If you’re a professional in pharmaceuticals, biotech, advanced therapy medicinal products (ATMPs), or medical devices operating in the UK, you know the gravity of an inspection conducted by the Medicines and Healthcare products Regulatory Agency (MHRA).
The MHRA is the UK regulatory body responsible for GxP compliance and product safety, basically acting as the final checkpoint for quality assurance.
I’ve been involved in many compliance audits, and the pressure leading up to an MHRA inspection is palpable. Many companies, especially those still relying on manual systems, find the preparation process overwhelming, a panic to locate paper files and reconcile data across different platforms. This tension often reveals serious underlying vulnerabilities.
In this guide, I will share my perspective on what the MHRA looks for, explain why digital systems are important for achieving MHRA inspection readiness, and provide a detailed, actionable checklist for your next audit.
Key takeaways
What is an MHRA inspection
An MHRA inspection is a formal, in-depth evaluation of a company's systems, procedures, facilities, and documentation to verify compliance with the relevant GxP (Good Practice) regulations. These inspections are mandatory for companies that manufacture, test, distribute, or conduct clinical trials for medicines and medical devices within or for the UK.
The primary objective is always to assure the quality, efficacy, and safety of medicinal products. Inspectors are interested in how your established quality system works in practice, looking past the written documents to see if quality controls are executed consistently on the floor, in the laboratory, or at the clinical site.
The different types of MHRA inspections
The scope of the inspection is defined by the specific area of GxP compliance being reviewed:
- MHRA GMP inspection: The MHRA GMP inspection focuses on Good Manufacturing Practice , examining production controls, documentation, deviation handling, and facility maintenance for finished medicinal products and active pharmaceutical ingredients (APIs).
- MHRA GCP inspection: The MHRA GCP inspection is based on Good Clinical Practice, reviewing clinical trial management, data recording, protocol adherence, and ethical committee oversight to make sure the rights and safety of human subjects are protected.
- MHRA GDP inspection: This focuses on Good Distribution Practice, covering the warehousing, storage, and transport conditions to guarantee product quality is maintained throughout the supply chain.
- Pharmacovigilance (PV) inspections: These inspections review the systems used to monitor the safety of marketed drugs and the handling of adverse event reports.
What inspectors look for
MHRA inspectors operate with a risk-based approach. During an inspection, they are looking for systemic weaknesses that could compromise patient safety. Their review centres on important elements of the QMS:
- Data integrity: Can you prove the accuracy, completeness, and consistency of all critical data?
- Audit trail: Is there an auditable, unalterable record of who did what and when to every record and document?
- Root Cause Analysis (RCA): When a deviation occurs, did your team identify the true root cause, and was the resulting CAPA effective in preventing recurrence?
- Management commitment: Does senior management actively support and review the QMS?
The quality of your MHRA inspection preparation hinges on your ability to produce this evidence instantly. If your inspectors spend an hour waiting for a document, they are likely to escalate their scrutiny.
The most common MHRA inspection findings
Understanding where others stumble is the best component of MHRA inspection preparation. I’ve personally observed that companies struggle with translating their written procedures into consistent, real-world practice, which is where the MHRA finds the most observations.
MHRA inspection findings are categorised by severity. Critical, Major, or Minor. The goal is always to avoid Major or Critical findings, which can directly halt operations or revoke licenses.
Here are some of the most frequent and persistent MHRA inspection findings that lead to observations.
Systemic data integrity failure
This is a persistent and growing area of concern. Findings often relate to electronic systems lacking adequate controls, such as shared login credentials, the ability to delete raw data, or missing audit trails. I once worked with an API manufacturer whose system allowed the QC laboratory to rename or delete original instrument output files without logging the action. This was immediately cited as a critical finding because it demonstrated a complete loss of control over raw data integrity.
Inadequate CAPA system
Failure to close CAPAs in a timely manner, and, more commonly, failure to perform effective verification of the corrective action. Inspectors will often request a sample of five closed CAPAs and follow the audit trail to confirm that the fix actually solved the underlying problem. A recurring issue indicates a weak CAPA system.
Validation deficiencies
Insufficient validation of computerised systems (including QMS and ERP software) to demonstrate that they perform as intended and remain compliant. This is a common finding for companies switching to new software without adequate planning.
Incomplete supplier qualification
Failure to audit or monitor contract manufacturing organisations (CMOs) or critical raw material suppliers with the required frequency or depth.
Document control breaches
The use of obsolete SOPs or uncontrolled paper copies on the manufacturing floor, proving a lack of effective document management and training control.
Data integrity is consistently highlighted as a vulnerability during MHRA inspections. The MHRA found that between 2016 and 2023, lapses in data integrity accounted for nearly 40% of all critical and major GMP deficiencies reported. These failures frequently involve issues such as incomplete audit trails, shared system credentials, and undocumented data reprocessing.
Digital systems: What MHRA expects from electronic QMS and SaaS tools
The MHRA has been a global leader in defining expectations for electronic systems, publishing highly relevant MHRA data integrity guidance that applies to all GxP records, whether paper or electronic. Inspectors view your electronic QMS (eQMS) as the true measure of your quality maturity.
The expectation is ALCOA+ (Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, and Available).
- MHRA expectations for computerised systems: Any software used for GxP operations must be validated to confirm it consistently performs its intended function. This includes demonstrating control over configuration, security, and access.
- Importance of audit trails, access controls, and validation: Inspectors demand systems that are intrinsically secure. This means audit trails must be protected from deletion or modification, and access controls (user permissions) must strictly enforce segregation of duties. Without verifiable audit trails, the integrity of your data is immediately questioned.
- How inspectors view Cloud QMS / SaaS: The MHRA recognises the benefits of cloud-based (SaaS) systems. They do, however, expect the regulated company to thoroughly vet the vendor's security (hosting, back-up) and validation strategy. A pre-validated, compliant SaaS QMS reduces the audit burden, provided the user keeps control over their specific configuration and records.
- Scilife and data integrity: This is where a platform like Scilife transforms your MHRA inspection readiness. Scilife is designed to align with strict data integrity requirements, offering fully traceable, secure, and compliant workflows. These include electronic signatures and unalterable audit trails, simplifying validation and demonstrating control over quality records.
How to prepare for an MHRA inspection
MHRA inspection preparation starts months in advance, embedding readiness into daily operations. This guide provides an actionable, four-phase plan. To demonstrate the required control, I strongly recommend using a QMS like Scilife to manage the evidence required at each step.
Phase I:
The internal audit and gap analysis (The self-assessment)
Action: Conduct an internal GxP audit using the MHRA’s latest guidance (or an MHRA inspection checklist template). Look at the areas most frequently cited, like CAPA, change control, and data integrity.
Industry tip: I always recommend running a "mock inspection" that simulates the MHRA's QSIT (Quality System Inspection Technique) approach. Trace two or three specific batches from raw material release to final product DHR. This uncovers procedural gaps that simple document checks miss.
Scilife advantage: Use the Audit Management module to schedule and track these internal audits, automatically linking findings to CAPA initiation.
Phase II:
Documentation and training remediation (The cleanup)
Action: Immediately address all identified gaps, working heavily on closing overdue CAPAs and revising flawed SOPs. Make sure all electronic records (DMR, DHF, DHR) are complete and readily accessible.
Industry tip: Check that your training records are up-to-date and linked to the correct version of the SOP. A common failure point is employees being trained on an obsolete document.
Scilife advantage: Use Document Control and Training Management to check that only current SOPs are in circulation and automatically deploy training when a document is revised.
Phase III:
The inspection day logistics (The War Room)
Action: Designate and fully equip a "War Room" (physical or virtual). Select a host, a scribe, and document runners. Confirm you have a clear SOP for handling the inspection, including rules for responding to questions (only answer what is asked).
Industry tip: I always instruct document runners to retrieve the documents immediately via the eQMS. Instant document retrieval, literally seconds, demonstrates control and confidence to the investigator better than anything else.
Scilife advantage: The centralised cloud platform allows document runners to instantly retrieve verified, electronically signed records from any location without needing to physically search for paper.
Phase IV:
Post-inspection management (The 15-Day Clock)
Action: If there is a finding, analyse the observations immediately. Develop a robust, verifiable response within the required timeline, detailing the immediate containment, root cause analysis, and long-term CAPA.
Industry tip: Never promise a correction you cannot deliver by the stated deadline. It is better to have an accurate timeline than a fast, inadequate response.
Scilife advantage: Use the integrated CAPA system to manage the investigation and closure of the regulatory observations, automatically documenting the root cause and verifying the effectiveness check before final sign-off.
Conclusion: Ensuring MHRA inspection readiness all year round
The goal here is to steer your organisation away from crisis management toward a state of continuous MHRA inspection readiness. The MHRA is clear in that quality must be embedded, verifiable, and controlled. This means moving beyond spreadsheets and embracing systems that inherently enforce compliance. The high frequency of MHRA inspection findings related to data integrity and QMS failure proves that legacy systems are simply too great a risk. Following a structured MHRA inspection preparation plan and leveraging a unified platform like Scilife, allows you to transform your quality system from an audit vulnerability into a source of competitive strength.
