A Successful FDA cGMP Inspection: The Six Steps of a Pre-Inspection Audit

Successfully passing an FDA Current Good Manufacturing Practice (cGMP) inspection is one part compliance with legal requirements and one part management of the inspection process itself. Many labs with sound systems and processes still have issues with appropriately handling the inspection or even presenting a professional, organized appearance when FDA inspectors show up at their facility. Though uncertainty and disorganization aren’t part of the audit, they can often extend the process by increasing the level of scrutiny inspectors feel is needed. Conversely, looking organized, confident, and in control can allay potential concerns, speed the process, and improve the ultimate outcome.

Performing your own audit to verify compliance and identify problems that might lead to citations or 483 warning letters is one route to achieving a successful FDA audit. Pre-inspection compliance auditing is also a critical quality control measure because it enables you to systematically uncover and initiate Corrective and Preventive Action (CAPA) to redress risk areas in your current systems.¹ Here’s a six-step game plan for carrying out a pre-inspection audit that focuses on compliance with FDA cGMP requirements.

1. Use FDA Guidance to Anticipate Risk Areas

Looking at FDA guidance and inspection policies gives you a sense of current inspection priorities and what inspectors are likely to look for. One of the best sources of guidance is the Investigations Operations Manual (IOM) posted on the FDA’s website, which instructs field staff on how to perform facility inspections and where to focus their attention, including to verify cGMP compliance. Some other steps labs may want to follow:²

• Review the FDA Guide to Inspections of Quality Systems, which explains the techniques inspectors use to assess device and drug makers’ compliance with quality requirements.³
• Be on the lookout for new FDA laws and regulations, which are almost always a high priority for inspectors.
• Watch out for new FDA guidance, announcements, and memoranda in which the agency announces its strategic and enforcement priorities.
• Monitor recent warning letters to keep track of what’s causing issues for other facilities during FDA inspections.

2. Use Your Lab Quality Data to Map Out Red Flags

In addition to staying on top of current FDA inspection activity, anticipate what inspectors are likely to look for when they come to your facility. Though the exact focus will depend on the nature of your products, operations, and facilities, the starting point for effective cGMP compliance pre-auditing is to use quality data to identify your own particular risk areas. Red flags to look out for include:

• adverse events
• product recalls
• spikes in customer complaints
• previous violations for which you’ve received a 483
• major operational changes implemented since your previous inspection
• problem areas or inspector concerns in previous inspections

3. Address Each Risk Area Identified

The risk areas you identify during the pre-inspection audit are likely the same issues FDA inspectors will want to dig into during the inspection. To head off potential regulatory trouble, you must look at each of these problems objectively the way an FDA inspector would. Your first step: assign a subject matter expert to each risk area. The one thing you can’t do is simply ignore the problem (for example, because you think FDA inspectors “will never find it”). If you found it, it’s a pretty good bet that trained government inspectors will, too.

4. Determine Appropriate Corrective Actions

Decide what to do about the problems you identify during the audit. Addressing the problem doesn’t necessarily mean implementing a full-blown CAPA plan. After considering the problem, you might determine that it requires only modest corrections or no corrective action at all. That’s fine as long as you can justify your decision and document the process you used to reach it.

5. Document Your Audit

Speaking of documentation, it’s crucial to document each step of your pre-audit. The objective is to create a paper trail you can use to prove to FDA investigators that you proactively monitor and correct your quality systems. As the lawyers say, “if it isn’t documented, it never happened.” Keep in mind that the empty CAPA—opening a CAPA file for a problem, but never filling it with anything—is the cGMP equivalent of a smoking gun. Maybe the file is empty because you never actually did anything to correct the problem—or maybe you acted but didn’t document it. Either way, that empty CAPA file won’t look good to the inspector.

6. Monitor Corrective Actions

Be sure to monitor your corrective actions (or lack thereof) to determine their effectiveness and, if they’re not effective, what adjustments are needed. Those adjustments also need to be monitored. In essence, the pre-inspection audit and corrective process follow the four-step Plan-Do-Check-Act (PDCA) cycle, a method for continuous improvement.

The PDCA Continuous Improvement Cycle

Shield Internal Pre-Audit Findings from Disclosure

One concern labs may have around conducting internal pre-inspection audits is that FDA inspectors will use your findings against you. The good news is that FDA inspectors generally don’t ask for internal audit reports because they don’t want to discourage companies from engaging in self-audits. They will, however, want to see proof that you audited your quality systems for compliance. You can provide this proof by keeping an internal audit log or certification indicating when the audit was performed and what it covered without going into detail about its findings.

References:

1. https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/inspection-guides/corrective-and-preventive-actions-capa
2. https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/inspection-references/investigations-operations-manual
3. https://www.fda.gov/files/Guide-to-Inspections-of-Quality-Systems.pdf
4. https://asq.org/quality-resources/pdca-cycle
5. https://www.lucidchart.com/blog/plan-do-check-act-cycle