This guidance breakdown is available in full to paid subscribers. Only paid subscribers get regular full access to our guidance breakdowns and other analyses. If you’re not already a paid subscriber, you can upgrade here.

Our first FDA guidance breakdown of 2026 looks at a critical final guidance issued in December.

“Processes and Practices Applicable to Bioresearch Monitoring Inspections“ consolidates and clarifies how the FDA conducts BIMO inspections across programs, what information establishments must provide, and how the FDA expects communication to work before, during, and after an inspection.

If your organization touches FDA-regulated research in any way (clinical trials, nonclinical studies, IRBs, CRO operations, REMS, PADE reporting), this guidance is effectively a field manual for inspection readiness.

We’ll quickly run through:

• what FDA says the BIMO program is designed to do,

• who and what is subject to BIMO inspections,

• how inspections are initiated and conducted (domestic and international), and

• how FDA expects industry to communicate and respond at each phase of the inspection lifecycle.

Why the FDA issued this guidance

In short, to comply with section 3612(b)(2) of FDORA, which directed the FDA to describe the processes and practices applicable to inspections of bioresearch sites and facilities under section 704(a)(5) of the FD&C Act.

The scope is intentionally limited. The FDA states the guidance:

• does not create new legal requirements,

• does not replace existing compliance programs or manuals, and

• is meant to fill gaps where inspection practices were previously described only in internal documents or scattered resources.

The guidance also formally withdraws older information sheet guidances for clinical investigator and IRB inspections, signaling that this document is now the authoritative public reference for BIMO inspection conduct.

A quick refresher: what the BIMO program covers

The FDA describes the Bioresearch Monitoring program as a portfolio of inspectional and oversight activities designed to assess the quality and integrity of data submitted to the FDA, and protect the rights, safety, and welfare of human and animal trial participants.

BIMO inspections apply to FDA-regulated research and certain postmarketing activities, including but not limited to clinical investigations, nonclinical laboratory studies, IRBs, sponsors and CROs, and postmarketing obligations such as REMS and PADE reporting.

The guidance uses “study,” “trial,” and “research” interchangeably and explicitly covers both human and animal research.

FDA’s inspection authority under BIMO (and what establishments must provide)

A central function of the guidance is to restate—and clarify—FDA’s authority under section 704(a)(5) of the FD&C Act, as amended by FDORA. A few key points the FDA emphasizes here:

• FDA may access, inspect, and copy records related to the conduct, results, and analyses of studies.

• This includes paper and electronic records, as well as electronic information systems used to hold, analyze, process, or transfer data.

• The FDA may inspect facilities and equipment used to generate bioresearch data.

At the same time, the FDA notes that statutory safeguards for confidential commercial information and trade secrets still apply, and inspections must be conducted at reasonable times, within reasonable limits, and in a reasonable manner.

Operationally, this means the guidance is not expanding the FDA’s reach, but it is removing ambiguity about how deep into systems, databases, and workflows the FDA can go during a BIMO inspection.

Inspections vs. Remote Regulatory Assessments

The guidance distinguishes between inspections under sections 704(a)(1) and 704(a)(5), and Remote Regulatory Assessments (RRAs), which may occur in advance of or in lieu of an inspection.

FDA notes that RRAs may include remote interactive evaluations and requests for records or other information under section 704(a)(4).

The FDA also says it generally takes a risk-based approach when deciding whether to conduct an inspection, an RRA, or both. Importantly, (and this is still a major point of confusion) RRAs are not inspections, but many of the communication expectations described in this guidance (e.g., record formatting, system access discussions) are intentionally aligned.

The backbone documents FDA inspectors rely on (read these!)

The guidance repeatedly points industry back to three core FDA resources:

1. Investigations Operations Manual (IOM) – the primary operational reference for FDA investigators.

2. BIMO Compliance Programs – which define inspection scope, focus areas, interviews, and records requested for each regulated entity type.

3. Regulatory Procedures Manual (RPM) – which governs post-inspection regulatory and enforcement actions, including NOOHs and disqualification proceedings.

All three are publicly available, and the FDA explicitly encourages industry teams to review them so inspections are not treated as black boxes. As a firm teams come to for audits and mock inspections, we couldn’t agree more. There’s a ton of specific detail in these resources that should all be driven directly into your readiness efforts. The FDA gives you the blueprint — use it!

Types of BIMO inspections FDA conducts

The FDA describes three broad inspection drivers:

• Application-driven inspections – conducted to support review of a specific submission or marketing application.

• Periodic inspections – for establishments with ongoing regulated activities (e.g., IRBs, nonclinical labs).

• For-cause inspections – triggered by complaints, required reports, or safety concerns.

Inspections may be comprehensive (covering all operations), or directed (focused on specific activities). Both pre-announced and unannounced inspections are explicitly contemplated, and both are conducted under the same statutory authority and compliance programs.

Domestic vs. international BIMO inspections

The FDA makes clear that international BIMO inspections are routine, particularly where foreign studies support U.S. regulatory decisions.

They call out a few key distinctions here:

• Domestic inspections involve the issuance of Form FDA 482 at inspection start.

• Foreign inspections do not involve Form 482, but FDA credentials are still presented.

• Aside from pre-announcement timing and procedural differences, the FDA states that foreign and domestic inspections are generally conducted the same way.

The agency also highlights its collaboration with foreign regulators and joint inspections, which, in our experience, can reduce the burden but also increase scrutiny.

Communication expectations: before, during, and after an inspection

A large portion of the guidance focuses on how the FDA expects communication to work. Here are the cliffnotes:

Pre-announcement

FDA explains that pre-announcements are primarily intended to:

• confirm location,

• ensure records and staff availability, and

• discuss inspection logistics and timeframe.

The FDA may provide a general idea of records to be requested, ask about electronic systems in advance, and decline to disclose the specific reason for inspection until the opening meeting.

They explicitly state that failure to acknowledge a pre-announcement should not delay an inspection.

During the inspection

During the inspection, the FDA states it will:

• provide an opportunity to discuss the nature, scope, and timing of record requests,

• expect timely access to requested records, and

• view electronic records (including audit trails) through various methods, with copies provided as requested.

FDA also notes that, when feasible, investigators should discuss observations with management as they arise or on a daily basis, including issues that may not ultimately appear on a Form FDA 483.

After the inspection

At closeout, FDA will discuss inspection findings with management and issue a Form FDA 483 if objectionable conditions are identified.

The guidance reinforces several points that are often misunderstood:

• There is no regulatory requirement to respond to a Form FDA 483.

• FDA strongly encourages a written response within 15 U.S. business days.

• Responses submitted within that window are generally considered before further Agency action.

FDA outlines best practices for 483 responses, including:

• addressing each observation separately,

• stating agreement or disagreement (with rationale),

• providing CAPAs and timelines,

• explaining how effectiveness will be verified, and

• attaching supporting documentation.

The agency also explains inspection classifications (NAI, VAI, OAI) and notes that final classifications are publicly posted.

What has not changed

The guidance is explicit about its limits:

• It does not change the FDA’s legal inspection authority.

• It does not create new inspection types.

• It does not bind the FDA or the industry.

• It does not eliminate the need to understand compliance programs, the IOM, or program-specific requirements.

Instead, it consolidates expectations and removes ambiguity around process, access, and communication.

Practical implications for inspection readiness

Even though the guidance is procedural, it has real operational consequences because it spells out (1) what the FDA expects access to, (2) how the FDA will communicate requests, and (3) how the FDA weighs your response after closeout.

Are your electronic systems inspection-ready, including audit trails and read-only access pathways?

The FDA is explicit that establishments must provide access to paper and electronic records and to the electronic information systems used to “hold, analyze, process, or transfer” the information subject to inspection.

What that means operationally (based on the described process):

• Plan for access at arrival, not “eventually.” The FDA says establishments using electronic information systems “should be prepared to provide access to FDA personnel upon their arrival.”

• Expect audit trails to be in play. The FDA notes it can view electronic records “including audit trails” through various methods.

• Be ready to produce copies out of the system. The FDA states that, regardless of how it views records, establishments should be prepared to provide requested copies from electronic systems.