When you take a pill or use a medical device, you assume itâs safe. But how do you know the company that made it followed the rules? The answer lies in FDA inspection records-the behind-the-scenes documents that show whether a factory meets federal quality standards. For manufacturers, understanding what the FDA can and cannot see is not just about compliance; itâs about survival. For consumers and regulators, itâs about trust.
What the FDA Can Inspect-And What It Canât
The FDA doesnât get free access to every document inside a drug or device factory. Thereâs a clear line between whatâs open for review and whatâs protected. Under Compliance Policy Guide (CPG) Sec. 130.300, the agency generally avoids reviewing internal quality assurance audit reports. These are the documents companies create to find their own mistakes before the FDA shows up. The idea? Encourage honesty. If companies fear their candid internal findings will be used against them, they wonât do them at all. But hereâs the catch: if an internal audit uncovers a problem and the company investigates it further-say, a batch of pills with the wrong dosage-that investigation record is fair game. The FDA can demand those. Same goes for deviation reports, complaint investigations, and CAPA (Corrective and Preventive Action) logs. These arenât internal opinions; theyâre evidence of how a company responds to real problems. Think of it like a car inspection. The mechanic doesnât care about your personal notes on how you think the brakes feel. But if you took the car in for a squeak and wrote down that the rotors were worn, and didnât fix them? Thatâs a red flag.Record Retention Rules: How Long Do You Have to Keep Documents?
Itâs not enough to just have records. You have to keep them long enough for the FDA to find them. For drug manufacturers, 21 CFR 211.180 says you must store CGMP records for at least one year after the productâs expiration date. For medical devices, 21 CFR 820.180 is stricter: records must be kept for the deviceâs entire lifespan plus two more years. That means if you made a pacemaker in 2020, you still need to keep its production logs until at least 2042. The FDA doesnât just want paperwork. They want contemporaneous records-entries made at the time the work happened. Backdating logs, scribbling notes after the fact, or using pencil instead of ink? Thatâs a violation. In 2024, 22% of FDA warning letters cited this exact issue.FDA Inspection Types: Routine, For-Cause, and Remote
Not all inspections are the same. In 2024, about 75% of pharmaceutical inspections were routine surveillance checks. These are scheduled, predictable, and follow the CPG Sec. 130.300 policy. The FDA wonât dig into your internal audit reports here. Then there are for-cause inspections-about 18% of the total. These happen when the FDA gets a complaint, sees a pattern of bad batches, or hears about a recall. In these cases, all bets are off. The agency can demand every internal report, email, and spreadsheet related to quality. No protection. No mercy. And now, thereâs a third type: Remote Regulatory Assessments (RRAs). Introduced in July 2025, RRAs let the FDA review records digitally-read-only access to databases, video walkthroughs, or electronic document reviews. RRAs donât result in Form 483s. Theyâre meant to be less disruptive. But theyâre not a loophole. If the FDA finds something suspicious during an RRA, they can still schedule a physical inspection.
What Happens When the FDA Finds Problems
If inspectors spot issues, they hand you a Form FDA 483. Itâs not a fine. Itâs not a shutdown. Itâs a list of observations: âYou didnât validate your cleaning procedure.â âYour batch records were incomplete.â âYour personnel werenât trained on this SOP.â You have exactly 15 business days to respond. No more. No less. And your response better be detailed. The FDA expects root cause analysis-not just âwe fixed it.â You need to show why it happened, how youâre preventing it, and proof that your fix works. Companies that follow the FDAâs recommended approach close 89% of these issues within six months. Those that give vague answers? Only 62% get resolved. And if you ignore the Form 483? The FDA can escalate to a warning letter, import alerts, or even a consent decree that puts your entire operation under court supervision.Foreign vs. Domestic Facilities: A Growing Divide
Thereâs a big difference between how the FDA treats U.S. factories and foreign ones. In 2023, only 12% of foreign inspections were unannounced. By the end of 2025, that number will jump to 35%. The FDA is cracking down because past GAO reports showed foreign facilities were more likely to have compliance gaps. Domestic facilities? Almost all inspections are scheduled. About 92% of them, according to McGuireWoodsâ 2025 analysis. Thatâs not because the FDA trusts U.S. companies more-itâs because they have better access, fewer logistics, and more experience working with them. Foreign manufacturers now face more pressure to prove their systems are solid before they even ship product to the U.S. Many are investing in RRAs to avoid surprise visits. Those who do see a 65% drop in production downtime during inspections.
What Companies Are Doing to Prepare
Manufacturers arenât waiting for the FDA to knock. Theyâre building inspection-ready teams. A 2025 study of 120 facilities found that 78% now have dedicated staff whose only job is to prepare for inspections. These teams spend an average of $385,000 per year per facility on training, software, and documentation audits. Training is critical. New quality staff take 6 to 9 months to become fully competent. Those who get certified through the Regulatory Affairs Professionals Society (RAPS) are 37% more likely to pass inspections on the first try. The biggest challenge? Knowing what to share. A 2024 survey of 47 quality professionals found that 63% accidentally gave the FDA access to protected internal audit reports-because the rules are confusing. One Merck QA manager said the 15-day response window for Form 483s is âa nightmare during product launches.âThe Bigger Picture: Transparency vs. Trust
Thereâs a growing push in Congress to make FDA inspection results public. The 2024 Pharmaceutical Supply Chain Transparency Act would require disclosure of certain findings. But industry groups like PhRMA argue this would scare companies out of doing honest internal audits. If every mistake becomes public, they say, companies will stop self-reporting. The FDAâs current system tries to balance both: protect the space for internal improvement, but punish real failures. Itâs not perfect. In 2024, 41% of quality executives reported inconsistent interpretations between FDA district offices. One office says an audit report is protected. Another says itâs not. Still, the data shows the system works. Between 2018 and 2022, 90.2% of pharmaceutical inspections found CGMP compliance. Thatâs not luck. Itâs structure.What You Need to Do Now
If you work in manufacturing:- Separate your internal QA audits from quality control investigations. Use different file folders, naming conventions, and access controls.
- Train your team on whatâs protected and whatâs not. Donât rely on memory-use written policies.
- Start using RRAs if youâre a foreign facility. Theyâre not mandatory, but they reduce risk.
- Keep all records for the required time. Donât delete anything just because the product is old.
- Practice responding to Form 483s. Mock inspections with outside consultants pay for themselves.
- Know that FDA inspections are happening-often, and without warning.
- Understand that a companyâs compliance record isnât public, but itâs being tracked.
- Trust the system, but stay informed. If a drug is recalled, itâs because someone caught the problem before it hurt you.
Can the public access FDA inspection records?
The public can request FDA inspection records through a Freedom of Information Act (FOIA) request, but not all documents are released. The FDA redacts proprietary information, trade secrets, and internal audit reports protected under CPG Sec. 130.300. Form FDA 483 observations and warning letters are typically made public, but detailed production records, employee names, and internal investigations are often withheld.
Whatâs the difference between a Form 483 and a warning letter?
A Form FDA 483 is a list of observations made during an inspection-itâs not a formal enforcement action. A warning letter is the next step. Itâs issued if the company doesnât adequately respond to the Form 483, or if violations are severe. Warning letters are public, legally binding, and can trigger import bans or court action.
Do foreign manufacturers get the same inspection rules as U.S. ones?
No. Foreign facilities face stricter rules. While 92% of U.S. inspections are scheduled, the FDA plans to conduct 35% of foreign inspections as unannounced by the end of 2025. Foreign companies also face higher scrutiny during Remote Regulatory Assessments and are more likely to be flagged for prior compliance issues.
What happens if a company refuses an FDA inspection?
Refusing an FDA inspection is a violation of Section 301(f) of the FD&C Act. The agency can issue a warning letter, block imports of the companyâs products, or seek a court order to force access. In 2025, the FDA issued 17% more warning letters for inspection denials than in 2024, signaling a zero-tolerance stance.
How often does the FDA inspect manufacturing facilities?
The FDA inspects about 4,872 domestic and 1,219 foreign facilities each year. High-risk facilities-like those with past violations or complex products-are inspected every 2-3 years. Low-risk ones may go 5-7 years between visits. Medical device facilities make up 38% of inspections, pharmaceuticals 49%, and biologics 13%.
Hamza Laassili
So the FDA lets companies hide their internal screw-ups? That's just asking for trouble. I don't care if it's 'protected'-if a pill kills someone, I want to know who messed up and why they got away with it. This whole system is a joke.
Rawlson King
The distinction between internal audits and investigation logs is legally sound and practically necessary. Without this buffer, manufacturers would avoid self-auditing entirely, leading to more systemic failures. This isn't about hiding-it's about incentivizing honesty.
Constantine Vigderman
OMG this is so important!!! I just found out my grandma's blood pressure med was made in a facility that got a Form 483 last year and they didn't fix it for 8 months đ± We need MORE transparency, not less! Also, RRAs are genius-why can't we do this for everything? đ
Cole Newman
You guys are missing the point. The FDA doesn't even inspect half the foreign plants properly. I've seen reports-some places in India and China are basically operating out of garages with no clean rooms. And they're shipping to Walmart. This isn't regulation-it's a lottery.
Casey Mellish
Australiaâs been doing remote assessments for years with way fewer issues. The key is consistency. If the FDA wants to be taken seriously globally, they need to stop treating U.S. facilities like gold stars and foreign ones like suspects. Itâs not about nationality-itâs about systems.
Tyrone Marshall
There's a quiet dignity in how this system tries to balance accountability with trust. Companies aren't being punished for trying to improve-they're being held to account when they fail to act. That's the difference between a punitive system and a learning one. We need more of this mindset in every industry.
Emily Haworth
I don't trust this. The FDA is totally in bed with Big Pharma. They let companies bury their mistakes under 'protected internal audits'-then when someone dies, they say 'oops, we didn't know.' It's all a cover-up. I've seen the leaks. They know. They just don't care. đ
Tom Zerkoff
The retention requirements under 21 CFR 820.180 are not merely bureaucratic-they are foundational to patient safety. A pacemaker manufactured in 2020 may be implanted in a patient who lives for 20 years. The ability to reconstruct its production history is not a convenience; it is a moral imperative.
Jamie Clark
You call that a system? It's a playground for lawyers and consultants. Companies spend $385k a year just to game the inspection process. Meanwhile, real quality people are getting fired for 'non-compliance' because they didn't use the right font in a logbook. This isn't safety-it's performance art.
Keasha Trawick
Let me tell you about the time I worked QA at a MedTech startup-our CEO literally told us to 'recreate' the batch records after the fact because the FDA was coming. We were using highlighters. Highlighters. And the inspectors didnât even blink. Thatâs not oversight. Thatâs a circus. đȘ
Webster Bull
Just keep your logs clean. Don't overthink it. Train your team. Use ink. Don't backdate. Done. Seriously. This whole thing is simpler than people make it out to be.
Deborah Andrich
I get why companies are scared. But the real problem isn't the rules-it's the inconsistency. One district says audit reports are off-limits. Another says they're fair game. That's not regulation. That's chaos. We need national standards, not 10 different interpretations. People's lives depend on this.