GCP/GMP Audit Readiness Checklist
Comprehensive checklist to prepare your site for GCP and GMP regulatory audits
This comprehensive audit readiness checklist covers all major inspection-readiness domains: staff training documentation, informed consent procedures, investigational product accountability, essential document completeness, data integrity controls, and deviations/CAPA management. Designed for use 90 days before any scheduled regulatory audit.
How to Use This Checklist
Begin using this checklist 90 days before any scheduled regulatory audit — whether FDA BIMO, EMA GCP, sponsor audit, or internal QA inspection. Work through each domain section with the responsible team lead and assign remediation tasks for every gap identified. Re-run the checklist at 60 days and 30 days before the inspection to track closure of identified gaps.
Each checklist item should be marked as: Compliant (evidence on file), Partially Compliant (remediation in progress with due date), or Non-Compliant (not yet addressed). Do not mark any item Compliant without referencing the specific evidence document location.
Domain 1: Staff Training and Delegation
- Current Delegation of Authority (DOA) log signed by the Principal Investigator and all delegated staff
- Protocol-specific training records for every individual listed on the DOA log
- GCP training certificates current within your organization's required refresh cycle
- CV on file for the PI, all sub-investigators, and all individuals delegated protocol-specific tasks
- Training records for any new staff added since the last monitoring visit
- Documented training on the current version of all applicable site SOPs
- Training log entries include specific SOP version number, training date, and trainer signature
Domain 2: Informed Consent Procedures
- IRB-approved consent form version is the version currently in use at the site
- All subject consent forms are signed and dated by the subject and the consenting investigator
- Re-consent performed for all eligible subjects following protocol amendments affecting consent
- Consent date precedes screening and enrollment date for every subject
- LAR consent documentation complete and consistent with protocol eligibility requirements where applicable
- Subjects who withdrew consent have properly documented withdrawal with a date and reason
- Consent log or tracker reconciles with the subject screening and enrollment log
Domain 3: Investigational Product Accountability
- IP accountability log accounts for all IP shipped, received, dispensed, and returned/destroyed
- Temperature monitoring records are continuous and within specified ranges for all IP storage
- Dispensing records reference subject ID, IP lot number, dispensing date, and dispenser signature
- Returned or unused IP has a documented disposition with dates and method of destruction or return
- IP storage area access is controlled and documented
- Expiry dates for all IP lots in current use are confirmed within acceptable range
- Pharmacist or qualified designee has reviewed and signed all IP accountability records
Domain 4: Essential Documents
- Regulatory binder contains current IRB approval letter and stamped/approved protocol
- All protocol amendments have corresponding IRB approval letters on file
- Site-specific Financial Disclosure Forms are complete and current for all investigators
- Normal lab ranges are current, sponsor-approved, and site-laboratory-specific
- Lab certifications (CLIA, CAP) are current for the reporting period
- Insurance and indemnity documentation is current and on file
- All sponsor correspondence is filed and accessible in the site file
- Monitoring visit reports and follow-up letters are filed in chronological order
Domain 5: Data Integrity and Source Documents
- Source documents exist for all data points entered in the EDC/eCRF
- No corrections use correction fluid or obscure original entries — corrections are crossed out, dated, initialed, and explained
- EDC audit trail is enabled and shows complete entry and modification history
- All open data queries have been addressed or have a documented resolution plan
- Unresolved queries older than your SOP's query resolution window are escalated
- Source data can be traced from EDC entry back to the original source document for all primary endpoints
- Electronic systems used for source data capture are validated and access-controlled
Domain 6: Protocol Deviations and CAPA Management
- All protocol deviations are identified, classified, reported, and documented per site SOPs
- Deviations that met reportability thresholds have been reported to the sponsor and IRB within required timelines
- CAPA plans exist for all major or critical deviations and for recurring minor deviations
- CAPA effectiveness verification is documented for all closed CAPAs
- Deviation log is current — no unreported deviations discovered after the last monitoring visit
- Staff are trained on the deviation identification and reporting process
90-Day Inspection Preparation Timeline
- Day 90: Complete first full checklist run; assign owners and due dates for all gaps identified
- Day 75: Confirm training records are complete for all current staff; update DOA log if needed
- Day 60: Re-run checklist; all critical and major gaps should be remediated or have active CAPAs
- Day 45: Conduct IP accountability reconciliation; confirm all source documents are accessible
- Day 30: Re-run checklist; only minor administrative gaps should remain open
- Day 14: Conduct a tabletop mock inspection walk-through with site staff
- Day 7: Confirm document retrieval process is working; brief all staff on inspection procedures
- Day 1: Confirm inspection day logistics — space, document access, staff availability
Browse all resources or contact us to discuss your QA needs.