Manufacturing Transparency: How to Access FDA Inspection Records for Drug and Device Facilities

When you take a pill or use a medical device, you assume it’s safe. But how do you know the company that made it followed the rules? The answer lies in FDA inspection records-the behind-the-scenes documents that show whether a factory meets federal quality standards. For manufacturers, understanding what the FDA can and cannot see is not just about compliance; it’s about survival. For consumers and regulators, it’s about trust.

What the FDA Can Inspect-And What It Can’t

The FDA doesn’t get free access to every document inside a drug or device factory. There’s a clear line between what’s open for review and what’s protected. Under Compliance Policy Guide (CPG) Sec. 130.300, the agency generally avoids reviewing internal quality assurance audit reports. These are the documents companies create to find their own mistakes before the FDA shows up. The idea? Encourage honesty. If companies fear their candid internal findings will be used against them, they won’t do them at all.

But here’s the catch: if an internal audit uncovers a problem and the company investigates it further-say, a batch of pills with the wrong dosage-that investigation record is fair game. The FDA can demand those. Same goes for deviation reports, complaint investigations, and CAPA (Corrective and Preventive Action) logs. These aren’t internal opinions; they’re evidence of how a company responds to real problems.

Think of it like a car inspection. The mechanic doesn’t care about your personal notes on how you think the brakes feel. But if you took the car in for a squeak and wrote down that the rotors were worn, and didn’t fix them? That’s a red flag.

Record Retention Rules: How Long Do You Have to Keep Documents?

It’s not enough to just have records. You have to keep them long enough for the FDA to find them. For drug manufacturers, 21 CFR 211.180 says you must store CGMP records for at least one year after the product’s expiration date. For medical devices, 21 CFR 820.180 is stricter: records must be kept for the device’s entire lifespan plus two more years. That means if you made a pacemaker in 2020, you still need to keep its production logs until at least 2042.

The FDA doesn’t just want paperwork. They want contemporaneous records-entries made at the time the work happened. Backdating logs, scribbling notes after the fact, or using pencil instead of ink? That’s a violation. In 2024, 22% of FDA warning letters cited this exact issue.

FDA Inspection Types: Routine, For-Cause, and Remote

Not all inspections are the same. In 2024, about 75% of pharmaceutical inspections were routine surveillance checks. These are scheduled, predictable, and follow the CPG Sec. 130.300 policy. The FDA won’t dig into your internal audit reports here.

Then there are for-cause inspections-about 18% of the total. These happen when the FDA gets a complaint, sees a pattern of bad batches, or hears about a recall. In these cases, all bets are off. The agency can demand every internal report, email, and spreadsheet related to quality. No protection. No mercy.

And now, there’s a third type: Remote Regulatory Assessments (RRAs). Introduced in July 2025, RRAs let the FDA review records digitally-read-only access to databases, video walkthroughs, or electronic document reviews. RRAs don’t result in Form 483s. They’re meant to be less disruptive. But they’re not a loophole. If the FDA finds something suspicious during an RRA, they can still schedule a physical inspection.

What Happens When the FDA Finds Problems

If inspectors spot issues, they hand you a Form FDA 483. It’s not a fine. It’s not a shutdown. It’s a list of observations: “You didn’t validate your cleaning procedure.” “Your batch records were incomplete.” “Your personnel weren’t trained on this SOP.”

You have exactly 15 business days to respond. No more. No less. And your response better be detailed. The FDA expects root cause analysis-not just “we fixed it.” You need to show why it happened, how you’re preventing it, and proof that your fix works. Companies that follow the FDA’s recommended approach close 89% of these issues within six months. Those that give vague answers? Only 62% get resolved.

And if you ignore the Form 483? The FDA can escalate to a warning letter, import alerts, or even a consent decree that puts your entire operation under court supervision.

Foreign vs. Domestic Facilities: A Growing Divide

There’s a big difference between how the FDA treats U.S. factories and foreign ones. In 2023, only 12% of foreign inspections were unannounced. By the end of 2025, that number will jump to 35%. The FDA is cracking down because past GAO reports showed foreign facilities were more likely to have compliance gaps.

Domestic facilities? Almost all inspections are scheduled. About 92% of them, according to McGuireWoods’ 2025 analysis. That’s not because the FDA trusts U.S. companies more-it’s because they have better access, fewer logistics, and more experience working with them.

Foreign manufacturers now face more pressure to prove their systems are solid before they even ship product to the U.S. Many are investing in RRAs to avoid surprise visits. Those who do see a 65% drop in production downtime during inspections.

What Companies Are Doing to Prepare

Manufacturers aren’t waiting for the FDA to knock. They’re building inspection-ready teams. A 2025 study of 120 facilities found that 78% now have dedicated staff whose only job is to prepare for inspections. These teams spend an average of $385,000 per year per facility on training, software, and documentation audits.

Training is critical. New quality staff take 6 to 9 months to become fully competent. Those who get certified through the Regulatory Affairs Professionals Society (RAPS) are 37% more likely to pass inspections on the first try.

The biggest challenge? Knowing what to share. A 2024 survey of 47 quality professionals found that 63% accidentally gave the FDA access to protected internal audit reports-because the rules are confusing. One Merck QA manager said the 15-day response window for Form 483s is “a nightmare during product launches.”

The Bigger Picture: Transparency vs. Trust

There’s a growing push in Congress to make FDA inspection results public. The 2024 Pharmaceutical Supply Chain Transparency Act would require disclosure of certain findings. But industry groups like PhRMA argue this would scare companies out of doing honest internal audits. If every mistake becomes public, they say, companies will stop self-reporting.

The FDA’s current system tries to balance both: protect the space for internal improvement, but punish real failures. It’s not perfect. In 2024, 41% of quality executives reported inconsistent interpretations between FDA district offices. One office says an audit report is protected. Another says it’s not.

Still, the data shows the system works. Between 2018 and 2022, 90.2% of pharmaceutical inspections found CGMP compliance. That’s not luck. It’s structure.

What You Need to Do Now

If you work in manufacturing:

• Separate your internal QA audits from quality control investigations. Use different file folders, naming conventions, and access controls.
• Train your team on what’s protected and what’s not. Don’t rely on memory-use written policies.
• Start using RRAs if you’re a foreign facility. They’re not mandatory, but they reduce risk.
• Keep all records for the required time. Don’t delete anything just because the product is old.
• Practice responding to Form 483s. Mock inspections with outside consultants pay for themselves.

If you’re a patient or caregiver:

• Know that FDA inspections are happening-often, and without warning.
• Understand that a company’s compliance record isn’t public, but it’s being tracked.
• Trust the system, but stay informed. If a drug is recalled, it’s because someone caught the problem before it hurt you.

The goal isn’t to hide from the FDA. It’s to work with them-so the next pill you take, or the next device you rely on, is safe. Not because it was lucky. But because someone took the time to get it right.