Since we rolled out AICA at the beginning of March, we’ve published a full launch explainer walking through the platform, the technology, the partnership, and the security architecture. Then we followed up with an FAQ tackling the questions we’d been hearing from quality leaders, IT teams, and compliance professionals. (If you haven’t read those yet, start there. They’re the foundation.)

Today, we’re shifting gears. Instead of explaining what AICA is, we want to talk about what it does in practice.

Since launch, the conversations we’ve been having with quality and regulatory affairs teams have clustered around three core use cases that map directly to the work these teams are already responsible for, just done better by (responsibly and safely) leveraging AI.

Let’s walk through each one.

1. Internal audits that cover your QMS

This is the use case most teams gravitate toward first and most frequently. Internal audits are a regulatory requirement, they consume significant time and resources, and the coverage you get from a traditional sampling approach is, frankly, limited much of the time.

To quickly reiterate the tension most quality leaders live with that we’re trying to address:

• Your internal audit schedule says you’ll audit a given area once or twice a year.

• When that audit happens, your auditor pulls a sample of QMS documentation, reviews it against the applicable regulations, writes up findings, and both parties move on until the next audit.

• The rest of the documentation doesn’t get touched until next cycle or an actual investigator comes in.

Teams know they’re not touching areas where gaps could be. You just can’t get to all of them with the time and people you have.

AICA can change the math here. Instead of sampling, you upload all of your documentation for a given area and run the analysis against the regulations that apply. Every document gets reviewed. Every applicable requirement gets checked, and you get results in hours.

This doesn’t replace your internal audit. It precedes it to make it more efficient.

Think of AICA as the documentary review phase of your internal audit, run at machine speed. Once you have AICA’s output, your auditors can focus their time on the things AI can’t do: interviewing personnel, observing processes, verifying that what’s documented is actually what’s happening on the floor, and applying the kind of situational judgment that only comes from experience.

The practical workflow here looks like this:

1. Before your scheduled internal audit of a given area, run that area’s QMS documentation through AICA.

2. Review the observations with your quality team. Include, edit, or reject findings based on your institutional knowledge.

3. Then hand the validated output to your auditor as a starting point. They walk into the audit with a complete documentary baseline already in hand, so they can spend their time on implementation verification rather than reading SOPs.

One more thing worth noting: because AICA can run the same analysis any time you want, you’re no longer limited to your audit schedule to get documents reviewed against regulations. If you update a batch of procedures after a CAPA, you can run a quick check to confirm the new documentation is compliant before your next scheduled audit. “Proactive compliance monitoring” finally means something in a workflow like this.

2. Supplier audits with less overhead and better coverage

Having supported thousands of firms, we know supplier management is one of the most resource-intensive parts of a quality program (especially for companies with complex supply chains).

You need to qualify suppliers, audit them on a regular schedule, follow up on corrective actions, and maintain documentation for all of it.

The challenge with supplier audits is similar to internal audits: limited time, limited coverage, but with an added layer of complexity much of the time: you’re dealing with someone else’s documentation, someone else’s quality system, and often someone else’s timeline.

AICA applies here straightforwardly: When a supplier provides their QMS documentation for review (which they do as part of qualification or ongoing monitoring), you upload it into AICA and run it against the regulations that apply to what they’re supplying.

You get a comprehensive gap analysis of their documentation (not a sample, all of it) with specific regulatory references for every finding.

This is useful in a few scenarios:

• During initial supplier qualification, it gives you a thorough documentary assessment before you commit to an on-site audit or a long-term relationship.

• During routine supplier monitoring, it lets you verify that suppliers’ documentation remains compliant without dispatching an auditor every time. And when you’re following up on supplier corrective actions (SCARs), you can re-run the relevant documentation to confirm the gaps have actually been addressed.

• For desktop audits in particular, where you’re reviewing documentation without going on-site, AICA effectively does the heavy lifting. Your auditor reviews AICA’s observations, applies their judgment, and generates the report. What used to take days of manual document review can be compressed into a fraction of that time.

The result is that you can audit more suppliers, more thoroughly, with the same resources you have today. Or you can maintain your current supplier audit coverage and redirect the time savings toward the audits that genuinely require on-site presence and interviews.

3. Inspection readiness that isn't a fire drill

This is the use case that tends to resonate most with leadership: the VPs and directors who are ultimately accountable when an FDA investigator shows up.

Inspection readiness (in practice) usually looks like this at many drug firms: you get a notification (or you hear through the grapevine) that an inspection might be coming. A scramble begins. Your team pulls documentation, reviews it against the regulations you think the investigator will focus on, identifies gaps, tries to fix the most critical ones, and hopes the rest holds up.

It’s stressful, it’s reactive, and the coverage is almost always incomplete because there simply isn’t time to review everything.

AICA gives you a different way to approach this. Instead of waiting for the pressure of a potential inspection to trigger a review, you can run your QMS documentation against the relevant regulations proactively as often as you want.

• Preparing for an inspection focused on electronic records? Run your documentation against 21 CFR Part 11.

• Expecting scrutiny on your manufacturing controls? Run against Part 211.

• Want a full baseline across everything? Upload your entire QMS and audit against all applicable regulations at once.

The output gives you a clear picture of where your documentation stands relative to what regulators require. You see the gaps, the specific regulatory clauses involved, and recommendations for remediation, all prioritized so you know where to direct your team’s attention first.

What makes this genuinely different from a traditional pre-inspection review is completeness. When an investigator arrives, they’re not sampling your QMS the way an internal auditor might. They follow the threads that interest them, wherever those threads lead. The more of your documentation you’ve already reviewed and remediated, the fewer surprises you’ll encounter.

There’s also a subtler benefit here: When you can show an investigator that you’re conducting systematic, comprehensive QMS assessments as part of your ongoing compliance program (not just scrambling before inspections) it demonstrates a maturity of approach that regulators genuinely appreciate.

AICA’s reports are designed with this in mind. Every finding includes the specific regulatory clause, the non-conforming document, a clear explanation of the gap, and corrective action recommendations.

Whether you share those reports directly with investigators or use them to generate your own internal audit reports in your standard format, the underlying rigor is there.

A note on what AICA doesn’t do

We want to be clear about the boundaries with AICA, because we think honesty about limitations is just as important as enthusiasm about capabilities, especially in a regulated environment.

AICA reviews QMS documentation (your policies, procedures, and work instructions. It identifies gaps between what those documents say and what regulations require. That’s a critical piece of the compliance puzzle, but it’s not the whole picture.

AICA doesn’t verify that your team is actually following the procedures you’ve documented. It doesn’t review quality records like batch records or test results. It doesn’t conduct personnel interviews or training verifications. And it doesn’t perform physical facility observations.

These are things that require qualified auditors, on the ground, applying their professional judgment. AICA is built to augment that work, not replace it. It handles the document-intensive, time-consuming review layer so your auditors and quality professionals can focus their expertise on the areas where human judgment is irreplaceable.

We think that’s the right design for a regulated industry at the moment given where AI is now. You need the AI to extend your coverage. You need the human to validate and act on what it finds. AICA is built around both.

What’s next in this series

Over the coming weeks, we’ll continue going deeper on specific aspects of AICA:

• The benchmarking data behind AICA: A closer look at our internal study — how we tested auditor consistency, what the overlap numbers actually mean, and what they tell us about the state of traditional auditing.

• Security and IT deep dive: A detailed walkthrough of AICA’s security architecture for the IT and procurement teams who need to evaluate it.

• The regulatory landscape for AI in compliance: Where AI tools fit in a GxP environment, how to think about validation, and what regulators are actually saying about AI-assisted auditing.

Have questions or want to get a demo?

If you've been following this series and want to see the platform for yourself, request a demo at aica.thefdagroup.com. We’re currently in conversation with a number of firms with onboarding starting soon. Talk to us!

What is AICA?

AICA (the Audit Intelligence Compliance Assistant) is an AI-powered compliance auditing platform purpose-built for pharmaceutical and biologic companies.

Developed by The FDA Group in partnership with EPAM Systems, AICA is trained by 15+ FDA and ISO regulatory experts on real-world pharma QMS documentation. Upload your documents, select which regulations to audit against, and get a comprehensive gap analysis of your entire QMS in hours, not days or weeks. Every finding goes through human review before the final report.

See it in action:

AICA currently supports 21 CFR Parts 11, 211, and 600, with additional regulations in active development.

Learn more, read our FAQs, or request a demo at aica.thefdagroup.com.

Share The FDA Group's Insider Newsletter