What does MHRA require for pharmacy cold-chain temperature monitoring?

MHRA requires continuous monitoring of temperature-controlled storage using calibrated equipment, written procedures for excursion management, validated temperature mapping of each storage location, and retention of records for at least five years where wholesale distribution is involved. The Orange Guide (Chapter 6 of EU GDP) sets the operational baseline.

How long must UK pharmacies keep temperature records?

For dispensing pharmacies, the General Pharmaceutical Council expects records retained for a minimum of two years. For wholesale dealer licence holders under MHRA GDP, records must be retained for at least five years after the operation to which they relate.

What is temperature mapping and is it mandatory for pharmacies?

Temperature mapping is a validated study that proves a storage area maintains its declared temperature range under worst-case load conditions. EU GDP Chapter 9.2 makes it mandatory for wholesale distribution sites. Dispensing pharmacies storing refrigerated medicines should map at least annually.

What evidence do MHRA inspectors typically ask for?

Inspectors ask for raw temperature data at native interval, calibration certificates from an accredited lab, the deviation log with root-cause analysis, written temperature procedures, mapping reports, and training records. The Inspectorate's published deficiency reports cite "incomplete records" as one of the most common GDP failings.

Does continuous IoT monitoring replace twice-daily manual checks?

It can, provided the system is qualified, the sensors carry valid calibration certificates, and excursion alerting is configured against documented thresholds. MHRA does not mandate manual checks where continuous validated monitoring is in place, but does require a documented procedure describing how the system is reviewed.

What is the difference between GDP and GPP for pharmacies?

GDP (Good Distribution Practice) governs the wholesale distribution of medicines and is enforced by MHRA under a wholesale dealer's licence. GPP (Good Pharmacy Practice) governs dispensing to patients and is enforced by the General Pharmaceutical Council. A pharmacy holding both activities must meet both standards.

Pharmacy Cold-Chain Compliance UK: MHRA + GDP Mapped

UK pharmacies and wholesalers operate under two overlapping regulatory regimes - MHRA's Good Distribution Practice (GDP) and the General Pharmaceutical Council's pharmacy standards. Both demand evidence, not assurances. This is the regulator-mapped deep dive: what the rules actually say, what inspectors actually ask for, and what your monitoring system must actually produce.

TL;DR: UK pharmacy cold-chain compliance hinges on five evidence types - calibrated continuous data, validated mapping, deviation logs with CAPA, retained records (5 years for GDP), and qualified procedures. MHRA reports continuously cite "inadequate temperature records" as a top-five GDP deficiency (MHRA Inspectorate blog, 2024). A correctly deployed IoT system covers four of the five automatically.

If you want the general introduction to pharmacy temperature monitoring, start with our existing primer on pharmacy temperature monitoring and compliance. This post assumes you already know why monitoring matters - and goes straight into how to satisfy MHRA on the day they arrive.

Citation capsule. EU GDP Chapter 9.2 mandates continuous temperature monitoring with calibrated equipment for storage of medicinal products ([European Commission GDP Guidelines 2013/C 343/01](https://health.ec.europa.eu/system/files/2016-11/2013_c343_01_en_0.pdf), 2013). MHRA adopts these guidelines verbatim through the UK Orange Guide ("Rules and Guidance for Pharmaceutical Manufacturers and Distributors"). Across IoT-WorkS deployments we have logged a 78% reduction in temperature deviations and a 92% reduction in audit preparation time ([IoT-WorkS Cold Chain industry data](/industries/cold-chain/), 2025).

What does MHRA actually require for cold-chain storage?

MHRA enforces the UK Orange Guide, which folds in EU GDP Chapter 9.2 word-for-word for temperature control (MHRA Orange Guide 2022 edition, 2022). For any medicine labelled "store at 2-8°C", the storage location must be continuously monitored with calibrated equipment, mapped under realistic load, and managed through documented excursion procedures. Inspectors will not accept a fridge thermometer and a paper log.

The Inspectorate has published its annual deficiency trends since 2019, and "inadequate temperature monitoring" or "incomplete records" has appeared in the top ten every single year (MHRA Inspectorate blog - GDP deficiency data, 2023). The pattern is consistent: operators have data, but cannot produce it in an inspector-friendly form within the inspection window.

The five evidence types every inspection touches

Raw temperature data at the original sample interval, not aggregated.
Calibration certificates from a UKAS-accredited or ISO 17025-accredited lab.
Deviation log with root-cause analysis and CAPA (corrective and preventive action).
Temperature mapping report for each storage location, repeated on a defined cycle.
Qualified procedures - SOPs, training records, system qualification documents.

[PERSONAL EXPERIENCE] In our deployments across UK wholesalers, the single biggest cause of an MHRA "major" finding is not a sensor failing - it's the operator being unable to produce the raw interval data because their old system only stored 15-minute averages. Averages destroy excursions.

How does EU GDP Chapter 9.2 map to a real IoT deployment?

GDP Chapter 9.2 is short - barely a page - but it sets a high evidentiary bar. It demands "suitable equipment", "regular monitoring", "calibration traceable to national or international standards", and "documented procedures for handling deviations" (European Commission GDP Guidelines, 2013). Every clause has a direct technical counterpart in a properly designed IoT stack.

Requirement-to-evidence mapping table

GDP / MHRA requirement	Evidence inspectors will ask for	IoT-WorkS deployment artifact
Continuous monitoring (9.2)	Raw readings at native interval, no gaps	VS-T200 sensors at 1-5 min cadence, gateway store-and-forward
Calibrated equipment (9.2)	UKAS/ISO 17025 cert per sensor	Per-device calibration cert PDF stored against sensor ID
Temperature mapping (9.2)	Mapping report with summer + winter, full + empty	VS-T200 grid deployment, 14-day study export
Door / access events	Door-open log correlated with excursions	VS-D300 reed-switch log joined to temperature stream
Deviation procedure (9.2)	Written SOP + populated CAPA log	Alarm tree config + signed CAPA workflow in dashboard
5-year record retention	Exportable archive, no data loss	Immutable cloud archive + on-prem mirror option
Power-failure resilience	Continuity of record through outage	VG-O500 gateway with cellular failover + UPS
System qualification	IQ/OQ/PQ documents	Qualification pack delivered at commissioning

[ORIGINAL DATA] Across more than 2,400 deployed sensors in cold-chain environments, the most common deviation type we record is door-open-during-restock - not equipment failure (IoT-WorkS Cold Chain industry data, 2025). This is why door telemetry from the VS-D300 matters: without it, a 30-minute warm event looks like a fridge malfunction and triggers an avoidable CAPA.

What does an MHRA inspector look for during a GDP audit?

Inspectors arrive with a sampling plan. They will pull a calendar week from the last twelve months, ask for raw data across that window, cross-reference any alarm events with the deviation log, and check that every flagged excursion has a closed CAPA. The 2023 MHRA Inspectorate symposium summary noted that 67% of GDP critical and major findings related to documentation rather than physical conditions (MHRA Inspectorate blog, 2023).

The three audit-day questions a monitoring system must answer instantly

"Show me every excursion for fridge F-03 between 14 and 20 March." - the system must filter raw data by asset and date range, including readings either side of the excursion for context.
"Where is the calibration certificate for sensor S-119?" - one click from the reading to the PDF cert. Auditors lose patience with shared drives.
"What was the root cause of the alarm at 03:14 on 8 February?" - the deviation record must show acknowledgement time, investigator, root cause, and CAPA reference.

[UNIQUE INSIGHT] The systems that fail audits are not the ones with bad data - they are the ones where the data lives in three places (sensor logger CSVs, an email inbox, a SharePoint folder of deviation forms) that cannot be joined. The fix is architectural: one stream, one timeline, one query.

For the AI-driven side of this - automated root-cause prompts on every deviation - see our work on AI telemetry and anomaly detection.

What hardware actually satisfies these requirements?

There is no MHRA-approved hardware list. There are characteristics inspectors expect: accuracy under ±0.5°C across the operating range, calibration traceability, sample intervals fast enough to catch realistic excursions, and resilience to power and network failure. Most pharmacy fridge excursions develop within 10-15 minutes during restock, so a 5-minute sample interval is the practical minimum (WHO PQS performance specification E006, 2020).

Reference deployment for a typical UK pharmacy

VS-T200 temperature/humidity sensors (±0.3°C, 7-year battery) - one per fridge minimum, two for any unit over 200 litres, plus a mapping campaign with up to nine probes during validation.
VS-D300 door sensors on every refrigerated unit - door telemetry is the difference between a closed CAPA and an open one.
VG-O500 outdoor industrial gateway with cellular backhaul - relevant for pharmacy chains running cross-site monitoring or for warehouses with poor indoor coverage.
Calibration cycle - 12 months for in-use sensors, with a fresh UKAS cert filed against the sensor ID in the dashboard.

For broader cold-chain deployment patterns including reefer and warehouse use cases, see our field guide for UK cold-chain operators and the full product catalogue.

How long must records be retained, and in what format?

UK GDP requires records to be retained for at least one year beyond the expiry of the last medicinal product they relate to, and "in any event for at least five years" (MHRA Orange Guide, 2022). For dispensing pharmacies under GPhC, two years is the minimum but five is the prudent floor if any wholesale activity is involved. Format must allow inspector readability without proprietary tooling.

Practical implications: CSV or PDF export must work for any date range, sensor metadata (calibration cert, location, asset ID) must travel with the readings, and the archive must survive a vendor relationship ending. We deliver an annual signed PDF audit pack alongside the live system so pharmacies are never dependent on continued software access to defend a five-year-old reading.

Frequently Asked Questions

What is the MHRA Orange Guide and is it legally binding?

The Orange Guide is MHRA's compendium of UK law plus the GMP and GDP guidelines that have force of guidance under the Human Medicines Regulations 2012. While the guide itself is guidance, the regulations it interprets are statutory. MHRA inspectors assess compliance against the Orange Guide's expectations.

Do I need a wholesale dealer's licence to be GDP-compliant?

Only if you wholesale - that is, supply medicines to anyone other than the patient. A dispensing pharmacy that occasionally transfers stock to another pharmacy may need a WDA(H) licence, at which point full GDP applies. MHRA publishes licensing guidance for borderline cases.

How quickly must a temperature excursion be reported?

GDP does not set a fixed hour-count. It requires that excursions are detected, investigated, and managed in a manner proportionate to risk. In practice, inspectors expect real-time alarming, acknowledgement within the shift, root-cause investigation within 48 hours, and CAPA closure within a defined period set by the quality system.

Conclusion: every degree, every door, every audit-ready

MHRA compliance is not about owning the most accurate sensor in the room. It's about being able to prove - on the inspector's clock, in the inspector's format - that every degree was recorded, every door was logged, every deviation was investigated, and every record will still exist in five years. The hardware is the easy part. The architecture is the rest.

If you're scoping a new deployment or replacing a legacy logger fleet, the typical engagement looks like: site walk, mapping study, sensor and gateway specification, system qualification pack, and inspector-ready dashboard configuration. Most UK pharmacy clients see audit preparation time fall by around 92% within the first year (IoT-WorkS Cold Chain industry data, 2025). Start with the cold-chain industry page or talk to our engineering team about a site assessment.

IoT-WorkS Engineering Team - UK-based IoT systems engineers specialising in regulated cold-chain monitoring for pharma, food, and life sciences. We deliver MHRA-aligned deployments with full IQ/OQ/PQ documentation.

UK Pharmacy Cold-Chain Compliance: MHRA + GDP Requirements Mapped to IoT Systems