The Zen of Anytime Audit Readiness

You know an FDA audit can happen at any time, but would you really be prepared if it happened today?

May 26, 2017

4 Min Read
The Zen of Anytime Audit Readiness

You know an FDA audit can happen at any time, but would you really be prepared if it happened today?

Isabelle Noblanc

FDA in December posted the most recent list of inspection observations issued during the agency's 2016 fiscal year, which ran from October 1, 2015, to September 30, 2016. FDA issues Form 483 inspectional observations or warning letters following an inspection to let the company know that its quality practices are not in compliance with regulatory standards.

The agency is increasing both the number and intensity of its inspections using a risk-based approach and many organizations are feeling the heat. Companies in the medical device space are second only to those in the "foods" category. With 934 citations given, "devices" organizations received more 483 warning letters than organizations producing drugs, bioresearch monitoring, biologics, veterinary medicine, and others.

The top five 483 warnings for devices are as follows:

  • Procedures for corrective and preventive action have not been [adequately] established. 

  • Procedures for receiving, reviewing, and evaluating complaints by a formally designated unit have not been [adequately] established. 

  • Written medical device reporting procedures have not been [developed] [maintained] [implemented].  

  • Procedures have not been [adequately] established to control product that does not conform to specified requirements.   

  • Procedures to ensure that all purchased or otherwise received product and services conform to specified requirements have not been [adequately] established. 

The pattern is clear. The vast majority of issues are centered on procedures. Warning letters follow when companies are working under no established procedures that comply with the FDA regulations in one or more areas; the procedures they have conform to FDA standards, but are not followed; or the company's procedures conform to FDA regulations and they are followed, but they are not documented in a way to effectively prove that they are within compliance.

One of the key lessons to be learned from 483s and warning letters is to be prepared for the ever-present reality that an audit by FDA can happen any time. Companies are often faced with two options. First, when notified of an audit, they can scramble to get ready or, second, build an organization that functions in a state of anytime audit readiness.

This zen-like state is not only possible; it is also practical, but it does require some forethought, planning, and continuous monitoring and upkeep. Audits shouldn't be a one-and-done event. The purpose is not to work hard to pass, then go back to the way it was before. Being always ready for an audit is a proactive stance; it should not simply focus on addressing regulatory scrutiny for the sake of complying with regulation, but rather should enable the organization to always function so that it is following proper procedures as a force of habit. When this happens, audits and inspections become a non-issue.

The following are some of the actions that can be taken to achieve anytime readiness:

Readiness Assessment Exercises

Readiness assessment exercises can be similar to the more familiar "mock audit" but are more comprehensive, taking each employee's actions and responsibilities during the exercise into account. This way, the person or team conducting the readiness assessment can capture opportunities to correct processes and fix the "root causes" that cause observations. During a readiness assessment, reviews of critical and high-risk areas should be conducted. These include the following:

  • Management control 

  • Corrective and preventive action (CAPA) 

  • Design controls 

  • Production and process controls 

  • Material control 

  • Document/record/change control 

  • Facility and equipment control

Supplier Audits

A successful supplier management program requires companies to establish detailed procedures related to the qualification of suppliers and, in some cases, supplier quality agreements. Using a risk-based approach, companies set up an auditing cycle for their qualified suppliers. The frequency or depth of audit can be commensurate with the risk posed by that supplier or the materials it provides.

Training, Training, and More Training

Helping staff learn not only how to function appropriately in their own jobs and responsibilities, but also on how to prepare for an FDA audit cannot be understated. They should be trained to understand the FDA inspection process, with emphasis on how to interface with FDA investigators. This will help minimize risk by examining the key areas of FDA focus and most common audit findings.

When there is a breakdown in process, people, and technologies, it can often result in an observation. Looking at these elements in a holistic way will help to eliminate process redundancies, ensure control at each work stream, reduce operating costs, and ensure anytime readiness.

Isabelle Noblanc is the vice president and general manager of UL Compliance to Performance. For more information, visit

[Image courtesy of TANTE TATI/PIXABAY.COM]

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like