What FAA inspectors ask for during a drone program audit

The phrase "FAA audit" makes most drone program leaders think of Part 121 carrier audits: formal, scheduled, multi-day reviews against a published checklist. Part 107 operations do not work that way. The FAA does not run a formal audit program for commercial drone operators. What happens instead is surveillance, conducted by Aviation Safety Inspectors, often triggered by something specific (an incident report, a complaint, a waiver application), and sometimes conducted as part of broader oversight without a specific trigger.

The framing matters because programs that prepare for an audit-in-the-Part-121-sense end up over-prepared for documentation that does not match the surveillance reality, and under-prepared for the specific records inspectors actually ask to see. Surveillance in practice is targeted, document-driven, and grounded in what Section 107.7 obligates the operator to make available. This article walks through what FAA surveillance typically asks for, with reference to the FAA Compliance Program which sets the agency's overall approach to safety oversight.

How FAA surveillance happens

Surveillance of a Part 107 operator can be triggered by several things. The most common is an incident report filed under Section 107.9, which the FAA reviews and may follow up on with the operator. Complaints from members of the public, asset owners, or other operators can also trigger surveillance, particularly when the complaint suggests specific regulatory violations. Waiver applications can produce surveillance during the review process and after waivers are granted to confirm compliance with conditions.

Routine surveillance without a specific trigger does happen, especially for higher-volume operators or operators flying under multiple waivers. The frequency is not published and varies by region and inspector workload.

The format of surveillance varies. Document requests by email or letter are common, asking the operator to produce specific records within a defined period. Site visits occur less frequently and are usually scheduled. Phone interviews can supplement either format. The inspector's goal is to understand whether the operator is in compliance with the rules and any waiver conditions, and the format follows from that goal.

What surveillance is not, in most cases, is a confrontational enforcement action. The FAA Compliance Program emphasizes cooperative resolution where possible, with enforcement reserved for situations involving willful violations, repeated noncompliance, or significant safety risk. Operators that respond promptly and accurately to surveillance typically have a different experience than operators that delay or resist.

What inspectors typically ask for

The specific records vary by trigger, but the patterns are consistent.

Remote Pilot Certificate records. The certificate itself plus evidence of current recurrent training under Section 107.65. The inspector wants to confirm the remote PIC for each operation in question was qualified.

Aircraft registration. The certificate or evidence of registration for the unmanned aircraft involved. Registration must be current under Part 47 or Part 48.

Operational records of specific flights. For surveillance tied to an incident or specific operation, the inspector typically asks for records of that operation: date, time, location, pilot, aircraft, mission. Programs that maintain flight records can produce these. Programs that do not end up explaining the gap.

Waiver compliance records. If the operation was conducted under a waiver, records demonstrating compliance with the waiver's conditions: weather observations, visibility checks, observer roles, equipment configurations.

Accident or incident reports. Records of any Section 107.9 reports filed, including supporting documentation. Inspectors may also ask about incidents that did not meet the §107.9 threshold but are relevant.

Operating manuals and SOPs. For operations governed by SOPs, the current version. Inspectors may ask whether the version in effect at the time of the operation differs from the current one.

Maintenance records. For airframes involved, maintenance and inspection records. Not explicitly required but expected as part of the preflight inspection obligation in Section 107.49.

Insurance documentation. Often requested, particularly when surveillance involves damage. Federal regulation does not require commercial drone insurance, but operators typically carry it and inspectors will ask.

Remote ID compliance records. Since Remote ID enforcement began, surveillance may ask about the compliance pathway and preflight verification.

How to prepare records before surveillance occurs

The records discussed above are not unusual. The challenge is producing them within the timeframe an inspector typically allows, with the linkage between records intact, and without exposing material outside the scope of the surveillance.

Records should be retrievable by operation. If an inspector asks for records of the flight that occurred at a specific site on a specific date, the program should be able to surface that flight, the pilot who flew it, the aircraft used, the maintenance history of that aircraft, the pilot's currency at that time, and the waiver compliance details (if applicable) in a single retrieval. Programs that maintain these records in separate systems end up assembling the response by hand.

Records should be tamper-evident. An inspector who is shown records that an admin could have edited after the fact has different confidence than an inspector shown records from an append-only log. Tamper-evidence is not a regulatory requirement, but it materially affects how surveillance proceeds.

Records should be scopeable. The inspector usually asks about specific operations, not the program's full history. Producing the requested records without exposing the rest of the workspace protects the program's broader operations from a surveillance event that started narrow. This is part of why pilots should only see the jobs they are assigned to, and the same principle applies to how surveillance responses are scoped.

Records should be accessible. Records that exist on personal devices, in individual inboxes, or in archived systems the current operations team cannot reach are functionally unavailable. The §107.7 obligation requires records to be available on request, not theoretically retrievable.

During the surveillance encounter

When surveillance occurs, response practice matters as much as the records themselves.

Respond promptly. Acknowledge the request, confirm the scope, and provide records within the timeframe the inspector specifies. Programs that delay create the impression that records do not exist or are being assembled after the fact.

Provide what was requested, accurately. Do not provide more than was asked unless the additional context is necessary to make the response complete. Volunteering records expands the scope of surveillance unnecessarily.

Document the encounter. The questions asked, the records provided, the timeline of the exchange, and any verbal commitments made. The documentation supports any follow-up and protects the program if the surveillance leads to further action.

Involve the right people, and be honest about gaps. The program lead, operations lead, and where appropriate legal counsel should be aware. If a record does not exist, saying so directly is better than improvising. Inspectors recognize improvised records and react accordingly.

Common mistakes during FAA drone surveillance

Treating surveillance as adversarial. The FAA Compliance Program is structured to favor cooperative resolution where possible. Programs that respond accurately and promptly typically have a better outcome than programs that delay or resist.

Producing records that look reconstructed. Records that appear to have been assembled in response to the surveillance request, rather than maintained as part of routine operations, raise inspector concerns. Tamper-evident, contemporaneous records carry more weight.

Exposing unrelated operations. Surveillance scope tends to be narrow at the start and expand if the inspector finds reasons to ask more questions. Producing records beyond what was requested can expand the scope unnecessarily.

Failing to document the encounter. Programs that respond to surveillance without keeping their own record of what was asked and what was provided end up reconstructing the exchange when follow-up arrives.

Assuming the absence of recent surveillance means recent compliance. No surveillance does not mean clean compliance. It means the program has not been the subject of a specific trigger yet.

FAQ

How long does the FAA give an operator to respond to a records request? The timeframe varies but is typically two to four weeks for routine records requests. Urgent requests tied to active incident investigation can be shorter. The request itself will specify the expected timeframe.

Can we have legal counsel involved in FAA surveillance? Yes. Operators have the right to involve counsel in any interaction with the FAA. Routine document responses to surveillance often do not require counsel, but more substantial encounters (site visits, enforcement actions, repeated surveillance) typically benefit from counsel involvement.

What happens if surveillance finds a compliance gap? The FAA Compliance Program emphasizes correction over enforcement where the gap is non-willful and the operator demonstrates corrective action. Outcomes can include compliance counseling, remedial training, or other corrective measures. Enforcement actions occur when the gap is willful, repeated, or involves significant safety risk.

Should programs proactively reach out to the FAA about compliance questions? For specific operational questions, yes. The FAA's UAS program offers guidance and the agency generally responds favorably to operators who ask before they fly. Proactive engagement on specific questions is different from inviting surveillance, which is not advisable.

Closing thought

FAA surveillance of a Part 107 operation is targeted, document-driven, and grounded in what the rule requires the operator to make available. Programs that maintain records contemporaneously, in systems that link operations to pilots, aircraft, and waivers, can respond to surveillance without reconstructing anything. Programs that maintain records loosely end up assembling the response by hand and producing documentation that looks reconstructed because it was. The difference between the two postures shows up only when surveillance arrives, by which point the records situation is what it is.

If you are preparing your drone program for FAA surveillance, FlybyOps was built for the operational record problem at the center of regulated drone work. Project and job hierarchy that links flights to operations, a pilot registry with certification and currency tracking, an equipment registry with airframe history, role-based access control that scopes read-only views to specific records, and an append-only audit log are all part of how the platform supports a surveillance encounter that does not require reconstruction.