When you take a pill, inject a vaccine, or use a medical device, you assume it’s safe. But who makes sure it actually is? The answer lies in manufacturing transparency-and the FDA’s ability to inspect and access records from drug and device factories around the world. This isn’t about secret files or hidden audits. It’s about trust, accountability, and what companies are legally required to show when the FDA walks through their doors.
What the FDA Can and Cannot See
The FDA doesn’t have free rein over every document a manufacturer keeps. Under Compliance Policy Guide (CPG) Sec. 130.300, the agency generally avoids reviewing internal quality assurance audits. These are the reports companies write for themselves-think of them as honest self-checks done to find problems before they become public. The FDA allows this because it encourages companies to be open with themselves. If they knew every internal mistake would be published, they’d stop doing them.
But here’s the catch: if a product fails, a customer complains, or a batch goes off-spec, that’s a different story. Those investigations? The FDA can-and will-demand them. Same with production logs, validation records, and CAPA (Corrective and Preventive Action) files. These aren’t internal opinions. They’re evidence of how a company actually responds to real problems.
It’s not about hiding mistakes. It’s about distinguishing between internal reflection and real-world compliance. One is a tool for improvement. The other is proof you’re following the rules.
Record Retention: How Long Do They Keep It?
Manufacturers don’t just hand over files on demand. They’re legally required to keep them. For drugs, the rule is simple: keep CGMP records for at least one year after the product expires. That means if a bottle of insulin expires in June 2027, the factory must hold onto every batch record, environmental log, and equipment calibration sheet until at least June 2028.
Medical devices are stricter. Under 21 CFR 820.180, companies must keep quality system records for the entire lifespan of the device, plus two more years. If you implanted a pacemaker in 2020 that lasts 15 years, the manufacturer must keep records until 2037. That’s not just paperwork-it’s a legal commitment to long-term safety.
And these records must be contemporaneous. No backdating. No guessing. If a technician adjusts a machine at 2:17 p.m., that timestamp needs to be in the system at 2:17 p.m. In 2024, 22% of FDA warning letters cited backdated or incomplete records. That’s not a clerical error-it’s a red flag for systemic failure.
Inspection Types: Routine vs. For-Cause
Not all FDA inspections are the same. In 2024, about 75% of pharmaceutical inspections were routine surveillance checks. These are scheduled, predictable, and follow a standard checklist. The FDA looks at key areas: raw material testing, equipment cleaning, environmental controls, and deviation logs. They won’t ask for internal audit reports unless something looks off.
Then there’s the other 25%. About 18% are “for-cause” inspections-triggered by complaints, adverse events, or previous violations. In these cases, the FDA can demand everything: internal audits, emails, whistleblower reports, even Slack messages if they’re relevant. The agency doesn’t need a warrant. Under Section 704(a)(1) of the FD&C Act, they have the legal right to walk in and take what they need.
And foreign facilities? That’s where things are changing fast. In 2023, only 12% of inspections abroad were unannounced. By the end of 2025, that number will jump to 35%. The FDA is tired of waiting for notice. They want to see what’s really happening-not what’s been cleaned up for the visit.
The Paper Trail: FDA Form 482 and Form 483
When an FDA inspector arrives, they hand out Form FDA 482: the Notice of Inspection. It’s not optional. Refusing to accept it is a violation. Then they start asking questions, reviewing records, and taking photos.
If they find problems, they issue Form FDA 483: the Notice of Inspectional Observations. This isn’t a fine. It’s a list of what they saw that didn’t meet standards. Maybe a machine wasn’t calibrated. Maybe a batch was released without full testing. Maybe records were missing.
Companies have exactly 15 business days to respond. Not 16. Not 20. Fifteen. And the response has to be detailed-root cause analysis, corrective actions, prevention steps. Companies that follow the FDA’s recommended methodology close 89% of these issues within six months. Those that rush it? Only 62% succeed.
And here’s the kicker: if you ignore a Form 483, or if your response is weak, the FDA can escalate. That means a warning letter, a consent decree, or even a shutdown. In Q1 2025, warning letters for failing to respond to inspections rose 17% year-over-year.
Remote Inspections Are Here
Since July 2025, the FDA has been using Remote Regulatory Assessments (RRAs). No inspectors on-site. Just secure access to digital records, video walkthroughs of equipment, and live Q&A sessions with quality teams.
RRAs aren’t replacements for physical inspections. But they’re becoming a tool to reduce downtime. Facilities that adopted RRAs cut inspection-related production delays by 65%. That’s huge for manufacturers trying to keep supply chains running.
Forty percent of Fortune 500 pharma companies now have RRA-ready systems. That means cloud-based record storage, real-time data feeds, and audit trails that can be accessed on demand. It’s not about spying-it’s about efficiency. If you can prove compliance remotely, why force an inspector to fly halfway across the world?
What Manufacturers Are Actually Doing
Companies aren’t waiting for the FDA to catch up. They’re spending money-$385,000 a year on average-to get ready. That’s dedicated teams, training, software, and consultants. About 78% of manufacturers now have inspection readiness programs.
But confusion still exists. A 2024 survey of 215 quality professionals found that 41% had seen different FDA district offices interpret the CPG Sec. 130.300 rule differently. One office lets you keep internal audits private. Another asks for them anyway. That inconsistency creates risk. Some companies, afraid of getting in trouble, over-disclose. A Pfizer survey found 63% of quality teams shared more than they had to.
Training helps. Getting certified through RAPS (Regulatory Affairs Professionals Society) improves inspection readiness by 37%. New hires typically need 6 to 9 months to fully understand what’s required. It’s not just about rules-it’s about culture. The best companies don’t treat inspections as a threat. They treat them as a chance to prove they’re doing things right.
What’s Next?
The pressure to make manufacturing transparency public is growing. In 2024, Congress introduced the Pharmaceutical Supply Chain Transparency Act, which would require the FDA to release certain inspection findings online. The pharmaceutical industry, through PhRMA, pushed back hard, arguing it would kill the safe space for internal audits.
The FDA’s own 2025-2027 plan aims to cut inspection cycle times by 25% using better digital systems. They’re also cracking down harder on companies that refuse access. Section 301(f) of the FD&C Act bans denying or delaying inspections. In 2025, enforcement actions for this alone jumped 40%.
Manufacturing transparency isn’t about surveillance. It’s about safety. The FDA doesn’t need to see every email or every brainstorming session. But it does need to see that when something goes wrong, the company fixes it-and documents it. That’s the line between a responsible manufacturer and a risky one.
If you work in pharma or medical devices, your records aren’t just paperwork. They’re your defense. Your proof. Your license to operate.
Can the FDA inspect my facility without warning?
Yes. For foreign facilities, the FDA is increasing unannounced inspections to 35% of all inspections by the end of 2025. For domestic facilities, most inspections are scheduled, but the FDA can still conduct unannounced checks if there’s a reason to suspect a serious violation-like a product recall or a whistleblower complaint.
What happens if I don’t respond to a Form FDA 483?
Ignoring a Form 483 is a serious mistake. The FDA will likely issue a warning letter, which becomes public. If you still don’t fix the issues, you could face a consent decree, import alerts, or even a shutdown. Companies that respond with thorough root cause analysis have an 89% closure rate within six months. Those that don’t? Only 62% succeed.
Are internal quality audit reports protected from FDA review?
Yes-under CPG Sec. 130.300, the FDA generally does not review internal quality assurance audits conducted as part of a company’s written quality program. But this protection only applies if the audit is truly internal and not tied to a product failure. If an audit leads to a deviation, complaint, or CAPA, those records become fully accessible to the FDA.
How long must I keep manufacturing records?
For drugs, keep CGMP records for at least one year after the product’s expiration date. For medical devices, keep quality system records for the device’s entire lifespan plus two additional years. Records must be contemporaneous-written at the time the activity occurred. Backdating is a common reason for FDA warning letters.
Can the FDA inspect my facility remotely?
Yes. Since July 2025, the FDA has been using Remote Regulatory Assessments (RRAs), which allow inspectors to review digital records, conduct video walkthroughs, and hold live interviews without being on-site. RRAs don’t replace physical inspections but can reduce downtime by up to 65%. Companies with RRA-ready systems are now the norm among major manufacturers.
What’s the difference between a routine and a for-cause inspection?
Routine inspections are scheduled and focus on standard compliance areas like equipment maintenance and batch records. They usually don’t include internal audit reports. For-cause inspections are triggered by complaints, recalls, or previous violations. In these cases, the FDA can demand everything-including internal audits, emails, and whistleblower reports. They have broader authority and are far more invasive.
Final Thoughts
Manufacturing transparency isn’t about fear. It’s about proof. The FDA doesn’t want to shut you down. They want to know you’re doing the right thing-even when no one’s watching. The records you keep, the way you respond to problems, the honesty in your CAPA reports-those are the things that keep your products on the shelf and your customers safe.
Those who treat inspections as a hurdle will always be one step behind. Those who build transparency into their culture? They don’t just survive inspections. They thrive because they’ve already fixed the problems before the FDA even showed up.
