IT Audits and IT Compliance Analyses

Implementing GMP requirements based on numerous regulations, rules, standards and guidelines in IT – two complex worlds collide! Questions are raised in practice. What about the compliance of an IT system or IT-assisted process? Does action have to be taken to ensure that an audit or inspection will be passed? What are the gaps and how can they be closed efficiently? A neutral and routine expert check establishes clarity. This can take take the form of an IT compliance analysis focusing on solutions or a formal IT audit.

A routine approach and interdisciplinary expert knowledge are among the benefits of this service.

Verifying Compliance with Numerous Rules and Regulations

This is not just about legally binding requirements such as Annex 11 “Computer-Aided Systems” of the EU GMP guideline and the US 21 CFR Part 11 “Electronic Records, Electronic Signatures”. Numerous standards and rules apply. Among them are the ISO 27000 ff. series of standards,  the BSI standards for information security and ISO 20000 for IT service management. Especially in GMP-regulated sectors, the GAMP guideline has developed into an internationally recognised framework. Here the verification of compliance demands the latest expert knowledge and an experienced, structured approach. 

Interdisciplinary – Neutral GMP Industry Experts with Specialised IT Expertise

GMP industry expertise and specialised IT knowledge – interdisciplinary knowledge and many years of experience enable targeted verification. Were the requirements defined in abstract specifications implemented in concrete measures? What is technically possible? How can requirements be implemented efficiently in the IT system? A sort of “interpreter” function is also required here in order to bring the customer’s functional areas of QA and IT together, serving as a mediator. Consistently maintaining the perspective of an independent expert is important.

IT Compliance Analysis: a Structured Approach, Consultancy and Proposed Solutions

A thorough, comprehensive IT compliance analysis is essential, for instance leading up to an audit or an upcoming official inspection. What is the customer’s position regarding IT compliance? A structured and efficient analysis is performed using detailed checklists. Where does action have to be taken? What solutions are recommended? The next steps are defined jointly with the customer based on the weaknesses found. Special emphasis is placed on informed consultancy. This results in a transparent view of the current situation with clearly defined recommended solutions. For audit or inspection readiness.

IT Audit as a Service – Internally or as a 3rd party

No matter whether the internal audit of an IT department or auditing an external supplier or service provider is required, gempex provides support, neutral expertise and resources in case of capacity bottlenecks. Services also include auditing IT system providers and computer-aided production systems. Detailed checklists are used to audit the relevant areas. Substantiated audit reports clearly define the current position. Findings are rated according to criticality and recommendations are made if desired. IT audit by gempex – the sure way to achieve IT compliance.

International IT audits and IT compliance analysis are also performed by gempex. 


  • interdisciplinary GMP know-how combined with specialised IT knowledge
  • confident management of complexity  
  • neutral and independent external perspective
  • routine, structured approach
  • prepared checklists
  • detailed reporting of findings, prioritised proposed measures
  • flexible support from consultancy to implementation