Jun 18, 2025
Articles
Complete Guide to Good Manufacturing Practice (GMP) Audits
Martin Ramirez
Good Manufacturing Practice (GMP) audits are essential tools for safeguarding product quality, ensuring regulatory compliance, and building consumer trust in 2025.
However, GMP audits can be complex.
Regulatory expectations continue to evolve, particularly with updates to the FDA Quality Management System Regulation (QMSR), EU Annex 1, and heightened scrutiny of data integrity and automation.
This guide breaks down everything you need to know: how to prepare for GMP audits, what inspectors look for, common pitfalls, and how to implement corrective actions effectively.
Let’s get started.
What Is Good Manufacturing Practice (GMP)?
Good Manufacturing Practice (GMP) refers to a system of regulations, guidelines, and practices designed to ensure that products are consistently produced and controlled to meet quality standards.
These practices safeguard the integrity, safety, and quality of products throughout their lifecycle.
In simple terms, GMP ensures that what’s on the label is what’s in the product, and that it’s made safely, every time.
Why GMP Audits Are Essential in 2025?
As global health and safety standards become more stringent, GMP audits remain one of the most effective ways to verify compliance and protect public health.
Audits identify gaps, prevent regulatory violations, and strengthen internal systems.
In 2025, regulatory bodies such as the FDA, EMA, and WHO are expected to have increased their emphasis on Good Manufacturing Practice (GMP) alignment and harmonization.
For instance, the FDA’s Quality Management System Regulation (QMSR), finalized in 2024, aligns 21 CFR Part 820 with ISO 13485:2016, marking a major shift in expectations for medical device manufacturers.
EU MDR audits are now mandatory for the certification of medical devices, while food manufacturers face strict FSMA inspections under 21 CFR 117 and 507.
Global Regulatory Landscape and Key Updates
By the end of 2025, manufacturers across industries will face a rapidly evolving GMP landscape:
FDA's QMSR for medical devices is in full effect.
FSMA compliance (21 CFR 117/507) is enforced rigorously across human and animal food production.
Cosmetics in the EU must comply with Regulation 1223/2009 and follow ISO 22716.
EudraLex Vol. 4 and EU MDR/IVDR require extensive quality documentation and periodic audits.
FSSC 22000 v6 introduces tougher rules on allergen control and food fraud prevention.
Pro Tip
To stay ahead of regulatory changes, leverage Signify's automated regulatory monitoring to monitor evolving regulations and standards that impact your products.
With real-time regulatory updates and clear, actionable insights, Signify helps you focus on the changes that matter most to your business, allowing you to adapt proactively before any changes are enforced.
Types of GMP Audits
1. Internal vs. External GMP Audits
Your own quality assurance team conducts internal audits, typically following a planned schedule.
These help you catch and fix issues before a regulator does.
External audits are performed by regulators, certifying bodies, or independent consultants.
➸ Their purpose?
Confirm compliance with national and international standards (FDA, ISO, WHO, etc.).
Aspect | Internal GMP Audits | External GMP Audits |
Definition | Conducted by the organization’s own staff or qualified internal teams to assess compliance and drive continuous improvement. | Performed by third parties, such as regulatory authorities or independent auditors, to verify compliance with GMP standards. |
Purpose | Identify non-conformities, ensure adherence to SOPs, improve processes, and maintain internal quality standards. | Provide an objective, unbiased evaluation for regulatory approval, certification, or supplier qualification. |
Frequency | Scheduled regularly (e.g., annually or as determined by risk assessment and company policy). | Occur periodically as required by regulations, for certifications, or during supplier/vendor qualification. |
Auditor | Internal personnel independent of the audited area, or internal audit teams. | Regulatory bodies, third-party audit firms, or customer representatives. |
Scope | Focused on internal processes, quality management systems, and continuous improvement. | Encompasses all aspects of GMP compliance, including documentation, facilities, and personnel. |
Objectivity | May be limited by internal familiarity and potential bias. | High objectivity; external perspective helps identify blind spots and provides credibility. |
Outcome | Internal reports, corrective and preventive actions, and process optimization. | Formal audit reports, regulatory findings, recommendations, and sometimes certification. |
Benefits | Early detection of issues, ongoing compliance, and improved operational efficiency. | Enhanced credibility, regulatory readiness, and trust with partners and authorities. |
2. Regulatory Compliance and Routine Inspections
Routine inspections are typically unannounced and conducted by government agencies such as the FDA, EMA, Health Canada, or MHRA.
They assess compliance with legally binding GMP standards such as:
21 CFR Parts 210–211 (Pharmaceuticals)
21 CFR Part 820 (Medical Devices)
EU MDR and IVDR (Devices)
21 CFR 117 (Food)
Regulation 1223/2009 (Cosmetics)
3. Pre-Approval and Pre-License Inspections
These audits occur before a facility can market a new product.
Expect these if you're submitting a new drug application (NDA), device premarket approval (PMA), or launching into the EU under the Medical Device Regulation (MDR).
Auditors will review everything from design history files to batch manufacturing records and validation protocols.
4. Supplier and Vendor Qualification Audits
Companies are increasingly responsible for their entire supply chain.
GMP audits of suppliers, especially contract manufacturers and raw material vendors, ensure that outsourced operations meet the same quality standards as your own.
5. Follow-Up, Re-inspections, and Mock Audits
Past violations, product complaints, or regulatory enforcement actions may also trigger audits.
"For-cause" audits investigate specific concerns, while mock audits help teams prepare through realistic simulations.
Planning and Preparing for a GMP Audit
Sector | Regulations/Standards | Audit Focus/Documentation |
Food & Beverage | FDA FSMA CGMPs (21 CFR 117), FSMA Preventive Controls; FSSC 22000 v6/ISO 22000; Codex; EU food laws. | Hygiene, sanitary design of plants and equipment; HACCP and preventive controls; allergen plans; traceability records; and environmental monitoring logs. |
Medical Devices | FDA QSR (21 CFR 820/QMSR aligned to ISO 13485); EU MDR 2017/745 (Annexes IX–XI); ISO 13485:2016. | Design history files, risk management files, clinical evaluations, supplier management, validation and verification records, CAPA, complaint handling, UDI/traceability. Auditors review quality manuals and technical documentation in accordance with MDR. |
Cosmetics | EU Reg 1223/2009 (mandates GMP); ISO 22716:2007 (GMP guidance); U.S. voluntary FDA GMP (Sec. 601 filth prevention). | Sanitary facility layout (smooth, cleanable surfaces); equipment cleaning; microbial testing results; raw material specs; labeling claims; preservatives efficacy. FDA inspectors look for insanitary conditions (which would adulterate products). |
Pet Food/Feed | FDA (FSMA) Animal Food CGMPs (21 CFR 507); AAFCO model regulations. | Food safety plan with hazard analysis and preventive controls; CGMP sanitation; ingredient approvals or GRAS determinations; RTE (rendering) procedures. (Pet supplements are also under 21 CFR 507 now.) Records of heat-treating, cooling, and microbial testing are key. |
OTC Drugs (Pharma) | FDA CGMP (21 CFR 210-211); EU GMP (GMP Part I–IV); WHO GMP. | Same as prescription drugs: validated production, sterility/purity testing, labeling per monograph; strong lab controls; complaint/recall systems. Documentation of formulation and manufacturing operations is audited in the same manner as any pharmaceutical CGMP review. |
Sporting Goods | No formal GMP mandates; typically ISO 9001 or industry-specific standards (e.g., ASTM for protective equipment). | Audits focus on quality management (process documentation, inspection protocols, nonconformance handling) and product safety test records (e.g, impact tests for helmets). Emphasis is on preventive quality control rather than hygiene. |
Consumer Electronics | No FDA/EMA GMP; rely on ISO 9001, IEC/UL standards, CE marking directives, RoHS. | Audit reviews focus on process consistency and safety, including ESD control, soldering and wiring quality control, product test logs (EMC and safety), and supplier qualifications. Management of product recalls and UL nonconformities is analogous to CAPA. |
Defining the Scope, Objectives, and Risk Areas
A well-structured audit starts with a clear definition of its scope.
This includes identifying which product lines, departments, or processes will be reviewed and specifying the intended goal of the audit.
Common objectives include regulatory compliance verification, supplier qualification, risk mitigation, or preparation for a pre-approval inspection.
➸ To define your scope:
Review your risk register and previous audit findings.
Consider business changes (e.g., new equipment, new products).
Align audit objectives with current regulatory priorities (e.g., FDA’s QMSR or EU Annex 1 revisions)
The goal is to avoid surprises for both the audit team and the audited departments.
Identifying High-Risk Systems and Processes
Sterile production environments, cold storage units, and manual data entries are all examples of high-risk systems that require greater audit scrutiny.
In 2025, areas involving AI-driven automation and electronic batch records (EBR) are also receiving more attention due to evolving data integrity concerns.
➸ Focus on:
Processes impacting product safety (e.g., aseptic filling).
Systems handling critical quality attributes (e.g., sterilization validation).
Interfaces between manual and automated systems.
Using a risk-based approach ensures that limited audit resources are applied where they are most needed.
Allocating Resources and Assigning Qualified Auditors
Auditors must be impartial and qualified to evaluate the processes they are assigned.
Inadequate auditor training remains a common internal audit gap.
Ensure auditors are thoroughly familiar with both the GMP requirements and your internal systems.
➸ Checklist:
Assign auditors with relevant technical experience.
Ensure they’ve received recent GMP and audit-specific training.
Avoid assigning personnel to audit their own departments.
Some companies also contract external experts to conduct internal audits, particularly for complex inspections such as those under EU Annex 11 or ISO 13485.
The GMP Audit Process Step-by-Step
1. Pre-Audit Activities and Background Gathering
Auditors begin by understanding your business context.
This includes reviewing your company’s regulatory history, product portfolio, and any previous inspection reports.
In 2025, this step often includes:
Reviewing your FDA Establishment Inspection Reports (EIRs)
Examining CAPA closures from previous audits
Checking the implementation of updated standards (e.g., FSSC 22000 v6)
2. Conducting the On-Site Inspection
During the on-site visit, auditors physically inspect your facility and observe operations.
This includes production, packaging, labs, warehouses, and utility systems.
Cleanliness, segregation, and environmental controls are primary concerns.
➸ Example: An auditor might verify proper airlock procedures in a cleanroom or check the calibration status of equipment used in critical control points.
Auditors may also take photos, review floor layouts, and observe the flow of materials and personnel to ensure compliance.
3. Reviewing SOPs, Batch Records, and Compliance Documents
One of the most time-consuming parts of a GMP audit is the document review.
Auditors will compare Standard Operating Procedures (SOPs) with actual practices and evaluate record-keeping for completeness, accuracy, and traceability.
➸ What they’re looking for:
Real-time recording of events (not backdated).
Reviewed and approved SOPs aligned with current practices.
Proper handling of deviations, OOS (out-of-specification) results, and change controls.
➸ Example: If your SOP states that calibration is required every 6 months, your records must demonstrate that this requirement was consistently met.
4. Interviewing Employees and Observing Practices
GMP focuses on people, with auditors conducting interviews with staff to verify their understanding of procedures.
➸ Common pitfalls:
Untrained staff handling critical steps.
Operators are unaware of SOP content.
Inconsistent answers about GMP principles.
➸ Solution: Conduct regular role-based training and mock audit Q&A drills.
5. Identifying Non-Conformities and Performing Gap Analysis
Audit findings are classified based on severity:
Critical: Direct impact on product safety (e.g., unclean equipment used in sterile production)
Major: Violation of GMP principles, likely to affect quality
Minor: Administrative or isolated procedural lapses
A gap analysis should focus on systemic weaknesses, rather than just individual errors.
6. Drafting the Audit Report and CAPA Recommendations
The audit report includes a summary of findings, their classification, and expected timelines for corrective and preventive actions (CAPA).
Each observation should be linked to a regulatory citation (e.g., 21 CFR 211.22 for quality unit failures).
➸ Make sure CAPAs are:
Root cause-driven
Time-bound
Assigned to responsible personnel
Verified for effectiveness
7. Conducting Post-Audit Follow-Up and Closure Activities
Once CAPAs are submitted, they must be verified and approved.
Regulators may request evidence of implementation, such as photos, updated Standard Operating Procedures (SOPs), training logs, or even revalidation reports.
➸ To close the loop:
Document CAPA verification steps.
Update SOPs and quality manuals accordingly.
Communicate changes across relevant teams.
If a re-inspection is required, the previous audit findings should be fully resolved.
What GMP Auditors Look For?
Quality Management Systems and SOP Adherence
Auditors expect a strong Quality Management System (QMS) backed by real-world practices, with Standard Operating Procedures (SOPs) that match actual operations.
Any deviation must be logged and explained.
➸ Solution:
Regularly review and update SOPs.
Train staff on document change controls.
Link SOPs to audit trails in your eQMS.
Materials Control and Supplier Management
A recurring audit focus is raw material quality and supplier oversight.
In 2025, the increased global outsourcing has made this area a high-risk area.
➸ Auditors look for:
Approved vendor lists,
COA reviews and material testing,
Incoming inspection records,
Ongoing supplier audits.
Failure to detect a contaminated ingredient upstream can lead to product recalls downstream.
Facilities, Equipment, and Maintenance Logs
GMP relies on well-maintained, validated equipment and clean facilities.
➸ Auditors will examine:
Equipment calibration logs,
Cleaning schedules and records,
Environmental monitoring logs,
Maintenance SOPs.
➸ Real-world example: An FDA warning letter in 2024 cited a device maker for failing to clean a mixer between batches, resulting in cross-contamination.
Packaging, Labeling, and Laboratory Controls
Auditors often find issues in packaging and labeling, especially label mix-ups.
They also verify lab data integrity.
➸ Checklist:
Approved label templates.
Controlled printing and reconciliation.
Lab data with secure audit trails.
Validation of analytical methods.
Pro Tip
Signify allows you to validate product labeling with precision by automatically inspecting artwork, packaging, and labels against applicable regulatory requirements.
This helps identify compliance gaps early in the design process, reducing costly revisions and ensuring that your labels are compliant before they reach the market.
Streamline GMP Compliance with Signify
Signify is an AI compliance agent built to help manufacturers meet regulatory requirements with precision and speed, whether you are managing GMP documentation, reviewing product artwork, or preparing for FDA inspections in 2025.
From label validation to document traceability, Signify supports your team through every step of the compliance process, reducing manual effort, eliminating review delays, and improving audit readiness.
Why Choose Signify for GMP?
Automated Labeling and Packaging Compliance: Signify verifies product labels for layout issues, non-compliant claims, missing elements, and regulatory errors prior to launch.
Requirements Traceability Matrix: All reviewed requirements are logged in an auditable matrix, enabling you to demonstrate compliance during inspections.
AI-Curated Document Reviews: Signify scans policies, SOPs, CAPAs, and packaging documents to identify and highlight where each requirement is met.
Custom Checklists and Review Guidance: Create checklists from specifications or brand guidelines, and review drafts to identify missing items early.
Centralized Compliance Workspace: Store and manage all compliance files, SOPs, logs, artwork, batch records, in one secure, organized location.
Guided Remediation and Faster Approvals: Get step-by-step instructions to resolve issues and ensure documents are ready before formal reviews.
Real-Time Regulatory Monitoring: Receive AI-powered alerts about regulatory changes relevant to your products and regions.
Use Signify to Simplify:
GMP audit preparation and documentation review.
Supplier qualification file validation.
Product label compliance with FDA, EU, and Codex standards.
Internal checklist development and mock audit tracking.
Artwork versioning, annotation, and requirement matching.
Documentation traceability across multiple teams and regions.
Try Signify today and see how AI compliance agents can streamline your GMP audits, strengthen documentation, and keep your operations inspection-ready, without disrupting your workflow.
Good Manufacturing Practice (GMP) audits are essential tools for safeguarding product quality, ensuring regulatory compliance, and building consumer trust in 2025.
However, GMP audits can be complex.
Regulatory expectations continue to evolve, particularly with updates to the FDA Quality Management System Regulation (QMSR), EU Annex 1, and heightened scrutiny of data integrity and automation.
This guide breaks down everything you need to know: how to prepare for GMP audits, what inspectors look for, common pitfalls, and how to implement corrective actions effectively.
Let’s get started.
What Is Good Manufacturing Practice (GMP)?
Good Manufacturing Practice (GMP) refers to a system of regulations, guidelines, and practices designed to ensure that products are consistently produced and controlled to meet quality standards.
These practices safeguard the integrity, safety, and quality of products throughout their lifecycle.
In simple terms, GMP ensures that what’s on the label is what’s in the product, and that it’s made safely, every time.
Why GMP Audits Are Essential in 2025?
As global health and safety standards become more stringent, GMP audits remain one of the most effective ways to verify compliance and protect public health.
Audits identify gaps, prevent regulatory violations, and strengthen internal systems.
In 2025, regulatory bodies such as the FDA, EMA, and WHO are expected to have increased their emphasis on Good Manufacturing Practice (GMP) alignment and harmonization.
For instance, the FDA’s Quality Management System Regulation (QMSR), finalized in 2024, aligns 21 CFR Part 820 with ISO 13485:2016, marking a major shift in expectations for medical device manufacturers.
EU MDR audits are now mandatory for the certification of medical devices, while food manufacturers face strict FSMA inspections under 21 CFR 117 and 507.
Global Regulatory Landscape and Key Updates
By the end of 2025, manufacturers across industries will face a rapidly evolving GMP landscape:
FDA's QMSR for medical devices is in full effect.
FSMA compliance (21 CFR 117/507) is enforced rigorously across human and animal food production.
Cosmetics in the EU must comply with Regulation 1223/2009 and follow ISO 22716.
EudraLex Vol. 4 and EU MDR/IVDR require extensive quality documentation and periodic audits.
FSSC 22000 v6 introduces tougher rules on allergen control and food fraud prevention.
Pro Tip
To stay ahead of regulatory changes, leverage Signify's automated regulatory monitoring to monitor evolving regulations and standards that impact your products.
With real-time regulatory updates and clear, actionable insights, Signify helps you focus on the changes that matter most to your business, allowing you to adapt proactively before any changes are enforced.
Types of GMP Audits
1. Internal vs. External GMP Audits
Your own quality assurance team conducts internal audits, typically following a planned schedule.
These help you catch and fix issues before a regulator does.
External audits are performed by regulators, certifying bodies, or independent consultants.
➸ Their purpose?
Confirm compliance with national and international standards (FDA, ISO, WHO, etc.).
Aspect | Internal GMP Audits | External GMP Audits |
Definition | Conducted by the organization’s own staff or qualified internal teams to assess compliance and drive continuous improvement. | Performed by third parties, such as regulatory authorities or independent auditors, to verify compliance with GMP standards. |
Purpose | Identify non-conformities, ensure adherence to SOPs, improve processes, and maintain internal quality standards. | Provide an objective, unbiased evaluation for regulatory approval, certification, or supplier qualification. |
Frequency | Scheduled regularly (e.g., annually or as determined by risk assessment and company policy). | Occur periodically as required by regulations, for certifications, or during supplier/vendor qualification. |
Auditor | Internal personnel independent of the audited area, or internal audit teams. | Regulatory bodies, third-party audit firms, or customer representatives. |
Scope | Focused on internal processes, quality management systems, and continuous improvement. | Encompasses all aspects of GMP compliance, including documentation, facilities, and personnel. |
Objectivity | May be limited by internal familiarity and potential bias. | High objectivity; external perspective helps identify blind spots and provides credibility. |
Outcome | Internal reports, corrective and preventive actions, and process optimization. | Formal audit reports, regulatory findings, recommendations, and sometimes certification. |
Benefits | Early detection of issues, ongoing compliance, and improved operational efficiency. | Enhanced credibility, regulatory readiness, and trust with partners and authorities. |
2. Regulatory Compliance and Routine Inspections
Routine inspections are typically unannounced and conducted by government agencies such as the FDA, EMA, Health Canada, or MHRA.
They assess compliance with legally binding GMP standards such as:
21 CFR Parts 210–211 (Pharmaceuticals)
21 CFR Part 820 (Medical Devices)
EU MDR and IVDR (Devices)
21 CFR 117 (Food)
Regulation 1223/2009 (Cosmetics)
3. Pre-Approval and Pre-License Inspections
These audits occur before a facility can market a new product.
Expect these if you're submitting a new drug application (NDA), device premarket approval (PMA), or launching into the EU under the Medical Device Regulation (MDR).
Auditors will review everything from design history files to batch manufacturing records and validation protocols.
4. Supplier and Vendor Qualification Audits
Companies are increasingly responsible for their entire supply chain.
GMP audits of suppliers, especially contract manufacturers and raw material vendors, ensure that outsourced operations meet the same quality standards as your own.
5. Follow-Up, Re-inspections, and Mock Audits
Past violations, product complaints, or regulatory enforcement actions may also trigger audits.
"For-cause" audits investigate specific concerns, while mock audits help teams prepare through realistic simulations.
Planning and Preparing for a GMP Audit
Sector | Regulations/Standards | Audit Focus/Documentation |
Food & Beverage | FDA FSMA CGMPs (21 CFR 117), FSMA Preventive Controls; FSSC 22000 v6/ISO 22000; Codex; EU food laws. | Hygiene, sanitary design of plants and equipment; HACCP and preventive controls; allergen plans; traceability records; and environmental monitoring logs. |
Medical Devices | FDA QSR (21 CFR 820/QMSR aligned to ISO 13485); EU MDR 2017/745 (Annexes IX–XI); ISO 13485:2016. | Design history files, risk management files, clinical evaluations, supplier management, validation and verification records, CAPA, complaint handling, UDI/traceability. Auditors review quality manuals and technical documentation in accordance with MDR. |
Cosmetics | EU Reg 1223/2009 (mandates GMP); ISO 22716:2007 (GMP guidance); U.S. voluntary FDA GMP (Sec. 601 filth prevention). | Sanitary facility layout (smooth, cleanable surfaces); equipment cleaning; microbial testing results; raw material specs; labeling claims; preservatives efficacy. FDA inspectors look for insanitary conditions (which would adulterate products). |
Pet Food/Feed | FDA (FSMA) Animal Food CGMPs (21 CFR 507); AAFCO model regulations. | Food safety plan with hazard analysis and preventive controls; CGMP sanitation; ingredient approvals or GRAS determinations; RTE (rendering) procedures. (Pet supplements are also under 21 CFR 507 now.) Records of heat-treating, cooling, and microbial testing are key. |
OTC Drugs (Pharma) | FDA CGMP (21 CFR 210-211); EU GMP (GMP Part I–IV); WHO GMP. | Same as prescription drugs: validated production, sterility/purity testing, labeling per monograph; strong lab controls; complaint/recall systems. Documentation of formulation and manufacturing operations is audited in the same manner as any pharmaceutical CGMP review. |
Sporting Goods | No formal GMP mandates; typically ISO 9001 or industry-specific standards (e.g., ASTM for protective equipment). | Audits focus on quality management (process documentation, inspection protocols, nonconformance handling) and product safety test records (e.g, impact tests for helmets). Emphasis is on preventive quality control rather than hygiene. |
Consumer Electronics | No FDA/EMA GMP; rely on ISO 9001, IEC/UL standards, CE marking directives, RoHS. | Audit reviews focus on process consistency and safety, including ESD control, soldering and wiring quality control, product test logs (EMC and safety), and supplier qualifications. Management of product recalls and UL nonconformities is analogous to CAPA. |
Defining the Scope, Objectives, and Risk Areas
A well-structured audit starts with a clear definition of its scope.
This includes identifying which product lines, departments, or processes will be reviewed and specifying the intended goal of the audit.
Common objectives include regulatory compliance verification, supplier qualification, risk mitigation, or preparation for a pre-approval inspection.
➸ To define your scope:
Review your risk register and previous audit findings.
Consider business changes (e.g., new equipment, new products).
Align audit objectives with current regulatory priorities (e.g., FDA’s QMSR or EU Annex 1 revisions)
The goal is to avoid surprises for both the audit team and the audited departments.
Identifying High-Risk Systems and Processes
Sterile production environments, cold storage units, and manual data entries are all examples of high-risk systems that require greater audit scrutiny.
In 2025, areas involving AI-driven automation and electronic batch records (EBR) are also receiving more attention due to evolving data integrity concerns.
➸ Focus on:
Processes impacting product safety (e.g., aseptic filling).
Systems handling critical quality attributes (e.g., sterilization validation).
Interfaces between manual and automated systems.
Using a risk-based approach ensures that limited audit resources are applied where they are most needed.
Allocating Resources and Assigning Qualified Auditors
Auditors must be impartial and qualified to evaluate the processes they are assigned.
Inadequate auditor training remains a common internal audit gap.
Ensure auditors are thoroughly familiar with both the GMP requirements and your internal systems.
➸ Checklist:
Assign auditors with relevant technical experience.
Ensure they’ve received recent GMP and audit-specific training.
Avoid assigning personnel to audit their own departments.
Some companies also contract external experts to conduct internal audits, particularly for complex inspections such as those under EU Annex 11 or ISO 13485.
The GMP Audit Process Step-by-Step
1. Pre-Audit Activities and Background Gathering
Auditors begin by understanding your business context.
This includes reviewing your company’s regulatory history, product portfolio, and any previous inspection reports.
In 2025, this step often includes:
Reviewing your FDA Establishment Inspection Reports (EIRs)
Examining CAPA closures from previous audits
Checking the implementation of updated standards (e.g., FSSC 22000 v6)
2. Conducting the On-Site Inspection
During the on-site visit, auditors physically inspect your facility and observe operations.
This includes production, packaging, labs, warehouses, and utility systems.
Cleanliness, segregation, and environmental controls are primary concerns.
➸ Example: An auditor might verify proper airlock procedures in a cleanroom or check the calibration status of equipment used in critical control points.
Auditors may also take photos, review floor layouts, and observe the flow of materials and personnel to ensure compliance.
3. Reviewing SOPs, Batch Records, and Compliance Documents
One of the most time-consuming parts of a GMP audit is the document review.
Auditors will compare Standard Operating Procedures (SOPs) with actual practices and evaluate record-keeping for completeness, accuracy, and traceability.
➸ What they’re looking for:
Real-time recording of events (not backdated).
Reviewed and approved SOPs aligned with current practices.
Proper handling of deviations, OOS (out-of-specification) results, and change controls.
➸ Example: If your SOP states that calibration is required every 6 months, your records must demonstrate that this requirement was consistently met.
4. Interviewing Employees and Observing Practices
GMP focuses on people, with auditors conducting interviews with staff to verify their understanding of procedures.
➸ Common pitfalls:
Untrained staff handling critical steps.
Operators are unaware of SOP content.
Inconsistent answers about GMP principles.
➸ Solution: Conduct regular role-based training and mock audit Q&A drills.
5. Identifying Non-Conformities and Performing Gap Analysis
Audit findings are classified based on severity:
Critical: Direct impact on product safety (e.g., unclean equipment used in sterile production)
Major: Violation of GMP principles, likely to affect quality
Minor: Administrative or isolated procedural lapses
A gap analysis should focus on systemic weaknesses, rather than just individual errors.
6. Drafting the Audit Report and CAPA Recommendations
The audit report includes a summary of findings, their classification, and expected timelines for corrective and preventive actions (CAPA).
Each observation should be linked to a regulatory citation (e.g., 21 CFR 211.22 for quality unit failures).
➸ Make sure CAPAs are:
Root cause-driven
Time-bound
Assigned to responsible personnel
Verified for effectiveness
7. Conducting Post-Audit Follow-Up and Closure Activities
Once CAPAs are submitted, they must be verified and approved.
Regulators may request evidence of implementation, such as photos, updated Standard Operating Procedures (SOPs), training logs, or even revalidation reports.
➸ To close the loop:
Document CAPA verification steps.
Update SOPs and quality manuals accordingly.
Communicate changes across relevant teams.
If a re-inspection is required, the previous audit findings should be fully resolved.
What GMP Auditors Look For?
Quality Management Systems and SOP Adherence
Auditors expect a strong Quality Management System (QMS) backed by real-world practices, with Standard Operating Procedures (SOPs) that match actual operations.
Any deviation must be logged and explained.
➸ Solution:
Regularly review and update SOPs.
Train staff on document change controls.
Link SOPs to audit trails in your eQMS.
Materials Control and Supplier Management
A recurring audit focus is raw material quality and supplier oversight.
In 2025, the increased global outsourcing has made this area a high-risk area.
➸ Auditors look for:
Approved vendor lists,
COA reviews and material testing,
Incoming inspection records,
Ongoing supplier audits.
Failure to detect a contaminated ingredient upstream can lead to product recalls downstream.
Facilities, Equipment, and Maintenance Logs
GMP relies on well-maintained, validated equipment and clean facilities.
➸ Auditors will examine:
Equipment calibration logs,
Cleaning schedules and records,
Environmental monitoring logs,
Maintenance SOPs.
➸ Real-world example: An FDA warning letter in 2024 cited a device maker for failing to clean a mixer between batches, resulting in cross-contamination.
Packaging, Labeling, and Laboratory Controls
Auditors often find issues in packaging and labeling, especially label mix-ups.
They also verify lab data integrity.
➸ Checklist:
Approved label templates.
Controlled printing and reconciliation.
Lab data with secure audit trails.
Validation of analytical methods.
Pro Tip
Signify allows you to validate product labeling with precision by automatically inspecting artwork, packaging, and labels against applicable regulatory requirements.
This helps identify compliance gaps early in the design process, reducing costly revisions and ensuring that your labels are compliant before they reach the market.
Streamline GMP Compliance with Signify
Signify is an AI compliance agent built to help manufacturers meet regulatory requirements with precision and speed, whether you are managing GMP documentation, reviewing product artwork, or preparing for FDA inspections in 2025.
From label validation to document traceability, Signify supports your team through every step of the compliance process, reducing manual effort, eliminating review delays, and improving audit readiness.
Why Choose Signify for GMP?
Automated Labeling and Packaging Compliance: Signify verifies product labels for layout issues, non-compliant claims, missing elements, and regulatory errors prior to launch.
Requirements Traceability Matrix: All reviewed requirements are logged in an auditable matrix, enabling you to demonstrate compliance during inspections.
AI-Curated Document Reviews: Signify scans policies, SOPs, CAPAs, and packaging documents to identify and highlight where each requirement is met.
Custom Checklists and Review Guidance: Create checklists from specifications or brand guidelines, and review drafts to identify missing items early.
Centralized Compliance Workspace: Store and manage all compliance files, SOPs, logs, artwork, batch records, in one secure, organized location.
Guided Remediation and Faster Approvals: Get step-by-step instructions to resolve issues and ensure documents are ready before formal reviews.
Real-Time Regulatory Monitoring: Receive AI-powered alerts about regulatory changes relevant to your products and regions.
Use Signify to Simplify:
GMP audit preparation and documentation review.
Supplier qualification file validation.
Product label compliance with FDA, EU, and Codex standards.
Internal checklist development and mock audit tracking.
Artwork versioning, annotation, and requirement matching.
Documentation traceability across multiple teams and regions.
Try Signify today and see how AI compliance agents can streamline your GMP audits, strengthen documentation, and keep your operations inspection-ready, without disrupting your workflow.
Good Manufacturing Practice (GMP) audits are essential tools for safeguarding product quality, ensuring regulatory compliance, and building consumer trust in 2025.
However, GMP audits can be complex.
Regulatory expectations continue to evolve, particularly with updates to the FDA Quality Management System Regulation (QMSR), EU Annex 1, and heightened scrutiny of data integrity and automation.
This guide breaks down everything you need to know: how to prepare for GMP audits, what inspectors look for, common pitfalls, and how to implement corrective actions effectively.
Let’s get started.
What Is Good Manufacturing Practice (GMP)?
Good Manufacturing Practice (GMP) refers to a system of regulations, guidelines, and practices designed to ensure that products are consistently produced and controlled to meet quality standards.
These practices safeguard the integrity, safety, and quality of products throughout their lifecycle.
In simple terms, GMP ensures that what’s on the label is what’s in the product, and that it’s made safely, every time.
Why GMP Audits Are Essential in 2025?
As global health and safety standards become more stringent, GMP audits remain one of the most effective ways to verify compliance and protect public health.
Audits identify gaps, prevent regulatory violations, and strengthen internal systems.
In 2025, regulatory bodies such as the FDA, EMA, and WHO are expected to have increased their emphasis on Good Manufacturing Practice (GMP) alignment and harmonization.
For instance, the FDA’s Quality Management System Regulation (QMSR), finalized in 2024, aligns 21 CFR Part 820 with ISO 13485:2016, marking a major shift in expectations for medical device manufacturers.
EU MDR audits are now mandatory for the certification of medical devices, while food manufacturers face strict FSMA inspections under 21 CFR 117 and 507.
Global Regulatory Landscape and Key Updates
By the end of 2025, manufacturers across industries will face a rapidly evolving GMP landscape:
FDA's QMSR for medical devices is in full effect.
FSMA compliance (21 CFR 117/507) is enforced rigorously across human and animal food production.
Cosmetics in the EU must comply with Regulation 1223/2009 and follow ISO 22716.
EudraLex Vol. 4 and EU MDR/IVDR require extensive quality documentation and periodic audits.
FSSC 22000 v6 introduces tougher rules on allergen control and food fraud prevention.
Pro Tip
To stay ahead of regulatory changes, leverage Signify's automated regulatory monitoring to monitor evolving regulations and standards that impact your products.
With real-time regulatory updates and clear, actionable insights, Signify helps you focus on the changes that matter most to your business, allowing you to adapt proactively before any changes are enforced.
Types of GMP Audits
1. Internal vs. External GMP Audits
Your own quality assurance team conducts internal audits, typically following a planned schedule.
These help you catch and fix issues before a regulator does.
External audits are performed by regulators, certifying bodies, or independent consultants.
➸ Their purpose?
Confirm compliance with national and international standards (FDA, ISO, WHO, etc.).
Aspect | Internal GMP Audits | External GMP Audits |
Definition | Conducted by the organization’s own staff or qualified internal teams to assess compliance and drive continuous improvement. | Performed by third parties, such as regulatory authorities or independent auditors, to verify compliance with GMP standards. |
Purpose | Identify non-conformities, ensure adherence to SOPs, improve processes, and maintain internal quality standards. | Provide an objective, unbiased evaluation for regulatory approval, certification, or supplier qualification. |
Frequency | Scheduled regularly (e.g., annually or as determined by risk assessment and company policy). | Occur periodically as required by regulations, for certifications, or during supplier/vendor qualification. |
Auditor | Internal personnel independent of the audited area, or internal audit teams. | Regulatory bodies, third-party audit firms, or customer representatives. |
Scope | Focused on internal processes, quality management systems, and continuous improvement. | Encompasses all aspects of GMP compliance, including documentation, facilities, and personnel. |
Objectivity | May be limited by internal familiarity and potential bias. | High objectivity; external perspective helps identify blind spots and provides credibility. |
Outcome | Internal reports, corrective and preventive actions, and process optimization. | Formal audit reports, regulatory findings, recommendations, and sometimes certification. |
Benefits | Early detection of issues, ongoing compliance, and improved operational efficiency. | Enhanced credibility, regulatory readiness, and trust with partners and authorities. |
2. Regulatory Compliance and Routine Inspections
Routine inspections are typically unannounced and conducted by government agencies such as the FDA, EMA, Health Canada, or MHRA.
They assess compliance with legally binding GMP standards such as:
21 CFR Parts 210–211 (Pharmaceuticals)
21 CFR Part 820 (Medical Devices)
EU MDR and IVDR (Devices)
21 CFR 117 (Food)
Regulation 1223/2009 (Cosmetics)
3. Pre-Approval and Pre-License Inspections
These audits occur before a facility can market a new product.
Expect these if you're submitting a new drug application (NDA), device premarket approval (PMA), or launching into the EU under the Medical Device Regulation (MDR).
Auditors will review everything from design history files to batch manufacturing records and validation protocols.
4. Supplier and Vendor Qualification Audits
Companies are increasingly responsible for their entire supply chain.
GMP audits of suppliers, especially contract manufacturers and raw material vendors, ensure that outsourced operations meet the same quality standards as your own.
5. Follow-Up, Re-inspections, and Mock Audits
Past violations, product complaints, or regulatory enforcement actions may also trigger audits.
"For-cause" audits investigate specific concerns, while mock audits help teams prepare through realistic simulations.
Planning and Preparing for a GMP Audit
Sector | Regulations/Standards | Audit Focus/Documentation |
Food & Beverage | FDA FSMA CGMPs (21 CFR 117), FSMA Preventive Controls; FSSC 22000 v6/ISO 22000; Codex; EU food laws. | Hygiene, sanitary design of plants and equipment; HACCP and preventive controls; allergen plans; traceability records; and environmental monitoring logs. |
Medical Devices | FDA QSR (21 CFR 820/QMSR aligned to ISO 13485); EU MDR 2017/745 (Annexes IX–XI); ISO 13485:2016. | Design history files, risk management files, clinical evaluations, supplier management, validation and verification records, CAPA, complaint handling, UDI/traceability. Auditors review quality manuals and technical documentation in accordance with MDR. |
Cosmetics | EU Reg 1223/2009 (mandates GMP); ISO 22716:2007 (GMP guidance); U.S. voluntary FDA GMP (Sec. 601 filth prevention). | Sanitary facility layout (smooth, cleanable surfaces); equipment cleaning; microbial testing results; raw material specs; labeling claims; preservatives efficacy. FDA inspectors look for insanitary conditions (which would adulterate products). |
Pet Food/Feed | FDA (FSMA) Animal Food CGMPs (21 CFR 507); AAFCO model regulations. | Food safety plan with hazard analysis and preventive controls; CGMP sanitation; ingredient approvals or GRAS determinations; RTE (rendering) procedures. (Pet supplements are also under 21 CFR 507 now.) Records of heat-treating, cooling, and microbial testing are key. |
OTC Drugs (Pharma) | FDA CGMP (21 CFR 210-211); EU GMP (GMP Part I–IV); WHO GMP. | Same as prescription drugs: validated production, sterility/purity testing, labeling per monograph; strong lab controls; complaint/recall systems. Documentation of formulation and manufacturing operations is audited in the same manner as any pharmaceutical CGMP review. |
Sporting Goods | No formal GMP mandates; typically ISO 9001 or industry-specific standards (e.g., ASTM for protective equipment). | Audits focus on quality management (process documentation, inspection protocols, nonconformance handling) and product safety test records (e.g, impact tests for helmets). Emphasis is on preventive quality control rather than hygiene. |
Consumer Electronics | No FDA/EMA GMP; rely on ISO 9001, IEC/UL standards, CE marking directives, RoHS. | Audit reviews focus on process consistency and safety, including ESD control, soldering and wiring quality control, product test logs (EMC and safety), and supplier qualifications. Management of product recalls and UL nonconformities is analogous to CAPA. |
Defining the Scope, Objectives, and Risk Areas
A well-structured audit starts with a clear definition of its scope.
This includes identifying which product lines, departments, or processes will be reviewed and specifying the intended goal of the audit.
Common objectives include regulatory compliance verification, supplier qualification, risk mitigation, or preparation for a pre-approval inspection.
➸ To define your scope:
Review your risk register and previous audit findings.
Consider business changes (e.g., new equipment, new products).
Align audit objectives with current regulatory priorities (e.g., FDA’s QMSR or EU Annex 1 revisions)
The goal is to avoid surprises for both the audit team and the audited departments.
Identifying High-Risk Systems and Processes
Sterile production environments, cold storage units, and manual data entries are all examples of high-risk systems that require greater audit scrutiny.
In 2025, areas involving AI-driven automation and electronic batch records (EBR) are also receiving more attention due to evolving data integrity concerns.
➸ Focus on:
Processes impacting product safety (e.g., aseptic filling).
Systems handling critical quality attributes (e.g., sterilization validation).
Interfaces between manual and automated systems.
Using a risk-based approach ensures that limited audit resources are applied where they are most needed.
Allocating Resources and Assigning Qualified Auditors
Auditors must be impartial and qualified to evaluate the processes they are assigned.
Inadequate auditor training remains a common internal audit gap.
Ensure auditors are thoroughly familiar with both the GMP requirements and your internal systems.
➸ Checklist:
Assign auditors with relevant technical experience.
Ensure they’ve received recent GMP and audit-specific training.
Avoid assigning personnel to audit their own departments.
Some companies also contract external experts to conduct internal audits, particularly for complex inspections such as those under EU Annex 11 or ISO 13485.
The GMP Audit Process Step-by-Step
1. Pre-Audit Activities and Background Gathering
Auditors begin by understanding your business context.
This includes reviewing your company’s regulatory history, product portfolio, and any previous inspection reports.
In 2025, this step often includes:
Reviewing your FDA Establishment Inspection Reports (EIRs)
Examining CAPA closures from previous audits
Checking the implementation of updated standards (e.g., FSSC 22000 v6)
2. Conducting the On-Site Inspection
During the on-site visit, auditors physically inspect your facility and observe operations.
This includes production, packaging, labs, warehouses, and utility systems.
Cleanliness, segregation, and environmental controls are primary concerns.
➸ Example: An auditor might verify proper airlock procedures in a cleanroom or check the calibration status of equipment used in critical control points.
Auditors may also take photos, review floor layouts, and observe the flow of materials and personnel to ensure compliance.
3. Reviewing SOPs, Batch Records, and Compliance Documents
One of the most time-consuming parts of a GMP audit is the document review.
Auditors will compare Standard Operating Procedures (SOPs) with actual practices and evaluate record-keeping for completeness, accuracy, and traceability.
➸ What they’re looking for:
Real-time recording of events (not backdated).
Reviewed and approved SOPs aligned with current practices.
Proper handling of deviations, OOS (out-of-specification) results, and change controls.
➸ Example: If your SOP states that calibration is required every 6 months, your records must demonstrate that this requirement was consistently met.
4. Interviewing Employees and Observing Practices
GMP focuses on people, with auditors conducting interviews with staff to verify their understanding of procedures.
➸ Common pitfalls:
Untrained staff handling critical steps.
Operators are unaware of SOP content.
Inconsistent answers about GMP principles.
➸ Solution: Conduct regular role-based training and mock audit Q&A drills.
5. Identifying Non-Conformities and Performing Gap Analysis
Audit findings are classified based on severity:
Critical: Direct impact on product safety (e.g., unclean equipment used in sterile production)
Major: Violation of GMP principles, likely to affect quality
Minor: Administrative or isolated procedural lapses
A gap analysis should focus on systemic weaknesses, rather than just individual errors.
6. Drafting the Audit Report and CAPA Recommendations
The audit report includes a summary of findings, their classification, and expected timelines for corrective and preventive actions (CAPA).
Each observation should be linked to a regulatory citation (e.g., 21 CFR 211.22 for quality unit failures).
➸ Make sure CAPAs are:
Root cause-driven
Time-bound
Assigned to responsible personnel
Verified for effectiveness
7. Conducting Post-Audit Follow-Up and Closure Activities
Once CAPAs are submitted, they must be verified and approved.
Regulators may request evidence of implementation, such as photos, updated Standard Operating Procedures (SOPs), training logs, or even revalidation reports.
➸ To close the loop:
Document CAPA verification steps.
Update SOPs and quality manuals accordingly.
Communicate changes across relevant teams.
If a re-inspection is required, the previous audit findings should be fully resolved.
What GMP Auditors Look For?
Quality Management Systems and SOP Adherence
Auditors expect a strong Quality Management System (QMS) backed by real-world practices, with Standard Operating Procedures (SOPs) that match actual operations.
Any deviation must be logged and explained.
➸ Solution:
Regularly review and update SOPs.
Train staff on document change controls.
Link SOPs to audit trails in your eQMS.
Materials Control and Supplier Management
A recurring audit focus is raw material quality and supplier oversight.
In 2025, the increased global outsourcing has made this area a high-risk area.
➸ Auditors look for:
Approved vendor lists,
COA reviews and material testing,
Incoming inspection records,
Ongoing supplier audits.
Failure to detect a contaminated ingredient upstream can lead to product recalls downstream.
Facilities, Equipment, and Maintenance Logs
GMP relies on well-maintained, validated equipment and clean facilities.
➸ Auditors will examine:
Equipment calibration logs,
Cleaning schedules and records,
Environmental monitoring logs,
Maintenance SOPs.
➸ Real-world example: An FDA warning letter in 2024 cited a device maker for failing to clean a mixer between batches, resulting in cross-contamination.
Packaging, Labeling, and Laboratory Controls
Auditors often find issues in packaging and labeling, especially label mix-ups.
They also verify lab data integrity.
➸ Checklist:
Approved label templates.
Controlled printing and reconciliation.
Lab data with secure audit trails.
Validation of analytical methods.
Pro Tip
Signify allows you to validate product labeling with precision by automatically inspecting artwork, packaging, and labels against applicable regulatory requirements.
This helps identify compliance gaps early in the design process, reducing costly revisions and ensuring that your labels are compliant before they reach the market.
Streamline GMP Compliance with Signify
Signify is an AI compliance agent built to help manufacturers meet regulatory requirements with precision and speed, whether you are managing GMP documentation, reviewing product artwork, or preparing for FDA inspections in 2025.
From label validation to document traceability, Signify supports your team through every step of the compliance process, reducing manual effort, eliminating review delays, and improving audit readiness.
Why Choose Signify for GMP?
Automated Labeling and Packaging Compliance: Signify verifies product labels for layout issues, non-compliant claims, missing elements, and regulatory errors prior to launch.
Requirements Traceability Matrix: All reviewed requirements are logged in an auditable matrix, enabling you to demonstrate compliance during inspections.
AI-Curated Document Reviews: Signify scans policies, SOPs, CAPAs, and packaging documents to identify and highlight where each requirement is met.
Custom Checklists and Review Guidance: Create checklists from specifications or brand guidelines, and review drafts to identify missing items early.
Centralized Compliance Workspace: Store and manage all compliance files, SOPs, logs, artwork, batch records, in one secure, organized location.
Guided Remediation and Faster Approvals: Get step-by-step instructions to resolve issues and ensure documents are ready before formal reviews.
Real-Time Regulatory Monitoring: Receive AI-powered alerts about regulatory changes relevant to your products and regions.
Use Signify to Simplify:
GMP audit preparation and documentation review.
Supplier qualification file validation.
Product label compliance with FDA, EU, and Codex standards.
Internal checklist development and mock audit tracking.
Artwork versioning, annotation, and requirement matching.
Documentation traceability across multiple teams and regions.
Try Signify today and see how AI compliance agents can streamline your GMP audits, strengthen documentation, and keep your operations inspection-ready, without disrupting your workflow.
Jun 18, 2025