GxP audits for life sciences
Independent GxP audits across systems, processes, data and suppliers.
Regulators and customers expect you to know where you stand – not just on paper, but in day-to-day practice.
Amalia provides independent GxP audits across your quality system, computerised systems, infrastructure, data lifecycle and suppliers. We review your controls against current expectations (GMP, GDP, GCP, GLP, GVP, 21 CFR Part 11, EU GMP Annex 11/15, GAMP, ICH Q7, Q9 and Q10) and translate findings into pragmatic corrective and preventive actions.
We also audit SaaS, hosting and other third parties to confirm that your suppliers genuinely support your GxP obligations.
Why GxP Audits Matter
Good Practice (GxP) guidelines – GMP, GDP, GCP, GLP and GVP – sit alongside guidances like ICH Q7, Q9 and Q10, to define how life-sciences organisations must control quality, data and risk.
At the same time, regulators have sharpened their focus on data integrity and ALCOA+ principles, treating weak data governance as a signal of deeper systemic issues.
Clear alignment between procedures and practice
SOPs, CAPA and quality processes are verified against real operations, ensuring they are both compliant and truly embedded in day-to-day activities.
Robust validation and infrastructure control
Ccomputerised systems and supporting platforms are consistently assessed and maintained in line with regulatory expectations.
Align processes with strategy and controls
Μodels link activities to goals, risks, controls and KPIs, so you can see whether processes support what the organisation is trying to achieve.
Transparent and controlled supplier oversight
SaaS providers, hosting partners and manufacturers are evaluated through structured audits, providing confidence in their ongoing compliance and performance.
What We Do Under GxP Audits
We tailor each GxP audit to your risk profile, combining what we audit with how we audit to give you a coherent, actionable picture.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Quality-management system (QMS) structure and documentation
SOPs, work instructions and training records
Change control, deviation, CAPA and periodic review processes
Roles, responsibilities and governance for GxP activities
We focus on alignment between written procedures and real behaviours.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
CSV / CSA methodology and validation packages across the system lifecycle
Configuration management, access control and audit-trail practice
Infrastructure qualification, monitoring, backup and recovery
Supplier responsibilities and service models for hosted and SaaS solutions
Where helpful, we sample specific systems in depth (for example, QMS, LIMS, MES, ERP, pharmacovigilance, serialisation or data platforms).
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Controls over creation, processing, review, reporting, archival and destruction of data
Audit trails, electronic signatures and access management
Backup, restore and disaster-recovery arrangements
Data-governance structures, including ownership and review
We look at both paper and electronic records, focusing on records that matter most for patient safety and product quality.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Evaluation of quality systems, service descriptions and SLAs
Review of contracts, responsibilities and technical and organisational controls
Assessment of how supplier practices align with your QMS and regulatory expectations
This supports both initial qualification and ongoing oversight of key suppliers.
Deliverables
Typical deliverables from a Process Modelling engagement include:
Scope, objectives, systems, sites, stakeholders, schedule, and methods.
Structured list of required records, SOPs, validation packages, and audit evidence.
Notes from interviews and sampling, recorded consistently.
Description of scope, methods, and observations, with findings risk-rated.
Pragmatic actions with suggested priorities, owners and dependencies.
Standalone reports for supplier qualification and oversight.
Concise summary for senior management, suitable for inspections or board updates.
Where requested, we can also provide follow-up support to shape detailed remediation projects or to validate completion of agreed actions.
Customer Stories & Insights
Outcomes You Can Expect
Findings ordered by impact on patient safety, product quality and data integrity, with realistic actions and owners.
Clearer narratives, better evidence and fewer surprises when inspectors or customers arrive.
A shared, fact-based understanding of current state and of what “good enough” looks like.
An objective view of whether SaaS, hosting and manufacturing partners really meet your GxP expectations.
Audit results that feed directly into your compliance roadmap, risk register and project pipeline.
When to Consider GxP Audits
You need to prepare for a regulatory inspection or customer audit
You are assessing new or legacy computerised systems
You need to confirm the effectiveness of data-integrity and quality-management controls
You need to evaluate SaaS or hosting providers for GxP suitability
You are a software supplier and would like to become audit ready
You seek an independent view after major change or projects
Why Amalia
We help organisations turn complex change into solutions that people actually use. We combine structure, respect and creativity so your teams deliver better outcomes with less friction. Here is what that looks like in real engagements.
We remove what isn’t needed while keeping essential controls and compliance. The result is clear, practical systems that are easy to adopt and maintain.
A single, senior, cross-functional team replaces multiple vendors. Fewer hand-offs, faster delivery, and one accountable partner throughout.
We align leadership, QA, IT and operations around shared decisions. Clear reasoning, documented outcomes, and no misalignment.
Solutions are built around real processes and real risk. Practical delivery that avoids shelfware and drives measurable outcomes.
We bring global experience and adapt it to your specific context and operating reality. Proven frameworks, applied flexibly where they matter most.
Senior leaders stay involved from start to finish on every engagement. Each programme is treated as a long-term partnership, not a one-off project.
Want to simplify complex work without losing control?
Work with a team that can join up governance, assurance, platforms and technical depth from start to finish.