February 2026 — Global — Companies don’t fail an FDA Pre-Approval Inspection (PAI) because they “forgot a document.” They fail because the site cannot reproduce execution: what happened, when it happened, who was authorized, what controls were in place, and how deviations were governed—without reconstruction. A PAI is where intent dies and evidence wins. You can have impressive slides and a clean facility, but if your manufacturing story relies on memory, late edits, or informal workarounds, the inspection outcome will reflect that. The baseline expectation across the Western regulatory world converges on the same operational requirement: reproducible evidence anchored to GMP, whether you cite US 21 CFR Part 210 and 21 CFR Part 211, EU data governance concepts under Annex 11, inspection alignment frameworks like PIC/S PE 009, or explicit data integrity expectations like MHRA GxP data integrity. In practical terms, PAI-readiness is a systems question: GMP execution, data integrity, controlled audit trails, defensible Part 11 behaviors, and validation proof that can be re-performed on demand—not re-explained.
This article is a dissertation-grade operational map of how to pass a PAI without “heroics”: what investigators test, where sites typically break, and how to build a coherent evidence package that connects process, people, equipment, data, and governance. It is not a list of citations. It is a model for reproducible truth: design controls so your team never has to reconstruct the record under pressure.
A PAI is not a tour. It is a reproducibility exam: show the same truth twice—without changing it—under time pressure.
1) What a PAI Really Is: Not a “Compliance Check,” a Market-Entry Gate
A PAI is the point where FDA is testing whether your site can consistently manufacture a product as filed and control quality in real time—not just describe a process. The investigator’s logic is simple: if commercial manufacturing starts tomorrow, will the site produce controlled product with reliable records under Part 210 / Part 211 expectations, or will reality force undocumented workarounds? That is why a PAI will probe the seams: batch record execution, investigation discipline, change control, lab data governance, supplier control, and the systems that prevent “we’ll fix it later.”
PAI outcomes are rarely driven by a single missing SOP. They are driven by incoherence: validation claims that don’t match how the floor operates; a quality system that exists on paper but not in workflow; and records that cannot survive scrutiny when investigators follow a thread from a finished lot back to raw materials and forward to release decisions.
2) The Core PAI Success Criterion: Evidence You Can Reproduce Without Reconstruction
Everything in a successful PAI reduces to one idea: can you reproduce the record as an output of execution? That is the operational meaning of data integrity. It shows up in how you handle timestamps, audit trails, privileged access, overwrites, reprocessing of data, retesting decisions, and the difference between original data and summaries. If your environment allows silent edits, shared logins, offline “work notes,” or post-hoc re-creation of missing evidence, you are training your organization to fail the exact stress test a PAI represents.
Build the evidence spine intentionally: audit trails that capture critical actions; electronic signatures where authority matters; controls consistent with Part 11; and durable record retention/archival so you can reproduce evidence months later without “refreshing” it.
3) The Evidence Package Blueprint: How Investigators Mentally “Assemble” Your Site
Investigators build a mental model of your facility by following the chain of evidence. Your job is to make that chain coherent and searchable. A practical blueprint looks like this: (1) quality system governance and risk posture, (2) validation strategy and proof, (3) manufacturing execution evidence, (4) laboratory control evidence, (5) investigations and change control discipline, (6) supplier/material control, and (7) data system governance (access, audit trails, backups, cybersecurity). When any link is weak, the investigator will spend more time there—and you lose control of the inspection narrative.
Make validation legible: a Validation Master Plan (VMP) that matches reality; clear requirements via URS; qualification evidence via IQ and OQ; and business-fit proof via UAT. Keep computerized system claims aligned with CSV and risk-based practices aligned with GAMP 5.
4) Manufacturing Readiness: From “We Can Make It” to “We Can Control It”
PAI manufacturing questions are not philosophical. They are physical and traceable: how you stage materials, verify identity, bind equipment to batch execution, enforce setpoints, detect deviations, and document outcomes. Investigators will look for disciplined process control, backed by evidence such as process validation, PPQ, and ongoing trending logic consistent with CPV.
Operationally, control means you know which parameters matter and you can demonstrate they stayed within intended windows, especially when output is sensitive to variation. That is why concepts like critical process parameters (CPPs) and in-process controls (IPC) must exist as executed checks, not aspirational statements. If you can’t show enforcement, you’re relying on operator memory. PAI investigators can smell that immediately.
5) Batch Records: The Fastest Place a PAI Finds Truth or Fiction
Batch records are where the site either proves execution or admits reconstruction. In a PAI, batch records must demonstrate: correct materials were used, correct equipment was used, correct steps were executed in the correct sequence, critical checks were performed, deviations were captured when they occurred, and QA disposition is defendable. That narrative lives in the BMR and, increasingly, in an EBR that prevents step-skips and late edits.
High-performing sites scale review through batch review by exception (BRBE), which is not “faster paperwork.” It’s a control philosophy: define what must never happen, detect it immediately, and force resolution with evidence. Tie release to rule-based quality disposition such as QA release rule automation, and govern status transitions using hold/release and release status governance. This is how you stop “we thought it was fine” from becoming a release argument.
6) Laboratory and Release: OOS/OOT Discipline Is a PAI Tell
PAIs expose lab weakness because lab data is where confirmation bias shows up. Investigators will test whether the lab produces controlled, reviewable evidence, and whether the organization can explain anomalies without narrative drift. That’s why your workflows for OOS and OOT must be strict, documented, and consistently applied. If retests occur, the justification must exist as evidence, not as oral history.
Method credibility matters too. Investigators look for defensible test methods and evidence that methods perform as claimed, using concepts like test method validation. They also probe stability governance, because stability is how you defend shelf life and storage conditions. Make stability structured and reproducible using stability protocols and stability studies evidence, backed by a governed reserve sample program and operational pulls such as retain sample pulls. The message to the investigator is simple: we don’t “believe” our quality; we can reproduce it.
7) Deviations and CAPA: The Quality System Shows Up When Things Go Wrong
A PAI is not about perfect batches. It’s about controlled batches—especially when something goes wrong. Investigators will look for real-time capture and consistent governance through deviation management, disciplined deviation investigation, and credible RCA. Weak sites write deviations to satisfy paperwork. Strong sites use deviations to improve control.
CAPA is where investigators test whether you actually learn. A defensible approach uses CAPA with clear containment, corrective action, preventive action, and a defined effectiveness mechanism. If you cannot prove closure quality, you will eventually be asked how you know the problem is gone. That answer lives in an executed CAPA effectiveness check, not a confident tone of voice.
8) Change Control: The Easiest Way to Destroy Validation Without Noticing
Many PAIs turn on change control because change is where systems drift quietly. If the process, equipment, utilities, methods, suppliers, labels, or computerized systems changed, investigators will ask: was it evaluated, approved, tested, and documented in a way that preserved control? Governance must exist through change control and decision discipline such as a change control board, not informal “we agreed on Slack.”
Document changes must be traceable and controlled through document control and a governed document change request. Training must be role-based and provable via a training matrix. If your people cannot demonstrate they were trained on the current version at the time of execution, you are back to reconstruction.
9) Supplier and Materials Control: If the Inputs Are Weak, the Batch Story Is Unstable
PAIs expose weak supplier control because it creates downstream ambiguity: wrong material, wrong grade, incomplete CoAs, inconsistent incoming checks, and undocumented substitutions. Govern the upstream boundary with supplier qualification/approval monitoring, executed incoming inspection, and documentary linkage through inbound CoA matching and the underlying CoA record.
Then enforce disposition discipline so materials are never “used because they’re here.” Use containment mechanisms like material quarantine and rule-driven acceptance via supplier lot acceptance criteria. This is how you keep the batch narrative stable when investigators trace a lot back to specific supplier inputs.
10) Equipment, Utilities, and Cleaning: The Physical Control Layer Must Match the Paper Layer
PAIs probe whether your physical systems can be trusted. That means qualification and traceability of critical equipment through equipment qualification (IQ/OQ/PQ), routine readiness proof through calibration discipline, and controls that prevent expired instruments from being quietly used. Enforce that with operational controls like calibration due lockout logic and visible readiness indicators such as asset calibration status.
Cleaning is a classic inspection thread because it connects contamination risk to evidence. Your controls should be provable through cleaning validation and day-to-day execution checks such as cleaning verification, supported by monitoring programs appropriate to the process (for example, environmental monitoring where applicable). The PAI question is not “do you clean?” It is “can you prove cleaning happened under controlled conditions for this product, this equipment, this time?”
11) Computerized Systems Governance: Most PAI Findings Are Really Systems Findings
Even when a PAI finding looks “manufacturing-related,” it often collapses into data governance: who had access, what was changed, when it was changed, and whether the system preserved truth. That is why CSV maturity matters, and why risk-based thinking aligned with GAMP 5 becomes practical rather than theoretical. Investigators will test the controls that prevent quiet manipulation: role-based access, lifecycle control via access provisioning, and enforced separation via segregation of duties.
Resilience is part of governance. If your system cannot preserve records during turbulence, your evidence chain becomes disputable. Address operational integrity with controls such as patch management, defined cybersecurity controls, and evidence that backups are trustworthy via backup validation, supported where necessary by availability posture such as high availability. Whether the system is MES, LIMS, QMS, or a document platform, the principle is identical: you must be able to reproduce history.
12) Internal Readiness: Run a PAI Like a Drill, Not Like a Surprise
Sites that pass PAIs treat readiness as a practiced behavior. That means rehearsing how evidence is retrieved, how questions are answered, and how inconsistencies are resolved without improvisation. Build that muscle through internal audits that behave like stress tests, not checklist walks. Track gaps through audit finding management, and force leadership engagement through management review so recurring weaknesses are not re-labeled as “training issues.”
Readiness should also be risk-based. Use ICH Q9 quality risk management to prioritize what could actually create patient risk, batch failure, data unreliability, or regulatory distrust. When you can explain your control strategy as risk-driven and evidence-backed, the inspection narrative shifts from defense to credibility.
13) Day-of PAI Execution: How to Answer Without Creating New Problems
During a PAI, your best strategy is disciplined truth. Answer only what you can support with records. Don’t speculate. Don’t “educate” your way out of gaps. If you need time to retrieve evidence, say so and retrieve it. The inspection dynamic punishes improvisation because improvisation creates contradictions, and contradictions invite deeper digging. A mature site runs a controlled inspection process: a clear document request log, a war-room retrieval workflow, controlled SME participation, and a method for escalating questions that touch validation, lab, quality events, or data governance.
The tactical goal is consistency: the batch record tells the same story as the equipment log; the deviation record matches the batch record; the lab record matches the release decision; the audit trail supports the approvals; the access model supports the trust claim. If those layers disagree, investigators will assume the record is being managed rather than produced.
14) Bottom Line: PAI Readiness Is a Designed System, Not a Heroic Week
A PAI is the moment your quality system meets reality. Passing it consistently requires a small set of hard gates that refuse drift: validated systems (CSV aligned to GAMP 5), disciplined execution evidence (BMR/EBR with BRBE), governed status and release (hold/release and rule-based QA disposition), strict investigations (investigations and CAPA with effectiveness checks), controlled change (change control plus document control), and an evidence spine that survives pressure (audit trails, data integrity, role-based access, segregation of duties, and retention).
When those gates exist and are enforced, a PAI becomes predictable. Investigators can follow threads without finding contradictions. Your team can answer with records instead of narratives. And the inspection stops being an event you fear and becomes a capability you can demonstrate on demand.
