Remote Regulatory Assessments for FDA-Regulated Products and Establishments (DRAFT)

This is a draft guidance. Not for implementation.

What You Need to Know? 👇

What is a Remote Regulatory Assessment (RRA) and how does it differ from an FDA inspection?

An RRA is an examination of an FDA-regulated establishment and/or its records conducted entirely remotely to evaluate compliance with applicable FDA requirements. Unlike inspections under section 704(a)(1) of the FD&C Act, RRAs don’t involve FDA staff physically entering establishments and don’t result in Form FDA 482 or 483 issuances.

When might FDA initiate a Remote Regulatory Assessment instead of conducting an on-site inspection?

FDA may initiate an RRA when travel limitations exist due to public health emergencies, natural disasters, or other situations making travel infeasible. RRAs are also used to prepare for planned inspections, follow up on consumer complaints, verify corrective actions, or support marketing submission reviews using a risk-based approach.

What are the consequences of declining to participate in a voluntary versus mandatory RRA?

Declining a voluntary RRA results in no enforcement action, though FDA may consider other oversight tools like inspections. However, refusing a mandatory RRA under section 704(a)(4) or FSVP regulations may constitute a violation of the FD&C Act and could result in appropriate regulatory action.

What types of records and information can FDA request during an RRA?

FDA may request records similar to those reviewed during inspections, including production batch records, quality reports, equipment records, process validation data, standard operating procedures, electronic database access, and for FSVP importers, hazard analysis and supplier verification records. The scope depends on the RRA’s purpose and legal authority.

What technological capabilities are needed to participate in an RRA involving interactive elements?

Establishments may need adequate internet connectivity, cameras, and hardware to support livestreaming video, screen sharing, and virtual meetings. The technology should allow FDA to remotely view operations, examine electronic systems, and evaluate records with sufficient image quality and connectivity for proper assessment of compliance activities.

How does FDA handle observations and follow-up actions after completing an RRA?

FDA may conduct a closeout meeting presenting written RRA observations of potential violations. Establishments are encouraged to respond within 15 business days. FDA prepares a narrative report that becomes publicly available after redaction. Following an RRA, FDA may conduct inspections, take enforcement actions, or use the information for regulatory decisions.

---

What You Need to Do 👇

Recommended Actions

1. Establish internal procedures for responding to RRA requests (both mandatory and voluntary)
2. Ensure technological capabilities are in place to support remote assessments including:
   • Video streaming capabilities
   • Secure file sharing systems
   • Screen sharing capabilities
   • Adequate internet connectivity
3. Prepare documentation systems to enable quick response to records requests:
   • Implement searchable electronic documentation when possible
   • Establish process for scanning paper records
   • Maintain translation capabilities if needed
4. Train relevant personnel on:
   • RRA response procedures
   • Technology tools used for remote assessments
   • Documentation requirements
   • Communication protocols with FDA during RRAs
5. Establish process for:
   • Reviewing RRA observations
   • Developing responses within 15-day timeframe
   • Implementing and documenting corrective actions
6. Create contingency plans for:
   • Technology failures during remote assessments
   • Handling confidential information
   • Managing resource constraints during RRAs

Key Considerations

Clinical testing

• Records or data related to the reporting or conduct of FDA-regulated research may be requested for establishments subject to BIMO inspection

Software

• Electronic systems may be reviewed through screen sharing and livestream/video
• Read-only access to electronic databases may be requested
• Establishments should identify any limitations on external access and ensure encrypted/password-protected files can be accessed by FDA

Cybersecurity

• Quality of remote connection should be adequate for FDA review
• FDA will provide secure means to send requested records
• Technologies should have appropriate security and privacy controls

Other considerations

• Records should be submitted in electronic format when possible
• Paper records should be scanned as searchable PDFs when possible
• Records may need to be provided in English or with English translation
• FDA may request records within reasonable timeframes based on establishment size, complexity of records, and urgency
• Establishments should respond to observations within 15 U.S. business days
• RRAs do not replace FDA inspections but can complement them

---

Relevant Guidances 🔗

• Content of Premarket Submissions for Device Software Functions
• Cybersecurity in Medical Devices: Design, Implementation, and Premarket Submissions
• Off-The-Shelf Software in Medical Devices: Documentation Requirements for Premarket Submissions
• Electronic Records and Electronic Signatures - Scope and Application

---

Original guidance

• Remote Regulatory Assessments for FDA-Regulated Products and Establishments
• HTML / PDF
• Issue date: 2024-02-02
• Last changed date: 2024-11-05
• Status: DRAFT
• Official FDA topics: Tobacco, Inspection, Medical Devices, Food & Beverages, Dietary Supplements, Investigation & Enforcement, Regulation, Electronic Submissions, Drugs, Import, Animal & Veterinary, Compliance, Biologics, Records, Cosmetics, Administration
• ReguVirta ID: e7b0e5c924ac353b676f53364d7d3200