There is a common misconception in pharmaceutical quality about what “inspection readiness” means. Many organizations treat it as a preparation sprint, 60 to 90 days of activity before an anticipated inspection, cleaning up documentation, filling gaps in training records, refreshing SOPs.

This is a category error. A state of control is not something you create in 60 days. It is something you maintain continuously. If your program requires a sprint to reach an acceptable state, your program is not in a state of control, it is in a state of managed non-compliance with periodic cosmetic improvement.

The correct framing: inspection readiness means operating at a level that would survive a thorough, unannounced inspection on any given day.

How FDA Inspections Are Structured

Understanding how FDA conducts inspections helps you prepare realistically, rather than preparing for a version of inspections that doesn’t match the reality.

Types of Inspections

Pre-Approval Inspection (PAI): Triggered by an NDA, BLA, ANDA, or sNDA/sBLA submission. FDA inspects the manufacturing facility to verify that the processes and data supporting the application match what is described in the submission. PAIs are often more data-focused than routine GMP inspections, because the inspector is reviewing whether the data package in the application can be trusted.

Routine GMP Inspection (Biennial/Surveillance): Routine surveillance of manufacturing facilities, scheduled based on risk tier. Domestic facilities typically receive inspection every 2 years; foreign facilities on an adjusted schedule.

For-Cause Inspection: Triggered by a specific concern, a complaint, a suspicious adverse event pattern, an import alert review, or information from another agency. For-cause inspections typically involve more targeted investigation of the triggering concern.

Directed Inspection: Focused on a specific issue, often triggered by observations at a previous inspection that weren’t fully resolved.

The Inspection Timeline

Day 1, Opening meeting: FDA investigator(s) present credentials, describe the scope of the inspection, and begin requesting documents and records. The scope is often broader than the announced focus area.

During the inspection: Investigators tour the facility, interview personnel, review documents, and examine data in electronic systems. They may request access to instrument audit trails, LIMS records, training files, deviation logs, and batch records, often without advance notice of the specific records they want.

Closing meeting: At the end of the inspection, investigators present their observations verbally. If they intend to issue a Form 483, they present the observations at this meeting.

FDA Form 483: A written list of observations issued at the close of an inspection. The 483 is not a final determination, it is the inspector’s written findings, which the company has the opportunity to respond to. The 483 response is critical (covered in FDA Form 483 and Warning Letters).

Front Room and Back Room Operations

When an FDA inspection occurs, pharmaceutical companies typically organize into two operations.

Front Room

The front room is where the inspection happens, where FDA investigators are escorted, where they conduct interviews, where requested documents are provided. Front room operations require:

An inspection coordinator: One named person who serves as the primary point of contact with investigators. This person does not manage individual topics, they manage logistics, ensure investigators have what they requested in a timely manner, and keep the back room informed of what’s being requested.

A scribe: A person who is present in all interactions with investigators and keeps a detailed log, every question asked, every document requested, every verbal statement made. The scribe record becomes critical if there is later a dispute about what was said or what was observed.

SMEs (subject matter experts): The people who answer technical questions in their area of responsibility. SMEs should be coached to answer questions asked, not to volunteer additional information, and to say “I don’t know, let me find out” rather than speculating.

A document runner: Someone whose role is to retrieve requested documents from files, systems, and physical locations and bring them to the front room. This is not the same as providing raw system access, the runner ensures documents are retrieved in a controlled, logged manner.

Back Room

The back room coordinates support for the front room and manages the company’s posture during the inspection.

Document control: A system for tracking every document requested and provided to investigators, what was requested, what was provided, when, and who was involved. This log is essential both for managing the inspection in real time and for reconstructing the inspection history afterward.

Real-time review: As documents are provided to investigators, qualified staff in the back room review those same documents to identify any issues the company needs to be aware of. If an investigator is reviewing an audit trail that has a gap, the back room should know about that gap before the investigator raises it.

Escalation: A defined process for escalating issues to senior management when significant observations are emerging. Senior management should not be surprised by observations at the closing meeting.

Legal counsel presence: For significant inspections, having legal counsel available (even if not in the room) ensures that attorney-client privilege can be invoked where appropriate.

SME Preparation

Subject matter experts are the people who actually know the systems, processes, and data that investigators want to understand. Poorly prepared SMEs are one of the most common sources of inspection complications.

What good SME preparation looks like:

Know your systems. An SME should be able to describe every system in their area, what it does, how it is validated, what the audit trail captures, who has access, and when it was last periodically reviewed. They should not need to look this up when an investigator asks.

Know your procedures. The relevant SOPs should be familiar, not memorized, but understood. An SME who can fluently walk an investigator through how an OOS investigation is conducted in their lab is demonstrating control. An SME who needs to find and read the SOP during the inspection is not.

Answer the question asked. One of the most common inspection missteps is volunteering information beyond what was asked. If an investigator asks “how do you configure audit trails in this system?”, the correct answer describes audit trail configuration, not the two times you had an audit trail failure and what you did about it. The company’s position is not to hide problems, but to answer questions accurately without expanding their scope.

“I don’t know” is an acceptable answer. If an SME doesn’t know the answer to a question, the correct response is to say so and offer to find out. Speculating, guessing, or giving an answer you’re not confident in creates more risk than acknowledging the gap.

How FDA Assesses Data Integrity During an Inspection

Data integrity assessment is a specific skill that experienced FDA investigators bring to inspections. Understanding what they look for helps you ensure your program is actually prepared, not just documented.

Workstation-Level Assessment

Investigators go to instruments. They sit at workstations in your analytical laboratory and access instrument software directly. What they typically look at:

Audit trail configuration: Is the audit trail enabled? Does it capture field-level changes (previous value, new value, user, timestamp) or only event-level information (“record modified”)?

User account management: Are there shared accounts? Service accounts used for human login? Accounts for employees who are no longer at the site?

Sequence files and injection logs: The full sequence log of every injection run on the instrument, which may differ from what is in the batch record. Inspectors compare the instrument’s injection record against what was reported, gaps indicate unreported runs.

Deleted records: Some CDS platforms maintain a log of deleted records. Inspectors look for deleted injection sequences and ask for the justification.

Reprocessing history: Multiple processed versions of the same raw data, with different integration parameters. Investigators look for whether reprocessing was documented, whether the original and all versions are retained, and whether the pattern of reprocessing is directional (always toward passing results).

Cross-Reference Analysis

Inspectors cross-reference multiple independent data sources to identify inconsistencies:

  • Batch record timestamps vs. instrument audit trail timestamps
  • Electronic signature timestamps vs. building access records
  • Login records vs. claimed user activity
  • Environmental monitoring data vs. batch record dates for the same area
  • Computer clock times vs. NTP server records

An authentic record is internally consistent across all of these sources. A manipulated record almost always has inconsistencies across at least one cross-reference.

Interview-Based Assessment

Investigators ask analytical personnel about their procedures, often in ways that reveal whether they are following procedures as written or have informal workarounds. Common questions:

  • “Walk me through what you do when you get an OOS result.”
  • “What do you do if an injection fails system suitability?”
  • “Who has access to change integration parameters?”
  • “What happens if you realize you made an entry error in a batch record?”

The answers to these questions are compared against the written SOPs. Discrepancies between what analysts say they do and what the procedures say they should do are findings.

Maintaining Readiness Continuously

True inspection readiness has three components that must all be active:

Active monitoring. Audit trail review is not a response to an inspection, it is a defined periodic activity that is occurring on an ongoing basis. The DI risk register is not a document that was created for an inspection, it is a living risk management tool. OOS investigations are closed in a timely manner. Training records are current.

Documented state. The current state of every system, validation status, access control configuration, audit trail configuration, is documented and current. When an investigator asks “what is the validated state of this system?”, the answer is not a search through old records. It is a current document.

Known gaps. Perhaps the most important component of inspection readiness: knowing what the gaps are. An organization that has a data integrity finding can defend it far better if they identified it themselves in their DI risk assessment, are actively remediating it, and can show the inspector their documented remediation plan. An organization that is surprised by a finding is in a much worse position than one that acknowledges it and demonstrates management.

The Role of Mock Inspections

Mock inspections simulate an FDA inspection to test readiness under realistic conditions. A good mock inspection:

  • Is conducted by someone who was not involved in building the program (either an external consultant or a colleague from another site)
  • Follows the same structure as an actual inspection, tour, document requests, SME interviews, workstation review of instrument systems
  • Produces a written observation report
  • Is used to identify and remediate gaps before a real inspection

The most common mistake in mock inspections is treating them as a review of documentation rather than a test of systems and behavior. An investigator at a workstation asking an analyst to show them the last three OOS investigations in the CDS is not reviewing a binder. A mock inspection that does the same reveals whether the analyst can navigate the system, whether the records are there, and whether they match the batch records, in exactly the way a real inspector would assess it.