Like death and taxes, eventually every pharmaceutical testing laboratory will get a regulatory agency inspection.  The anticipation of a regulatory inspection will instill great angst even within the most compliant laboratories.  The anticipated inspection might be a periodic inspection, but most often is a Pre-Approval Inspection (PAI).  The anxiety about an impending inspection often triggers a request for an independent third-party audit of the facility including the laboratory.

A risk-based third-party audit of the laboratory, if thorough, will review the procedures and practices of the laboratory and identify the high-risk compliance gaps.  To be of real value, the third-party laboratory audit needs to be comprehensive and detailed to ensure all high-risk gaps are identified.  That said, the two areas where compliance gaps lead to the most laboratory-related regulatory observations are lack of adequate data integrity assurance and inadequate investigations.  Frequent data integrity observations are likely not a surprise to anyone, but inadequate investigation observations are becoming more and more prevalent.  Non-compliance observations leading to regulatory commitments and remediation for these two observations can be costly and strain already precious resources.

So, what’s a lab to do?  First step, refamiliarization with the two most pertinent FDA Guidances is a starting point (Data Integrity and Compliance with Drug CGMP Questions and Answers Guidance for Industry, December 2018 and FDA Guidance for Industry, Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production, October 2006).  The Data Integrity guidance has been available at least in draft form for several years; the OOS guidance for 13 years.  So, neither are new, yet laboratories continue to struggle to meet the compliance expectations.

The biggest compliance obstacles are listed below:

Data Integrity 

  • Qualification of computerized laboratory equipment as configured for the intended use (not simply as received from the vendor) to comply with 21 CFR Part 11.
  • Ensuring the complete testing data is reported, reviewed and protected from change; including the processing of dynamic data and data and audit trail reviews.

OOS Investigations

  • Lack of conclusive root cause identification
  • Lack of effective CAPA

The “take home” message is, to enhance compliance and readiness for future regulatory inspections laboratories should really focus on data integrity assurance and thorough investigations.

For further information and assistance on the topic of laboratory compliance enhancement and regulatory inspections, please contact either Ron George, Ph.D. at or
Mary Oates, Ph.D. at