The world of regulation has always been a minefield of both complex rules and a multitude of very specific terms that can confuse and make the entire process of complying with guidelines even more difficult.
A newer edition to the regulatory landscape of the pharmaceutical industry, in particular, is GAMP®5, which stands for Good Automated Manufacturing Practice 5. GAMP®5 extensively covers many different regulations and how to comply with them.
Such new additions can be challenging to understand in depth from just their documentation. That is why BGO Software has endeavored to learn more on the subject and share this knowledge with others.
One of the ways the task is accomplished is by speaking with Software Architect Harry Birimirski, who has not only years of experience in the field of pharmaceutical software development but has also worked on several different projects together with BGO that have successfully passed regulatory inspections.
GAMP®5 which is a set of regulations and guidelines is used directly by the pharmaceutical and life sciences industries to validate automated systems. The teams that develop and maintain these regulations are with the International Society for Pharmaceutical Engineering (ISPE).
GAMP®5 is responsible for the proper validation, compliance, and correct use of automated systems, which include software products, in the pharmaceutical industry.
There is a specific approach that GAMP®5 takes when evaluating a system. The method is intended to categorize a system according to predetermined parameters of criticality which we will look at in more detail below. This categorization is meant to show what kinds of testing, validation, and documentation a certain system requires before labeling it as compliant.
Category 1 – Software that could impact patient safety and product quality
This category includes software directly involved in patient treatment, diagnosis, or critical manufacturing processes. Failure or malfunction of Category 1 software could have a severe impact on patient safety and product quality. Extensive testing and documentation are required.
Category 2 – Software that could impact product quality
This software may not directly affect patient safety but can impact product quality. For example, software used in manufacturing processes, quality control, or product testing falls into this category. Rigorous testing and documentation are necessary.
Category 3 – Software that supports but does not impact product quality
Category 3 includes software that provides support functions but does not directly affect product quality. Commercial off-the-shelf (COTS) software used for administrative purposes is often categorized as Category 3. Testing and documentation are less extensive compared to Categories 1 and 2.
Category 4 – Non-configured software for Category 1 or 2 systems
This category covers software that, when used as intended in Category 1 or 2 systems, could impact patient safety and product quality. For these systems, testing and documentation are comprehensive.
Category 5 – Non-configured software for Category 3 systems
Similar to Category 4, Category 5 involves non-configured software. However, it applies to systems in Category 3, where the impact on product quality is lower.
An important thing to mention here is that the different categories go through four distinct steps of testing software according to their level of criticalness. The first step is Unit/Integration testing which is evaluating whether the design specifications are correct.
The second step is Configuration testing which is intended to make sure the exact configurations for the software are in order. Functional testing is something all categories go through to see if the functions listed in the documentation are all working properly.
The final step is requirements testing which is a validation all software goes through to prove it meets all set guidelines and needs of the challenge it is meant to solve.
How GAMP®5 makes the guidelines last?
Even though the set of regulations that is GAMP®5 provides an effective way to manage developing software and make sure it is properly tested before release, it also makes sure that even after release everything is up to standards and will be in the future in case of any additional inspections.
One of the ways the process accomplishes this is by defining the exact system user and supplier responsibilities. Users are responsible for specifying their requirements, while suppliers must ensure that systems meet these requirements.
Another approach GAMP®5 takes to make future-proof software is to demand proper documentation. Everything and anything about a project has to be documented, starting from the system functions to the hardware specifications and the technologies used for the entire system.
This documentation can then be easily referenced in the future when needed. GAMP 5 provides guidelines for maintaining validated systems throughout their lifecycle and the procedures for retiring or replacing them.
A very important aspect to not leave out is that GAMP®5 meets all international regulatory standards, such as FDA regulations and the European Medicines Agency (EMA) guidelines.
Why is GAMP®5 better than other methodologies?
“After the COVID pandemic, regulators have become more understanding in the rules they impose but in no way less fair.”
Harry Birimirski, Senior Solution Architect at BGO Software
According to Harry, auditors of pharmaceutical software have been more lenient after the pandemic not by ignoring any rules, but by applying them in a more understanding way.
In such an industry regulations are what guard the people from potentially harmful products and the inspectors for such products are strict but with full right to be so. GAMP®5 is one of many sets of guidelines that companies can adopt to be compliant with regulation.
GAMP®5 is fundamentally a risk-based approach for compliant GxP computerized systems and provides guidance rather than enforceable regulations. This approach helps ensure regulatory compliance and facilitates focused testing, allowing you to concentrate efforts on high-risk areas, thereby increasing testing efficiency.
The methodology also accounts for custom testing procedures that are specifically made for the intended system that is being validated.
Furthermore, GAMP®5 offers specialized reference materials via the ISPE’s “Good Practice Guides,” which are invaluable for applying the risk-based approach to various systems in your organization. These guides cover diverse GxP computerized systems, including process control, electronic signature application, and laboratory systems, providing additional guidance on testing and validation strategies.
How GAMP®5 is viewed by experts?
At the GAMP Forum sponsored by the ISPE Boston Area Chapter, industry experts discussed Computer System Validation (CSV) and Computer Software Assurance (CSA). In 2016, the FDA’s CDRH medical device arm recognized that the regulated medical device and drug industry was struggling to adopt new technology due to the perceived “validation burden.”
To address this issue, a team was assembled to draft guidance on how to approach validation using a risk-based approach, consistent with GAMP®5 principles.
Validation experts in the forum highlighted that the effort of validating systems should align with the risks to patient safety. High-risk systems and functionalities should be the primary focus of documented scripted testing. Unscripted testing for user acceptance is essential, along with leveraging testing conducted by the application vendor.
The initiative proposed a thorough shift in the way risk management is handled. Companies like RegenXbio and Gilead have implemented these concepts, resulting in faster system deployment, reduced documentation, cost savings, fewer errors, and increased confidence in computerized systems.
Streamline Your Software Validation with GAMP®5 Expertise
Tansform your approach to software validation with BGO Software's GAMP®5 expertise, ensuring efficiency and compliance in one streamlined process.
The forum also featured discussions on risk assessment in system validation and the use of new technologies in regulated life science environments. Experts emphasized the need for proper risk assessment in software validation and the importance of understanding the risks associated with cloud deployments.
Furthermore, the technology track delved into the applications of artificial intelligence (AI), machine learning (ML), and blockchain in regulated environments, highlighting the significance of clean and accurate data sets, as well as the potential of blockchain for tracking inventory in the life science industry.
How does GAMP®5 concern developers directly?
GAMP®5 outlines a structured and risk-based approach to computer system validation. When software developers work on systems or applications used in GxP (Good Practices) environments, they must consider GAMP®5’s principles to ensure their products meet regulatory requirements. This includes the need to perform validation activities, adhere to appropriate documentation practices, and understand the criticality of the system.
Developers must take into account the risk-based approach advocated by GAMP®5, which involves assessing the level of risk a system poses to product quality, patient safety, and data integrity.
This assessment guides the extent of validation and testing that must be conducted. It helps developers understand which parts of the system need more rigorous testing and documentation due to their criticality.
Incorporating GAMP®5 principles into the development process is essential for ensuring that the software meets the stringent standards required by regulatory agencies like the FDA and EMA.
By following GAMP®5 guidelines, developers can create products that are compliant with these regulations, reducing the risk of non-compliance and potential product recalls, which can be costly and damaging to a company’s reputation
Who monitors GAMP®5 adherence?
GAMP®5 was created and is maintained by the International Society for Pharmaceutical Engineering (ISPE). The ISPE is a not-for-profit organization that provides a platform for professionals in the pharmaceutical and biopharmaceutical manufacturing industries to collaborate and share best practices.
Adherence to GAMP®5 is not monitored by a specific regulatory body. However, regulatory agencies such as the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMA) often reference GAMP®5 guidelines as industry-accepted practices for computer system validation.
Whether you’re a startup, a Fortune 100 company or a government organisation, our team can deliver a solution that works for you.
Pharmaceutical and life sciences companies are expected to adhere to GAMP®5 guidelines and other relevant regulations when developing and validating computerized systems.
GAMP®5 is a complex system that requires some change in already-existing paradigms to be implemented ideally. The nature of this set of guidelines, however, is documented very well and orderly with clear suggestions and methodologies.
It is a standard that has shown significant prosperity for many different companies in the pharmaceutical software industry and as one that implements it, BGO Software can also vouch for its considerable utility.
According to the discussion with our lead software architect Harry Birimirski, GAMP®5 is not only going to stay for the future but be one of its makers.