Is Business Central GxP Compliant?

By Thomas Brünger, Managing Partner

gxp · complianceJuly 18, 2026

No — Microsoft Dynamics 365 Business Central is not GxP compliant out of the box. No ERP system is. GxP compliance is a property of the implemented and validated system, not of the software licence: it is achieved through risk-based configuration, appropriate controls, and computer system validation (CSV) against documented requirements.

What GxP compliance actually requires

For an ERP system in a GxP environment, "compliant" means the system demonstrably meets the applicable regulations — EU GMP Annex 11, 21 CFR Part 11, and GAMP 5 for the validation approach. In practice that means data integrity across the record lifecycle (ALCOA+), a tamper-evident audit trail, least-privilege access control with segregation of duties, electronic signatures where the process requires them, change control, and a documented validation package (URS, IQ/OQ/PQ, and a validation summary report).

How compliance is achieved

Business Central provides the platform capabilities; the compliance comes from how they are configured and validated for your intended use. A risk-based approach (CSA under GAMP 5) directs the effort to the functions that carry regulatory and patient risk. Get GxP validation for Business Central right, and the system is defensible in an inspection.

Independent architecture governance can confirm the design and documentation meet the standard before an audit — regardless of who implements.

Frequently asked questions

What does GxP compliance require from an ERP system?
Data integrity (ALCOA+), a tamper-evident audit trail, access control with segregation of duties, electronic signatures where required, change control, and documented validation (IQ/OQ/PQ) against approved requirements.
Can Business Central online (SaaS) be GxP compliant?
Yes. The same validation lifecycle applies; supplier qualification shifts to assessing Microsoft's documented controls, and SaaS updates are handled under change control.