G M Butcher If you claim an email record as the official version, then yes, and they have the right in the USA to access any area within the confines of the place of inspection. In the USA, they are law enforcement officials. In different foreign countries, they have differing status dependent on the MOU between the foreign regulatory authority.
Your email system would require validation by 21CFR part 11. You are rather lacking the fore site of the consequence in doing so, but realizing part of that now.

Dave Gaisser FDA can inspect email records if they provide a form of documentation of compliance and are associated with production batch records, quality control tests, validations, or similar such functions. GM makes a good point that your system will need to be Part 11 compliant, in large part to ensure that individual records cannot be altered.

Valentin B. Thank you very much for your quick reply.

Sec. 820.180 General requirements.

All records required by this part shall be maintained at the manufacturing establishment or other location that is reasonably accessible to responsible officials of the manufacturer and to employees of FDA designated to perform inspections. Such records, including those not stored at the inspected establishment, shall be made readily available for review and copying by FDA employee(s). Such records shall be legible and shall be stored to minimize deterioration and to prevent loss. Those records stored in automated data processing systems shall be backed up.

Christopher Ivicevich I have used emails as records to a limited extent. I obviated the risk of FDA intrusion in our email system by (1) printing the specific emails to PDF and then (2) storing those PDFs in a 21 CFR 11 compliant EDMS, usually attached to a CAPA record. This also obviated the need to make the email system 21 CFR 11 compliant.

Christopher Ivicevich "Yes you have opened your entire e mail system to scrutany when you include email as a an official document or communication."

Not necessarily. I used a limited number of emails as evidence for CAPAs. Each such email was printed to PDF and attached to the electronic CAPA record, which was in turn stored in a 21 CFR 11 compliant EDMS. This practice actually keeps the FDA within the EDMS, and does not open the company's email system to them. Further, record approvals are executed and maintained within the EDMS, and thus the email system does not have to be 21 CFR 11 compliant.

Mark Proulx, CQA, cSSBB Everything said above me is quite true...and scary if you use emails as "proof" of compliance. Trust me, don't do it. Develop your systems to be as robust and all-inclusive as possible outside of any email. Do NOT accept that emails are objective evidence or you CANNOT imagine the hell sitting in an audit defending the emails that typically get thrown around on a typical day.

Ruud Lans Can! But it depends if the auditee gives not requested anwers to the auditor. If the email is strictly related with the QMS or/ and findings don't be stressed if you doing the right things and the things right. Privacy brittle information adressed as protected ti share ( law on privacy) is not allowed to share with anyone but only when you have a written approval of the person.

If it ain't written down it never happened !!!!!

Jonathan Wacks Under no condition should e-mail, accounting systems, or market data ever be employed. It’s opening Pandora’s Box...

Valentin B. Well this is a good thing I actually did not do it