Book a call

Independent audits.
Certified methodology.

First-party, second-party, and pre-inspection audits for cannabis and pharmaceutical operations. Built on ISO 19011, EU GMP Part I and Part II, and documented IRCA PR 325 auditor credentials.

ISO 19011 methodologyEU GMP Part I and Part IIGACP assessmentsInternational scope

Independent findings and documented methodology. Audit outcomes depend on actual site and system status.

Self-assessment

How structured is your audit programme?

Six questions covering programme management, auditor competence, and evidence-based audit activities. A structured diagnostic before commissioning an independent audit review.

6 questions, around 5 minutes
Personalised PDF report with archetype classification and gap analysis
Optional 30-minute review call with a Clear consultant

We collect your email at the halfway point. Privacy policy.

PREVIEW
Your Report
Foundation
CoverageYou
Maturity
Optimisation
Pages3
FormatPDF
Time5 min

Methodology

Built on real audit experience.

Based on ISO 19011:2018 (Guidelines for auditing management systems). Clear's auditors are qualified under IRCA and operate independently across European regulated industries, applying the same programme design and evidence criteria that external certification bodies expect to see.

Sample

The questions that matter.

Do you have a documented audit programme that covers all relevant processes and departments?

Are auditors formally selected based on defined competence criteria and impartiality requirements?

How are audit findings tracked, assigned to responsible parties, and verified for closure?

5 archetypes

Where you stand. What you can do.

Foundation

First stages of the compliance journey. Basic systems and documentation not yet formally in place.

Coverage

Compliance frameworks in progress, with partial implementation. Gap analysis and prioritisation are the main focus.

Maturity

Mature systems with specific gaps remaining. Targeted remediation to close priority observations.

Optimisation

Near full compliance with refinement needs. Audit readiness and continuous improvement as the next horizon.

Next steps

A report, then options.

Right after submission

  • Your 3-page PDF report delivered to your email
  • Archetype classification with detailed reasoning
  • Concrete next steps tailored to your position

If you want to discuss

  • Optional 30-minute call with a Clear consultant
  • No commitment, no sales follow-up unless requested
  • Schedule directly via Zoom Scheduler

The problem with self-assessment

An internal review is conducted by the people with the most to protect.

Familiarity normalises risk. The team closest to the operation tends to underestimate what an external auditor will find on the first walk-through.

AspectInternal reviewIndependent audit

Perspective

Operational familiarity normalises risk

No prior exposure; every deviation is visible

Bias

Motivated to confirm current practice

No stake in the outcome

Documentation

Reviewed by the team that produced it

Reviewed against standard; inconsistencies surface

Inspector simulation

Based on internal assumptions

Based on actual inspection methodology and question sets

Credibility

Internal record; limited external weight

Third-party evidence for buyers, partners, and authorities

Regulatory value

Useful internally; rarely accepted externally

Defensible foundation for regulatory correspondence

Credentials

IRCA PR 325. A verifiable credential.

IRCA PR 325 is a registered lead auditor certification issued through the Chartered Quality Institute. It is held individually and verifiable, distinct from corporate claims or course certificates.

IRCA PR 325 registered lead auditor certification

ISO 19011 audit management methodology

EU GMP Part I: pharmaceutical manufacturing

EU GMP Part II: active pharmaceutical ingredients

GACP: agricultural and primary processing assessments

ICH Q9: quality risk management applied to audit scope

ICH Q10: pharmaceutical quality system assessment

Competent authority inspection methodology and question sets

Audit services

Eight types of audit engagement.

Scope is defined before starting. Each engagement produces a written report with classified findings.

Cluster A: Internal operations

First-party audit

Independent internal audit of your quality management system. Surfaces findings before a regulatory inspector does.

Mock inspection

Simulated competent authority inspection: opening meeting, site walk, document requests, closing meeting, and written observations.

Audit readiness assessment

Focused review of documentation, site status, team readiness, and evidence completeness ahead of a scheduled inspection.

Cluster B: Supplier and commercial

Second-party audit

Structured on-site or remote assessment of a supplier, CMO, or commercial partner against applicable GMP or GACP requirements.

Due diligence audit

Independent compliance evaluation on behalf of investors, acquirers, or commercial partners before committing to a relationship.

Cluster C: Regulatory pathway

Pre-inspection gap analysis

Structured comparison of current state against applicable requirements. Produces a prioritised remediation roadmap before inspection date.

Follow-up audit

Verification audit to confirm that corrective actions from a previous finding have been implemented effectively.

Document review

Remote documentation assessment: SOPs, batch records, Site Master File, validation packages, quality agreements.

How we audit

A documented process. No improvisation.

Every engagement follows the same structured methodology regardless of audit type. Scope and deliverables are agreed before any site visit or document review begins.

01

Scoping

Define the audit scope, applicable standards, site activities, objectives, and logistics. Agree on the deliverable format before starting.

02

Audit plan

Build a structured audit plan with criteria, scope, reference documents, agenda, and auditor allocation. Shared with the auditee before the engagement.

03

Opening meeting

Confirm scope, method, timing, and contacts. Establish the working relationship and clarify any access requirements.

04

On-site or desk review

Systematic collection of evidence through document review, facility observation, interview, and process walkthrough. Documented at each step.

05

Closing meeting

Present preliminary findings before leaving the site. Give the auditee the opportunity to clarify or provide additional evidence.

06

Report, CAPA, follow-up

Deliver a written report with classified observations and recommended corrective actions. Follow-up structure defined for critical or major findings.

What you receive

Every engagement produces a written record.

Deliverables are scoped to the engagement type. The following list covers the full range across all audit formats.

01

Written audit report with findings classified by criticality

02

Evidence-based observations with specific references

03

Recommended corrective and preventive actions

04

Classified risk summary for each observation

05

Audit programme documentation per ISO 19011

06

Closing meeting summary and preliminary findings record

07

Follow-up structure for critical and major findings

08

CAPA tracking template aligned to observation list

09

Audit readiness briefing pack (for pre-inspection engagements)

10

Supplier qualification summary report (for second-party audits)

Recognition

Six situations where an independent audit is the right next step.

01

A regulatory inspection or certification audit is on the calendar with internal preparation still to begin.

02

The internal review shows no issues. An external audit before the inspection would confirm or challenge that assessment.

03

A supplier or CMO is critical to the supply chain but has never been audited by an independent third party.

04

Findings from a previous inspection or audit remain open or were closed without verified root cause analysis.

05

An investor, acquirer, or commercial partner is requesting independent compliance evidence before proceeding.

06

The quality team is too close to the system to see what an external auditor would find on day one.

Who requests an audit

Different roles. Different audit scope. Same standard.

QP and Quality Manager

You need periodic independent verification of systems you manage daily. Internal reviews have blind spots. An independent first-party audit provides the external perspective that satisfies your own QMS requirements.

CEO and Founder

Audit findings reached by your board, investor, or buyer carry more weight than internal reassurance. An independent audit report provides objective evidence that your operation meets the standards you claim.

Supply Chain and Procurement

Supplier qualification is a GMP requirement. Before onboarding a CMO, packaging supplier, or raw material source, a second-party audit verifies what the supplier data sheet alone leaves unanswered.

MAH and Regulatory Affairs

A competent authority inspection requires more than documentation. A mock inspection or pre-inspection gap analysis tests whether the site and the team can respond under the conditions that actually occur during an inspection day.

Investor, PE, and M&A

GMP compliance status determines market access, cost to remediate, and timeline to revenue. A due diligence audit provides an independent picture of gaps, risks, and what it takes to reach a certifiable state.

Multi-site operations

Consistency across sites requires periodic independent verification beyond shared SOPs. We support audit programme design, cross-site consistency assessment, and system-level review.

Not sure which audit type fits your situation?

Describe the situation. We will identify the right audit type, scope, and format in a short call. There is no obligation to commit to an engagement before the scope is agreed.

Typical findings

What an audit reveals.

These are real findings categories that appear repeatedly across first-party, second-party, and pre-inspection audits of cannabis and pharmaceutical operations.

Data integrity

Batch records with retrospective corrections lacking proper marking. The site has no formal procedure for handling errors in GMP records.

Deviation management

Deviations closed without root cause analysis. No CAPA link, no trend review, no recurrence assessment.

Change control

Equipment and process modifications implemented without a formal change request. No validation assessment documented.

Training

Personnel training records incomplete or out of date against assigned SOPs. The training file lacks evidence of effectiveness assessment.

Pest control

Pest control records with documentation gaps and no trend analysis. No corrective action for recurring pest events.

Supplier qualification

Suppliers onboarded without qualification audit or written assessment. Purchasing based on commercial relationship alone.

FAQ

Common questions about audit scope and methodology.

An internal review is conducted by someone with operational familiarity and organisational interest. An independent audit applies external methodology, no familiarity bias, and no stake in the outcome. What internal teams normalise, an external auditor sees as a finding.

Related services

Independent audits before the pressure arrives.

Scope is agreed before starting. Written report on completion. IRCA PR 325 certified lead auditor.