Best Practices For Medical Device Firms Preparing for and Responding to an FDA Audit

October 10, 2022

As a manufacturer of an FDA-registered Class II or Class III medical device, the FDA may conduct an inspection of your organization at any time. In other words, your company is subject to random, unscheduled inspections. Reasons for an inspection may include a routinely scheduled investigation, an accumulation of incident reports or consumer complaints, or frankly, anything that catches the FDA’s eye. FDA audits can be stressful, especially if the inspector comes to you with significant concerns. If the FDA identifies manufacturing concerns (known as “Observations”), it will typically issue a Form 483 notice (“Notice”) with multiple Observations. You have fifteen business days to respond, though it is possible to secure an extension. It is critical that you respond withing the fifteen day limit if you have not secured an extension.1

The goal is to come out of an FDA inspection with a clean bill of health. This note discusses best practices that can ease the stress of an inspection and help avoid the issuance of a 483Notice. If the investigation does result in a Notice, these practices can help avoid escalation to a Warning Letter.  Click HERE to see a 483 Notice and a Firm’s response to give context to this discussion.

Step One: Document Your Compliant Manufacturing Processes

FDA inspectors are looking to confirm (or challenge) that your manufacturing practices follow Good Manufacturing Practices (“GMP”). Generally speaking, your organization is likely following the GMP requirements that pertain to your product (or you would not have clients and satisfied customers). Although this goes without saying, creating a Quality Policy that establishes your firm’s quality principles, and Policies and Procedures (“Quality System Procedures” or “QPs”) documenting each critical step in your manufacturing process is essential to a successful inspection outcome.2

The QPs need to address each separate manufacturing process. They also must include a specific “Management Review Procedure” (“MRP”). Most FDA inspections begin with a review of your MRP, on the assumption that if your company’s designated manager is well-versed on the requirements of the manufacturing process, your company is more likely to have compliant processes. Given the importance of this first step, it is important to make sure that the designated manager is fully informed of both the organization’s QPs and the training and oversight activities that implement these procedures. You would be well-served to develop written procedures for management reviews, with a tool to document and record regular management reviews.3 Where you have developed QPs for each critical stage of the manufacturing process, and you take the next step to document training and compliance, your organization will be building a powerful record of compliant manufacturing. Your QPs should be clearly stated, easily accessible and most importantly, strictly followed by your employees/contractors.

Step Two: Create And Utilize Formal Inspection Logs

Inspection logs should record data regarding periodic internal inspections, including but not limited to: inspection date, process performed, observations, intended result, corrective actions, if any, and follow up.

Additionally, where a prior FDA audit has resulted in observations that require corrective action, note the observed deficiency, the timing and process for correction, and the date of any internal audit/analysis demonstrating that the deficiency has been corrected.

Step Three: Track and Report Adverse Events

The Medical Device Reporting (MDR) regulation contains mandatory requirements for device manufacturers, among others, to report certain device-related adverse events and product problems to the FDA. Manufacturers are required to report to the FDA when they learn that any of their devices may have caused or contributed to a death or serious injury. Manufacturers must also report to the FDA when they become aware that their device has malfunctioned and would be likely to cause or contribute to a death or serious injury if the malfunction were to recur. Of course, you should keep detailed logs of any MDR reports, and corrective action taken, if required or advisable. 4

Step Four: Training

Not surprisingly, the best QPs in the world will not insulate you from the dreaded Observations if you have not trained your managers and line employees to follow your policies and procedures. Training logs become very useful tools to ensure that your managers prioritize training, making sure that training is a critical part of employee service and retention.

Step Five:       Perform Routine Internal Quality Inspections and Correct Deficiencies

To ensure that your firm’s QPs are being followed, and that your employee training is successful, we recommend performing internal quality inspection audits. The FDA publishes a guidebook used by its auditors when conducting quality system audits. While this guide has more detail that you need for a self-audit, it is helpful to understand what the FDA would look at in an official audit.5 Obviously, you should correct any deficiencies uncovered by this audit, documenting both your corrective actions and any enhanced training protocols that you adopt.

Step Six:         Crafting a Successful Response Letter

If, despite your best efforts, you receive a 483 Notice, you should respond to the Observations with sufficient detail to set your company on a path to receiving a Clearance Letter. Generally speaking, securing a Clearance Letter can take anywhere from a few months to 18 months.

The process for obtaining FDA clearance for a 483 Notice is straightforward. You need to submit a substantial response to each Observation. Recipients often argue that the statutory basis for a cited Observation does not apply to the company’s manufacturing processes. After discussion with the FDA, if it persists in asserting that a manufacturing process is not statutorily compliant, it is best to set aside your objections and respond with a compliant process.

If the Observations identify areas where your processes are not fully consistent with statutory requirements (or your QPs), but you believe that the differences are inconsequential, then you should draft responses that demonstrate functional or substantial compliance with your P&Ps or QPs. In this situation, you should develop a response to each Observation that explains why your organization has, in fact, met each of the statutory objectives of the Observation (if not the specific details of the Observation). This approach allows you to acknowledge and respect the inspector’s concerns (which is critical to successful resolution of a 483 Notice) without conceding deficient practices where none exist. And, finally, where an Observation demonstrates material non-compliance, you need to propose modifications to your processes to comply with the statutory requirements. If the FDA is not satisfied with your responses to the 483 Notice (and any subsequent communications) it will issue a Warning Letter. A Warning Letter is the FDA’s notice that your firm has significantly violated applicable law. It requires a more substantial response.6

Additionally, where the Observations identify an area of appropriate improvement, we recommend proposing a specific, limited Corrective and Preventive Action (CAPA), with embedded policy and procedure updates and a specified mechanism for implementing these changes.7 These mechanisms typically include employee (contractor) training and tools to record training, compliance, and effectuation of required changes. It is important to note that, if an Observation identifies a manufacturing or reworking deficiency that exposes the public to safety or efficacy concerns regarding your products (either in circulation or available for purchase) you need to consider how to approach mitigating that risk to avoid a recall.



Elizabeth Mann, Founder
Mann Legal Team, Inc.
(310) 726-1800
1145 Artesia Blvd. | Suite 203
Manhattan Beach, CA 90266





1 74 FR 40211.

2 The documents must meet the requirements of the FDA’s Quality System Regulations, 21 CFR part 820. Although not required, it is a good idea to post your firm’s Quality Policy at various locations in your manufacturing facility(s) for employee review.

3 You are required to document the dates, results and personnel participating in management reviews. Additionally, the FDA inspectors like to see Org Charts listing the management personnel with responsibility for management review activities.

4 21 CFR part 803.

5 See the guidebook available at:

6 The FDA Office of Compliance decides whether a registered company’s response to a 483 Notice resolves the concerns or justifies the issuance of a Warning Letter.

7 Where a CAPA is required, you need to describe the issue the FDA identified, what corrections you adopted (policies and practices), and what preventative actions you will take to ensure that this problem does not reoccur. Finally, you need to evaluate the effectiveness of the CAPA, documenting successful implementation.