Why these examples matter
FDA Form 483 is the document inspectors issue at the close of an inspection when they identify conditions that may indicate a violation of FDA-administered acts and regulations. It is observational, not adjudicative — but the patterns that show up on 483s become warning letters, consent decrees, and import alerts when they are not corrected.
The FDA publishes annual summaries of inspection observations by program (Drugs, Devices, Biologics, Foods) at the FDA Inspection Observations page. The 483s themselves are often available through FOIA or commercial databases, and selected redacted copies are posted on FDA's site.
Most 483 findings do not come from one dramatic failure. They come from gaps in record control, follow-through, validation, training, and evidence retrieval that compound across years.
What an FDA Form 483 actually contains
Each observation on a 483 references a specific 21 CFR section the inspector believes was not met. Common predicate-rule sections in drug GMP inspections include:
- 21 CFR 211.192 — review of production records and laboratory records
- 21 CFR 211.22 — quality unit responsibilities
- 21 CFR 211.68 — automatic, mechanical, and electronic equipment (including computer systems)
- 21 CFR 211.100 — written procedures and deviations
- 21 CFR 211.165 — testing and release for distribution
For medical devices, frequently cited sections include 21 CFR 820.100 (CAPA), 820.198 (complaint handling), 820.30 (design controls), and 820.50 (purchasing controls).
Quality teams should use the cited 21 CFR section as the entry point when reading any 483 — it tells you which predicate rule the inspector applied.
Recurring observation pattern 1: incomplete investigations and CAPA
One of the most familiar observation patterns is an investigation that exists on paper but does not fully explain the event, the cause, or the follow-up. The cited regulation is usually 21 CFR 211.192 (drugs) or 21 CFR 820.100 (devices).
Common contributors:
- the deviation was documented after the fact
- the root-cause analysis stayed superficial (operator error without a system explanation)
- corrective action was assigned without strong evidence the action would prevent recurrence
- effectiveness review never closed the loop, or closed it with weak criteria
This pattern has appeared in published warning letters across drug substance, finished pharmaceutical, and device manufacturers for many consecutive years. See the FDA's Warning Letters page for redacted examples.
Recurring observation pattern 2: data integrity and audit trail control
Another long-running pattern is when records exist, but the team cannot defend their history. Inspectors focus on whether entries are attributable, legible, contemporaneous, original, and accurate (ALCOA+), and whether audit trails are reviewed.
Typical 483 wording references 21 CFR 211.68(b) for drugs (controls over computer systems and electronic data) and 21 CFR 211.194(a) for laboratory records. PIC/S PI 041-1 (2021) covers the same expectations for international inspections.
What inspectors look for:
- attribution to the user who performed the action
- timestamps that cannot be edited
- audit trails that are reviewable and retrievable for the retention period
- deletion or modification of original data without justification
- shared user accounts that defeat attribution
If teams rely on spreadsheet edits, shared drives, or offline notes for GMP records, the evidence path is hard to defend.
Recurring observation pattern 3: training and procedure drift
A procedure may be current on paper while training records, local practice, and approved revisions tell different stories. The cited regulations are typically 21 CFR 211.25 (drug personnel training) and 21 CFR 820.25 (device personnel training).
The familiar inspection finding: the SOP says one thing, the operator does another, and the record trail does not clearly show who knew what and when. Closely related is the gap between the version of an SOP in use on the floor and the version of record in the document control system.
Recurring observation pattern 4: validation and change control gaps
Computerized systems become 483 targets when teams cannot explain the validation logic, the approved configuration, or what changed after release. Typical cites:
- 21 CFR 211.68(b) — failure to validate computer systems
- 21 CFR 211.100(a) — failure to follow written procedures for changes
- 21 CFR 820.70(i) — failure to validate software for its intended use (devices)
Cloud-hosted systems have not changed this regulatory expectation. They have made supplier oversight (EU GMP Annex 11 clause 3 equivalent) more important, even where US predicate rules do not name it directly.
Recurring observation pattern 5: complaint handling and post-market surveillance
For medical devices, complaint-handling observations under 21 CFR 820.198 are among the most cited each year per the FDA's published inspection-observation summaries. Common gaps:
- complaints not evaluated for MDR reportability within required timeframes
- complaints not investigated when the regulation requires investigation
- trending of complaints not connected to CAPA decisions
- service records or returned goods not evaluated as potential complaints
What quality teams should learn from these examples
The lesson is not "document more." The real lesson is to preserve the whole evidence chain:
- event intake
- investigation
- root cause
- CAPA
- effectiveness check
- linked document and training impact
When those records stay disconnected, inspections expose the break points. The recurring 483 patterns above are not ten different problems — they are usually the same evidence-chain weakness viewed through different predicate rules.
How to reduce the risk before inspection
Review where your team still reconstructs answers manually. If a likely 483 topic would force you to search through emails, spreadsheets, and exported logs, that workflow is a risk signal already.
Tighten:
- deviation and CAPA linkage with effectiveness checks that reference real metrics
- audit trail readability and review cadence
- document revision history with current-state controls
- training evidence with read-and-understand attribution
- validation and change records with impact assessment across documents, training, and risk
Related sources
- FDA Inspection Observations: https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/inspection-references/inspection-observations
- FDA Warning Letters: https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/compliance-actions-and-activities/warning-letters
- FDA Data Dashboard (inspection trends): https://datadashboard.fda.gov/ora/cd/inspections.htm
