A regulatory affairs manager at a pharmaceutical company is preparing for a combined FDA inspection covering manufacturing, a recently completed toxicology programme, and an ongoing clinical trial at a partnered site.
Three different inspection teams. Three different sets of requirements. Three different sets of records. The same underlying question running through all of them.
Can this organisation demonstrate that everything it does, across every function and every phase, meets the standard for quality, integrity, and control?
That question is what GxP is designed to answer.
By the end of this guide, you will be able to: identify which GxP regulation applies to each phase of product development; explain the shared principles that run across all GxP frameworks; understand how GMP, GLP, GCP, GDP, and GPvP interact in practice; identify where GxP failures most commonly occur in 2025 and 2026; and prepare your organisation for inspections across multiple GxP domains simultaneously.
What GxP Actually Means
GxP stands for Good x Practice, where x is a placeholder for the specific discipline. The term does not refer to a single regulation. It is an umbrella that covers the complete family of quality and compliance frameworks governing the regulated product lifecycle, from early laboratory research through manufacturing, clinical development, and post-market activities.
The most commonly encountered GxP disciplines are GMP (Manufacturing), GLP (Laboratory), GCP (Clinical), and GDP (Distribution). Others include GPvP (Pharmacovigilance), GSP (Storage), GAMP (Automated Manufacturing Practices), and GDocP (Documentation Practices), which has become increasingly formalised as data integrity expectations intensified across all GxP domains.
What unites all GxP frameworks is a common set of underlying expectations. Qualified personnel. Validated processes and equipment. Contemporaneous and accurate documentation. Independent quality oversight. Traceability from raw data to final decision. The specific requirements differ by discipline, but the philosophy is consistent.
GxP compliance is not a quality department responsibility. It is an operational standard that applies to every function and every individual involved in activities that affect product quality, data integrity, or patient safety. In fiscal year 2025, the FDA issued 112 Warning Letters, the highest annual total in more than two decades, with data integrity failures and weak CAPA systems appearing as the most recurring themes.
How GxP Maps to the Product Lifecycle
The Five Principles Shared Across All GxP Frameworks
Every GxP regulation requires personnel to be qualified by education, training, and experience to perform their assigned functions. GMP under 21 CFR Part 211.25 and QMSR under ISO 13485 require this for manufacturing. GLP under 21 CFR Part 58.29 requires it for laboratory staff. GCP under ICH E6(R3) requires it for investigators and site teams. Training must be documented and verified before the activity is performed.
All GxP activities must be governed by written, approved procedures. The procedure must be followed exactly as written. Deviations must be documented, investigated, and assessed for impact. A qualified process that is not documented and a documented process that is not followed are both compliance failures under every GxP framework.
Every GxP framework requires records to be made at the time of the activity, not retrospectively. The ALCOA+ principles apply across GMP, GLP, and GCP: records must be Attributable, Legible, Contemporaneous, Original, and Accurate. Data integrity failures are the most commonly cited category in FDA Warning Letters across all GxP domains in 2025 and 2026.
Every GxP framework requires a quality function that is independent of operational activities. In GMP, this is the Quality Control and Quality Assurance unit. In GLP, this is the Quality Assurance Unit. In GCP, this is the sponsor’s quality assurance oversight and the IRB/IEC. Independent oversight exists because the people performing regulated activities cannot objectively evaluate their own compliance.
GxP requires that every decision can be traced back to the data that supported it, and that records are retained for defined periods. In GMP, batch records must be retained until one year after product expiry. In GLP, raw data and final reports must be retained for the period required by regulation. In GCP, trial documents must be retained for at least two years after regulatory approval or trial discontinuation. Records that cannot be retrieved during an inspection are equivalent to records that do not exist.
Building a GxP Compliance Programme: Step by Step
Step 1: Map Your GxP Obligations
Begin by identifying every GxP domain that applies to your organisation based on your activities. A company conducting nonclinical studies, running clinical trials, and manufacturing a product simultaneously is subject to GLP, GCP, and GMP obligations simultaneously. Each domain has its own quality system requirements, its own documentation standards, and its own inspection framework.
Create a GxP obligation matrix that lists each applicable framework, the relevant regulations, the activities covered, and the organisational function responsible. This matrix becomes the foundation of your compliance architecture.
Step 2: Establish a Cross-Domain Quality System
Organisations operating across multiple GxP domains should not maintain completely separate quality systems for each one. Core elements such as deviation management, CAPA governance, document control, training management, supplier qualification, and audit programmes can be designed to operate across GxP domains with domain-specific procedures layered on top.
In 2025 and 2026, FDA inspectors increasingly evaluate governance models rather than isolated errors. Organisations with centralised deviation tracking and CAPA systems that connect across GMP, GLP, and GCP activities demonstrate a quality culture. Organisations with siloed systems expose themselves to repeat findings across domains.
Step 3: Train to the Applicable GxP Standard
Training programmes must be calibrated to the specific GxP requirements of each role. A manufacturing operator needs GMP training. A laboratory technician supporting regulatory submissions needs GLP training. A clinical research coordinator needs GCP training under ICH E6(R3), which became effective July 23, 2025.
Training records must document: the specific regulation or SOP covered, the version of the document trained on, the date training was completed, and verification of competency where required. Role-based training matrices must be maintained and kept current as personnel change roles or regulations are updated.
Step 4: Implement Continuous Inspection Readiness
Inspection readiness should not be activated when an inspection is announced. It should operate continuously as a standing programme. This means conducting regular self-inspections that mirror FDA and international inspection approaches, maintaining deviation and CAPA systems that are current and linked, ensuring records are retrievable without tribal knowledge, and tracking regulatory updates that affect your GxP obligations.
With FDA Warning Letters reaching record highs in 2025, organisations that treat inspection readiness as a periodic exercise rather than a continuous operational state face greater exposure than those where quality systems operate the same way whether or not an inspection is expected.
Step 5: Manage the Intersections Between GxP Domains
The most complex compliance situations arise at the intersections between GxP domains. A drug product manufactured under GMP must have its clinical supply chain managed under GDP. The clinical trial testing that product must comply with GCP. Any nonclinical studies conducted to support the application must comply with GLP. A failure in any domain affects the integrity of the entire regulatory package.
Common intersection failures include: investigational medicinal product manufactured without GMP compliance; nonclinical studies conducted at laboratories that were not qualified as GLP-compliant; clinical trial supply shipped under conditions that violated GDP temperature requirements; and post-market safety data managed without GPvP infrastructure. Each of these has occurred recently and resulted in regulatory action or delayed submissions.
Common GxP Compliance Mistakes
Quality systems managed in silos produce compliance gaps at domain intersections. A CAPA raised in GMP that has implications for a GLP study is often not tracked across domains. A training update required by a GCP guideline change may not reach manufacturing staff who also work on clinical supply activities. Integrated quality governance prevents these gaps.
A method validation study conducted in a laboratory to support a GMP product release must be conducted under GMP, not GLP. GLP applies only to nonclinical safety studies intended for regulatory submission. Applying the wrong framework wastes resources and may produce records that do not satisfy the applicable requirement.
Data integrity is a quality culture issue, not a software configuration issue. Systems can be technically compliant with 21 CFR Part 11 requirements while the organisational culture produces data integrity failures through manual overrides, shared credentials, or pressure to complete documentation retrospectively. The GxP data integrity failures appearing in 2025 and 2026 warning letters consistently trace to culture and management oversight failures, not system failures.
ICH E6(R3) for GCP became effective July 23, 2025. The QMSR for medical device GMP became effective February 2, 2026. Organisations that have not trained relevant personnel on these updates are operating under outdated compliance frameworks and may fail inspections for reasons unrelated to their historical performance.
Knowledge Check
Test your understanding of the GxP framework before applying it in practice.
GLP: 21 CFR Part 58. Nonclinical laboratory studies intended for submission to the FDA must be conducted under Good Laboratory Practice requirements. GMP applies to manufacturing, and GCP applies to clinical trials involving human subjects. The toxicology study is conducted before human clinical trials begin and is therefore subject to GLP, not GCP.
GCP, GMP, and potentially GDP. The clinical trial is subject to GCP under ICH E6(R3) and 21 CFR Parts 50, 56, and 312. The manufacturing of the investigational drug at the contract facility is subject to GMP under 21 CFR Part 211 and specifically 21 CFR Part 312.23(a)(7) for IND requirements. The supply of the investigational drug from the manufacturer to the clinical trial sites is subject to GDP requirements to ensure supply chain integrity and temperature control. All three frameworks operate simultaneously and independently.
This sits at the intersection of GDP and GCP. The temperature excursion during storage is a GDP issue: the drug was not maintained according to the specified storage conditions during distribution and site storage. The GCP implications concern participant safety: if any participants received drug from the affected batch, the investigator must assess whether this constitutes a protocol deviation and whether it affects participant safety. Both domains require a response simultaneously. The sponsor’s GMP organisation must also evaluate product quality and whether the affected product can still be used. This scenario illustrates why cross-domain quality systems are essential.
ALCOA+: Attributable, Legible, Contemporaneous, Original, Accurate. This framework applies across all GxP domains. Every GxP regulation requires that records be traceable to the person who made them, readable, made at the time of the activity, original (not transcriptions without reference to originals), and accurate. The specific implementation differs by domain, but the underlying standard is consistent. 21 CFR Part 11 provides the technical framework for electronic records across GxP environments.
GxP Readiness Checklist
✓ GxP obligation matrix is documented and current for all applicable frameworks
✓ Quality system covers GMP, GLP, and GCP domains with integrated deviation and CAPA management
✓ Training matrices are role-based and reflect current regulatory versions (ICH E6(R3), QMSR)
✓ All personnel are trained on applicable GxP requirements before performing regulated activities
✓ Data integrity controls (ALCOA+, 21 CFR Part 11) are implemented across all GxP systems
✓ Supplier qualification covers GLP laboratories, GMP contract manufacturers, and GDP partners
✓ Records are retrievable without tribal knowledge for all GxP domains
✓ Inspection readiness programme operates continuously across all applicable domains
✓ Cross-domain quality reviews identify compliance gaps at GxP intersections
✓ Regulatory update monitoring tracks changes across GMP, GLP, GCP, and GDP frameworks
Sources
- Zamann Pharma: GxP in Pharma Framework: GMP, GLP, GCP, GDP, GRP Compliance in 2026 (March 2026)
- GxP Ready: GxP Compliance Guide: GMP, GLP, GCP and Regulatory Compliance (April 2026)
- PharmaeduCenter: What Is GxP in Pharma (March 2026)
- 21 CFR Part 58: Good Laboratory Practice (eCFR)
- 21 CFR Part 211: Current Good Manufacturing Practice (eCFR)
- ICH E6(R3): Good Clinical Practice Guideline (January 2025)


