When you take a pill, inject a vaccine, or use a medical device, you expect it to be safe. But how do you know it actually is? The answer lies in something most people never see: FDA inspection records. These documents are the backbone of manufacturing transparency in pharmaceuticals and medical devices. They show whether a factory followed the rules - not just on paper, but in practice.
What the FDA Actually Inspects
The FDA doesn’t just show up and glance around. They dig into the real details. Every inspection targets records tied to Current Good Manufacturing Practices (CGMP). That means they look at production logs, batch records, equipment calibration files, cleaning procedures, and how deviations were handled. If a batch of pills had the wrong color, they want to know why, who found it, and how it was fixed.They also check CAPA records - Corrective and Preventive Actions. This is where companies document problems and how they stopped them from happening again. If a machine kept giving faulty readings, the FDA wants to see the fix, the training given, and proof it worked. No guesswork. No vague answers. Real data.
But here’s the twist: not every internal report is open to the FDA. Internal quality audits - the kind companies do to check themselves - are often protected. That’s by design. The FDA wants companies to be honest with themselves. If every mistake got reported to regulators, companies might stop doing honest audits. So under Compliance Policy Guide Sec. 130.300, those internal reports usually stay private. But if something goes wrong with a product, all bets are off. Any investigation into a failed batch, a customer complaint, or a contamination event? That’s fair game. The FDA can - and will - demand those records.
The Two Types of Inspections: Scheduled vs. For-Cause
Not all FDA inspections are the same. About 75% of inspections in 2024 were routine, scheduled visits. These are planned, often months in advance. The FDA picks facilities based on risk - older plants, foreign sites, past compliance issues. During these visits, inspectors stick to the basics: production records, validation files, training logs. They don’t ask for internal audit reports unless something looks off.The other 18%? Those are for-cause inspections. Triggered by complaints, adverse events, or whistleblower tips. When the FDA shows up for one of these, they bring the full force. They can demand every email, every audit report, every internal memo. No hiding. No redactions. This is when companies get hit with the hardest scrutiny.
Foreign facilities are under even tighter watch. In 2023, only 12% of inspections there were unannounced. By the end of 2025, that number will jump to 35%. Why? Because past reports, like the 2024 GAO audit, showed foreign plants had higher rates of serious violations. The FDA is no longer waiting for invitations. They’re showing up unannounced to see what’s really happening.
What Happens When They Find Something Wrong
If inspectors spot a problem, they write it down on Form FDA 483. This isn’t a fine. It’s a list of observations - things that violate CGMP. Maybe a temperature log was missing. Maybe a machine wasn’t cleaned properly. Maybe a batch was released without full testing.Companies have exactly 15 business days to respond. Not 16. Not 20. Fifteen. And that response better be detailed. The FDA expects a root cause analysis - not just “we fixed it,” but “here’s why it happened, how we fixed the system, and how we’ll prevent it again.”
Companies that follow the FDA’s recommended approach - deep analysis, documented changes, employee training - close 89% of these issues within six months. Those that give quick, shallow replies? Only 62% get cleared. And if you ignore the 483? The FDA can issue a warning letter, block shipments, or even shut you down.
What Records Must Stay Open - and for How Long
The law is clear on record retention. For drugs, you must keep CGMP records for at least one year after the product expires. For medical devices? You keep them for the life of the device, plus two more years. That’s not a suggestion. That’s a legal requirement under 21 CFR 211.180 and 21 CFR 820.180.And they must be contemporaneous. That means records are written as the work happens - not backfilled the next day. In 2024, 22% of FDA warning letters cited this exact issue. Someone wrote a batch record after the fact. The FDA doesn’t trust hindsight. They trust real-time documentation.
Some records are always visible: deviation reports, complaint investigations, validation protocols, change control logs. Others, like internal audit summaries, are protected - unless a problem arises. The line between protected and public is thin. Many companies over-disclose, just to be safe. A 2025 survey of 47 quality professionals found 63% had accidentally handed over protected audit reports during inspections.
Remote Inspections Are Changing the Game
In July 2025, the FDA finalized new rules for Remote Regulatory Assessments (RRAs). This isn’t a full inspection. It’s a virtual review. Companies can be asked to share digital records, give live access to databases, or even do video walkthroughs of their facilities.RRAs don’t generate Form 483s. But they’re becoming more common. In the first half of 2025, they made up 8% of all FDA evaluations. That number will grow. Why? Because they cut downtime. One Fortune 500 company reported a 65% drop in production delays after switching to RRA-ready systems. By Q1 2025, 73% of top pharmaceutical firms had upgraded their digital record systems to handle these requests.
It’s not just about convenience. It’s about speed. The FDA’s 2025-2027 plan aims to cut inspection cycle times by 25% using digital tools. That means more inspections, faster, with less disruption. Companies that aren’t ready for digital record access will fall behind.
The Real Cost of Being Ready
Preparing for an FDA inspection isn’t cheap. The average company spends $385,000 a year just on inspection readiness. That’s training, documentation, software, and dedicated staff. Nearly 80% of pharmaceutical manufacturers now have a full-time team just to handle inspections.Training takes time too. New quality staff need 6 to 9 months to fully understand what’s required. Those who get certified through the Regulatory Affairs Professionals Society (RAPS) are 37% more likely to pass inspections on the first try.
And the pressure is rising. Congress is pushing for public access to inspection results through the 2024 Pharmaceutical Supply Chain Transparency Act. The FDA opposes it, fearing it would scare companies out of doing honest internal audits. But public demand for transparency is growing. Patients, regulators, and investors all want to know: Is this product safe? Who made it? And how do we know?
What You Can Do If You’re in Manufacturing
If your company makes drugs or devices, here’s what matters:- Know the difference between internal audits (protected) and quality investigations (not protected).
- Keep all CGMP records for the full legal retention period - no shortcuts.
- Train your team on contemporaneous documentation. No backdating.
- Build a 15-day response plan for Form 483s. Don’t wait until the letter arrives.
- Start preparing for RRAs. Digitize your records. Make sure your IT systems can share data securely.
- Don’t over-disclose. Understand what the FDA can and cannot ask for.
Transparency isn’t about giving everything away. It’s about being trustworthy. The FDA doesn’t need to see your internal emails. But they absolutely need to see your proof that you’re fixing problems - not hiding them.
What’s Next for FDA Transparency
The FDA is moving fast. Unannounced inspections on foreign sites. Digital record access. Tighter deadlines. Stronger enforcement. In Q1 2025, warning letters for companies that blocked inspections rose 17% year-over-year. Section 301(f) of the FD&C Act is now being used more aggressively to punish refusal to allow access.The message is clear: if you want to sell products in the U.S., you need to be open. Not just to your customers - but to the regulators. The days of hiding behind paperwork are over. Real transparency - accurate records, honest investigations, timely fixes - is the only path forward.
Can the FDA inspect my facility without warning?
Yes. While most inspections are scheduled, the FDA can conduct unannounced inspections, especially for foreign facilities. By the end of 2025, 35% of foreign inspections will be unannounced - up from 12% in 2023. Domestic facilities still mostly get scheduled visits, but unannounced inspections can happen if there’s a complaint, recall, or safety concern.
Are internal quality audits protected from FDA review?
Generally, yes - under FDA Compliance Policy Guide Sec. 130.300. Internal audits meant to improve quality internally are not routinely reviewed. But if a product fails, a complaint is filed, or a deviation occurs, the FDA can demand those same audit reports if they relate to the issue. The protection only applies when audits are purely internal and not tied to a specific product failure.
What’s the difference between Form FDA 483 and a Warning Letter?
Form FDA 483 is a list of observations made during an inspection - it’s not a penalty. It’s a notice that something needs fixing. A Warning Letter is the next step. It’s a formal notice from the FDA that violations are serious and unresolved. Failure to respond adequately to a Warning Letter can lead to import bans, seizures, or criminal charges.
How long do I have to keep manufacturing records?
For pharmaceuticals, you must keep CGMP records for at least one year after the product’s expiration date. For medical devices, you must keep quality system records for the life of the device plus two additional years. These are legal requirements under 21 CFR 211.180 and 21 CFR 820.180. Failure to retain records can lead to regulatory action.
Can the FDA inspect digital records remotely?
Yes. Since July 2025, the FDA has formal guidance for Remote Regulatory Assessments (RRAs). These allow inspectors to request access to digital records, view databases in real time, or conduct video walkthroughs. RRAs don’t replace physical inspections but are becoming a common tool - especially for facilities with strong digital systems. Companies that aren’t ready for remote access risk longer delays and more frequent on-site visits.
