When you take a pill or use a medical device, you expect it to be safe. But how do you know the factory that made it followed the rules? The answer lies in FDA inspection records - the behind-the-scenes documentation that shows whether a manufacturer truly meets quality standards. For companies producing drugs or medical devices, understanding what the FDA can see - and what they can’t - isn’t just about compliance. It’s about survival.
What the FDA Can and Can’t See During an Inspection
The U.S. Food and Drug Administration doesn’t just show up and take notes. They have clear legal authority under Section 704(a)(1) of the Federal Food, Drug, and Cosmetic Act to inspect any facility making human drugs or medical devices. But their access isn’t unlimited. There’s a sharp line between records they can demand and those they’re legally barred from reviewing. The FDA can inspect everything tied to current Good Manufacturing Practices (CGMP): production logs, batch records, equipment calibration data, validation reports, deviation investigations, and corrective action plans (CAPA). If a batch of pills failed a purity test, the FDA will demand the full investigation - who found it, why it happened, and how it was fixed. But here’s the twist: internal quality audit reports are off-limits. Under Compliance Policy Guide (CPG) Sec. 130.300, the FDA won’t review internal audits conducted as part of a company’s own quality program. This policy was designed to encourage honest self-assessments. If companies feared every mistake they found internally would become public, they’d stop looking. That’s why the FDA says they don’t want to stifle internal honesty. However, if an internal audit uncovers a problem that leads to a formal quality investigation - say, a contaminated vial - then that investigation record becomes fair game. The FDA doesn’t care about the audit. They care about what happened after the audit found the issue.Record Retention Rules: How Long Must You Keep Documents?
Keeping records isn’t optional. It’s the law. For drug manufacturers, 21 CFR 211.180 requires keeping all CGMP records for at least one year after the product’s expiration date. For medical devices, 21 CFR 820.180 is even stricter: records must be kept for the life of the device plus two years. That means a pacemaker made in 2020 could still have its manufacturing logs under review in 2042. These aren’t just files stuffed in a closet. They must be contemporaneous - meaning written at the time the action happened. No backdating. No guessing. If a technician didn’t log the temperature of a sterilizer during a run, and they try to write it in later, that’s a violation. In 2024, 22% of FDA warning letters cited this exact problem. Companies that fail to retain records correctly face serious consequences. The FDA can refuse to approve new products. They can issue import alerts that block shipments. And in extreme cases, they can shut down production entirely.FDA Forms: What Happens When They Find a Problem
When inspectors find issues, they don’t yell. They write. Form FDA 482 is the official notice that an inspection is happening. Form FDA 483 is the punchline - the list of observations. These aren’t fines. They’re red flags. Each observation points to a potential violation of CGMP or quality system requirements. Companies have exactly 15 business days to respond. That’s not a suggestion. It’s a requirement. The FDA expects a root cause analysis, a plan to fix it, and proof it won’t happen again. If you send a vague response like “we’ll look into it,” they’ll reject it. If you send a detailed plan with timelines, responsible people, and validation data, you have a good chance of closing the issue. According to FDA’s 2024 Compliance Metrics Report, companies that follow the agency’s recommended root cause methodology close 89% of Form 483 items within six months. Those who rush it? Only 62% get resolved.Unannounced Inspections: The New Normal for Foreign Factories
For years, most FDA inspections were scheduled. Companies had time to clean up, train staff, and polish their documents. That’s changing - especially overseas. In 2023, only 12% of inspections at foreign facilities were unannounced. By the end of 2025, that number will jump to 35%. The FDA announced this shift in May 2025, citing the GAO-24-105123 report that found foreign facilities had higher rates of non-compliance. Domestic facilities still mostly get scheduled visits - 92% of them, according to McGuireWoods’ 2025 analysis. But foreign manufacturers now face real uncertainty. One day, inspectors show up without warning. No notice. No prep time. If your records aren’t always ready, you’re in trouble. This isn’t just about surprise visits. It’s about trust. The FDA wants to know that quality isn’t just a show for inspectors. It’s built into daily operations.
Remote Regulatory Assessments: The Digital Alternative
In July 2025, the FDA finalized its guidance on Remote Regulatory Assessments (RRAs). This isn’t an inspection. It’s a virtual review. Companies can be asked to share read-only access to digital systems, upload documents, or participate in live video walkthroughs. RRAs don’t generate Form 483s. They don’t replace inspections. But they’re becoming a tool to reduce disruption. Companies with RRA-ready systems saw 65% less production downtime during evaluations, according to FDA’s 2025 RRA Impact Assessment. By Q1 2025, 73% of Fortune 500 pharmaceutical companies had already built RRA-compatible systems. It’s not just about convenience. It’s about proving you’re transparent - even when no one’s physically in the room.Industry Reality: What Manufacturers Actually Deal With
On paper, the rules sound clear. In practice? It’s messy. A 2024 ECA Academy survey of 215 quality professionals found that 41% had experienced conflicting interpretations of CPG Sec. 130.300 between different FDA district offices. One inspector says internal audits are protected. Another says they’re not. There’s no central database to resolve these disagreements. Merck’s QA Manager David Chen said the 15-day response window for Form 483s creates “huge pressure during critical business periods.” Pfizer’s Susan Martinez noted that 63% of quality teams over-disclose records because they’re unsure what’s protected. To handle this, 78% of pharmaceutical manufacturers now have dedicated inspection readiness teams. The average company spends $385,000 a year just preparing for inspections. That’s not just training. It’s software, consultants, audits, and documentation systems.How to Get Ready - Without Going Broke
You don’t need a $1 million compliance department. But you do need structure. Start by clearly separating two types of documents:- Protected: Internal quality audits done under your own written program. Keep these separate. Label them clearly.
- Required: Deviation reports, CAPA logs, batch records, complaint investigations. These go into your inspection-ready archive.
The Big Picture: Why This Matters Beyond Compliance
Manufacturing transparency isn’t just about avoiding FDA warnings. It’s about building trust - with regulators, with patients, and with your own team. When a company consistently passes inspections, it signals reliability. That helps when you’re bidding for contracts. It helps when you’re launching a new product. It helps when something goes wrong and you need to prove you did everything right. Congress is pushing for more public access to inspection results. The 2024 Pharmaceutical Supply Chain Transparency Act (S. 2884) proposed making certain findings public. The pharmaceutical industry fought back, arguing it would kill internal audits. But the truth is, if your quality system is strong, you have nothing to hide. The FDA’s goal isn’t to punish. It’s to protect. And the only way to prove you’re protecting patients is to be open - about what you do, how you fix mistakes, and why you do it.Frequently Asked Questions
Can the FDA inspect my facility without telling me ahead of time?
Yes - but only for foreign facilities. Starting in 2025, the FDA plans to conduct unannounced inspections at 35% of foreign manufacturing sites. Domestic facilities are still mostly inspected on schedule, with 92% receiving advance notice. Unannounced inspections are used to test whether quality systems work consistently, not just when someone’s watching.
What happens if I refuse an FDA inspection?
Refusing an inspection is a violation of Section 301(f) of the FD&C Act. The FDA can issue a warning letter, block imports, or even pursue criminal charges. Between 2024 and early 2025, warning letters for inspection denial rose by 17%. The agency treats this as a serious red flag - not just for compliance, but for intent.
Are internal quality audits really protected from FDA review?
Yes - but only if they’re part of a formal, written quality assurance program and not tied to a specific product failure. The FDA won’t look at them during routine inspections. But if an internal audit leads to a formal investigation, that investigation record becomes fully accessible. The protection is for the audit process, not for hiding problems.
How long do I need to keep my manufacturing records?
For drugs: at least one year after the product’s expiration date. For medical devices: the life of the device plus two years. Records must be contemporaneous - written at the time of the activity. Backdating or reconstructing logs is a common reason for FDA warning letters.
What’s the difference between a Form 483 and a warning letter?
A Form 483 lists observations from an inspection - potential issues that need correction. A warning letter is a formal enforcement action issued if the company’s response is inadequate or if violations are severe. Warning letters are public, can trigger import bans, and often lead to consent decrees or fines.
Can I use Remote Regulatory Assessments (RRAs) instead of physical inspections?
RRAs can substitute for physical inspections in some cases, but only with FDA approval. They’re not a replacement for all inspections. As of mid-2025, RRAs accounted for only 8% of total inspections. They work best for companies with mature digital systems and a strong compliance history. The FDA still prefers physical visits for high-risk facilities.
Next Steps for Manufacturers
If you’re in pharmaceutical or medical device manufacturing, start here:- Review your quality system documentation. Are internal audits clearly separated from investigation records?
- Train your team on what’s protected and what’s not. Use RAPS or PDA training materials.
- Implement a digital record system with automatic timestamps and audit trails.
- Run a mock inspection - pretend the FDA is coming tomorrow. See what’s missing.
- Update your response protocol for Form 483s. Use root cause analysis, not quick fixes.
Reviews
Let’s be real - the FDA’s ‘protected internal audits’ loophole is a joke. Companies use it as a shield to bury systemic failures. If you’re auditing your own processes and finding contamination, that’s not ‘honest self-assessment’ - that’s negligence you’re hiding. The FDA should have full access. Period. No more pretending this is about ‘trust’ - it’s about liability avoidance.
And don’t get me started on the 15-day response window. That’s not a deadline - it’s a trap. Quality teams are understaffed, overworked, and expected to produce root cause analyses worthy of a Ph.D. thesis in under two weeks. Meanwhile, the same execs who demand perfection are cutting compliance budgets. It’s a rigged game.