ICH GCP R3 is now in English & EU languages. Book Now
  • AI ClinicalAI ClinicalNewRight Arrow
  • Clinical PracticeClinical PracticeRight Arrow
  • PharmacovigilancePharmacovigilanceRight Arrow
  • ManufacturingManufacturingRight Arrow
  • Laboratory PracticeLaboratory PracticeRight Arrow
  • DistributionDistributionRight Arrow
  • Medical DevicesMedical DevicesRight Arrow

About

EU GMP Annex 11 Computerised Systems, Data Integrity & Audit Readiness is a twelve-module executive programme that takes learners from the foundational definitions of Annex 11 through to inspection-grade audit readiness. The course frames every computerised system as a regulated object whose validated state must be defended in front of an EMA, MHRA, FDA, or PIC/S inspector, and pairs each Annex 11 section with the FDA 21 CFR Part 11 and GAMP 5 controls that turn intent into evidence. Learners explore risk-based validation, the V-model lifecycle, ALCOA+ data integrity, audit trails, electronic signatures, supplier and cloud governance, change control, and periodic review — anchored in real warning letters and inspection findings.

EU GMP Annex 11 is recommended for QA managers, validation specialists, IT and system owners, internal auditors, regulatory affairs professionals, and process owners across pharmaceutical, biotech, and clinical research operations. It is well suited to teams preparing for an EMA, MHRA, FDA, or PIC/S inspection and to new hires entering CSV roles. On completion, learners can apply Annex 11 principles to system validation across the full lifecycle, translate FDA 21 CFR Part 11 expectations into operational controls, design and execute risk-based CSV using GAMP 5, embed ALCOA+ across data generation, processing, review, reporting, and archive, govern suppliers and cloud systems with shared-responsibility models, manage change to sustain validated state, and lead audit and inspection readiness as a daily discipline rather than a pre-audit project.

Course Syllabus

  1. What Is Annex 11?
  2. What Counts as a Computerised System?
  3. Why Annex 11 Compliance Matters
  4. Scope of Annex 11 Across the GMP Lifecycle
  5. The 17 Principles of Annex 11
  6. Why Risk-Based Approach Matters
  7. Annex 11 vs FDA 21 CFR Part 11
  8. Common GxP Computerised Systems
  9. Stakeholders and Roles in Annex 11 Compliance
  10. The Quality Management System Context
  11. Data Integrity at the Heart of Annex 11
  12. Common Mistakes in Annex 11 Implementation
  13. Best Practice: Designed-In Compliance
  14. Modern Trends in Annex 11 Implementation
  15. Course Roadmap
  16. What You Will Achieve
  17. Cross-Industry Relevance of Annex 11
  18. Building Annex 11 Capability

  1. The Global Regulatory Landscape
  2. EU GMP Annex 11 The 17 Sections
  3. Annex 11 Section 1 Risk Management
  4. Annex 11 - Section Overview
  5. Annex 11 Section 2 Personnel
  6. Annex 11 Section 3 Suppliers and Service Providers
  7. Annex 11 Section 4 Validation
  8. Annex 11 Sections 5-8 Operations
  9. Annex 11 Section 9 Audit Trails
  10. Annex 11 Sections 10-11 Change and Periodic Review
  11. Annex 11 Sections 12-14 Security and Signatures
  12. Annex 11 Sections 15-17 Continuity and Archive
  13. FDA 21 CFR Part 11 Overview
  14. Part 11 vs Annex 11 Key Differences
  15. ICH Quality Guidelines
  16. PIC/S Guidance
  17. Data Integrity Guidance Ecosystem
  18. Common Mistakes in Regulatory Interpretation
  19. Tools and Frameworks
  20. Daily Behaviour for Compliance

  1. What Is GAMP 5?
  2. Core Principles of GAMP 5
  3. GAMP Software Categories
  4. GAMP 5 Software Categories
  5. Category 1 Infrastructure Software
  6. Category 3 Non-Configured Products
  7. Category 4 Configured Products
  8. Category 5 Custom Applications
  9. Risk-Based Approach Fundamentals
  10. Risk Assessment Tools
  11. GAMP 5 Risk Process Step 1
  12. GAMP 5 Risk Process Step 2
  13. GAMP 5 Risk Process Step 3
  14. GAMP 5 Risk Process Step 4
  15. Leveraging Supplier Involvement
  16. Critical Thinking in CSV
  17. FDA's CSA Alignment with GAMP 5
  18. Common Mistakes in GAMP 5 Application
  19. More Common Mistakes
  20. Process Improvement: Validation Efficiency
  21. Tools and Frameworks
  22. Daily Behaviour for Validation Teams

  1. Why Lifecycle Thinking Matters
  2. The Four Lifecycle Phases
  3. Concept Phase Activities
  4. Concept Phase Deliverables
  5. Project Phase Overview
  6. User Requirements Specification (URS)
  7. Functional and Design Specifications
  8. Traceability Matrix
  9. Configuration Management
  10. Build and Code Review
  11. Installation Qualification (IQ)
  12. Operational Qualification (OQ)
  13. Performance Qualification (PQ)
  14. Validation Summary Report
  15. Operation Phase Activities
  16. Periodic Review (Annex 11 Section 11)
  17. Change Control in Operation
  18. Incident and Problem Management
  19. Retirement Phase Overview
  20. Data Migration
  21. Data Archiving
  22. Common Lifecycle Mistakes
  23. More Common Mistakes
  24. Daily Behaviour for System Owners

  1. What Validation Means in Annex 11
  2. CSV: Computer System Validation
  3. CSA: Computer Software Assurance
  4. V-Model: Requirements to Qualification
  5. CSV vs CSA — Key Differences
  6. When to Use CSA Approaches
  7. When CSV-Heavy Is Still Right
  8. Validation Master Plan (VMP)
  9. Validation Plan (VP)
  10. Risk-Based Test Strategy
  11. Test Types in Validation
  12. Test Script Design
  13. Test Execution
  14. Defect Management
  15. Audit Trail Testing
  16. Security Testing
  17. Performance and Load Testing
  18. Integration Testing
  19. Common Validation Mistakes
  20. More Common Mistakes
  21. Daily Behaviour for Validation Teams

  1. What Is Data Integrity?
  2. Why Data Integrity Matters
  3. ALCOA Principles
  4. ALCOA+ Data Integrity Principles
  5. ALCOA+ Extensions
  6. Attributable in Detail
  7. Legible in Detail
  8. Contemporaneous in Detail
  9. Original in Detail
  10. Accurate in Detail
  11. Beyond ALCOA Complete, Consistent, Enduring, Available
  12. Data Lifecycle
  13. Hybrid Systems
  14. Data Integrity Risks
  15. More Data Integrity Risks
  16. MHRA GxP Data Integrity Guidance
  17. FDA Data Integrity Guidance
  18. PIC/S PI 041 Data Integrity Guidance
  19. Common Data Integrity Mistakes
  20. More Common Mistakes
  21. Process Improvement: Integrity Programme
  22. Daily Behaviour for Integrity

  1. What Is an Audit Trail?
  2. Why Audit Trails Matter
  3. What Inspectors Expect
  4. Audit Trail Lifecycle
  5. Audit Trail Configuration
  6. Audit Trail Content Requirements
  7. Audit Trail Review
  8. Audit Trail Review Process
  9. Electronic Records Under Annex 11
  10. Annex 11 Section 9 in Detail
  11. Common Audit Trail Mistakes
  12. More Audit Trail Mistakes
  13. Tools and Templates
  14. Daily Behaviour for Audit Trails
  15. Audit Trail Across Lifecycle
  16. Connecting Audit Trail to Investigation
  17. Cloud and SaaS Audit Trails
  18. Building Audit Trail Maturity

  1. Why Security Matters
  2. Annex 11 Section 12 Requirements
  3. User Authentication
  4. Role-Based Access Control (RBAC)
  5. Segregation of Duties
  6. Privileged Access
  7. Physical Access Controls
  8. Network Security
  9. Data Encryption
  10. Cybersecurity Threats
  11. Common Access Control Mistakes
  12. More Common Mistakes
  13. Process Improvement: Security Programme
  14. Tools and Templates
  15. Daily Behaviour for Security
  16. Building Security Maturity
  17. Connecting Security to Compliance
  18. Cloud and SaaS Security

  1. Why Supplier Management Matters
  2. Annex 11 Section 3 Requirements
  3. Types of Suppliers in GMP
  4. Cloud Shared Responsibility Model
  5. Quality Agreements
  6. Supplier Qualification
  7. Risk-Based Supplier Audits
  8. Cloud Computing in GMP
  9. Shared Responsibility Model
  10. SaaS-Specific Considerations
  11. Cloud Validation Approach
  12. Data Residency and Privacy
  13. Cloud Security Considerations
  14. Supplier Change Notifications
  15. Vendor Update Cycles
  16. Sub-Tier Suppliers
  17. Common Mistakes in Supplier Management
  18. More Common Mistakes
  19. Process Improvement: Supplier Programme
  20. Tools and Templates
  21. Daily Behaviour for Supplier Management
  22. Building Supplier Maturity

  1. Why Change Control Matters
  2. Annex 11 Section 10 Requirements
  3. Categories of Change
  4. Change Control Process
  5. Risk Assessment of Changes
  6. Like-for-Like Changes
  7. Emergency Changes
  8. Patches and Updates
  9. Configuration Changes
  10. Software Upgrades
  11. Periodic Review (Annex 11 Section 11)
  12. Periodic Review Scope
  13. System Performance Monitoring
  14. Backup and Recovery
  15. Business Continuity
  16. Incident Management
  17. Common Mistakes in Change Control
  18. More Common Mistakes
  19. Process Improvement: Change Programme
  20. Tools and Templates
  21. Daily Behaviour for Change Discipline
  22. Building Change Maturity

  1. Why Inspection Readiness Matters
  2. Types of Audits and Inspections
  3. Self-Inspection Programme
  4. Inspection Findings Severity
  5. Audit Planning
  6. Pre-Audit Preparation
  7. Inspection Day Behaviour
  8. Documents Inspectors Request
  9. More Documents Inspectors Request
  10. Inspection Response Workflow
  11. Common Inspector Questions
  12. More Common Inspector Questions
  13. Findings Classification
  14. Responding to Findings
  15. EU GMP Inspection Outcomes
  16. FDA Form 483
  17. FDA Warning Letter
  18. Common Audit Mistakes
  19. More Common Mistakes
  20. Process Improvement: Audit-Ready Operations
  21. Tools and Templates
  22. Daily Behaviour Checklist
  23. Inspection Day Roles
  24. Audit Performance Metrics
  25. Building Audit Capability
  26. Cultural Indicators of Maturity
  27. Audit and Cultural Reset

  1. Why Case Studies Matter
  2. Sources of Industry Learning
  3. Patterns in Annex 11 Failures
  4. Patterns in Validation Failures
  5. Patterns in Change Control Failures
  6. Patterns in Supplier Failures
  7. Common Themes Across Failures
  8. What Mature Organisations Do Differently
  9. Building a Learning Organisation
  10. Cultural Indicators of Maturity
  11. Cultural Warning Signs
  12. How to Use Case Studies Internally
  13. Self-Assessment Questions
  14. Process Improvement: Continuous Learning
  15. Tools for Continuous Learning
  16. Daily Behaviour for Continuous Learning
  17. Connecting Case Studies to Risk
  18. Building an Industry Learning Culture
  19. Your Action Plan
  20. Course Complete

Course Benefits

Benefits cpd_points icon
CPD Points

Gain Continuing Professional Development (CPD) Points, accredited by The Faculty of Pharmaceutical Medicine of the Royal College of Physicians of the United Kingdom. These can be used to count towards the distance learning element of any scheme that comes under the umbrella of The Academy of Medical Royal Colleges or any other scheme for which there is mutual recognition.

Benefits certification icon
Certification

Receive a personal certificate to show your subject knowledge on course completion.

Benefits affordable icon
Affordable

You get excellent value through our cost-effective prices. We can also offer you group discounts on larger purchases.

Benefits flexible icon
Flexibility

The course saves you time through the convenience of online availability. This lets you complete the interactive course at your own comfort.

Benefits up_to_date icon
Keep Up to Date

You will stay up to date with any changes to EU GMP Annex 11, FDA 21 CFR Part 11, GAMP 5, ICH Q9/Q10, and PIC/S guidance documents as our training courses are constantly monitored, reviewed and updated.

Benefits industry_experts icon
Learn from Industry Experts

The course content has been developed by industry practitioners and subject-matter experts to ensure that learners can apply the principles directly in their daily work. Every module follows a consistent rhythm — concept, regulatory context, real-world failure, audit perspective, preventive controls, and a knowledge check.


Our Certified Customers

novartis
NHS
takeda
roche
dhl

Learner Rating & Reviews

4.7
Average Rating
536 global ratings
87.0%
5.0%
3.0%
3.0%
2.0%
RC

Working with Whitehall training for the last two years of partnership has been a very successful experience – I have fast access to all the GCP course...

SM

I have finalised the demo for the ICH-GCP E6 R3 refresher course. Overall, I liked the content and the interface. I also want to thank Whitehall Train...