GAMP 5 for GxP Compliant Computerized Systems

What is GAMP 5

GAMP®5 stands for Good Automated Manufacturing Practices issue 5. The GAMP 5 Guide is meant to assist pharmaceutical manufacturing companies in managing GxP Regulated systems. The GAMP guideline is purely advisory and has no legal obligation. Yet, the guideline is referenced by many regulatory agencies worldwide.

What is the Purpose of GAMP 5

The purpose of GAMP 5 is to achieve compliant computerized systems that are fit for intended use in an efficient and effective manner to meet current regulatory requirements.

It facilitates the interpretation of regulatory requirements. This also aims to safeguard patient safety, product quality, and data integrity, while also delivering business benefit.

Scope

The GAMP 5 Guide is intended for use by regulated companies, suppliers, and regulators. Suppliers include providers of software, hardware, equipment, system integration services, and IT support services, both internal and external to the regulated company.

GAMP 5 History

A few UK based pharmaceutical experts initiated the work on the GAMP guideline for better management of GxP compliance. Eventually, they joined forces with the International Society for Pharmaceutical Engineering (ISPE) and published the first GAMP guideline in 1995.

Many revisions in the guideline were published after the first issue. The last two revisions are GAMP4 (published in 2001) and GAMP5 (published in 2008).

Concept

The most recent revision is conceptually grounded on the science-based risk management strategy mentioned in 21st Century regulatory GxP compliances and the ICH Q8, Q9 & Q10. GAMP also designed GAMP 5 to be compatible with IEEE standards, ISO 9000 and 12207, IT Infrastructure Library (ITIL), and other international standards such as PIC/S Guidance Practice for Computerized Systems in Regulated GxP Environments. The following figure inspired from GAMP documentation summarizes the structure of the document.

GAMP 5 infographic: Guide pyramid This graphic is GAMP®5 inspired

Key Principles

The Five Key Principles of the guideline are as below:

Key Principle 1: Product and Process Knowledge

Starting with the product and process knowledge helps in critical and non-critical aspects. It is essential to determine system requirements and to make decisions based on risk assessment, to ensure that the system is “suitable for use”. While determining this suitability, attention should be focused more specifically on “those aspects crucial to patient safety, product quality and data integrity”.

Key Principle 2: Lifecycle approach

According to GAMP5, the life cycle of a computerised system should be defined within the quality management system (QMS). It allows for a consistent approach across all systems. There are four major phases defined for any system:

GAMP 5 infographic: Lifecycle approach This graphic is GAMP®5 inspired

- Concept:
  This stage is out of the GAMP scope. At this stage manufacturers are considering possible automation opportunities, listing out the initial requirements and searching for suitable computerised system suppliers.
- Project:
  This is the stage at which organizations release a computerized system based on the GxP compliance assessment. The Project phase consists of five important process steps as depicted in V-Model given below.

GAMP 5 infographic: V-Model Project This graphic is GAMP®5 inspired

- Operations:
  This is a stage at which a computerised system is used in day to day operations. This is the longest phase in the lifecycle of a product. The main objective in this case is maintenance of the product in the validated state. The examples of essential process at this stage are change control and disaster recovery.
- Retirement:
  This is the stage at which a computerized system is retired, decommissioned or migrated. The retirement phase is not officially defined in GAMP, but the operations needed for retirement are described in the operation stage.These activities may include the retirement plan, data management after the retirement.

Key Principle 3: Scalable

GAMP-5 advises to look for scalable approaches while developing a computerised system. Scalability can be achieved with the help of a “V” model, which can be extended or even reduced based on the scale or scope of the system that is being validated. The GAMP 5 guideline elaborates three practical examples of the “V” model.

Key Principle 4: Quality Risk Management

The risk based prioritization is helpful to spend more time and effort on critical aspects to the quality. GAMP 5 advises to do more rigorous testing on critical to quality aspects. It enables companies to focus on critical aspects of the information system and to develop controls to mitigate the associated risks. It is where a clear comprehension of the product and the process is crucial to determine the potential risks to the patient safety, product quality and data integrity.

GAMP 5 infographic: Quality Risk Management Key points This graphic is GAMP®5 inspired

Key Principle 5: Leverage Supplier Activity

The guideline also proposes to leverage supplier expertise and activity support for smarter and faster adoption of the computerised system.It applies more specifically in assisting the manufacturer with : maintenance, testing and technical support, collection of requirements and configuration of the information system.

GAMP 5 Categories

The GAMP 5 guidance provides a risk based approach for classifying softwares according to risk involved in GxP and Functional compliance. The category 2 that was associated with firmwares in the GAMP 4 is removed from GAMP 5. The classification system is as follows:

Category	Software Type	Activity Level
1	Infrastructure (OS, DB, MW, etc.)	Not subject to specific functional Verification Features are functionally tested and challenged indirectly during testing of the application Identity and version numbers of layered software and operating systems should be documented and verified during installation
3	Non-configurable Software	Verification of the installation Acceptance testing and “fitness for use” Testing comprises of risk assessment, supplier assessment, acceptance testing and “fitness for use”
4	Configurable Software	Testing comprises: Correct installation and Configuration Functional testing because of risk analysis or the supplier assessment Acceptance testing and “fitness for use” compared to requirements
5	Customizable Software	Testing comprises: Correct installation Functional & Design Specification Functional testing on the basis of risk assessment and supplier assessment Acceptance testing and “fitness for use” compared to requirements

As per this classification system the risk associated with each category type increases from sequentially from Category 1 to Category 5. The more the risk associated with the category, a more rigorous Computer System Validation (CSV) approach is needed for the system. Higher the GAMP5 category higher activity is needed to be performed at specification and validation steps of the project phase V-model.This is how the guideline enables manufacturers to make more rational decisions.

Conclusion

GAMP 5 is the most comprehensive guideline for validating the computerised systems to meet GxP requirements. It is coherent with the current GxP requirements defined by the EU & US regulatory agencies. The GAMP 5 revisions account for constantly changing developments and requirements.

The correct GAMP 5 application allows the manufacturers to reduce significantly on the time and costs necessary for the validation as well as the maintenance of their (compliant) systems. Most importantly it prepares the manufacturers to overcome government audits and inspections more easily.

Scilife Blog