GAMP-5 guides you to choose the right approach for software validation

GAMP Categories

The GAMP categories were originally introduced to provide an initial assessment as to the validation requirements / deliverables and to choose the validation approach and sever requirements

In GAMP 4 there were five software categories. These have been revised in GAMP5 to four categories as detailed below:

Category 1 – Infrastructure software including operating systems, Database Managers, etc.

Category 3 – Non configurable software including, commercial off the shelf software (COTS), Laboratory Instruments / Software.

Category 4 – Configured software including, LIMS, SCADA, DCS, CDS, etc.

Category 5 – Bespoke software

Category 2 from GAMP 4 has been removed. This related to firmware. At the time that GAMP4 was issued firmware was considered to be used for simple instruments. However as technology has advanced the it has been recognized that complex software can be embedded (firmware) within systems.

Why Categorize?

In GAMP 3 and GAMP 4 the purpose of the GAMP categories had clear purpose, identifying which validation deliverables were not required. Categories 1-3 were considered to standard systems and the System Life Cycle Design (SLCD) documentation were not required, this included

• Supplier Audits
• Functional Specifications
• Source Code Reviews in the ASTM E2500-07 standard that: This implies a level of governance to be applied over suppliers independent of the maturity or complexity of the software.
• While GAMP5 provides guidance to the approach based on the categories there are better rationales that can be put in place rather than the complexity of the software. For example a Laboratory Instrument (Category 3 – COTS) which is pre-use and post-use calibrated or runs standards along with the test need less verification than a system where only the results are relied on. This can be documented within the validation plan or the risk assessments.
• “Vendor documentation, including test documents may be used as part of the verification documentation, providing the regulated company has assessed the vendor”
• GAMP 5 still includes these categories however the benefits are not integrated within a Science and Risk Based Approach to validation and the ASTM approach.

   Pari.s