Stats
Actions
Tags
From agent-almanac
Plans and executes GxP audits of computerized systems and processes, covering opening meetings, evidence collection, finding classification, CAPA generation, and report writing. Use for scheduled internal audits, supplier qualification, pre-inspection readiness, or for-cause audits.
How this skill is triggered — by the user, by Claude, or both
Slash command
/agent-almanac:conduct-gxp-auditThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Plan and execute a GxP audit of computerized systems, data integrity practices, or regulated processes.
Plan and execute a GxP audit of computerized systems, data integrity practices, or regulated processes.
# Audit Plan
## Document ID: AP-[SYS]-[YYYY]-[NNN]
### 1. Objective
[State the purpose: scheduled, for-cause, supplier qualification, pre-inspection]
### 2. Scope
- **System/Process**: [Name and version]
- **Regulations**: [21 CFR Part 11, EU Annex 11, ICH Q7, etc.]
- **Period**: [Date range of records under review]
- **Exclusions**: [Any areas explicitly out of scope]
### 3. Audit Criteria
| Area | Regulatory Reference | Key Requirements |
|------|---------------------|------------------|
| Electronic records | 21 CFR 11.10 | Controls for closed systems |
| Audit trail | 21 CFR 11.10(e) | Secure, computer-generated, time-stamped |
| Electronic signatures | 21 CFR 11.50 | Manifestation, legally binding |
| Access controls | EU Annex 11, §12 | Role-based, documented |
| Data integrity | MHRA guidance | ALCOA+ principles |
| Change control | ICH Q10 | Documented, assessed, approved |
### 4. Schedule
| Date | Time | Activity | Participants |
|------|------|----------|-------------|
| Day 1 AM | 09:00 | Opening meeting | All |
| Day 1 AM | 10:00 | Document review | Auditor + QA |
| Day 1 PM | 13:00 | System walkthrough | Auditor + IT + System Owner |
| Day 2 AM | 09:00 | Interviews + evidence collection | Auditor + Users |
| Day 2 PM | 14:00 | Finding consolidation | Auditor |
| Day 2 PM | 16:00 | Closing meeting | All |
### 5. Audit Team
| Role | Name | Responsibility |
|------|------|---------------|
| Lead Auditor | [Name] | Plan, execute, report |
| Subject Matter Expert | [Name] | Technical assessment |
| Auditee Representative | [Name] | Facilitate access and information |
Expected: Audit plan approved by quality management and communicated to auditee at least 2 weeks before the audit. On failure: Reschedule if auditee cannot provide required documentation or personnel.
Agenda:
Expected: Opening meeting documented with attendance record. On failure: If key personnel are unavailable, reschedule affected audit activities.
Review documentation and records against audit criteria:
Expected: Evidence collected as screenshots, document copies, interview notes with timestamps. On failure: Record "unable to verify" as an observation and note the reason.
Classify each finding by severity:
| Classification | Definition | Response Required |
|---|---|---|
| Critical | Direct impact on product quality, patient safety, or data integrity. Systematic failure of a key control. | Immediate containment + CAPA within 15 business days |
| Major | Significant departure from GxP requirements. Potential to impact data integrity if uncorrected. | CAPA within 30 business days |
| Minor | Isolated deviation from procedure. No direct impact on data integrity or product quality. | Correction within 60 business days |
| Observation | Opportunity for improvement. Not a regulatory requirement. | Optional — tracked for trend analysis |
Document each finding:
## Finding F-[NNN]
**Classification:** [Critical / Major / Minor / Observation]
**Area:** [Audit trail / Access control / Change control / etc.]
**Reference:** [Regulatory clause, e.g., 21 CFR 11.10(e)]
**Observation:**
[Objective description of what was found]
**Evidence:**
[Document ID, screenshot reference, interview notes]
**Regulatory Expectation:**
[What the regulation requires]
**Risk:**
[Impact on data integrity, product quality, or patient safety]
Expected: Every finding has classification, evidence, and regulatory reference. On failure: If classification is disputed, escalate to the audit program manager for adjudication.
Agenda:
Expected: Closing meeting documented with attendance. Auditee acknowledges findings (acknowledgement ≠ agreement). On failure: If auditee disputes a finding, document the disagreement and escalate per SOP.
# Audit Report
## Document ID: AR-[SYS]-[YYYY]-[NNN]
### 1. Executive Summary
An audit of [System/Process] was conducted on [dates] against [regulations].
[N] findings were identified: [n] critical, [n] major, [n] minor, [n] observations.
### 2. Scope and Methodology
[Summarize audit plan scope, criteria, and methods used]
### 3. Findings Summary
| Finding ID | Classification | Area | Brief Description |
|-----------|---------------|------|-------------------|
| F-001 | Major | Audit trail | Audit trail disabled for batch record module |
| F-002 | Minor | Training | Two users missing annual GxP training |
| F-003 | Observation | Documentation | SOP formatting inconsistencies |
### 4. Detailed Findings
[Include full finding details from Step 4 for each finding]
### 5. Positive Observations
[Document areas of good practice observed during the audit]
### 6. Conclusion
The overall compliance status is assessed as [Satisfactory / Needs Improvement / Unsatisfactory].
### 7. Distribution
| Recipient | Role |
|-----------|------|
| [Name] | System Owner |
| [Name] | QA Director |
| [Name] | IT Manager |
### Approval
| Role | Name | Signature | Date |
|------|------|-----------|------|
| Lead Auditor | | | |
| QA Director | | | |
Expected: Report issued within 15 business days of the closing meeting. On failure: If delayed beyond 15 days, notify stakeholders and document the reason.
For each finding requiring a CAPA:
## CAPA Tracking
| Finding ID | CAPA ID | Root Cause | Corrective Action | Due Date | Status | Effectiveness Check |
|-----------|---------|------------|-------------------|----------|--------|-------------------|
| F-001 | CAPA-2025-042 | Configuration oversight during upgrade | Enable audit trail, verify all modules | 2025-04-15 | Open | Scheduled 2025-07-15 |
| F-002 | CAPA-2025-043 | Training matrix not updated | Complete training, update tracking | 2025-05-01 | Open | Scheduled 2025-08-01 |
Expected: CAPAs assigned, tracked, and effectiveness verified per defined timeline. On failure: Unresolved CAPAs escalate to QA management and are flagged in the next audit cycle.
perform-csv-assessment — full CSV lifecycle assessment (URS through validation summary)setup-gxp-r-project — project structure for validated R environmentsimplement-audit-trail — audit trail implementation for electronic recordswrite-validation-documentation — IQ/OQ/PQ protocol and report writingsecurity-audit-codebase — security-focused code audit (complementary perspective)npx claudepluginhub pjt222/agent-almanacRuns a Computer Systems Validation (CSV) assessment using GAMP 5 methodology for GxP environments. Covers URS creation, risk assessment, IQ/OQ/PQ planning, traceability matrix, and validation summary reporting.
Activate for: audit, audit preparation, audit pack, internal audit, external audit, regulatory audit, supervisory visit, audit evidence, audit trail, audit readiness, mock audit, audit findings, audit response, audit remediation, audit committee, board audit, annual audit, ISO audit, surveillance audit, certification audit, regulator visit, FCA visit, BSI audit, PCI audit, SOC 2 audit, audit questionnaire, evidence inventory. NOT for: compliance obligation mapping (use official compliance-tracking auto-skill), vendor evaluation (use official /vendor-review), risk register building (use official risk-assessment auto-skill).
Audits medical device software (SaMD) compliance against IEC 62304, 21 CFR Part 820, ISO 13485, and ISO 14971. Reviews DHFs, CAPAs, validation protocols, and risk files with severity-graded findings and regulatory citations.