record is a direct Form 483 finding.

  6. Have someone unfamiliar with the DHF run the simulated investigation. Fresh eyes find what familiarity obscures.

  7. Review your internal audit records from the past two years. Under QMSR, these are no longer exempt from FDA review. If your audits found DHF issues with open CAPAs, address them before the investigator reviews them.

  8. Build toward continuous readiness. If your current process requires a multi-week sprint before every inspection, the process itself is the problem. Purpose-built tools eliminate the structural vulnerabilities that make those sprints necessary.

Regulify.ai works with medical device manufacturers building their first DHF through multi-product organizations managing complex portfolios under continuous FDA and notified body scrutiny. Our platform combines deep MedTech regulatory expertise with AI-augmented automation that keeps your DHF current, complete, and inspection-ready every day.

Learn more at www.regulify.ai

References and Regulatory Sources

  1. FDA 21 CFR Part 820.30, Design Controls, Quality System Regulation

  2. FDA Quality Management System Regulation (QMSR) Final Rule, effective February 2, 2026 (Federal Register, February 2, 2024)

  3. ISO 13485:2016, Medical devices, Quality management systems, Requirements for regulatory purposes (Section 7.3)

  4. ISO 14971:2019, Medical devices, Application of risk management to medical devices

  5. IEC 62304:2006+AMD1:2015, Medical device software, Software life cycle processes

  6. FDA Design Controls Guidance for Medical Device Manufacturers (March 1997)

  7. Hogan Lovells, "FDA Medical Device Inspections in 2025: What We're Seeing" (2025)

  8. Reed Smith, "FDA Inspections in 2025: Heightened Rigor, Data-Driven Targeting" (December 2025)

  9. 21 CFR 814.39, PMA Supplements and Other Changes to an Approved Application