Manufacturing Transparency: How to Access FDA Inspection Records

When you take a pill, use an inhaler, or get a vaccine, you expect it to be safe. But have you ever wondered who makes sure the factory that produced it didn’t cut corners? The answer lies in FDA inspection records-the behind-the-scenes documents that show whether a manufacturer followed the rules. For companies making drugs, medical devices, or biologics, transparency isn’t optional. It’s enforced by law. And for anyone working in manufacturing, understanding how these records work can mean the difference between a clean audit and a shutdown.

What the FDA Can See-and What It Can’t

The U.S. Food and Drug Administration doesn’t just show up and ask for paperwork. It has legal authority under Section 704(a)(1) of the Federal Food, Drug, and Cosmetic Act to inspect any facility making products for human use. That includes drug plants, medical device factories, and biologics labs. But here’s the twist: not every document inside those facilities is open for review.

The FDA can demand access to production logs, validation records, deviation reports, and corrective action plans (CAPA). These are the raw records of what happened on the floor-when a batch was made, what went wrong, and how it was fixed. If a machine overheated during production, and someone wrote down the fix, that’s fair game.

But internal quality audits? Those are often protected. Under Compliance Policy Guide (CPG) Sec. 130.300, the FDA generally avoids reviewing internal audit reports if they’re part of a company’s own quality system. Why? Because regulators want companies to be honest with themselves. If every slip-up in an internal audit became a public violation, companies might stop doing audits altogether. The goal is to encourage self-correction, not punishment.

This creates a gray area. One company might think it’s sharing everything. Another might hold back audit findings, thinking they’re safe. But if an FDA inspector finds a product failure, suddenly those same audit reports can become fair game. The line between protected audits and required investigations is thin-and it shifts depending on the type of inspection.

Types of Inspections, Different Rules

Not all FDA inspections are the same. In 2024, about 75% of pharmaceutical inspections were routine surveillance checks. These are scheduled, predictable, and follow standard protocols. The FDA looks at records, talks to staff, and checks for obvious violations. Internal audit reports? Usually off-limits.

Then there are “for-cause” inspections-about 18% of all inspections. These happen when the FDA gets a tip, a complaint, or sees a pattern of problems. In these cases, the agency can demand everything. That includes internal audit reports, employee emails, even confidential risk assessments. If a company has hidden a recurring issue in its private audits, this is when it comes to light.

And now, there’s a third type: Remote Regulatory Assessments (RRAs). Introduced in July 2025, RRAs let the FDA review records digitally-without sending an inspector on-site. Companies might be asked to grant read-only access to their quality management systems, share electronic logs, or participate in video walkthroughs. RRAs don’t result in Form 483s (the official list of inspectional observations), but they’re becoming more common. By Q1 2025, 73% of Fortune 500 drugmakers had already built systems to handle them.

Foreign facilities are under even more pressure. In 2023, only 12% of inspections there were unannounced. By the end of 2025, that number will jump to 35%. The FDA is no longer waiting for appointments. They’re showing up unannounced to catch real-time operations, not rehearsed performances.

What Records Must Be Kept-and For How Long

It’s not enough to just have records. You have to keep them long enough for the FDA to find them later.

For drug manufacturers, 21 CFR 211.180 says you must keep CGMP records for at least one year after the product’s expiration date. If you made a batch of insulin that expires in June 2027, you need to keep its production logs until June 2028. For medical devices, it’s even longer: 21 CFR 820.180 requires records to be kept for the life of the device plus two years. That means if you make a pacemaker that lasts 15 years, you’re responsible for its records for 17 years.

The FDA doesn’t just want the final report. They want contemporaneous records. That means documentation created at the time of the event-not backfilled a week later. In 2024, 22% of warning letters cited this exact issue. Someone wrote down a temperature reading after the fact. The FDA flagged it as falsification.

And if something goes wrong? You need a full investigation. That’s not optional. Under 21 CFR 211.192, every complaint, deviation, or out-of-spec result must be documented, investigated, and closed out. These records are always open to inspection. Even if you think you fixed it quietly, the FDA can still see it.

What Happens When the FDA Finds Something Wrong

If the inspector spots a problem, they’ll hand you Form FDA 483-officially called the “Notice of Inspectional Observations.” It’s not a fine. It’s not a shutdown. But it’s a red flag.

You have exactly 15 business days to respond. No extensions. No excuses. The FDA expects a root cause analysis, a plan to fix it, and proof it won’t happen again. Companies that follow the FDA’s recommended approach-detailed root cause analysis, verification steps, and training updates-close out 89% of these observations within six months. Those who rush it? Only 62% succeed.

The response isn’t just paperwork. It’s a conversation. A vague answer like “we’ve trained staff” won’t cut it. You need dates, names, documents, and evidence. Did you update the SOP? Attach it. Did you retrain five people? List them. Show the training log.

And if you ignore it? The FDA can escalate. Warning letters, import alerts, consent decrees, even criminal charges. In Q1 2025, the number of warning letters for delaying or denying inspection access jumped 17% compared to the same period last year.

What Companies Are Doing to Get Ready

Manufacturers aren’t waiting for inspections to happen. They’re building systems to be ready at all times.

Most large companies now have dedicated inspection readiness teams. According to a 2025 study of 120 facilities, the average company spends $385,000 a year just preparing for inspections. That’s training, software, audits, consultants-all to make sure nothing surprises them.

One common mistake? Confusing internal audits with quality investigations. A quality assurance team might run monthly audits to check compliance. But if a batch fails sterility testing, that’s a quality investigation-and it’s not protected. Many companies over-disclose, handing over audit reports out of fear. Others under-disclose, thinking they’re safe. Both lead to problems.

A 2024 survey of 215 quality professionals found that 41% had seen different FDA district offices interpret the rules differently. One office might ask for an audit report. Another might refuse. There’s no universal playbook. That’s why companies are investing in training. Certification through RAPS (Regulatory Affairs Professionals Society) improves inspection readiness by 37%, according to industry data.

The learning curve is steep. New hires typically need 6 to 9 months to fully understand what records are required, what’s protected, and how to respond to an FDA request. And it’s not just about knowing the rules. It’s about knowing how to find the right file in seconds when an inspector walks in.

The Bigger Picture: Why Transparency Matters

Transparency isn’t just about avoiding penalties. It’s about trust. When a company openly shares its quality data, patients, doctors, and regulators can have confidence. When records are hidden or inconsistent, it raises questions.

Congress is pushing for more openness. The 2024 Pharmaceutical Supply Chain Transparency Act proposed making certain inspection findings public. The drug industry fought back, arguing that public disclosure would kill the culture of honest self-auditing. The FDA hasn’t adopted the bill-but it’s watching.

Meanwhile, the agency is moving toward digital systems. Its 2025-2027 Strategic Plan aims to cut inspection cycle times by 25% using better electronic records. Companies that digitize their quality systems are already seeing results: those using Remote Regulatory Assessments reduced production downtime by 65%.

The message is clear: if you’re making medicine, you’re being watched. And the rules aren’t getting softer. They’re getting smarter, faster, and more global.