GxP Auditing

Supplier, system, and quality audits for pharmaceutical and medical device companies.

This page focuses on GxP auditing support for pharmaceutical companies. For wider quality and compliance support, including regulatory, pharmacovigilance, and broader quality assurance services, see our related Quality and Compliance pages.

Why Auditing Matters

Pharmaceutical companies operate in a highly regulated environment where product safety, efficacy, and compliance are essential. Auditing provides a structured way to assess practices, processes, and procedures, helping identify compliance risks and areas for improvement before issues escalate.

Effective auditing supports corrective and preventative actions, protects product supply, and helps reduce the risk of recalls, fines, and reputational damage.

Auditing also supports operational performance. It can uncover inefficiencies, highlight areas of waste, and identify opportunities to improve processes, reduce costs, and strengthen overall business performance. Auditing also supports operational performance. It can uncover inefficiencies, highlight areas of waste, and identify opportunities to improve processes, reduce costs, and strengthen overall business performance. In an increasingly virtual environment, where companies outsource many activities to third-party providers, auditing plays a crucial role in ensuring these arrangements are appropriately assessed, risks are managed, and service providers meet expected standards and controls.

Regulatory and Quality Context

Pharmaceutical and medical device companies are expected to maintain compliance with regulatory and quality requirements designed to safeguard patients and ensure product quality.

Compliance is critical for:

  • protecting public health and patient safety
  • ensuring product quality and efficacy
  • maintaining regulatory approval and market access
  • maintaining product supply
  • mitigating legal and financial risks
  • strengthening company reputation and stakeholder trust

What We Audit

We provide GxP auditing support for pharmaceutical and medical device companies across the supply chain.

Our audit capabilities include:

GMP audits

Audits covering all dosage forms and starting materials, focused on identifying compliance risks, gaps in quality systems, and opportunities for improvement.

GLP audits

Audits of non-clinical testing facilities and contract research organisations against OECD Principles of Good Laboratory Practice, covering study conduct, quality systems, and data integrity.

GDP audits

Audits of distribution activities and supply chain partners to help maintain product integrity and compliance across storage and transport operations.

GCP audits

Audits of clinical trial sites, CROs, and sponsor oversight systems against ICH E6(R2) Good Clinical Practice requirements, focused on trial conduct, data integrity, and safety reporting compliance.

GVP audits

Audits of safety and pharmacovigilance systems against EU GVP modules and UK requirements. Covers safety database operations, case processing, signal detection, PSMF maintenance, QPPV oversight, and vendor management for outsourced PV activities.

Computer systems audits

Assessment of computerised systems and related controls within regulated environments, supporting data integrity and system compliance.

Medical device audits

Audit device and IVD manufacturers and suppliers against ISO 13485 and MDR/IVDR requirements.

Supplier audits and due diligence

Support during supplier selection, qualification, and due diligence activities, helping clients make informed decisions about third-party partners and contract manufacturers.

How We Work

Our audits are designed to do more than identify deficiencies. We highlight compliance risks, recommend best practice, and support process improvements so that companies can take corrective action quickly and efficiently.

We work collaboratively with clients to deliver against defined requirements and to support a consistent approach during supplier audits. This approach is particularly valuable for organisations facing short-term resource or capacity pressures.

Audit Coverage and Expertise

Our audit team includes experienced professionals with broad GxP and supply chain knowledge.

This supports:

  • supplier qualification and oversight
  • third-party and contract manufacturer audits
  • quality system review
  • risk identification and remediation planning
  • consistent audit execution across global supply chains

Key Regulations and Guidelines

The regulatory framework for GxP auditing in pharmaceutical and medical device companies.

  • EU GMP Guidelines (EudraLex Volume 4)
    Core framework for Good Manufacturing Practice, including requirements for quality systems, supplier qualification, and self-inspection (Chapter 9). Annexes such as Annex 11 (Computerised Systems) and Annex 16 (QP Certification) are particularly relevant.
  • UK GMP (The Orange Guide)
    The UK implementation of GMP requirements, maintained by the MHRA, aligned with EU GMP with UK-specific updates.
  • EU GDP Guidelines (2013/C 343/01)
    Defines requirements for Good Distribution Practice, including supplier qualification, transportation controls, and wholesale distribution expectations.
  • ICH Q10 – Pharmaceutical Quality System
    Establishes expectations for a lifecycle-based quality system, including management responsibility, continual improvement, and internal audit processes.
  • ICH Q9 – Quality Risk Management
    Provides the framework for risk-based auditing, including supplier risk classification and prioritisation of audit activities.
  • EU MDR 2017/745 (Medical Devices Regulation)
    Relevant for medical device and combination product audits, including quality systems and supplier control.
  • UK Medical Devices Regulations 2002 (as amended)
    UK framework for medical devices, aligned to EU legislation with UK-specific oversight.
  • 21 CFR Parts 210 and 211 (FDA GMP)
    Applicable for companies supplying the US market, covering manufacturing controls and quality systems.
  • 21 CFR Part 11 (Electronic Records and Signatures)
    Critical for computer systems audits, focusing on data integrity, validation, and electronic record controls.
  • MHRA Guidance Notes (e.g. Guidance Note 5)
    Provide additional UK expectations for manufacturers, including licensing and compliance obligations.

In practice, these frameworks shape audit expectations across supplier qualification, quality systems, data integrity, and supply chain controls, typically using a risk-based approach aligned with ICH guidance.

Key Benefits of GxP Auditing

A robust auditing programme can help your business to:

  • identify supplier and compliance risks early
  • support corrective and preventative actions
  • reduce the likelihood of product recalls, fines, and supply disruption
  • improve efficiency and reduce operational waste
  • strengthen readiness for inspection and regulatory scrutiny
  • support confident supplier selection and qualification

Do You Need Support With GxP Auditing?

Tell us about your products, suppliers, systems, or current quality challenges, and we will outline how our audit team can support you.

Contact Us

Frequently Asked Questions (FAQ)

What is the difference between a routine qualification audit and a for-cause audit?

A routine qualification audit is planned, typically part of an annual programme, and assesses the supplier or system against defined criteria. A for-cause audit is triggered by an event: a deviation, a complaint, a failed batch, a regulatory finding, or a change in the supplier's circumstances. For-cause audits are focused on the specific issue and its root cause. We can support both.

Can you audit suppliers outside the UK and EU?

Yes. We audit suppliers globally, including API manufacturers and contract labs in Asia. For markets beyond our direct reach, we coordinate through the regulanet® network. On-site audits are conducted by our team; remote or hybrid audits are used where appropriate and accepted by the regulatory framework.

How do you handle CAPA follow-up after an audit?

We deliver classified findings with recommended corrective actions and timelines. We then review the supplier's or site's proposed CAPAs for adequacy, track implementation against the agreed timeline, and verify effectiveness at re-audit or through documented evidence review. For clients with outsourced audit programmes, CAPA tracking is part of the ongoing service.

Do you provide a full outsourced audit function, or just individual audits?

Both. We conduct individual audits on request, and we also operate as an outsourced audit function for companies that need ongoing coverage: developing and maintaining the annual audit programme, executing it, and reporting to the QP or quality management. This is particularly relevant for smaller MAHs or companies with limited internal audit resource.

What qualifications do your auditors have?

Our auditors have direct experience in pharmaceutical manufacturing, quality assurance, and regulatory compliance. They bring a strong understanding of industry standards and practical, real-world challenges. Beyond conducting audits, our team works closely with clients to develop tailored remediation plans and actively supports the implementation of corrective and preventive actions, ensuring that identified issues are effectively resolved and sustainable improvements are achieved.

Why is auditing so important for pharmaceutical companies?

Auditing helps verify that systems, suppliers, and processes remain compliant and effective, supporting product safety, regulatory compliance, and supply continuity.

What types of audits do you provide?

We provide GMP, GLP, GCP, GDP, GVP, computer systems, and medical device audits, as well as supplier audit and due diligence support.

Do you support supplier qualification activities?

Yes. We support supplier selection, qualification, and due diligence alongside audit delivery.