Introduction
FDA inspections are an unavoidable and critical process in the pharmaceutical, medical device, and food industries. For companies experiencing their first inspection, it can be a challenging endeavor accompanied by tension and anxiety. This article provides a detailed explanation of the most important points to focus on during FDA inspections and outlines a path to success.
Fundamentals of FDA Inspections
Types and Frequency of Inspections
The FDA conducts multiple types of inspections, each with different objectives.
Pre-Approval Inspections (PAI) are conducted when a New Drug Application (NDA), Abbreviated New Drug Application (ANDA), or Drug Master File (DMF) is being utilized for the first time, or before other approval applications are submitted. These inspections verify whether the facility has appropriate conditions to manufacture products and whether the data listed in the application are accurate. Typically, the FDA dispatches two investigators: one GMP generalist and one specialist in a specific field (such as a chemist, microbiologist, or engineer).
Post-Approval Inspections are conducted within 6 to 24 months after approval to monitor changes in production and control practices. The scope of post-approval inspections is determined by the manufacturer’s pre-approval inspection and compliance history.
Routine Surveillance Inspections are mandated by the Federal Food, Drug, and Cosmetic Act, requiring that registered drug manufacturing facilities in the United States undergo FDA inspection at least once every two years. For medical devices, Class II foreign facilities are generally inspected once every four years. However, inspection frequency may increase if issues were identified in previous inspections, if there are significant changes to manufacturing methods or new processes, or if processes are particularly complex.
For-Cause Inspections are conducted when specific problems, complaints, or incidents occur, allowing the FDA to identify the cause.
Compliance Follow-up Inspections are conducted to verify whether situations have improved after previous regulatory violations.
Advance Notice and Inspection Methods
Inspection subjects may or may not receive advance notice. For pre-approval inspections, the FDA typically contacts the target company 2 to 4 months in advance to confirm inspection timing and plan the trip. However, for routine surveillance inspections or for-cause inspections, investigators are not obligated to provide advance notice and may arrive unannounced. Particularly for food manufacturing facilities, the FDA announced in May 2025 the expansion of unannounced inspections of foreign manufacturing facilities, making unannounced inspections the norm.
Upon arrival at a facility, investigators are obligated to present FDA Form 482 (Notice of Inspection). Companies should request this if it is not presented. Investigators must also present official FDA credentials for verification. Form 482 clearly states what investigators can do (enter facilities, observe, collect samples, interview staff, and review records related to regulated product manufacturing) and what information they cannot obtain (personal information (excluding training records), financial statements, sales data (excluding shipment data), pricing data, and research records).
1. Thorough Understanding of Regulatory Requirements
Why Understanding Regulatory Requirements is Important
The key to successful FDA inspections lies in a deep understanding of regulatory requirements. Superficial knowledge is insufficient. Regulatory requirements are constantly evolving, necessitating constant awareness of the latest standards. Misunderstandings or incomplete understanding can lead to serious findings or penalties.
Throughout its history, the FDA has had various focus areas and has provided various guidance. While these are not necessarily clearly stated in compliance programs or regulatory requirements, they must be understood through trend analysis of Warning Letters and Form 483s. FDA inspection trends change over time, with data integrity inspections receiving particular emphasis in recent years.
Key Regulatory Documents
In the pharmaceutical field, the Current Good Manufacturing Practice (cGMP) regulations found in 21 CFR Parts 210 and 211 are central regulatory requirements. These define specific requirements for processes including manufacturing, packaging, storage, and testing. Additionally, 21 CFR Part 11 regarding electronic records and electronic signatures is important as it forms the foundation of data integrity.
In the medical device field, the Quality System Regulation (QSR) found in 21 CFR Part 820 applies. This comprehensively stipulates design control, purchasing control, process validation, corrective and preventive action (CAPA), and more.
In the food field, the Food Safety Modernization Act (FSMA), enacted in 2011, applies. FSMA applies to all foods distributed in the United States (including imported foods) and emphasizes preventive control measures.
Harmonization with International Standards
In Japan, the concept of data integrity was codified in the revised GMP ministerial ordinance enforced in August 2021, and findings related to data integrity have been increasing in inspections by regulatory authorities. Additionally, with Japan’s accession to the Pharmaceutical Inspection Co-operation Scheme (PIC/S), more objective and rational verification and management have been required.
Even companies that have obtained ISO 9001 or ISO 13485 (for medical devices) are frequently cited by the FDA. While these international standards form the foundation of GMP and QSR, FDA requirements are more detailed and specific, making standard certification alone insufficient. Data shows that even average ISO-certified companies achieve only about 20% response rate on over 550 questions when conducting gap analysis with QSR.
Practical Advice
To deepen understanding of regulatory requirements:
It is essential to regularly check the latest FDA regulatory information. Regularly review the FDA website (https://www.fda.gov), guidance documents, and Warning Letter databases to understand the latest inspection trends. The FDA publishes Form 483 statistical data by fiscal year in Excel file format, allowing analysis of which regulatory areas receive the most citations.
It is important to improve all staff members’ regulatory literacy through in-house training programs. In particular, deepen understanding of quality manuals and Standard Operating Procedures (SOPs) and prepare to explain your area of responsibility without hesitation during inspections.
Seeking regular advice from external consultants or experts is also effective. Companies experiencing their first FDA inspection or those with previous findings should consider conducting mock inspections by experts. Typical FDA inspection preparation projects take 10 months to 1.5 years, so preparing after receiving inspection notification is too late. Advance preparation with sufficient lead time is recommended.
Thoroughly reading the FDA’s Investigations Operations Manual (IOM) is also important. The IOM summarizes key guidance on FDA inspection policies and procedures for field investigators and inspectors, allowing companies to understand the perspective from which inspectors will evaluate.
2. Thorough Data Integrity
Why Data Integrity is Important
Data reliability and accuracy are among the most critical aspects of FDA inspections. Inaccurate or incomplete data can undermine trust in product safety and quality. Inappropriate data management can lead to serious regulatory violations, potentially resulting in Warning Letter issuance, import bans, product recalls, and even criminal prosecution.
Data falsification, data fabrication, and other inappropriate data-related conduct are occurring globally, and the number of Warning Letters issued by the FDA citing data integrity concerns continues to increase. From 2024 to 2025, data integrity-related findings remain one of the most critical items in inspections.
ALCOA Principles and ALCOA+
The fundamental principles of data integrity are known as the ALCOA principles. ALCOA was created by FDA investigators in the early 1990s and consists of the following five requirements:
A – Attributable: All data (records) must clearly indicate “who and when” they were created. Attributability is ensured when the recorder and the time of recording are properly presented. Data without demonstrated attributability lack credibility.
L – Legible: Data must be legible and understandable. They must remain readable throughout the retention period. Handwritten records must be clearly written, and electronic records must be stored in appropriate formats.
C – Contemporaneous: Data generation and recording must be simultaneous. Recording must occur at the time of the event. Retrospective recording should be avoided due to risks of memory inaccuracy or intentional alteration.
O – Original: Data must be original, not copies or transcriptions. The information initially captured (raw data) must be preserved.
A – Accurate: Data must be accurate. The content of records must be accurate relative to facts. Accuracy is a fundamental premise of data integrity.
Furthermore, there is the concept of ALCOA+ (ALCOA Plus), which adds four items (CCEA) to ALCOA, adopted by PIC/S guidance and other international regulatory authorities. Japan’s GMP ministerial ordinance also requires ensuring data integrity based on ALCOA+ principles. The four additional items are:
C – Complete: Records must exist that can reproduce events. This refers to a state where all necessary information is completely present. Management of storage including metadata is important.
C – Consistent: Data must be consistent without contradictions. The content and meaning of data must be consistent throughout the data lifecycle.
E – Enduring: Data must endure throughout the retention period. The same data should be obtainable no matter how many times it is measured.
A – Available: Data must be available when needed. A state where data can be promptly accessed when necessary must be maintained.
Evolution to ALCOA++
In regulatory documents from 2021 onward, the concept of ALCOA++, which adds traceability to ALCOA+, has been adopted by the European Medicines Agency (EMA). Specific traceability requirements demand tracking the entire lifecycle of data from generation to destruction. The 2023 revision of EU GMP Annex 11 mandates audit trail integrity and electronic record traceability, requiring implementation of encrypted audit trails as a tamper-prevention measure.
Key Guidance on Data Integrity
Regulatory authorities in various countries and international organizations have issued guidance on data integrity:
FDA: In 2016, issued draft guidance “Data Integrity and Compliance With Drug CGMP,” clarifying data integrity requirements in relation to 21 CFR Part 11.
PIC/S: Guidance “Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1)” issued July 1, 2021, is the most comprehensive, providing detailed examples of data integrity risks and controls. PIC/S guidance states that data integrity is key to Good Documentation Practices (GDocPs) ensuring document and record integrity.
WHO: The 2016 version TRS 996 Annex 5 provides detailed stipulations and comprehensive guidance on ALCOA principles, with many experts recommending continued use as an implementation guideline.
MHRA (UK): In 2018 guidance, adopted “ALCOA” as an official standard and positioned CCEA as an implicit requirement.
Japan: The concept of data integrity was codified in the revised GMP ministerial ordinance enforced in August 2021.
Specific Measures
Strict Implementation of Electronic Record Management Systems:
Electronic record and electronic signature systems compliant with 21 CFR Part 11 must be implemented. Systems should have the following functions:
- Individual user authentication via user IDs and passw…
Comment