Discover the differences of the GAMP?5 Second Edition

With the newly issued 2nd edition of the GAMP ?5 guide, ITS will be delivering courses to help you understand the differences. If you are keen to find out more please register your interest by emailing: [email protected]

This article provides summary information on the GAMP? 5 Guide Second Edition July 2022.

It specifically provides: 1. Summary of Need for GAMP?5 2. Overview of GAMP? Documentation Structure 3. GAMP? 5 Main Body Structure 4. GAMP? 5 Appendices 5. New and Revised Material

1. Summary of the Need for GAMP? 5 and the Second Edition

The GAMP? Guide has been significantly updated to align with the concepts and terminology of recent regulatory and industry developments.

These regulatory and industry developments focus attention on patient safety, product quality, and data integrity. This remains a key driver for both editions of the GAMP? 5 Guide.

The first edition focused on the need to:

? Avoid duplication of activities (e.g. by fully integrating where possible, engineering and system activities to ensure they are only executed once)

? Fully leveraging supplier activities to the utmost extent, whilst retaining the ability to ensure fitness for intended use

? Scale all life cycle activities and associated documentation according to risk, complexity, and novelty

? Accepting that most computerised systems and interfaces are configurable and are frequently interfaced with other packages

? Recognising that traditional linear or waterfall development models are not the most appropriate in all cases.

2. Overview of GAMP? Documentation Structure

The GAMP? 5 Guide forms part of a group of documents that jointly provide a comprehensive body of knowledge and information covering the majority of facets of computerised systems good practice and compliance.

The GAMP? 5 Guide comprises a Main Body and a set of supporting Appendices.

GAMP?5 Guide Principles and Framework

Appendices

Management, Development Operation, Special Interest, General

Good Practice Guides

Laboratory, Global Information Systems, Process Controls, Infrastructure, Calibration Management, Testing, Electronic Data Archiving, Electronic Records & Signatures

The Main Body provides principles and a life cycle framework applicable to all GxP regulated computerized systems.

The content has practical guidance on a range of specific topics for example: planning, specification, risk management, testing, operation, and change management guidance are provided in the supporting Appendices.

A new set of appendices is also provided in GAMP? 5 Second Edition, to cover topics of current interest such as Artificial Intelligence and Agile working, and some appendices have been removed. The full list of Appendices is found after the Table of Contents.

Separate GAMP? Good Practice Guides (GPGs) cover the application of these general principles and framework to specific types of systems and platforms. Other GPGs provide detailed approaches to specific activities and topics.

3. GAMP? 5 Second Edition Main Body Structure

The Main Body introduction covers the purpose, scope, benefits, and structure of GAMP? 5. Subsequent sections of the Main Body cover the following topics:

? Key Concepts

? Life Cycle Approach

? Life Cycle Phases:

• Concept
• Project
• Operation
• Retirement

? Science Based Quality Risk Management

? Regulated Company Activities:

• Governance for Achieving Compliance
• System Specific Activities

? Supplier Activities

? Efficiency Improvements

The key concepts described in Section 2.1 are the five concepts, based on present and modern industry thinking, which underpin the rest of the document.

The computerised system life cycle encompasses all activities from initial concept, and understanding the requirements, through development, release, and operational use, to system retirement. Section 3 describes these activities and how they are related.

Section 4 describes the project life cycle phase in more detail:

? Planning

? Specification, Configuration, and Coding

? Verification

? Reporting and Release

The key supporting processes of risk management, change and configuration management, design review, traceability and document management are also introduced.

Quality risk management is a systematic approach for the assessment, control, communication, and review of risks to patient safety, product quality, and data integrity. It is a continuous process applied throughout the entire system life cycle. Section 5 describes this approach, and how the activities should be based on good science and product and process understanding.

Ensuring compliance and fitness for purpose is the responsibility of the regulated company. Effective and consistent regulated company activities for individual systems require a framework of organisation and governance which is clearly defined. This section covers aspects such as policies, responsibilities, management, and continuous improvement. These and system specific regulated company activities are covered in Section 6.

While the responsibility for compliance lies with the regulated company, any supplier utilised also has an impact. Section 7 provides an overview of typical supplier activities.

The Guide continues to provide information to enable a workable framework for achieving compliant computerised systems that are fit for intended use, the best results though are when the framework is applied productively in the context of a particular organisation. In terms of efficiency improvements these key areas are covered in Section 8.

GAMP? 5 Second Edition Appendices

Practical guidance on a wide range of specific topics is provided in the following appendices, which are grouped as management, development, operational, special interest, and general appendices.

Management Appendices

• Appendix M1 Validation Planning
• Appendix M2 Supplier Assessment
• Appendix M3 Science Based Quality Risk Management
• Appendix M4 Categories of Software and Hardware
• Appendix M5 Design Review and Traceability
• Appendix M6 Supplier Quality and Project Planning
• Appendix M7 Validation Reporting
• Appendix M8 Project Change and Configuration Management
• Appendix M9 Document Management & Information Management
• Appendix M10 System Retirement
• Appendix M11 IT Infrastructure (New Appendix topic second edition of GAMP?5)
• Appendix M12 Critical Thinking (New Appendix topic second edition of GAMP?5)

Development Appendices

• Appendix D1 Specifying Requirements (significantly updated)
• Appendix D2 Functional Specifications (retired, content now incorporated in Appendix D1)
• Appendix D3 Configuration and Design
• Appendix D4 Management, Development, and Review of Software
• Appendix D5 Testing of Computerised Systems
• Appendix D6 System Descriptions
• Appendix D7 Data Migration
• New Appendix topics second edition of GAMP? 5:
• Appendix D8 Agile Software Development
• Appendix D9 Software Tools
• Appendix D10 Distributed Ledger Systems (Blockchain)
• Appendix D11 Artificial Intelligence & Machine Learning (AI/ML)

Operation Appendices

• Appendix O Introduction to Operation Appendices
• Appendix O1 Handover
• Appendix O2 Establishing and Managing Support Services
• Appendix O3 System Monitoring
• Appendix O4 Incident & Problem Management
• Appendix O5 Corrective and Preventive Action
• Appendix O6 Operational Change and Configuration Management
• Appendix O7 Repair Activity (Removed from second edition of GAMP? 5)
• Appendix O8 Periodic Review
• Appendix O9 Backup and Restore
• Appendix O10 Business Continuity Management
• Appendix O11 Security Management
• Appendix O12 System Administration
• Appendix O13 Archiving and Retrieval Special Interest Topics

Appendices

• Appendix S1 Alignment with ASTM E2500
• Appendix S2 Electronic Production Records (EPR) (significantly updated)
• Appendix S3 End User Applications Including Spreadsheets
• Appendix S4 Patch & Update Management
• Appendix S5 Managing Quality within an Outsourced IS/IT (Removed from second edition of GAMP? 5)
• Appendix S6 Organizational Change

General Appendices

• Appendix G1 GAMP Good Practice Guide Summary (Changed to “References” in second edition of GAMP? 5)
• Appendix G2 Glossary and Acronyms
• Appendix G3 References (Removed from second edition of GAMP? 5)

New and Revised Material

In the second edition of GAMP? 5 emphasis is given to continuing to provide a cost-effective approach to compliance and demonstrating fitness for intended use. To support this, new and updated guidance is given on the following aspects:

? The increased importance of IT service providers such as the cloud service providers

? Approaches to software development such as incremental and iterative models and methods

? Guidance on new & developing technology such as Artificial Intelligence and Machine Learning, block chain, cloud computing and Open-Source Software

? Emphasis on the importance of critical thinking rather than primarily compliance driven approaches

? Continuing to consider the concepts of Computerised Software Assurance(CSA)

? How to create knowledge throughout the lifecycle approach allowing improved management as a key asset

? Guidance to accelerate pharma performance (Smart Factory) and improve digitalisation

? Reiterating the importance of effective governance to achieve and maintain compliance

? Continuing to provide a scalable approach to achieve and maintain GxP compliance, driven by novelty, complexity, and risk to patient safety, product quality, and data integrity

? APQ (Advanced Pharma Quality)

New information is provided in specific appendices on the following topics of special interest to industry:

? Agile Software Development

? Software Tools

? Distributed Ledger Systems (Blockchain)

? Artificial Intelligence & Machine Learning (AI/ML)

Additionally information on Cloud computing and Cloud services providers can be found in Section 4 Life-cycle Phases, Section 7 Supplier Activities and Appendices M1, M2, M3, M10, M11, M12, D1, D3, D5, D7, D9, D10, O6, O9, O10, O11, O13, S2 and G1.

Additional information on Open-Source software is found in M2, M4 and D4.

Additional information on data integrity considerations have been added throughout the GAMP? 5 Guide Second Edition.

Removal of information in GAMP? 5 First Edition:

? Functional Specifications – retired– content is incorporated in Appendix D2 Specifying Requirements Repair Activity – considered part of system maintenance – see Sections O2 Establishing and Managing Suppliers and O6 Operational Change and Configuration management

? Managing Quality within an Outsourced IS/IT – covered in M11 IT Infrastructure

? GAMP Good Practice Guide Summary – removed (not required)

In summary, the second edition of GAMP? 5 has been updated to address the changing environment while still satisfying current international GxP regulatory expectations.

The document represents current industry good practice and continues to expand on the founding principles of earlier Guide versions. The scope has been widened to include updated technical content reflecting the increased importance of IT such as cloud service providers and new software development methodologies and the widespread availability and use of software tools. Also, the increase in automation to achieve greater control, including the use of agile methodologies, is continuing to improve quality ensuring risk remains low throughout the lifecycle.