Chap­ter 7 “Out­sour­ced Ac­ti­vi­ties” of the EU GMP Gui­de­lines deals with the re­spon­si­bi­li­ties of the con­trac­tor and con­trac­ting en­ti­ty in the case of out­sour­ced ac­ti­vi­ties. Ba­si­cal­ly, the chap­ter sta­tes that all GMP pro­ces­ses and their sup­port­ing pro­ces­ses to be out­sour­ced must be ade­qua­te­ly de­fi­ned, ag­greed upon and con­trol­led. The con­trac­tor and the con­trac­ting en­ti­ty should have a writ­ten con­tract con­tai­ning all re­s­pn­si­bi­li­ties and ag­gree­ments on with re­spect to the out­sour­ced ac­ti­vi­ties. The con­trac­ting en­ti­ty is ob­li­ged to con­trol the ac­ti­vi­ties to be per­for­med by the con­trac­tor. Mo­reo­ver, he is re­spon­si­ble to safe­guard that con­trol­ling pro­ces­ses exist for all out­sour­ced ac­ti­vi­ties. Pri­or to sourcing out, he must as­sess the ade­quacy and com­pe­tence of the con­trac­tor. The GMP prin­ci­ples de­scri­bed in the gui­de­line and their ob­ser­van­ce must be gua­ran­teed by the con­trac­tor in the contract.

Ac­cor­din­gly, the con­trac­tor must per­form the tasks as­si­gned to him sa­tis­fac­to­ri­ly and ful­fil his con­trac­tu­al ob­li­ga­ti­ons. Mo­reo­ver, he is ob­li­ged to em­ploy qua­li­fied per­son­nel. It must be en­su­red on the contractor’s side the pro­vi­ded ser­vices, in this case, the com­pu­ter-ba­sed sys­tems, meet the spe­ci­fied re­qui­re­ments at all times and are ade­qua­te for the in­ten­ded pur­po­se. Un­aut­ho­ri­zed ch­an­ges to ac­ti­vi­ties or data are strict­ly pro­hi­bi­ted. Out­sour­ced ac­ti­vi­ties as well as the agreed con­tract may be sub­ject to in­spec­tion by the re­spec­ti­ve aut­ho­ri­ty at any time. The con­trac­tor must be awa­re of this.