When you buy a pill, injection, or medical device, you assume it’s safe. But how do you know the factory that made it followed the rules? The answer lies in FDA inspection records-the behind-the-scenes documents that prove whether a manufacturer is truly doing things right. For companies producing drugs or medical devices, understanding what the FDA can and cannot see is not just about compliance. It’s about survival.
What the FDA Can See-And What It Can’t
The U.S. Food and Drug Administration doesn’t just show up at your door and ask for anything. Its access to records is tightly controlled by law. Under Section 704(a)(1) of the Federal Food, Drug, and Cosmetic Act, the FDA has the right to inspect any facility making human drugs or medical devices. But that doesn’t mean they get everything.Here’s the key split: quality control records are open for inspection. That includes production logs, batch records, deviation reports, complaint investigations, and CAPA (Corrective and Preventive Action) files. If something went wrong-like a batch of pills with the wrong dosage or a defective syringe-the FDA expects to see how you found it, fixed it, and stopped it from happening again.
But internal quality audits? Those are different. The FDA’s own Compliance Policy Guide (CPG Sec. 130.300) says it generally won’t review them. Why? Because companies need a safe space to find their own mistakes without fearing that every honest error becomes a public violation. These internal audits are meant to be candid, critical, and confidential. The FDA knows this. It wants companies to find problems before the agency does.
But here’s the catch: if an internal audit leads to a formal investigation-say, you found a pattern of contamination and started digging into why-it becomes a quality control record. And then? It’s fair game for the FDA. The line isn’t always clear. One wrong label on a folder, and you’ve accidentally handed over protected documents.
The Paper Trail That Matters
If you’re a manufacturer, your records aren’t just paperwork. They’re your legal shield. The FDA doesn’t care what you say. It cares what you wrote-and when.Under 21 CFR 211.180, drug makers must keep records for at least one year after a product expires. For medical devices, it’s the product’s lifespan plus two years (21 CFR 820.180). But retention isn’t enough. The records must be contemporaneous. That means you can’t write down what happened after the fact. You have to record it as it happens.
Why does this matter? In 2024, 22% of FDA warning letters cited back-dated or reconstructed records. That’s not a typo. That’s a red flag for fraud. Even if the product was fine, faking the paper trail is a violation. The FDA treats it as seriously as a contaminated batch.
During an inspection, investigators look for five things: procedures, production records, validation data, deviation reports, and CAPA files. They don’t ask for your employee handbook. They want to see the actual log from the day batch #B2024-087 was filled. Did the temperature spike? Was the machine cleaned? Did someone sign off? If there’s no signature, no timestamp, no explanation-it’s a Form 483 observation waiting to happen.
Form 483: The Warning That Can Shut You Down
Every FDA inspection ends with Form FDA 483-the Notice of Inspectional Observations. It’s not a fine. It’s not a shutdown. But it’s the first step toward both.You get 15 business days to respond. Not 16. Not 20. Exactly 15. And your response isn’t just an apology. It’s a detailed plan: root cause, corrective action, preventive steps, and proof it worked. The FDA’s own data shows companies using proper root cause analysis close 89% of Form 483 issues within six months. Those that rush it? Only 62% succeed.
One pharmaceutical company in New Jersey missed the deadline by two days. The FDA didn’t wait. They issued a warning letter. Six months later, they blocked the company from exporting its products to Europe because of the unresolved inspection record.
And here’s something most manufacturers don’t realize: the FDA doesn’t have to tell you everything they found. They can keep some observations private. But if you get a Form 483, you’re expected to fix everything on it. Miss one item, and the next inspection will dig deeper-into your protected audit reports.
Unannounced Inspections: The New Normal
In 2023, only 12% of foreign inspections were unannounced. By the end of 2025, that number will jump to 35%. For domestic facilities, scheduled inspections still dominate-92% of them. But for factories overseas, the rules have changed.Why? Because the Government Accountability Office found that foreign facilities were more likely to hide problems. The FDA now assumes the worst. And if you’re not ready for a surprise visit, you’re already behind.
Companies that prepare for unannounced inspections treat every day like inspection day. Their records are always clean. Their staff knows what to do. Their quality team doesn’t panic when the door opens. They hand over the right files, answer calmly, and move on.
Those who don’t? They get caught. In 2024, 17% more warning letters were issued to companies that delayed or denied inspection access. That’s not just a policy change. It’s a crackdown.
Remote Inspections: The Quiet Revolution
In July 2025, the FDA finalized its guidance on Remote Regulatory Assessments (RRAs). This isn’t a new idea-but it’s now official. You can now be evaluated without an inspector stepping foot in your facility.RRAs can include video walkthroughs, live database access, or digital document reviews. They don’t generate Form 483s. But they do give the FDA a preview. And if they spot something during an RRA? You can bet the next physical inspection will be unannounced-and focused on that exact issue.
Fortune 500 companies have already jumped on this. By Q1 2025, 73% had built RRA-ready systems. Why? Because an RRA can cut inspection-related downtime by 65%. That’s months of production saved. And for a company making insulin or cancer drugs, that’s life or death.
What Happens When the System Breaks
The FDA’s system works-if everyone plays by the rules. But in practice, it’s messy.Merck’s QA manager told a forum in March 2025 that the 15-day response window for Form 483s is brutal during product launches or supply chain crises. Pfizer’s manufacturing director admitted that 63% of their quality staff over-disclose records because they don’t know what’s protected. And a 2024 survey of 215 quality professionals found that 41% saw different interpretations of the rules across FDA district offices.
One company in Pennsylvania was told by one inspector that internal audit reports were off-limits. A month later, another inspector from the same region asked for the exact same documents. The company panicked, handed them over, and got a Form 483 for violating their own internal policies.
That’s the real problem: inconsistency. The rules are clear. But the people enforcing them aren’t always trained the same way. That’s why top manufacturers now have dedicated inspection readiness teams. They spend an average of $385,000 a year preparing. They train staff for six to nine months. They certify their quality leads through RAPS. Because in this game, guessing is a luxury you can’t afford.
What You Need to Do Today
If you’re in manufacturing, here’s what you need to do-right now:- Separate your internal audit reports from your quality control investigations. Use different file names, folders, and access controls.
- Train every quality employee on what’s protected and what’s not. Use real examples from past inspections.
- Build a 15-day response playbook for Form 483s. Who writes it? Who reviews it? Who signs it?
- Start digitizing your records. Make sure they’re timestamped, signed electronically, and backed up.
- Practice an unannounced inspection. Pretend the FDA is coming tomorrow. See what you’re missing.
Manufacturing transparency isn’t about giving the FDA everything. It’s about giving them the right things-on time, in the right format, without hesitation. The FDA doesn’t want to shut you down. They want you to make safe products. But if you’re hiding behind paperwork, they’ll find the cracks. And when they do, they won’t ask twice.
Can the FDA inspect my facility without warning?
Yes. For foreign manufacturing facilities, the FDA plans to conduct 35% of inspections unannounced by the end of 2025. Domestic facilities still mostly receive scheduled visits, but unannounced inspections can happen at any time, especially if there’s a complaint, recall, or prior compliance issue.
What records must I keep for FDA inspection?
You must retain production records, batch records, validation protocols, deviation reports, complaint investigations, and CAPA documentation. For drugs, keep records for at least one year after the product’s expiration date. For medical devices, keep them for the device’s lifespan plus two years. All records must be contemporaneous-written at the time the activity occurred.
Are internal quality audits protected from FDA review?
Generally, yes. Under FDA’s Compliance Policy Guide Sec. 130.300, internal quality audits conducted under a written quality assurance program are not routinely reviewed. But if an audit leads to a formal investigation, that investigation becomes a quality control record and is fully accessible to the FDA.
What happens if I don’t respond to a Form 483 within 15 days?
The FDA will likely issue a warning letter, which becomes part of your public compliance record. Failure to respond adequately can lead to import alerts, product seizures, or even criminal charges. Companies that delay or ignore Form 483s face a 17% higher risk of enforcement action within the next year.
Can the FDA access my digital manufacturing systems remotely?
Yes. Under the July 2025 Remote Regulatory Assessment (RRA) guidance, the FDA can request read-only access to digital systems, review electronic records, or conduct video walkthroughs. While RRAs don’t result in Form 483s, they can trigger a physical inspection if issues are found.
What’s Next for Manufacturing Transparency
The FDA’s 2025-2027 Strategic Plan aims to cut inspection cycle times by 25% using digital records and AI-assisted risk scoring. That means fewer surprise visits-but more targeted ones. If your records are messy, you’ll be flagged faster.Meanwhile, Congress is pushing for public disclosure of inspection results through the Pharmaceutical Supply Chain Transparency Act. If it passes, manufacturers won’t just answer to the FDA-they’ll answer to customers, investors, and regulators worldwide.
The game has changed. Transparency isn’t optional anymore. It’s the cost of doing business. The companies that thrive won’t be the ones with the biggest budgets. They’ll be the ones who built systems so clean, so reliable, that the FDA has nothing to find.
