When you buy a pill, an injection, or a medical device, you expect it to be safe. But how do you know the factory that made it followed the rules? The answer lies in FDA inspection records-the behind-the-scenes documents that show whether a manufacturer is actually doing what they claim. For companies producing drugs and medical devices, understanding how these records work isn’t just about avoiding fines. It’s about trust, safety, and staying in business.
What the FDA Can and Can’t See
The U.S. Food and Drug Administration doesn’t have unlimited access to everything inside a manufacturing plant. There’s a clear line between what’s open for inspection and what’s protected. Under Compliance Policy Guide (CPG) Sec. 130.300, the FDA generally does not review internal quality assurance audit reports. These are the documents a company writes for itself-honest assessments of where things went wrong, what went right, and how to improve. The FDA allows this space because they want companies to be truthful without fear of immediate punishment.
But here’s the catch: if a problem leads to a product failure, a customer complaint, or a deviation in production, that record is fair game. The FDA can-and will-demand access to quality control investigations, deviation reports, and CAPA (Corrective and Preventive Action) files. These aren’t internal reviews. They’re evidence of how a company responds to real problems. If you’re trying to hide a pattern of errors under the guise of an "audit," the FDA will find it.
What Records Must Be Kept-and For How Long
It’s not enough to just have records. You have to keep them long enough for the FDA to check. For drug manufacturers, 21 CFR 211.180 says you must keep all CGMP (Current Good Manufacturing Practice) records for at least one year after the product’s expiration date. For medical devices, 21 CFR 820.180 requires records to be kept for the device’s lifespan plus two years. That means if you made a pacemaker in 2020, you still need to keep its production logs until 2042.
These aren’t vague notes. They must be contemporaneous-written at the time the work happened. No backdating. No "I’ll fill it in later." In 2024, 22% of FDA warning letters cited this exact issue. One company got flagged because their batch production log showed timestamps that didn’t match the actual equipment logs. The FDA doesn’t care if the product was fine. They care that the paper trail doesn’t lie.
Inspection Types: Routine vs. For-Cause
Not all FDA inspections are the same. In 2024, about 75% of pharmaceutical inspections were routine surveillance checks. These are scheduled, planned visits. During these, inspectors focus on standard operating procedures, training records, equipment maintenance logs, and validation data. They won’t dig into your internal audit reports unless something obvious is wrong.
But if there’s a complaint, a recall, or a tip from a whistleblower, the FDA can launch a for-cause inspection. These make up about 18% of inspections-and they’re far more aggressive. During a for-cause inspection, the FDA can demand every single document, including internal audits, emails between quality teams, and even raw data from automated systems. In 2024, 63% of companies reported over-disclosing records during these inspections because they didn’t know what was protected.
The Form 483 and the 15-Day Deadline
At the end of every inspection, if the FDA finds issues, they hand you Form FDA 483. This isn’t a final judgment. It’s a list of observations-things they think might be out of compliance. You have exactly 15 business days to respond. Not 16. Not 20. Fifteen.
Most companies panic. They send a generic apology letter. But the FDA expects a root cause analysis. What went wrong? Why did it happen? How will you stop it from happening again? Companies that follow the FDA’s recommended methodology close 89% of their Form 483 issues within six months. Those that don’t? Only 62% close them. And if you don’t respond at all? The FDA can escalate to a warning letter, a consent decree, or even shut you down.
Remote Inspections Are Changing the Game
In July 2025, the FDA finalized its rules for Remote Regulatory Assessments (RRAs). This means they can now ask for read-only access to your digital systems-your LIMS, your ERP, your quality management software-without ever stepping foot in your facility. RRAs don’t generate Form 483s. But they’re becoming a regular part of the process. By Q1 2025, 73% of Fortune 500 pharmaceutical companies had already built RRA-ready systems.
Why? Because RRAs cut down on production downtime. One company in New Jersey reduced inspection-related shutdowns by 65% after switching to a fully digital record system. The FDA is pushing this hard. They plan to use RRAs to replace up to 30% of routine inspections by 2027. If you’re still printing paper logs or storing records on local servers, you’re falling behind.
Foreign Facilities Are Under More Scrutiny
If your product is made overseas, the rules just got tougher. In May 2025, the FDA announced it would increase unannounced inspections of foreign facilities from 12% to 35% by the end of 2025. That’s more than triple the number. Domestic facilities still get mostly scheduled inspections-92% of them. But foreign plants? They’re being treated like high-risk targets.
The GAO report from 2024 pointed to inconsistent compliance at foreign sites. The FDA’s response? Surprise visits. No warning. No heads-up. Inspectors show up, and you better have your records ready. One Indian manufacturer lost its FDA approval in 2024 because they couldn’t produce batch records from six months prior. They thought the FDA wouldn’t check. They were wrong.
What Companies Are Spending to Stay Compliant
Preparing for FDA inspections isn’t cheap. According to a 2025 benchmarking study of 120 facilities, the average company spends $385,000 a year on inspection readiness. That includes hiring specialists, training staff, upgrading software, and running mock inspections. About 78% of manufacturers now have a dedicated team just for this.
And it’s not just about money. It’s about expertise. New quality staff take 6 to 9 months to get up to speed. But those who get certified through the Regulatory Affairs Professionals Society (RAPS) are 37% more likely to pass inspections on the first try. That’s not luck. That’s preparation.
The Big Debate: Transparency vs. Trust
There’s a growing tension in the industry. On one side, former FDA Deputy Director Dr. Jane Axelrad says the policy protecting internal audits creates a "safe space" for companies to fix problems before they become public. She cites a 1968 court case that ruled even a small CGMP violation makes a drug "adulterated"-regardless of whether it hurt anyone.
On the other side, former FDA Chief Counsel Daniel Troy argues this creates "regulatory blind spots." If a company’s internal audit says their cleaning process is flawed, but the FDA can’t see it, how do we know they fixed it? Congress is listening. The 2024 Pharmaceutical Supply Chain Transparency Act proposed making some inspection findings public. The drug industry fought back, saying it would kill honest self-assessment.
But here’s the truth: the public doesn’t care about the debate. They care if their medicine works. And the FDA’s job is to make sure it does.
What You Need to Do Today
If you’re in manufacturing, here’s what you must do now:
- Separate your internal quality audits from your quality control investigations. Keep them in different folders, with clear labels.
- Make sure every record is dated, signed, and stored digitally with audit trails.
- Train your team on what the FDA can and cannot see. Confusion leads to over-disclosure-and that can backfire.
- Build a response plan for Form 483. Don’t wait until the inspection ends.
- Invest in a digital quality system that supports Remote Regulatory Assessments. It’s no longer optional.
The FDA isn’t trying to catch you out. They’re trying to make sure you don’t need to be caught. Transparency isn’t a burden. It’s the foundation of trust.
Can the FDA inspect my facility without warning?
Yes, especially for foreign facilities. As of 2025, the FDA is increasing unannounced inspections of overseas plants to 35% of all inspections. For domestic facilities, most inspections are still scheduled, but the FDA can conduct unannounced visits if there’s a complaint, recall, or evidence of serious non-compliance.
What records does the FDA always have access to?
The FDA has full access to all records related to quality control investigations, product complaints, deviations, batch production records, validation protocols, and CAPA documentation. These are required under 21 CFR 211.192 and 21 CFR 820.198. Internal quality assurance audits, however, are generally protected under CPG Sec. 130.300.
How long do I need to keep manufacturing records?
For pharmaceuticals, keep CGMP records for at least one year after the product’s expiration date. For medical devices, keep quality system records for the device’s lifespan plus two years. Records must be contemporaneous and cannot be altered after the fact.
What happens if I don’t respond to a Form FDA 483?
If you don’t respond within 15 business days, the FDA may issue a Warning Letter, which can lead to import alerts, product seizures, consent decrees, or even facility shutdowns. A delayed or inadequate response significantly increases the risk of enforcement action.
Can the FDA look at my emails or internal messages?
During a for-cause inspection, yes. The FDA can request any electronic communication related to product quality, deviations, or complaints. Even personal emails on company devices may be subject to review if they contain relevant information. Routine inspections typically do not include email review unless there’s a specific reason.
Are Remote Regulatory Assessments (RRAs) replacing physical inspections?
Not fully, but they’re becoming a major part of the process. RRAs allow the FDA to review records remotely and may replace some routine inspections, especially for low-risk facilities. However, they cannot replace inspections for cause or unannounced visits. As of mid-2025, RRAs accounted for only 8% of total inspections, but their use is expected to grow.
1 Comments
It’s wild how much trust we put into these pills and devices without ever asking where they came from. The FDA’s system isn’t perfect, but the fact that they let companies do internal audits without fear of immediate punishment? That’s actually smart. It encourages honesty. If every mistake had to be public from day one, no one would ever admit anything. We’d just get polished lies and fake fixes.
Transparency shouldn’t mean exposure-it should mean accountability with room to grow. The real danger isn’t hiding flaws. It’s pretending they don’t exist. And honestly, if your quality team isn’t already separating internal audits from CAPA logs, you’re already one inspection away from a nightmare.
Also, the 15-day deadline on Form 483? That’s not a trap. It’s a filter. If you need more than two weeks to explain what went wrong, you probably didn’t understand the problem to begin with.