When you buy a pill, an inhaler, or a glucose monitor, you assume it’s safe. But how do you know the factory that made it didn’t cut corners? The answer lies in FDA inspection records - the behind-the-scenes documents that show whether a manufacturer followed the rules. These aren’t secret files. They’re part of a legal system designed to protect public health. But accessing them isn’t as simple as typing a website address. There are rules, limits, and gray areas that even seasoned quality managers struggle with.
What the FDA Can and Can’t See
The U.S. Food and Drug Administration doesn’t just show up and ask for anything. Their power comes from the Federal Food, Drug, and Cosmetic Act. Under Section 704(a)(1), they can walk into any drug or medical device plant, review records, and take samples. But there’s a catch: not every document is fair game.
Internal quality audits? Usually off-limits. If a company runs a quiet, honest review of its own processes - looking for problems before the FDA does - the FDA generally won’t ask to see those reports. This policy, laid out in Compliance Policy Guide Sec. 130.300, was meant to encourage companies to be open with themselves. The idea was simple: if you know the FDA can’t see your internal mistakes, you’re more likely to fix them.
But here’s the flip side: if something goes wrong - a batch fails, a patient complains, a product is recalled - then everything changes. The FDA can demand every email, every log, every investigation report tied to that failure. That’s because 21 CFR 211.192 and 21 CFR 820.192 say companies must keep records of quality control investigations, deviations, and corrective actions. These aren’t protected. They’re mandatory. And the FDA will find them.
What Records Must Be Kept - And For How Long
Manufacturers don’t get to pick and choose what to save. The rules are strict:
- For drugs: CGMP records must be kept for at least one year after the product expires. If a pill’s expiration date is 2028, those records stay until 2029.
- For medical devices: Quality system records must be kept for the life of the device plus two years. A pacemaker made in 2023? Records stay until 2040.
These aren’t suggestions. They’re legal requirements. And they cover everything: batch production logs, equipment calibration records, validation protocols, training logs, and complaint investigations. Even handwritten notes from a technician checking a machine temperature? If it’s part of the process, it counts.
And here’s a key detail: records must be “contemporaneous.” That means written at the time the work happened. Backdating? Falsifying? That’s a red flag. In 2024, 22% of FDA warning letters cited this exact problem. Companies that wait until the day before an inspection to “fix” their logs are asking for trouble.
FDA Inspection Types - What Happens When They Show Up
Not all inspections are the same. The FDA uses three main types:
- Routine surveillance inspections - About 75% of all inspections in 2024. These are scheduled, predictable, and follow standard protocols. The FDA checks for CGMP compliance. They won’t ask for internal audit reports unless something looks off.
- For-cause inspections - 18% of inspections. Triggered by complaints, recalls, or bad data. These are serious. The FDA can demand every record, including internal audits, emails, and even HR files if they suspect a culture problem.
- Remote Regulatory Assessments (RRAs) - A newer tool. Finalized in July 2025, RRAs let the FDA review documents, watch live video feeds, or access read-only databases without sending inspectors on-site. RRAs don’t lead to Form 483s. But they’re becoming more common. In the first half of 2025, they made up 8% of all assessments - and that number is climbing.
Foreign facilities are under even more pressure. In 2023, only 12% of inspections there were unannounced. By the end of 2025, that number will jump to 35%. Domestic plants still mostly get scheduled visits - 92% of the time. But for factories overseas, the surprise visits are becoming the norm.
The Form 483 - What Happens After the Inspection
If the FDA finds issues, they leave behind Form FDA 483 - a list of observations. This isn’t a fine. It’s a notice: “We saw this. You need to fix it.”
Companies have exactly 15 business days to respond. Not 16. Not 20. Fifteen. And the response matters. The FDA doesn’t just want a promise. They want a plan. Root cause analysis. Corrective actions. Preventive steps. Evidence.
Companies that use the FDA’s recommended root cause method - digging deep into why the problem happened - close 89% of their Form 483s within six months. Those that give vague answers? Only 62% get cleared. And if you ignore the Form 483? The FDA can escalate. Warning letters. Import bans. Even criminal charges.
Real Problems Manufacturers Face
It’s not just about rules. It’s about people.
Merck’s QA manager, David Chen, said the 15-day response window crushes teams during peak production. “You’re trying to fix a machine, train staff, and write a 50-page response - all at once,” he said in a March 2025 forum thread.
Then there’s the confusion. Pfizer’s manufacturing director, Susan Martinez, found that 63% of quality teams over-disclose records because they don’t know what’s protected. They send internal audits to the FDA out of fear - even though the FDA shouldn’t ask for them. That’s a risk. If the FDA sees a pattern of problems in those reports, they might start demanding them in every inspection.
And it’s not consistent. A 2024 survey of 215 quality executives found that 41% got different answers from different FDA district offices. One office says internal audits are off-limits. Another says “we need to see them.” That inconsistency costs companies time, money, and stress.
How Companies Prepare - And How Much It Costs
Most big manufacturers now have full-time inspection readiness teams. The average company spends $385,000 a year just to get ready for FDA visits. That includes training, software, audits, consultants, and documentation systems.
Training new staff takes 6 to 9 months. Certification through RAPS (Regulatory Affairs Professionals Society) boosts readiness by 37%. Why? Because they learn the difference between a quality assurance audit (protected) and a quality control investigation (not protected). That distinction is everything.
And now, with Remote Regulatory Assessments growing, companies are investing in digital systems that let the FDA access records remotely - without giving them full control. That’s a game-changer. Facilities using RRAs cut inspection-related downtime by 65%. In 2025, 73% of Fortune 500 pharma companies had RRA-ready systems.
The Bigger Picture - Why This Matters
The FDA doesn’t inspect every plant every year. In 2024, they did 4,872 domestic and 1,219 foreign inspections. That’s less than half of all active facilities. So why do so many companies spend so much to be ready?
Because when the FDA comes, it’s not just about compliance. It’s about trust. A clean inspection record means your product can be shipped. A bad one? Delays. Recalls. Lost sales. And sometimes, lawsuits.
There’s also political pressure. In 2024, Congress introduced the Pharmaceutical Supply Chain Transparency Act. It would force the FDA to make some inspection findings public. The drug industry fights back, saying it would kill the safe space for internal audits. But patients and lawmakers want more visibility.
One thing’s clear: transparency isn’t going away. It’s getting tighter. Unannounced inspections. Remote reviews. Faster enforcement. Companies that treat inspection readiness as a cost center are falling behind. Those that build it into their culture - where every employee knows what’s documented, why, and when - are the ones that survive.
What You Can Do
If you work in manufacturing:
- Know the difference between internal audits (protected) and quality investigations (not protected).
- Train your team on contemporaneous recordkeeping. No backdating.
- Build a response playbook for Form 483. Practice it.
- Invest in digital systems that support RRAs. They’re not optional anymore.
- Don’t guess what the FDA wants. Ask. Get legal or regulatory advice if you’re unsure.
If you’re a patient or a consumer: you can’t access these records directly. But you can ask questions. Where was this drug made? Has this facility been inspected recently? Demand transparency - even if you can’t see the files, you can demand that the system be honest.
Can the public access FDA inspection records?
Yes - but not all of them. The FDA releases inspection reports, Form 483s, and warning letters through its website. You can search for inspection results by company name or facility location. However, internal quality audit reports, employee emails, and proprietary formulas are protected. The FDA won’t release those, even under FOIA requests, unless they’re tied to a safety violation.
What’s the difference between a Form 483 and a warning letter?
Form FDA 483 is a list of observations made during an inspection. It’s not a penalty - it’s a notice. A warning letter is the next step. It’s a formal, legally binding notice that the FDA believes the company has violated the law. Warning letters come after a company fails to respond adequately to a Form 483, or if violations are severe. Ignoring a warning letter can lead to product seizures, import bans, or criminal charges.
Do all manufacturers get inspected the same way?
No. Domestic facilities mostly get scheduled inspections. Foreign facilities are increasingly subject to unannounced visits - up to 35% by the end of 2025. The type of product also matters. Medical device plants face stricter recordkeeping rules than some drug makers. Biologics facilities, like those making vaccines, are inspected more often due to higher risk. And facilities with past violations get more frequent checks.
Can the FDA inspect a facility without notice?
Yes - but only under certain conditions. For-cause inspections (triggered by complaints, recalls, or bad data) are always unannounced. For foreign facilities, unannounced inspections are now a major strategy, rising from 12% in 2023 to 35% in 2025. Domestic facilities are rarely inspected without notice unless there’s an emergency or evidence of serious misconduct. Even then, the FDA must still follow legal procedures.
What happens if a company refuses an FDA inspection?
Refusing an FDA inspection is a federal offense under Section 301(f) of the FD&C Act. The FDA can issue a warning letter, block imports, or seize products. In extreme cases, company executives can face criminal charges. Between Q1 2024 and Q1 2025, warning letters for inspection refusals rose 17%. Companies that delay or deny access are now being targeted more aggressively than ever.
Chelsea Harton
January 15, 2026 AT 21:05why do they even make us care about this? i just want my pills to not kill me
Henry Ip
January 16, 2026 AT 04:50really appreciate this breakdown. i work in med device QA and the form 483 response window is brutal. having a playbook saved our team last quarter. just remember: contemporaneous means now, not tomorrow
Cheryl Griffith
January 16, 2026 AT 20:20i used to think this stuff was just corporate bureaucracy until my mom’s glucose monitor failed and the company couldn’t produce the calibration logs. turned out they’d been backdating entries for months. now i ask where every pill i take is made. it’s not paranoia, it’s basic safety
swarnima singh
January 18, 2026 AT 19:15so the fda lets companies hide their own mistakes? that’s so american. they protect profits over people. if you’re not perfect, you deserve to be exposed. why should anyone get a pass? this system is broken
Isabella Reid
January 19, 2026 AT 19:38the global inconsistency is wild. i worked in a plant in india and one inspector said internal audits were sacred, the next said ‘send everything’. we ended up hiring two different consultants just to survive the audit roulette. it’s exhausting but necessary
Nick Cole
January 20, 2026 AT 04:35rras are the future. we rolled out our remote access portal last year and our inspection prep time dropped from 6 weeks to 3 days. the fda gets what they need, we keep control of our systems. win-win. stop treating tech like a threat