Audit and FDA Inspection Readiness Best Practices with Divya Gowdar

A few practical tips for strengthening your compliance assurance program.

In the most recent episode of our podcast, The Life Science Rundown, The FDA Group's Nick Capman sat down with Divya Gowdar, Founder and CEO of NubGenix, to discuss the pitfalls and lessons learned on the frontlines of audit and inspection readiness throughout the FDA-regulated industries.

Apple | Spotify | YouTube | Web + Others

The FDA Group's Insider Newsletter is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.

Key takeaways, at a glance

In case your time is short, here are Divya’s main points and practical takeaways, focusing on recommendations for firms in the areas discussed:

  • Quick Access to Key Documents: Ensure critical documents like quality manuals and SOPs are retrievable within minutes, highlighting the efficiency of your document management system.

  • Post-Merger QMS Integration: Address challenges in integrating disparate QMSs post-merger or acquisition, focusing on unifying SOPs and clarifying SME roles to avoid audit preparation confusion.

  • Inspection Readiness Playbook: Develop a playbook that details procedures for FDA audits, including designated contacts for auditors, setup of front and back rooms, SME identification and preparation, and a master list of essential documents. Regularly update and rehearse this playbook through mock inspections to fill in any preparedness gaps.

  • SME Preparedness: Prioritize the training and preparation of Subject Matter Experts, ensuring they're ready to confidently interact with auditors and know where to find necessary documentation swiftly.

  • Addressing Common QMS Gaps: Pay special attention to areas like design controls, risk management, and supplier management, where gaps are commonly found. Establish robust processes for continuous evaluation and improvement in these areas.

  • Supplier Qualification and Monitoring: Distinguish between R&D and commercial suppliers, implementing early and thorough qualification processes. Develop a risk-based supplier monitoring program to ensure ongoing compliance and quality.

  • PDCA Cycle for Continuous Improvement: Adopt the Plan-Do-Check-Act cycle to manage QMS elements and maintain inspection readiness. This approach promotes a culture of continuous improvement and helps ensure robustness and effectiveness in your quality management practices.

Divya is a performance-driven and hands-on Quality leader and professional with extensive experience in the medical device and combination product industry. She has contributed significantly to the quality management system, product development lifecycle, risk management, quality compliance, quality management review, inspection management, training, change controls, supplier management, complaint management, and technical operations.

Below, we’ve written a more detailed summary of the points Divya covers.

Inspection readiness and audit execution

Divya dives into the critical importance of establishing a robust inspection readiness program, especially for organizations facing challenges in promptly accessing essential documents. The inability to quickly retrieve key documents such as quality manuals or SOPs is a red flag, indicating deeper systemic issues within the organization's document management system and overall inspection preparedness. This problem is not merely logistical but reflective of the organization's capability to efficiently comply with regulatory requirements.

Divya reveals that the time it takes to access these documents—specifically if it extends beyond 20-30 minutes—clearly indicates that an organization's readiness for inspection is compromised. Such delays not only hinder the audit process but also suggest a lack of organization and preparedness that could negatively impact regulatory auditors' perception of the company's QMS.

Divya also touches on the compounded complexities that arise post-merger or acquisition. When companies merge, the task of integrating disparate QMSs can introduce significant challenges, notably confusion over SOP adherence and the identification of SMEs. This confusion can significantly hamper an organization's readiness for an audit or inspection, as uncertainties regarding which procedures to follow or which SMEs to consult can lead to inefficiencies and potential non-compliance during regulatory evaluations.

To address these issues, Divya suggests actionable steps that organizations can take to enhance their inspection readiness:

  1. Document Management System Optimization: Organizations should evaluate and possibly revamp their document management systems to ensure that critical documents can be accessed swiftly and efficiently. This may involve adopting new technologies or revising current document organization strategies.

  2. Preparation of Subject Matter Experts (SMEs): Establish clear protocols for identifying and preparing SMEs who can effectively communicate with auditors about the company's QMS and specific procedures. This preparation includes training sessions that familiarize SMEs with potential questions auditors might ask and ensuring they know where documents can be found.

  3. Integration of QMS Post-Merger: For organizations undergoing mergers or acquisitions, a systematic approach to integrating QMSs is essential. This involves conducting a thorough review of both systems to identify the best practices from each and develop a unified set of SOPs that comply with regulatory standards. It also means clear communication and training for all employees on the integrated system to minimize confusion.

  4. Mock Inspections: Conduct mock inspections to simulate the audit process. This practice helps identify any gaps in document accessibility or SME preparedness and provides a realistic scenario for testing the effectiveness of the integrated QMS and the document management system.

Creating an inspection playbook

Divya articulates a strategic approach to overcoming the challenges highlighted in the audit and inspection preparation process. She recommends firms develop an "inspection readiness playbook" — a comprehensive, structured document that outlines the procedural and logistical steps an organization should follow to ensure preparedness for FDA inspections or audits. This playbook serves as a blueprint for organizations to navigate the complexities of regulatory compliance with confidence and efficiency.

Here are her suggested components for such a playbook:

  1. Designated Greeting Protocol for Auditors: The playbook specifies who is responsible for welcoming FDA auditors within the organization. This ensures a structured and professional start to the inspection, setting a positive tone for the auditors' visit.

  2. Front and Back Room Setup: Detailed guidelines on setting up the front and back rooms are provided. The front room is designated for interactions with the auditors, including document reviews and discussions, whereas the back room serves as a support area for the internal team to gather necessary documentation and prepare responses in real time.

  3. Identification and Preparation of SMEs: A crucial aspect of the playbook involves identifying SMEs across various domains within the organization and preparing them for potential interactions with the auditors. This includes training sessions and mock interviews to ensure SMEs are confident and can accurately address auditors' inquiries.

  4. Master List of Documents: Maintaining an up-to-date master list of essential documents required during the inspection is emphasized. This list ensures that all necessary documentation is easily accessible, facilitating a smooth and efficient audit process.

Divya strongly advocates firms conduct mock inspections as an integral part of the playbook strategy. These simulations are designed to mirror the actual inspection process closely, enabling organizations to test their readiness and identify any gaps or areas that need improvement.

Mock inspections provide a practical, hands-on opportunity to evaluate the effectiveness of the playbook, allowing for adjustments and enhancements to be made before facing a real audit.

At The FDA Group, we've helped hundreds of FDA-regulated firms of all sizes rapidly access the industry's best auditors to plan and conduct mock FDA inspections. We provide a timely, comprehensive, and enlightening audit experience that alleviates inspection stress and reveals every opportunity for improvement.

If remediation is necessary and expert outside assistance is desired, we can continue providing that support as needed. Teams work with us to manage their inspection readiness when they’re ready for a higher level of professionalism and the peace of mind that comes with an auditing partner whose commitment to quality and integrity reflects their own.

Learn more about our mock FDA inspection services and contact us to start the conversations.

Here are Divya’s suggestions for firms:

  • Developing the Playbook: Collaboratively develop an inspection readiness playbook involving key stakeholders from various departments to ensure comprehensive coverage of all aspects of the inspection process.

  • Regular Review and Update: Regularly review and update it to reflect any changes in regulatory requirements, organizational processes, or lessons learned from past inspections and mock audits.

  • Training and Familiarization: Ensure all relevant personnel, especially SMEs, are thoroughly trained on the playbook and understand their roles and responsibilities during an inspection.

Common QMS gaps to be aware of

Divya sheds light on some of the most prevalent issues she sees many organizations encounter within their QMS. These gaps, often overlooked, are crucial areas that require attention and action:

  1. Inadequate Design Controls: Divya highlights that one of the most significant gaps lies in the area of design controls. Organizations frequently fall short in establishing robust design control processes that comprehensively document a product's design and development stages.

  2. Insufficient Risk Management: Another critical gap identified is in the risk management domain. Organizations may not effectively analyze, evaluate, control, and monitor risks associated with their products. This shortfall in conducting thorough risk assessments and integrating risk management throughout the product lifecycle can result in overlooking potential hazards or failing to implement necessary mitigations.

  3. Challenges in Supplier Management: Divya points out that supplier management is another common area of deficiency. Many organizations struggle with establishing and maintaining ongoing quality audits and qualification programs for their suppliers.

To address these common gaps, Divya has some advice:

  1. Firms should re-evaluate and enhance their design control processes to ensure all design inputs, outputs, verifications, validations, and changes are adequately documented and traceable. We always suggest conducting an audit of your current design control process to identify specific areas of weakness, such as inadequate documentation, poor traceability, or insufficient verification and validation activities. Use this audit as a baseline to develop a targeted action plan. Hold regular design review meetings that involve cross-functional teams to evaluate the design process's adequacy, effectiveness, and regulatory compliance.

  2. Integrate risk management effectively across all stages of the product lifecycle. This includes conducting detailed risk assessments during the design phase, implementing risk control measures, and continuously monitoring the effectiveness of these controls post-market. We recommend reviewing your existing risk management framework to assess its integration across the product lifecycle, from concept through post-market surveillance. This review should identify any gaps in risk identification, assessment, control, and communication processes. Develop a standardized risk management process that includes using risk management tools (e.g., FMEA, risk matrices) and ensures that risk management is an ongoing process. Incorporate risk management training for relevant staff to ensure a thorough understanding of risk principles and the importance of proactive risk mitigation strategies.

  3. Improving Supplier Management: To address the gaps in supplier management, Divya encourages teams to develop a more structured and rigorous approach to supplier qualification and monitoring. This involves conducting regular audits of suppliers, establishing clear quality agreements, and implementing a risk-based approach to monitor supplier performance continuously. We always suggest performing a detailed evaluation of your current supplier qualification and monitoring processes. Identify key suppliers and assess the risk they pose to your product's quality and compliance based on their historical performance and the criticality of the materials or services they provide. Then, create a tiered supplier management system that categorizes suppliers based on the risk they present. For high-risk suppliers, develop a rigorous qualification program that includes on-site audits, quality agreement negotiations, and regular performance evaluations. For lower-risk suppliers, establish a monitoring plan that may include less frequent audits but relies on performance metrics and quality data analysis to ensure ongoing compliance.

Advice for audit and inspection readiness

Divya advocates for using the "Plan, Do, Check, Act" (PDCA) methodology. The PDCA cycle, a foundational element in quality management, encourages organizations to adopt a systematic approach to continuous improvement. Divya’s advice underscores the importance of this methodology in enhancing audit and inspection readiness.

Here’s an expanded summary with detailed actionable steps based on Divya’s advice:

Plan: Establish Objectives and KPIs

Begin by conducting a comprehensive analysis of your current QMS to identify areas that require improvement, focusing on those that have a direct impact on compliance and product quality. Objectives might include reducing documentation retrieval times, increasing SME audit preparedness, or improving supplier compliance rates.

For each objective, define specific, measurable KPIs that will enable you to track progress effectively. For example, KPIs could include the percentage reduction in time to retrieve critical documents, the number of SMEs fully trained and prepared for audits within a specified timeframe, or the percentage of suppliers meeting compliance criteria.

Do: Execute PDCA-based Improvement Projects

With objectives and KPIs established, move to detailed planning and execution of targeted improvement projects. Each project should have a clear scope, assigned responsibilities, and realistic timelines. For example, a project might involve implementing a new digital document management system, developing a comprehensive SME training program, or revamping the supplier evaluation process.

Assign specific tasks to team members, ensuring a clear understanding of responsibilities. Utilize project management tools to track progress against timelines and adjust as necessary to keep the project on track.

Check: Monitor and Evaluate Project Outcomes

Regularly collect data on defined KPIs to monitor the progress of improvement projects. This could involve setting up dashboards or regular reporting mechanisms that provide visibility into the status of each KPI.

Organize scheduled review meetings with project teams to discuss the progress, challenges, and preliminary outcomes based on KPI data. These meetings are crucial for maintaining momentum, addressing obstacles, and making data-driven decisions on project adjustments.

Act: Implement Adjustments and Scale Successful Practices

Based on the insights gained from the check phase, identify areas where projects need refinement or redirection. Implement necessary adjustments to processes, training, or tools to better meet the objectives. For example, if KPI data shows that document retrieval times have not improved as expected, investigate the underlying causes and refine the document management system accordingly.

Identify practices that have successfully met or exceeded KPI targets and consider how these can be scaled or replicated across other areas of the QMS. For instance, if a new training approach has significantly improved SME preparedness, explore how this training model can be applied to other areas requiring improvement.

Finally, incorporate the learnings and successes from the Act phase back into the next Plan phase, creating a continuous improvement loop. This iterative process ensures that the organization's QMS remains dynamic, responsive, and aligned with both internal quality goals and external regulatory requirements.

Ten key questions

Here are ten questions to gauge your needs and effectiveness in enhancing their QMS, preparing for audits, and addressing common gaps. Talk to us if you don’t know or aren’t satisfied with your answers to any of these questions.

  1. How long does it currently take to retrieve critical documents (e.g., quality manuals, SOPs) during an audit scenario, and what steps can be taken to reduce this time to under 5 minutes?

  2. After a merger or acquisition, are there clear guidelines on which SOPs to follow, and is there a documented plan for integrating disparate QMSs to avoid confusion among staff and during audits?

  3. Does your organization have an inspection readiness playbook that details specific actions for pre-audit preparation, including roles and responsibilities of team members, and how frequently is this playbook updated and practiced through mock inspections?

  4. Are SMEs identified for all critical areas of the QMS, and what is the current process for their preparation? How often are they trained or briefed on potential audit questions and document locations?

  5. How comprehensive are the current design control processes, and do they adequately document all design inputs, outputs, verifications, validations, and changes? When was the last audit conducted on these processes?

  6. Is risk management effectively integrated throughout the product lifecycle, from design to post-market surveillance, and how are risks identified, assessed, controlled, and monitored?

  7. How are suppliers categorized based on risk, and what mechanisms are in place for regular audits and performance evaluations? When was the last review of high-risk suppliers conducted?

  8. How is the PDCA cycle applied to continuous improvement initiatives within the QMS, and can specific examples of successful outcomes from this approach be identified?

  9. What KPIs are currently used to measure the effectiveness of QMS improvements, and how are these KPIs tracked and reviewed?

  10. How is a culture of continuous improvement fostered within the organization, and what mechanisms are in place to encourage feedback and suggestions from all levels of staff?

Our auditors are industry experts and former FDA consultants

At The FDA Group, we pride ourselves on our deep bench of auditors, many of whom are former FDA professionals. Their intimate knowledge of the FDA inspection process and regulations provides invaluable insights and mimics the style of actual FDA investigators.

Our consultants simulate an actual FDA inspection at your site or facility, conducting a sort of inspection pressure test and rehearsal combined with a training component to close gaps and enhance every element of readiness. In some cases, these internal mock audits can even be more stringent than actual regulatory inspections, going far deeper into the quality system and sometimes sparking large-scale remediation projects.

Whether you're preparing for an internal mock inspection to evaluate your own facility or need to conduct an external mock FDA inspection of a supplier or vendor, our team of experienced consultants is ready to help.

Learn more about our auditing and mock FDA inspection services.

Not a paid subscriber yet?

Here’s what you’re missing:

Upgrade here to unlock all of these issues and new ones »

The FDA Group helps life science organizations rapidly access the industry's best consultants, contractors, and candidates.

Need expert help planning and executing compliance projects or connecting with a quality and compliance professional? Get in touch with us. If we haven’t worked together yet, watch our explainer video below or head to our company introduction page to see if we could help you execute your projects now or in the future.

Our service areas:

Quality Assurance | Regulatory Affairs | Clinical Operations | Commissioning, Qualification, and Validation | Chemistry, Manufacturing, and Controls (CMC) | Expert Witness

Our engagement models:

Consulting Projects | Staff Augmentation | FTE Recruitment | Functional Service Program

Our podcast:

Apple | Spotify | YouTube | Web + Others

The FDA Group's Insider Newsletter
The FDA Group's Insider Newsletter
The FDA Group