Strategies for Surviving an FDA Audit

Posted on Lab Compliance. 10 October, 2019

As part of its mission to ensure public safety, the FDA inspects manufacturers or processors of FDA-regulated products to verify that they comply with relevant regulations. The FDA also inspects facilities that conduct clinical trials with humans and laboratories that conduct studies with animals or microorganisms when these studies are used to apply for FDA approval of a medical product. A typical inspection will last for 2-3 days.

In the United States, the FDA is not required to provide advance notice of an inspection. In facilities where violations were noted during a previous inspection, the FDA will likely provide no advance notice. If your last inspection was without violation or if this is a pre-approval visit, however, you will likely be given notice of an impending inspection.

There are few events that engender as much anxiety for company stakeholders as an FDA audit. Are you prepared for when the FDA shows up at your front door? Do your employees know how to interact with FDA inspectors when they are on site? Do you have Standard Operating Procedures (SOPs) in place for handling an FDA audit?

Surviving an FDA audit can be significantly less daunting if you know what to expect and have a strategy in place to ensure the best possible outcome. In this blog, we will provide best practice guidelines to help you prepare for an FDA inspection, as well as understand how to best interact with the inspector – both while they are on site and post-inspection.

Pre-Inspection Best Practices

There are a number of best practices that are important to accomplish prior to any FDA inspection.

Understand the Regulations. The most important preparation is to be knowledgeable about FDA regulations and compliant with them in your daily operations. We have discussed a number of FDA Guidance documents and compliance best practices in previous blog posts. These include:

Know the Types of Audits. The FDA conducts several types of inspections in its efforts to protect consumers from unsafe products:

  • Pre-approval inspections occur after a company submits an application to the FDA to market a new product.
  • Routine inspections of regulated facilities are the most common type of audits performed.
  • “For-cause” inspections can occur when a specific problem has come to the attention of the FDA.

FDA inspectors follow Compliance Policy Guides (CPGs) that detail the steps involved in each type of inspection, although they do not limit the activities of an inspector. Understanding the type of inspection to be conducted and referencing the appropriate CPG will help you know the length of time inspectors will be at your facility and the type of documentation that you will need to provide for their review.

Make a Plan. Best practice is to have inspection procedures in place in the form of SOPs that describe when and how to act in response to an FDA audit. These SOPs should cover every aspect of the inspection – inspection preparation, arrival of the inspector, conduct of personnel during an inspection, handling any disputes that may arise, system for tracking document requests by the inspector, and the final meeting with the inspector to discuss results. If you don’t already have inspection SOPs in place, it may be helpful to consult with a qualified third party to create them.

Designate an Inspection Team. It is likely that the investigator(s) will need to interact with several key personnel in your organization during the inspection. Best practice is to determine who those stakeholders are in advance, assign each team member’s roles and responsibilities, and train them on your organization’s approach to the audit. It is also important to assign someone to be the investigator’s key contact that will escort them to locations throughout your facility. Make sure this person has the knowledge and authority required to speak to any concerns and/or requests that arise.

Conduct Internal Inspections. Best practice is to periodically perform thorough internal inspections and audits of your facility and systems to assess compliance status prior to an FDA visit. One approach to accomplish this is using internal resources knowledgeable about regulatory compliance who also have experience with real audits to lead an internal audit. This should be considered as significant as an official regulatory agency audit and executed as thoroughly. Another approach is to engage a third party consultants with expertise to assess compliance status.

Inspection Best Practices

The first thing to do when the inspector(s) arrive is to check his or her identification:  the inspector is obligated to show you their credentials. Other best practice recommendations:

Notify Employees. If you did not receive advance notice of the inspection, alert all potentially affected employees as quickly as possible that the FDA is on-site and that they should follow company protocol detailed in your SOPs when asked questions.

Designate Appropriate Workspace. Designate an area for the inspector to work. This space should be quiet, private and comfortable – a separated conference room is typically a good choice. It is wise to avoid placing the inspector(s) in an office where there is a lot of traffic and external activity.

Establish Open Communication. It is important to establish open communication between your company representatives and the FDA examiner(s). Cooperate with FDA inspectors and do not impede their progress or engage in idle conversation. It is important that company representatives provide answers specific to what is asked. Remember that you are the host. Be polite, avoid confrontation, and do not challenge of the inspector’s understanding of regulations. If challenges are warranted, they are only relevant in writing as responses to the written contents of the audit report. Request a brief update meeting with the FDA inspector at the end of each day to stay informed of inspection progress and any issues that have arisen. It is important to respond to questions and clarify any issues as they arise during the inspection.

Develop an Audit Dossier. Collect copies of files or samples submitted, along with any updates provided by FDA examiners and other important details, in an audit dossier throughout the inspection process. This will identify the specific support material used during the audit and help you track any issues that are identified so you can develop an appropriate response.

Understand FDA Jurisdiction. In order to protect your company’s trade secrets and proprietary information, there are restrictions on the types of files that FDA inspector can access. Files containing the following are restricted:

  • Business plans
  • Financial records, including most sales data
  • Pricing information
  • Unrelated Research & Development
  • Personnel files

If an FDA investigator asks for something that you believe in on this restricted list, you can request a conversation to obtain clarity on why the documentation is being requested.

Develop a System for Handling Requested Records. Best practice is to develop a back room/front room operation to fulfill and track document requests as quickly as possible. Review a requested record before sending it to the inspector to verify it is complete. Once the inspector reviews a record, remove it from the inspection workplace. Be honest and forthcoming fulfilling records requested by the inspector.

Post-Inspection Best Practices

Schedule a Closeout Meeting. A closeout meeting should be held at the conclusion of the FDA inspection to discuss findings that includes company senior management, members of the Inspection Team, and all FDA inspectors. This meeting should encourage dialog. The inspector will document any compliance deviations observed during the inspection using an FDA Form 483. The contents of Form 483 should be reviewed and discussed in this meeting to make sure there is full understanding of the observations and what they mean.

Formulate an FDA Form 483 Response. Your company must provide a formal response to the FDA Form 483 observations in writing within 15 days of your closeout meeting. Your response should be clear, concise, and thorough, and include:

  • A compliance commitment statement from company management.
  • A separate response addressing each observation.
  • Root cause and a corrective and preventative actions for each observation, including dates.
  • A method of verification and/or monitoring for all future corrections and a commitment to a follow-up response.
  • Evidence for corrections that have already been completed.

Conclusion

Enforcement actions by the FDA with respect to regulatory compliance violations can result in serious financial consequences for an organization due to facility shutdown, product recalls, import and/or distribution bans, delayed or denied drug approvals, substantial remediation costs, and loss of customers due to a damaged reputation. These actions also divert worker attention away from their daily activities towards corrective and preventive actions, which can result in significant expenditures of time and money. Additionally, manufacturers who are found in violation of regulations may lose the trust of the FDA and face more frequent and in-depth inspections. Several companies that have been cited for compliance deficiencies by the FDA over the last decade are in fact no longer in business due to the financial hardships that ensued.

One of the most important actions a company can take is to develop an effective compliance strategy to ensure the best possible outcome in the event of an FDA inspection. In this blog, we covered a variety of best practices that can help your company effectively prepare for and survive an FDA inspection. In addition to these recommendations, partnering with an experienced third party consultant who can provide a comprehensive compliance assessment can be very helpful. If you would like to discuss your overall compliance strategy, please don’t hesitate to contact us.

About Dale Curtis

Dale Curtis Dale Curtis Jr. is the President of Astrix Technology Group. For over 18 years, Mr. Curtis has built an impressive track record of leadership and success in delivering high quality technology and laboratory informatics solutions to scientific organizations involved in research, development, quality and manufacturing. He has a proven talent for helping these organizations deploy innovative solutions that provide a step change in business intelligence, turn data into knowledge, increase organizational and operational efficiency, improve quality and facilitate regulatory compliance.

A Selection of Current Customers