FDA inspections are stressful and worrisome. Failed FDA inspection costs include sales revenue loss, stock price decline, and public embarrassment from FDA warning letters and FDA-483 observations.
Every so often, it’s good to recalibrate by looking at frequently asked questions when it comes to FDA inspections. I’ve gathered these questions, answers and tips over the past two years with clients, and with current and retired FDA officials. When reading through these FDA inspection FAQs, use your own best judgment or that of an FDA expert you’ve hired to help you succeed.
1. Does FDA look at and trend product liability litigation for food, drugs, medical devices, cosmetics, etc. in order to figure out which companies to inspect?
Yes. The FDA is not blind to reality. FDA’s charter is to protect public safety. If people, through product liability litigation, are having to take matters into their own hands to go after companies for putting ineffective or unsafe products on the market, FDA could be seen as not performing its task. So yes, FDA pays very close attention to product liability litigation.
- summarized from Lori Lawless, FDA, Office of Regulatory Affairs, and Larry Spears, retired FDA Deputy Director for Regulatory Affairs
2. How does an FDA investigator prepare for an inspection?
Prior to an inspection, the investigator(s) will create an inspection plan that is largely based on the following information:
- Any previous establishment inspection reports (EIRs)
- Any previous FDA Form 483 observations, especially those that require follow-up
- Company responses (to FDA-483s) and commitments
- Firm’s website (including product literature, executive profiles, physical location profiles, recent press releases, etc.)
- Consumer complaints that have come in since the last inspection
- Adverse events that have come in since the last inspection
- Any recalls or other field activities that have occurred since the last inspection
- Any product submissions and applications, specifically to find critical components or ingredients or processes that were of concern to FDA reviewers
- Online research through the web.
Online web research can be further broken into three main areas:
- Online videos of your products in use (including if consumers have posted videos comparing/contrasting to other competing products, etc.)
- Social media sites (especially for complaints about your product)
- Searches for your company name or product name(s) along with key words (such as “review” or “fraud” or “FDA”).
- summarized from Rachel Harrington, FDA, Office of Regulatory Affairs and Tim Wells, retired FDA Team Leader for the QSIT Project
An effective, independent FDA compliance gap analysis can help you pinpoint areas to strengthen in your compliance efforts before the FDA investigator arrives.
3. Is a follow-up inspection (a closeout inspection from a warning letter) still a “regular” inspection?
Yes. FDA investigators treat a closeout or follow-up inspection as a normal inspection. You can be cited for new or additional items.
- summarized from Lori Lawless, FDA, Office of Regulatory Affairs
4. Do pre-approval inspections (PAI) rely upon QSIT, and if so, what level are they?
PAI inspections are Level 2 QSIT inspections by default. FDA reviewers of a submission will identify areas of concern for the investigator to look at during the inspection (such as GCP data integrity controls). PAI inspections may cover everything from nonclinical supporting GLP-compliance, through GCP compliance, to GMP compliance, and even delve into how the company will monitor and control the product once it is approved and on the market.
- summarized from Lori Lawless, FDA, Office of Regulatory Affairs, Erin McFiren, FDA, Office of Regulatory Affairs, and Tim Wells, retired FDA Team Leader for the QSIT Project
A level 2 QSIT inspection is a comprehensive inspection, covering all four major quality system subsystems - management controls, development, CAPA, and production and process controls – as well as reviewing the remaining three subsystems (facilities and equipment controls, materials and supplier controls, and records controls) throughout as these three subsystems cut across all four major subsystems. Thus, 21 CFR 11 controls will be reviewed and inspected throughout the PAI, not just during review of the design and development (e.g., design control) subsystem. Learn more about the details of Level 2 QSIT inspections at the FDA: www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm244267.htm
5. Will FDA investigators ask for supplier audit reports?
FDASIA 2012 expressly granted FDA the power to require supplier audit reports during regular inspections (see Title VII of FDASIA). That said, by internal policy, FDA discourages investigators from asking for the report in the hopes that this will encourage firms to be more candid and clear in supplier audits. Unfortunately, as was painfully shown during the recent Heparin scandal, FDA’s hope has not panned out. Far too many firms conduct “meet and greet” supplier audits with little meaningful impact. Thus, increasingly FDA investigators are taking advantage of FDASIA’s new powers and requesting copies of supplier audit reports.
It should also be noted that FDA has always requested supplier audit reports under various conditions as identified in the FDA Compliance Policy Guide, section 130.300, FDA Access to Results of Quality Assurance Program Audits and Inspections (www.fda.gov/ICECI/ComplianceManuals/CompliancePolicyGuidanceManual/ucm073841.htm):
- During directed or “for cause” inspections of a sponsor or monitor of a clinical trial
- In inspections where access to such records is authorized by statute (such as FDASIA)
- When public safety is at risk
- In litigation (or in support thereof)
- When executing a search warrant
- When a firm’s internal audit program is insufficient or otherwise deemed ineffective by FDA.
This last point is often overlooked. Technically, if the FDA investigator writes down a Form FDA-483 observation that a firm’s quality audit program is insufficient, the FDA investigator can then review the firm’s supplier audit reports. (Note: Personally, I’m not aware of any incidents where this has occurred, and so I encourage you to be cognizant that an effective quality system audit program is necessary to show FDA you are overseeing your suppliers appropriately.) It is thus in a firm’s interest to ensure that it has a robust, FDA supplier audit program that can withstand both FDA investigator and product liability litigator scrutiny.
Finally, always remember that FDA counts any corrective actions from supplier audits as CAPA documentation and freely open to review by any FDA investigator.
- summarized from Lori Lawless, FDA, Office of Regulatory Affairs, and Rachel Harrington, FDA, Office of Regulatory Affairs
6. How does computer validation play into regular inspections?
As of the end of 2013, FDA’s special enforcement of 21 CFR 11 (e.g., "Part 11") is still ongoing.
Part 11 will come up throughout an inspection as it is a regulation that cuts across all quality system subsystems. If records are used or kept in digital form, or if a computerized system is used to automate a regulated process (such as production, lab testing, etc.), then the FDA investigator will ask Part 11-relevant questions.
FDA looks to see if you are verifying the functions that you use of a software or a computerized system in your environment, especially those functions related to data integrity. For instance, with a spreadsheet macro, the FDA investigator will expect to see a simple verification of your use of the macro in your environment, documented with a validation protocol, document testing, and a summary report. Do not validate Excel, just the use of the macro within your environment. Questions that the FDA investigator might ask include: How do you know the results of the macro are correct? Are complete? Did not drop off various data inputs? and so forth. These types of Part 11 validation are the ones to concentrate on.
- summarized from Lori Lawless, FDA, Office of Regulatory Affairs, and David Chesney, retired FDA District Director
7. How does FDA handle a situation when – during photo taking during the inspection – confidential patient information and/or trade secret information is accidentally captured in the photograph?
FDA treats all photographs, videos, documents, notes, etc. as confidential. All such items go through FOIA to redact such sensitive information before they are released.
- summarized from David Chesney, retired FDA District Director
Personally, I suggest you consider making sure to identify in your inspection notes what photographs the FDA investigator took; if possible, take a similar photograph. Then, in your response to the inspection, make sure to identify the photograph and any specific confidential or trade secret information that may have inadvertently been captured by the FDA photograph. This will help FDA to redact the appropriate information while providing you some degree of assurance that they understand and acknowledge the situation.
8. Where is FDA on adapting or accepting remote or online/virtual inspections? Is FDA ready for online/remote inspections like a number of other notified bodies?
FDASIA 2012 granted FDA the power to conduct remote and even online/virtual inspections. However, FDA is currently not positioned to take advantage of this. The agency is planning to start a pilot program wherein part of the inspection will be conducted remotely (e.g., remote document review) followed by a briefer onsite inspection portion.
Keep in mind that at its core, FDA is a regulatory enforcement agency. As such, during inspections, it is technically collecting evidence. For companies doing all the right things, it is in their interest to have FDA investigators physically visit and see firsthand how well the company is doing. For firms with more … “soft” …. approaches to compliance, a remote or online/virtual inspection has less of a chance to uncover gaps. FDA is well aware of this. In order to address this, expect FDA over the next few years, to take a two-step approach to an inspection: part one is a remote review of policies, SOPs, etc., (presumably through PDFs sent to the agency); this will then inform and shape part two, the onsite inspection.
- summarized from Lori Lawless, FDA, Office of Regulatory Affairs, and Rachel Harrington, FDA, Office of Regulatory Affairs
When I conduct FDA compliance gap and remediation analyses, I prefer this two-step approach because it provides a high degree of efficiency, effectiveness, and enhanced ROI for everyone involved.
9. What are “management discussion items” and what are the implications to a firm?
Management discussion items are non-compliance observations not written onto the Form FDA-483. Management discussion items are compliance deviations that the FDA investigator believes to be of lesser significance than the documented 483s.
Management discussion items can still end up as warning letter citations because the FDA district office or FDA head office believes they are more serious than originally assumed. Thus, if you address management discussion items in your response to FDA, you may want to notify the district that you are working to resolve the items as well as the written 483 observations.
Keep in mind that to FDA, as long as an observation of non-compliance was documented in the FDA investigator’s notes, written on a Form FDA-483, or spoken about to a firm's management, FDA considers the observation “documented by FDA.” FDA is, at its heart, an enforcement agency collecting evidence when it conducts an inspection.
Finally, be aware that management discussion items can be treated as repeat violations if found again in a follow-up or a second FDA inspection.
- summarized from Rachel Harrington, FDA, Office of Regulatory Affairs, Erin McFiren, FDA, Office of Regulatory Affairs, and David Chesney, retired FDA District Director
10. How long after an inspection will we receive a copy of the EIR (Establish Inspection Report) and/or any warning letter?
Technically, up to 45 days after the inspection. In reality, depending on the type, depth, and other FDA inspection conditions, it can be up to 3-6 months after the FDA investigator leaves. Nonetheless, your FDA inspection response and remediation plan is still due to the agency within 15 business days after departure of the FDA investigator.
- summarized from Lori Lawless, FDA, Office of Regulatory Affairs, Tim Wells, retired FDA Team Leader for the QSIT Project, and Larry Spears, retired FDA Deputy Director for Regulatory Affairs