The following questions were asked during the Virtual Audits and Inspections webinar presented by USDM’s David Blewitt and Box’s Manu Vohra.


Click here to watch the on-demand webinar


Since the virtual audit is supposed to be taking the place of the on-site audit, how is the facility tour handled? I have found this to be a challenge.

(David Blewitt, USDM) Facility tours certainly rely more on physical presence than do process and policy audits, which lend themselves more readily to virtual auditing. However, it is possible to perform an in-depth facility tour using augmented reality (AR) with the associated documentation embedded in the output of the AR tool. An auditor can then “virtually” tour a facility and click on various processes and policies as they move around the facility, thus removing the need to audit the facility in person; evidence is available and gathered as though they were there.

A lot of clients still want on-site audits once they are able. Do you think the mindset will change in the future?

(David Blewitt, USDM) I believe the mindset will change when the outcomes of virtual audits become more commonplace, and it is evident that regulators and public and private companies accept this “new” methodology. If the same results are achieved with virtual audits as for on-site audits, then it becomes an easier pill to swallow for the more conservative quality and regulatory personnel.

What should I expect from a remote FDA facility inspection?

(David Blewitt, USDM) The FDA is using a number of tools to oversee facilities that manufacture their regulated products or FDA-regulated products, including record requests in advance of or in lieu of a drug facility inspection. They rely on information from trusted regulatory partners, remote interactive evaluations, live-stream video of operations, teleconferencing, and screen sharing, to name a few.

How are you conducting investigational product inspections for storage and assessment of the pharmacy?

(David Blewitt, USDM) This would be a combination of virtual and AR audits. Evidence of following policy and processes is reviewed along with specific evidence for Investigational New Drug (IND) development and testing. Inspections of facilities that develop, manufacture, and store products are performed using the AR methodology.

Does Box support 21 CFR Part 11 compliant records and e-signatures natively?

(Manu Vohra, Box) Part 11 has two components to it, electronic records and electronic signatures. Box does support Part 11 compliance with the electronic records part of it today. Sometime later this year, we are launching an e-signature capability as well.

Is Part 11 compliance for records standard with Box or do you need to purchase optional support?

(Manu Vohra, Box) Part 11 compliance is part of our Box GxP Validation offering.

My company's current Box offering is not Part 11 compliant, does it mean we need to buy an additional validation package to be administered by USDM?

(Manu Vohra, Box) We provide GxP as part of our Box suites. Reach out to your account representative for a walk through of the entire process. We also provide all of the vendor documentation that comes along with it. Our friends at USDM can help with validation for your intended use.

How can audit materials be surfaced to auditors through Box when they are scattered throughout several core systems?

(Manu Vohra, Box) We have this cool feature called Box File Request that can be used by compliance managers to request audit records from content owners and departments. That way, it captures the content in read-only mode, it can apply watermarks to it, it records the date and time it was received, the name of the source application, and the person who added it. So basically, File Request maintains a digital chain of custody. Box fourth-party apps can be used to capture source content through something as simple as a file request feature.

How do I know that the data I provided has been completely removed or deleted after completing the audit?

(David Blewitt, USDM) Verify that security for your folders within Box are set correctly. There are settings for removing content after a certain period of time or denying access after a certain period of time. You can also review the audit trail and your security settings to determine if any of the documents have been downloaded, which won't be possible if the access is set correctly. This will also show you if files are still available to various personnel. Set up a standard methodology for doing this as a kind of mini validation; if you like those settings, duplicate them each time

Along with the validation package provided by USDM, is there an option where USDM would participate in audits when a deeper dive into test evidence is requested?

(David Blewitt, USDM) Yes, we do support that. We can provide audit guidance or facilitate the entire process if needed. We look at the testing evidence and ensure that it is human readable in a format that makes sense to auditors.

Does the FDA require specific applications like Zoom or Teams?

(David Blewitt, USDM) No, they don't specify applications, but the tool you use must be appropriate for the job.

What kind of virtual inspections have already been conducted at Box? What's the audit frequency? Are the FDA and EMA using Box for their virtual audits?

(Manu Vohra, Box) Yes, we've conducted several types of audits between sponsors and the healthcare authorities, and between sponsors and CROs. With an increase in contract manufacturing over the last year, there have been several audits between large bio pharma and their contract manufacturers. We are growing in this space, so more use cases will pop up.

The FDA is currently a Box customer and has used Box for conducting inspections for a few years now. The EMA does not, but some of our customers use their Box instances to run virtual inspections with the EMA.

Can you to briefly describe the difference between CSV and CSA?

(David Blewitt, USDM) The traditional approach to CSV involves documentation to the nth degree as it relates to testing. Sometimes it is based on risk, sometimes it’s not. CSV is supposed to be based on risk, but companies are documenting, which doesn't produce a valuable product. It's just documentation for the sake of documentation.

The CSA approach focuses on true, risk-based testing and providing documentation only when necessary. You do more critical thinking and testing, you don't document as much, and you get more efficient practices and processes that are key to product quality and safety.

If you have questions that aren’t answered here, please contact us.

USDM Life Sciences and Box provide an innovative approach for maintaining GxP compliance in the cloud. Life sciences organizations can create, collaborate, manage, and distribute information with their employees and partners, all backed by enterprise-grade security and compliance.

Sneak Peeks

Here are a few clips from the Virtual Audits and Inspections webinar. Click here to access the full-length on-demand webinar.


Additional Resources

White paper: Best Practices for Virtual Audits and Regulatory Inspections
Checklist: Virtual Audits Checklist
Blog: On-site and Remote Audit Best Practices

Want our experts to work on your project?

Take the first step towards creating more value with USDM today.

Connect Now

We use cookies to understand how you use our site and improve your experience. This includes personalizing content and advertising. Learn more.