In the realm of digital health and life sciences, the transition from the first edition of GAMP®5 to the second has marked a significant evolution in streamlining and fortifying the validation processes of computerized systems.
The second edition of GAMP®5, a cornerstone in ensuring compliance and operational excellence, addresses the complexities and variables introduced by rapid technological advancements, a challenge somewhat underrepresented in its predecessor. It resolves these issues by introducing comprehensive guidelines that embrace newer technologies, ensuring robust, compliant, and efficient system validation.
This proactive approach not only mitigates risks but also optimizes performance, ensuring that systems are fault-tolerant, consistent, and secure. Protecting patient safety, product quality, and data integrity by facilitating a commitment to safe computerized systems is central to the second edition of GAMP®5.
This principle focuses on the necessity for regulations and guidelines capable of evolving in tandem with technological innovations and thereby maintaining system integrity.
The new GAMP®5 structure
The GAMP®5 2nd Edition comprises a central document along with supplementary appendices. The central document serves as the foundation, offering guiding principles and a lifecycle structure relevant to GxP-regulated computerized systems.
The appendices complement the central content and offer practical advice on various subjects. In this new edition, certain parts have been revised, fresh content has been introduced, and three of the existing appendices have been integrated into others.
The new “golden standard”
A big change in the process for example has been the different development approach to GAMP®5-regulated computerized systems. The first edition introduced the use of its V-model, which consisted of five major steps, encompassing everything like system planning, specifications, design, and development. The V-model also included steps that safeguard software integrity – system qualification and validation.
Agile was chosen as the new foundation for handling system development. The appendix that introduces this new approach clarifies that Agile methodologies can be employed for delivering software in GxP environments without requiring significant modifications to Agile practices. It is commonplace for organizations to now purchase Software as a Service (SaaS) products developed using Agile methodologies while maintaining regulatory compliance.
Agile allows teams to deliver effective and compliant software by embracing a different mindset that encourages continuous discovery, action, learning, and improvement. Unlike traditional waterfall software development, Agile is more iterative and adaptive.
Furthermore, the guideline points out that planning, specification, verification, and reporting activities in Agile development are not inherently linear. Agile is compatible with various incremental, iterative, and exploratory models and methods.
Importantly, GAMP®5’s second edition specifies that 21 CFR Part 11, which relates to electronic records and signatures, doesn’t apply to the approval process of Agile methodologies.
This is because Agile approvals don’t equate to traditional handwritten signatures, which are legally binding and required by predicate regulations. GAMP®5 recognizes that various means other than Part 11 records can be used for approving software lifecycle deliverables, such as status changes, emails, or audit trails.
Blockchain technologies in GAMP®5
GAMP®5 Second Edition acknowledges the use of blockchain technology in the pharmaceutical and biotechnology industry and provides guidance on how organizations can apply it in support of GxP processes.
While GAMP®5 doesn’t define or prescribe the technology itself, it focuses on the aspects that organizations should consider when implementing blockchain for GxP applications.
These aspects include:
- Understanding data sources. GAMP®5 advises organizations to understand data from a perspective of its source of origin, source of truth, and ownership. This is crucial for ensuring data integrity and reliability in GxP processes.
- Functional controls. The guidelines suggest implementing various functional controls, including input controls (ensuring data accuracy during input), output controls (managing data output), processing controls (overseeing data processing), and access controls (regulating who can access and modify data).
The appendix within GAMP®5 Second Edition also addresses specific risks related to decentralized applications built using smart contracts and provides guidance on the retirement or migration of blockchain solutions. It outlines criteria for selecting the appropriate blockchain solution and emphasizes the advantages of adhering to established standards in blockchain technology.
Artificial intelligence and machine learning with GAMP®5
GAMP®5 addresses the quality and validation aspects of AI and ML systems used within computerized systems in a GxP (Good Practices) context.
This includes guidance on how to effectively incorporate AI and ML solutions while ensuring compliance with industry regulations and standards. The document recognizes the specific challenges posed by these technologies and provides a structured approach to address them.
GAMP®5 emphasizes the importance of selecting the right data for designing, training, and verifying AI and ML solutions. This includes criteria for data acquisition and the need to ensure that data sources are appropriate, maintain privacy, and adhere to necessary controls.
Managing ever-changing AI and ML solutions is a significant concern of GAMP®5 as well. Therefore, the guidelines, outline how organizations should implement change control procedures to accommodate continuous improvements and developments in AI solutions.
The guidelines address the potential consequences of bias in AI and ML solutions. It provides strategies to avoid introducing bias into these systems, which is essential for maintaining fairness and reliability in the results. GAMP®5 also outlines how organizations should implement change control procedures to accommodate continuous improvements and developments in AI solutions.
The guidelines provide a comprehensive framework for the entire lifecycle of AI and ML solutions. This framework is based on GAMP®5 principles but is tailored to meet the specific requirements and challenges of these technologies. It covers various stages, including design, training, verification, acceptance, release, and ongoing monitoring and evaluation during the operational phase.
Master the new era of digital health with GAMP®5's innovations
Step into the future of life sciences with the updated GAMP®5.
Appendix D11 of GAMP®5 Second Edition, titled “Artificial Intelligence and Machine Learning (AI/ML),” is dedicated to these topics. It expands on the concepts of data integrity and data selection, addressing them in the broader context of AI and ML.
The appendix provides specific guidance on acquiring data, maintaining data integrity, structuring data correctly, and ensuring appropriate segmentation. Additionally, it covers the selection of AI/ML models and training procedures and offers detailed instructions for the verification, acceptance, and release of AI/ML solutions.
GAMP®5 offers guidance on integrating cloud technologies into GxP-regulated environments. It emphasizes conducting a thorough risk assessment to evaluate cloud suitability for specific applications.
The guidelines stress data integrity, security, and the need for strong access controls and encryption. They also recommend assessing and qualifying cloud service providers to ensure GxP compliance.
The change of control processes, data migration planning, and Service Level Agreements (SLAs) are essential components when working with cloud services, and GAMP®5 provides insights into managing them effectively.
Furthermore, it advises on audit and monitoring procedures to track activities in the cloud environment and addresses data privacy and compliance concerns, including GDPR.
Computer software assurance in GAMP®5
GAMP®5’s second edition encompasses the principles of Computer Software Assurance (CSA). This approach, initially designed for software related to medical devices, aligns closely with GAMP principles.
CSA focuses on significantly reducing the burden of Computerized System Validation (CSV) documentation by implementing a risk-based approach, which also aligns with GAMP’s core philosophy. The goal is to streamline the validation process by reducing unnecessary testing and documentation efforts.
While CSA offers numerous advantages for efficient validation, it comes with prerequisites and demands.
Applying critical thinking, which is a new appendix, is pivotal during risk assessments to make informed decisions on quality and compliance activities. The approach advocated is a practical one that opposes excessive compliance, as well as activities that do not contribute value to compliance efforts.
It also discourages the use of inflexible tables and pre-established templates as these can stifle the integration of new technologies. This requires experienced professionals who understand system functionalities’ potential impact on patient safety, data integrity, and product quality.
CSA mandates thorough documentation of risk assessments and the reasoning behind risk ratings, ensuring decisions aren’t based on mindless checklists but on informed judgment. Furthermore, subject matter experts with a deep understanding of the business process and system functionalities are crucial for unscripted or ad-hoc testing.
Under the CSA approach, several key elements are emphasized to streamline validation:
- Scope reduction. CSA encourages reducing the scope and type of testing, focusing on functionalities with a direct impact on patient safety or product quality. This targeted testing aims to ensure that only critical aspects receive thorough validation.
- Informal and ad-hoc testing. By cutting down on scripted testing, CSA frees up resources for informal and ad-hoc testing, ultimately enhancing software quality.
- Scalable documentation. CSA supports a documentation approach that scales to demonstrate the necessary assurance and control levels to regulators and the industry, thereby reducing redundant documentation.
The revised edition of GAMP®5 is poised to have a lasting impact on the life sciences industry. By integrating contemporary technological strides and offering detailed, practical guidance on their implementation, it ensures an industry-wide elevation in compliance, efficiency, and most importantly, patient safety.
Whether you’re a startup, a Fortune 100 company or a government organisation, our team can deliver a solution that works for you.
This harmonization of rapid technological innovation with stringent regulatory adherence will undoubtedly foster an environment where patient trust and institutional reliability can flourish.