Articles and Insights

Get the latest news and updates from ECM Insights.


Become GxP Compliant in SharePoint Online


What is GxP Compliance?

GxP encompasses various quality guidelines and regulations, such as Good Laboratory Practice (GLP), Good Clinical Practice (GCP), and Good Distribution Practice (GDP). Additionally, other applicable standards exist depending on the industry and jurisdiction. In regulated industries like pharmaceuticals, biotechnology, and healthcare, compliance with Good Practice (GxP) regulations is crucial.

Organizations in these areas must adhere to specific standards set by regulatory bodies. Such bodies include:

  • U.S. Food and Drug Administration (FDA)
  • International Organization for Standardization (ISO)
  • European Union Medical Device Regulation (EU MDR)
  • European Medicines Agency (EMA)


GxP Requirement for a Document Management System

Documents and records are an important part of GxP Compliance and for that you need a Document Managment System to manage your information correctly. This System must meet the following GxP requirments to ensure your organization is GxP compliant:

  • Traceability:
    Maintaining an audit trail ensures that every change made to a document is recorded, including who made the change, when it was made, and the nature of the change. This traceability is essential for demonstrating compliance with regulations that require accurate documentation and tracking of activities.
  • Data Integrity:
    GxP regulations emphasize the importance of data integrity, ensuring that data is complete, consistent, and accurate throughout its lifecycle. By preserving your audit log history, organizations can demonstrate that their documents have not been tampered with and that any modifications were authorized and appropriately documented.
  • Accountability:
    Having an audit log trail promotes accountability among users who have access to documents. If any discrepancies or issues arise, organizations can easily identify who made specific changes and when, allowing for prompt investigation and resolution of potential compliance issues.
  • Regulatory Compliance:
    Many GxP regulations require organizations to maintain comprehensive records of activities related to product development, manufacturing, testing, and distribution. By preserving an audit history on their documents, organizations can demonstrate compliance with regulatory requirements during inspections and audits conducted by regulatory agencies.
  • Risk Management:
    An audit trail serves as a valuable tool for risk management by helping organizations identify potential areas of concern or non-compliance. By regularly reviewing audit logs, organizations can proactively address issues and implement corrective and preventive actions to mitigate risks and improve overall compliance.

One of the most popular Document Management Systems available today is Microsoft's SharePoint Online.


Is Microsoft 365 / SharePoint Online GxP Compliant?

SharePoint Online does support the GxP requirements listed above but only up to a point:

  • You can specifiy groups and provide users with access to particular document and folders within SharePoint Online.
  • You can enable Entra ID audit logging to determine who loged in and when.
  • You can enable SharePoint audit logging to determine all the user activity that has occured on individual documents or items within SharePoint Online.

With respect Traceability, Accountability and Risk Management, SharePoint Online falls short. Microsoft only keeps those audit log records for a short period of time depending on your licensing with Microsoft. With an E3 license, your audit logs are only kept for 180 days. With an E5 license, your audit logs are only kept for 1 year. After that, that audit history is gone.

If you have a lot of money to burn, Microsoft does have an option to preserve your audit logs for up to 10 years. The Audit Premium package is available but it requires all users to have an E5 license along with the Audit Premium add on. This is very expensive and still does not preserve your Audit History for the lifetime of your document. Click here to learn more.

There is a cost effective solution to use SharePoint as your Document Managment System and stay GxP Compliant at the same time.


How to stay GxP Compliant in SharePoint?

Audit Vault for M365 allows you avoid risk and stay GxP compliant with unlimited SharePoint Audit Log Retention.

ECM Insights Audit Vault for M365 will preserve your SharePoint Audit Logs for as long as you need them so your organization can stay GxP compliant. With Audit Vault's advanced searching and reporting features your SharePoint Online System becomes:

  • Traceable:
    All user activity is tracked. Your Microsoft 365 Audit Logs are preserved so that every change made to a file is saved, including the user that viewed, editied or deleted the document. The date and time of the SharePoint operation is also recorded.
  • Accountable:
    With Audit Vault, being able to access and report on the Microsoft audit log trail promotes accountability among users who have access to the information. If any discrepancies arise, users can easily identify who made any edits or changes and the date it occured.
  • Risk Adverse:
    Audit Vault allows you to easily review the audit logs within SharePoint. By proactively addressing premission and unauthorized access issues,organizations can improve their overall GxP compliance. For example, authorized users can run the following SharePoint audit reports:
    • Track all user activity in SharePoint
    • View what documents have been viewed by a user
    • Identify bulk sharePoint downloads
    • View the file activity by SharePoint site collection
    • View documents and folders edited by a user

In summary, your organization can stay GxP compliant in SharePoint Online with Audit Vault for M365. Preserving the audit history on documents is a fundamental aspect of GxP compliance. With Audit Vault for M365 and SharePoint, you are providing:

  • traceability,
  • ensuring data integrity,
  • promoting accountability,
  • facilitating regulatory compliance,
  • supporting effective risk management practices within regulated industries.

Become GxP Compliant in SharePoint Online with Audit Vault for M365.

Learn More About Audit Vault »