Login

GDP monitoring requirements

Adam Hartmann-Kruckow
CCO & co-founder

How to meet Annex 11, 21 CFR Part 11, and alarm rules

Learn GDP monitoring requirements across storage and logistics, how to configure alarms, and how to comply with Annex 11 and 21 CFR Part 11.

Get a practical step-by-step checklist to help you configure thresholds, validate systems, and stay audit-ready with less manual effort.


What are the GDP monitoring requirements for temperature-sensitive medicines?

GDP requires continuous monitoring of time- and temperature-sensitive medicines during storage and distribution. Devices must be qualified, calibrated, and placed according to temperature mapping results. Records must be secure, retrievable, and available for audits.

Core monitoring requirements:

  • Use calibrated devices with ISO 17025 traceability and valid certificates.
  • Place sensors at hot and cold spots identified during temperature mapping studies.
  • Configure alarms and escalation linked to predefined acceptance criteria.
  • Ensure continuous recording with validated data integrity controls.

Inspector insight: Inspectors often check whether monitoring placement is documented in the monitoring plan and directly linked to the mapping report.

Also read: GDP temperature mapping: Protocols, frequency, and acceptance criteria


How do Annex 11 and 21 CFR Part 11 apply to GDP monitoring systems?

Electronic monitoring systems used under GDP must comply with Annex 11 and 21 CFR Part 11. Both frameworks focus on ensuring data integrity, traceability, and secure management of electronic records. To meet these expectations, systems must restrict access through role-based permissions, automatically log every change with a time-stamped audit trail, and use electronic signatures for approvals, such as deviation handling and reporting. Records must also be archived securely so they remain tamper-proof and retrievable in full during inspections.

Inspector insight: A common finding is missing or incomplete audit trails. Regulators expect validated audit trail functionality in monitoring systems, along with SOPs that define how these records are reviewed.

Also read: 21 CFR Part 11 explained


How should alarms be set up under GDP monitoring requirements?

Alarms are essential for a timely response to deviations. GDP requires alarms to be risk-based, clearly defined, and linked to SOPs for investigation and escalation.

Best practice for alarm setup:

  • Set thresholds from acceptance criteria: Use mapping results and product ranges to define alarm points.
  • Reduce false alarms: Apply short delays or deadbands to filter harmless fluctuations.
  • Define escalation paths: SOPs must state who receives alarms, who investigates, and how CAPA is assigned.
  • Document ownership: The RP or QA manager must review and approve alarm configuration.

Real-world example: A warehouse near a busy loading dock reduced nuisance alarms by applying a 10-minute delay. The change was documented in the alarm SOP and approved by the RP, preventing unnecessary investigations while maintaining compliance.

Inspector insight: Inspectors want to see that alarm settings are documented, justified, and formally approved. They often request the alarm SOP and recent deviation logs during audits.

Also read: 7 GDP compliance for pharmaceutical warehouses


How should deviations and CAPA be managed in GDP monitoring?

Monitoring is only effective if deviations trigger timely investigation and corrective action. [GDP]/gdp) requires clear SOPs for alarm response, deviation logging, and CAPA workflows. Each deviation should be logged, risk assessed, investigated, and closed with an approved CAPA when required. Documentation must show timelines, responsible persons, and sign-off by QA or the RP.

Inspector insight: Inspectors often ask: Can you show how a deviation was logged, investigated, and resolved? They expect to see CAPA records linked to alarm data and signed off by QA.


Download your GDP monitoring checklist

Ensure your monitoring systems and alarms are fully compliant. This step-by-step checklist helps you configure thresholds, validate systems, and stay audit-ready with less manual effort.

Initializing ...

How should GDP monitoring data be documented for inspections?

GDP requires that monitoring records are secure, accurate, and accessible throughout the retention period. Data must be linked to calibration certificates and easily retrievable for inspections.

Documentation requirements:

  • Link monitoring points to calibration records with certificate IDs and validity dates.
  • Store data in validated systems with access controls and backup procedures.
  • Ensure audit-ready reporting with trends, deviations, and CAPA records.
  • Keep records accessible for the defined retention period (at least as long as product shelf life, or as required by local GDP regulators).

Inspector insight: Inspectors often ask for deviation logs showing how alarms were handled and whether CAPA was implemented. They may also request proof that calibration certificates are linked to specific monitoring devices in use.

Also read: Good distribution practice (GDP): Guidelines for pharma logistics


How can multi-site monitoring support GDP compliance?

Organizations with multiple warehouses or logistics sites face challenges with harmonization. Centralized monitoring systems allow alarm rules, escalation workflows, and reporting formats to be standardized across all sites. This improves oversight and ensures consistent responses to deviations.

Benefits of multi-site monitoring:

  • Harmonized SOPs and alarm thresholds across locations.
  • Enterprise dashboards for RP and QA oversight.
  • Easier preparation for corporate and regulatory audits.

Inspector insight: Regulators expect central QA teams to maintain oversight of subcontracted and multi-site operations. Standardized monitoring and reporting helps demonstrate this oversight during inspections.


Also read: GDP temperature mapping: Protocols, frequency, and acceptance criteria

Frequently asked questions

FAQ about GDP monitoring

Where should GDP monitoring sensors be placed?
Do monitoring devices need calibration under GDP?

Yes. Devices must be  ISO17025-calibrated, within validity, and linked to traceable certificates.

Learn more about [calibration](/temperature-calibration.

What does Annex 11 require for GDP monitoring systems?

Validated systems with audit trails, access controls, secure archiving, and SOPs for periodic review.

Learn more about choosing temperature monitoring systems in GxP.

How should alarms be configured under GDP monitoring?

Based on mapping results and product ranges, with SOP-defined escalation and RP approval.

How should deviations be handled in GDP monitoring?

Each deviation must be logged, investigated, risk assessed, and closed with CAPA approved by QA or the RP.

How does multi-site monitoring support GDP compliance?

By harmonizing alarm rules and reporting across sites, enabling central QA oversight and consistent audits.

What documentation is required for GDP monitoring records?

Validated data storage, calibration linkage, deviation logs, CAPA records, and audit-ready reports.

Checklist

Download your GDP monitoring and alarm setup checklist

Ensure your monitoring systems and alarms are fully compliant. This step-by-step checklist helps you configure thresholds, validate systems, and stay audit-ready with less manual effort.

Get a practical step-by-step checklist helps you configure thresholds, validate systems, and stay audit-ready with less manual effort.

References and further reading

  • EU GDP guideline (2013/C 343/01): Monitoring and records requirements.
  • Annex 11 (EU): Electronic records and audit trails.
  • 21 CFR Part 11 (US): Electronic signatures and data integrity. See also 21 CFR Part 11 explained.
  • WHO TRS 961: Guidance on monitoring in storage and transport.