A detailed overview of Good Automated Manufacturing Practice guidelines (GAMP® 5). Read on to learn more about who it applies to, its contents, requirements, and systems validation according to GAMP® 5!
Computer-based systems validation in regulated industries is no walk in the park. To create a computer-based system that serves its purpose in a reliable, transparent, and most importantly safe way, companies developing pharmaceutical products need to meet various predefined requirements. That’s where GAMP comes in.
GAMP — or the Good Automated Manufacturing Practice — is the definitive industry guideline for creating compliant computer systems. Created in 1991 by pharmaceutical professionals, it was specifically designed to address industry needs and meet the evolving expectations of the FDA and regulatory bodies in Europe for computer system compliance and validation.
In essence, GAMP represents a structured approach to validating computer systems in digital pharmaceutical products. GAMP® 5 is the latest standard of the guideline; it was released in February 2008 by the International Society for Pharmaceutical Engineering, also known as ISPE.
It is important to note that rather than being a regulation, GAMP® 5 is a set of principles and procedures created to help validate automated computer systems for manufactured pharmaceutical products. In other words, this guideline helps manufacturers meet regulations they must comply with to go to market. These best practices are respected and used by regulated companies and their suppliers all over the world.
GAMP® 5 aims to provide a comprehensive explanation of how pharmaceutical companies should validate their computer systems. In practice, this means that these recommendations apply both to the users of automated pharmaceutical products, as well as the manufacturers who create and market them.
For users, the guideline outlines the principles that they should be aware of which assure computerized pharmaceutical products are appropriate for their intended purpose. For manufacturers, GAMP® 5 guides them to ensure their products meet necessary standards according to a risk-based approach to compliance.
As a whole, the guideline provides an interpretation of regulatory requirements in the field of pharma manufacturing, specifically, about computerized pharmaceutical production systems. First it outlines commonly used terminologies so that everyone can align on the production approach it suggests depending on the category of product. It then establishes a system lifecycle approach which covers good practices for the whole production process.
The guide also outlines a formal process of documentation, testing, and procedure that validate the necessary specifications for the product. It begins with a User Requirements Specification, which leads to a Functional Requirement and a Design Specification. The latter two elements form the foundation of a traceability matrix which creates a basis for formal testing. Testing leads to (ideally) Internal Acceptance, Factory Acceptance, and Site Acceptance.
The five main principles of GAMP® 5’s risk-based approach to compliance are as follows:
If pharmaceutical companies take these guidelines on board carefully and apply them, their products will be up to standards and they can avoid running into any complications in testing and auditing.
Software categories are key to supporting the approach according to GAMP® 5 validation. To kick things off, systems are first evaluated and categorized by predefined labels depending on what the manufacturers intend to use it for and how complex the system is.
Then, rather than a “one size fits all approach”, GAMP® 5 standards recommend different lifecycles depending on the category of software the product falls into:
This refers to the operating system where the application software resides. (Examples: operating systems, databases, programming languages)
This category includes software which can meet the requirements of the business process without modification, or is ‘used as installed’, as well as configurable software that is used but only with its default settings. (Examples: commercial off the shelf software, lab instruments, Programmable Logic controllers)
Here the guideline describes software applications which are configured to meet user-specific business needs, which is the broadest and most complicated category of the four. (Examples: LIMS, SCADA, DCS, etc.)
The last category includes software that is created to meet a bespoke business need. This is possibly the riskiest category, since it is often developed in-house from scratch and then customized, meaning a higher level of risk in the code.
At first, it may seem like just another standard to adhere to (understandably) – but GAMP® 5 is here to make your life easier in the long run. It aims to clarify the requirements you must meet, establish a common language as well as clear roles and responsibilities for all involved, and promote processes based on industry best practices.
Using a risk-based approach will also encourage you to plan and execute testing logically, focusing on areas of high risk and avoiding duplicate activities. Not to mention that it aligns with both US and EU regulations which govern computer system validation, 21 CFR Part 11 and Annex 11 respectively, as well as various other international standards.
By adhering to this guideline, you can significantly reduce risk when developing your product, confidently expand to new markets, and guarantee that your products are safe and fit for use.
Computer software validation in regulated industries can be tricky, and GAMP® 5 validation is no exception. The software categories are broad and open to interpretation, and there is often ambiguity about where a certain software application falls. This has a chain reaction effect and influences how much validation work companies put into it.
GAMP® 5 also struggles to establish clear procedural controls. Although it provides guidelines and information on validating automated systems, it does not propose a concrete procedure for checking that those processes are in fact in place. Change management and control are also somewhat lacking in this guideline, which means that new modifications along the way can put system validation at risk.
In other words, companies should not rely solely on checking off a ‘GAMP® 5 checklist’ as it were, but should rather establish a more thorough validation process which this standard forms a crucial part of.
Using a quality management system with a predefined template is the first step to expediting the validation process and making going to market a thorough and rewarding process.
Hanna Taller is a content creator for PTC’s ALM Marketing team. She is responsible for increasing brand awareness and driving thought leadership for Codebeamer. Hanna is passionate about creating insightful content centered around ALM, life sciences, automotive technology, and avionics.