One thing most validation professionals seem to agree on is that the industry uses a lot of acronyms. Just listen in on any discussion involving validation and you will likely be bombarded by them: URS, IQ, UAT, and GxP (we once put together a list, check it out here). Add in buzzwords like gap analysis and risk management and sometimes it may seem like your company’s validation team is speaking a language all of their own.
One of the most widely used terms in computer system validation jargon is GAMP®5. Surely you have heard of it, but perhaps you are new to validation or you have limited experience in the validation of computerized systems. You may be asking yourself: “What’s with all the hype? Is this a subject I should learn more about?” In this article, I’ll attempt to answer these questions by providing a brief overview of GAMP®5, by highlighting some of the benefits and by offering advice on how to apply its principles within your organization.
What is GAMP®5?
GAMP stands for Good Automated Manufacturing Practice. Usually, when one hears the terms GAMP®5, it is in reference to a guidance document entitled GAMP®5: A Risk-Based Approach to Compliant GxP Computerized Systems. This document is published by an industry trade group called the International Society for Pharmaceutical Engineering (ISPE) based on input from pharmaceutical industry professionals.
In a nutshell, GAMP®5: A Risk-Based Approach to Compliant GxP Computerized Systems provides a framework for the risk-based approach to computer system validation where a system is evaluated and assigned to a predefined category based on its intended use and complexity. Categorizing the system helps guide the writing of system documentation (including specifications and test scripts and everything in between).
GAMP®5’s approach can be summed up by the V-model diagram. The V-model juxtaposes the specifications produced for a system to the testing performed as part of the verification process. The types of specifications associated with a system are tied to its degree of complexity. For example, for a configured product (Category 4), requirements, functional and configuration testing is conducted to verify the requirements, functional and configuration specifications. However, functional and configuration specifications are not required when using commercial off-the-shelf software (Category 3). As a result, the extent of the testing performed would also be reduced.
The aim of conducting verifications is to demonstrate that the system functions as intended. This is accomplished by using the requirements and specifications as an objective standard to which the system is tested. The test scripts are traced to the requirements and specifications they verify. If the test passes, the executed test script serves as documented evidence that the associated requirements and specifications were met.
Advantages of using GAMP5’s approach
The strategies defined in GAMP®5: A Risk-Based Approach to Compliant GxP Computerized Systems are guidelines, not regulations. It is, therefore, not mandatory to follow this methodology. However, the framework outlined in this guidance document provides a comprehensive approach to computer system validation that is generally accepted within the industry. Moreover, the risk-based approach advocated is in line with the application of the European EMA and US FDA regulations governing computer system validation, Annex 11 and 21 CFR Part 11, respectively.
Aside from being an excellent tool to help ensure regulatory compliance, GAMP®5 is also useful when determining the scope of testing. The risk-based approach allows you to concentrate your testing efforts on the high-risk areas of the system while aiding in the formulation of a rationale for performing reduced testing on areas deemed low-risk. As a result, testing can be tailored to the system being validated. This makes the validation effort more efficient while still demonstrating that the system works as intended.
Another advantage of implementing GAMP’s approach to computer system validation is that ISPE also publishes reference materials that are specific to various systems requiring validation. ISPE’s comprehensive series of “Good Practice Guides” focusing on best practices can help you apply the risk-based approach recommended by GAMP5 to the systems utilized by your organization. For additional guidance related to testing, you can consult the GAMP®5 Good Practice Guide: A Risk-Based Approach to Testing of GxP Systems. Good practice guides are also available for just about every type of GxP computerized system, such as GxP process control systems, GxP systems used to apply electronic signatures and GxP laboratory systems.
Tips for Implementing the Approach
The comprehensive guidance provided by GAMP®5 means that it can be used both when developing internal procedures for new processes and when benchmarking current practices. The guidelines apply not only to validation activities but also to a variety of processes within your organization, such as risk management, supplier relations and system maintenance. Consequently, it is important to take a holistic approach to apply GAMP®5 by incorporating the principles in the relevant processes. At the same time, make sure that you are not blindly applying the GAMP methodology. Carefully review the GAMP guidance with subject matter experts to ensure that the recommended approach is appropriate for your systems and organization.
Ultimately, GAMP®5 is a valuable reference tool. If a situation arises that you are not sure how to handle, it can be helpful to consult the guidance documentation before choosing your approach. Many of the guidelines in GAMP®5 come down to common sense. Implementing a procedure governing the routine back-up of data or performing periodic reviews to ensure that systems remain compliant over time are simply good business practices. Nevertheless, it doesn’t hurt to have a guidebook to outline these practices and to provide a framework for integrating them within your organization.
When you consider that this methodology can also help you ensure that your systems comply with applicable regulations, it’s clear that GAMP®5 lives up to the hype. Whether you are just starting out in validation or a seasoned pro, it is definitely worth keeping a copy of GAMP®5: A Risk-Based Approach to Compliant GxP Computerized Systems handy. Also, think about systematically applying these practices to your organization’s computer system validation activities to optimize the process and to help ensure that your systems consistently function as intended.