What Does the Newest Edition of GAMP®5 Bring to the Table?

Updated - 04 Jul 2024 7 min read
BGO Software
What Does the Newest Edition of GAMP®5 Bring to the Table?

In the realm of digital health and life sciences, the transition from the first edition of GAMP®5 to the second has marked a significant evolution in streamlining and fortifying the validation processes of computerized systems. 

The second edition of GAMP®5, a cornerstone in ensuring compliance and operational excellence, addresses the complexities and variables introduced by rapid technological advancements, a challenge somewhat underrepresented in its predecessor. It resolves these issues by introducing comprehensive guidelines that embrace newer technologies, ensuring robust, compliant, and efficient system validation. 

This proactive approach not only mitigates risks but also optimizes performance, ensuring that systems are fault-tolerant, consistent, and secure. Protecting patient safety, product quality, and data integrity by facilitating a commitment to safe computerized systems is central to the second edition of GAMP®5. 

This principle focuses on the necessity for regulations and guidelines capable of evolving in tandem with technological innovations and thereby maintaining system integrity.

The new GAMP®5 structure

The GAMP®5 2nd Edition comprises a central document along with supplementary appendices. The central document serves as the foundation, offering guiding principles and a lifecycle structure relevant to GxP-regulated computerized systems. 

The appendices complement the central content and offer practical advice on various subjects. In this new edition, certain parts have been revised, fresh content has been introduced, and three of the existing appendices have been integrated into others.

The new “golden standard”

A big change in the process for example has been the different development approach to GAMP®5-regulated computerized systems. The first edition introduced the use of its V-model, which consisted of five major steps, encompassing everything like system planning, specifications, design, and development. The V-model also included steps that safeguard software integrity – system qualification and validation. 


Enhance your GxP compliance with the latest GAMP®5 edition

Discover the transformative power of GAMP®5's second edition in your GxP-regulated environments.

iso certifications logo hl7 logo hippa logo gmp logo fda logo gdpr logo

Agile was chosen as the new foundation for handling system development. The appendix that introduces this new approach clarifies that Agile methodologies can be employed for delivering software in GxP environments without requiring significant modifications to Agile practices. It is commonplace for organizations to now purchase Software as a Service (SaaS) products developed using Agile methodologies while maintaining regulatory compliance.

Agile allows teams to deliver effective and compliant software by embracing a different mindset that encourages continuous discovery, action, learning, and improvement. Unlike traditional waterfall software development, Agile is more iterative and adaptive.

Furthermore, the guideline points out that planning, specification, verification, and reporting activities in Agile development are not inherently linear. Agile is compatible with various incremental, iterative, and exploratory models and methods.

Importantly, GAMP®5’s second edition specifies that 21 CFR Part 11, which relates to electronic records and signatures, doesn’t apply to the approval process of Agile methodologies. 

This is because Agile approvals don’t equate to traditional handwritten signatures, which are legally binding and required by predicate regulations. GAMP®5 recognizes that various means other than Part 11 records can be used for approving software lifecycle deliverables, such as status changes, emails, or audit trails.

Blockchain technologies in GAMP®5

Female scientist reaching towards the future and holding a tablet.

GAMP®5 Second Edition acknowledges the use of blockchain technology in the pharmaceutical and biotechnology industry and provides guidance on how organizations can apply it in support of GxP processes. 

While GAMP®5 doesn’t define or prescribe the technology itself, it focuses on the aspects that organizations should consider when implementing blockchain for GxP applications.

These aspects include:

  • Understanding data sources. GAMP®5 advises organizations to understand data from a perspective of its source of origin, source of truth, and ownership. This is crucial for ensuring data integrity and reliability in GxP processes.
  • Functional controls. The guidelines suggest implementing various functional controls, including input controls (ensuring data accuracy during input), output controls (managing data output), processing controls (overseeing data processing), and access controls (regulating who can access and modify data).

The appendix within GAMP®5 Second Edition also addresses specific risks related to decentralized applications built using smart contracts and provides guidance on the retirement or migration of blockchain solutions. It outlines criteria for selecting the appropriate blockchain solution and emphasizes the advantages of adhering to established standards in blockchain technology.

Artificial intelligence and machine learning with GAMP®5

Artificial intelligence and machine learning with GAMP®5

GAMP®5 addresses the quality and validation aspects of AI and ML systems used within computerized systems in a GxP (Good Practices) context. 

This includes guidance on how to effectively incorporate AI and ML solutions while ensuring compliance with industry regulations and standards. The document recognizes the specific challenges posed by these technologies and provides a structured approach to address them.

GAMP®5 emphasizes the importance of selecting the right data for designing, training, and verifying AI and ML solutions. This includes criteria for data acquisition and the need to ensure that data sources are appropriate, maintain privacy, and adhere to necessary controls. 

Managing ever-changing AI and ML solutions is a significant concern of GAMP®5 as well. Therefore, the guidelines, outline how organizations should implement change control procedures to accommodate continuous improvements and developments in AI solutions.

The guidelines address the potential consequences of bias in AI and ML solutions. It provides strategies to avoid introducing bias into these systems, which is essential for maintaining fairness and reliability in the results. GAMP®5 also outlines how organizations should implement change control procedures to accommodate continuous improvements and developments in AI solutions.

The guidelines provide a comprehensive framework for the entire lifecycle of AI and ML solutions. This framework is based on GAMP®5 principles but is tailored to meet the specific requirements and challenges of these technologies. It covers various stages, including design, training, verification, acceptance, release, and ongoing monitoring and evaluation during the operational phase.

pattern 2

Master the new era of digital health with GAMP®5's innovations

Step into the future of life sciences with the updated GAMP®5.

Appendix D11

Appendix D11 of GAMP®5 Second Edition, titled “Artificial Intelligence and Machine Learning (AI/ML),” is dedicated to these topics. It expands on the concepts of data integrity and data selection, addressing them in the broader context of AI and ML. 

The appendix provides specific guidance on acquiring data, maintaining data integrity, structuring data correctly, and ensuring appropriate segmentation. Additionally, it covers the selection of AI/ML models and training procedures and offers detailed instructions for the verification, acceptance, and release of AI/ML solutions.

Cloud technologies 

Cloud technologies 

GAMP®5 offers guidance on integrating cloud technologies into GxP-regulated environments. It emphasizes conducting a thorough risk assessment to evaluate cloud suitability for specific applications. 

The guidelines stress data integrity, security, and the need for strong access controls and encryption. They also recommend assessing and qualifying cloud service providers to ensure GxP compliance.

The change of control processes, data migration planning, and Service Level Agreements (SLAs) are essential components when working with cloud services, and GAMP®5 provides insights into managing them effectively. 

Furthermore, it advises on audit and monitoring procedures to track activities in the cloud environment and addresses data privacy and compliance concerns, including GDPR

Computer software assurance in GAMP®5

Computer software assurance in GAMP®5

GAMP®5’s second edition encompasses the principles of Computer Software Assurance (CSA). This approach, initially designed for software related to medical devices, aligns closely with GAMP principles. 

CSA focuses on significantly reducing the burden of Computerized System Validation (CSV) documentation by implementing a risk-based approach, which also aligns with GAMP’s core philosophy. The goal is to streamline the validation process by reducing unnecessary testing and documentation efforts.

While CSA offers numerous advantages for efficient validation, it comes with prerequisites and demands.

Applying critical thinking, which is a new appendix, is pivotal during risk assessments to make informed decisions on quality and compliance activities. The approach advocated is a practical one that opposes excessive compliance, as well as activities that do not contribute value to compliance efforts. 

It also discourages the use of inflexible tables and pre-established templates as these can stifle the integration of new technologies. This requires experienced professionals who understand system functionalities’ potential impact on patient safety, data integrity, and product quality.

CSA mandates thorough documentation of risk assessments and the reasoning behind risk ratings, ensuring decisions aren’t based on mindless checklists but on informed judgment. Furthermore, subject matter experts with a deep understanding of the business process and system functionalities are crucial for unscripted or ad-hoc testing.

Under the CSA approach, several key elements are emphasized to streamline validation:

  • Scope reduction. CSA encourages reducing the scope and type of testing, focusing on functionalities with a direct impact on patient safety or product quality. This targeted testing aims to ensure that only critical aspects receive thorough validation.
  • Informal and ad-hoc testing. By cutting down on scripted testing, CSA frees up resources for informal and ad-hoc testing, ultimately enhancing software quality.
  • Scalable documentation. CSA supports a documentation approach that scales to demonstrate the necessary assurance and control levels to regulators and the industry, thereby reducing redundant documentation.

The revised edition of GAMP®5 is poised to have a lasting impact on the life sciences industry. By integrating contemporary technological strides and offering detailed, practical guidance on their implementation, it ensures an industry-wide elevation in compliance, efficiency, and most importantly, patient safety. 

pattern 3

Whether you’re a startup, a Fortune 100 company or a government organisation, our team can deliver a solution that works for you.

BGO Software

This harmonization of rapid technological innovation with stringent regulatory adherence will undoubtedly foster an environment where patient trust and institutional reliability can flourish.

What’s your goal today?

wyg icon 01

Hire us to develop your
product or solution

Since 2008, BGO Software has been providing dedicated IT teams to Fortune
100 Pharmaceutical Corporations, Government and Healthcare Organisations, and educational institutions.

If you’re looking to flexibly increase capacity without hiring, check out:

On-Demand IT Talent Product Development as a Service
wyg icon 02

Get ahead of the curve
with tech leadership

We help startups, scale-ups & SMEs create cutting-edge healthcare products and solutions by providing them with the technical consultancy and support they need to break through.

If you’re looking to scope and validate your Health solution, check out:

Project CTO as a Service
wyg icon 03

See our Case Studies

Wonder what it takes to solve some of the toughest problems in Health (and how to come up with high-standard, innovative solutions)?

Have a look at our latest work in digital health:

Browse our case studies
wyg icon 04

Contact Us

We help healthcare companies worldwide get the value, speed, and scalability they need-without compromising on quality. You’ll be amazed of how within-reach top service finally is.

Have a project in mind?

Contact us
chat user icon


Did you know that BGO Software is one of the only companies strictly specialising in digital health IT talent and tech leadership?

Our team has over 15 years of experience helping health startups, Fortune 100 enterprises, and governments deliver leading healthcare tech solutions.

If you want to explore your options, would you like to book a free consultation call today?


It’s a free, no-obligation, fact-finding opportunity. You’ll have a friendly chat with our team, ask any questions, and see how we could help in detail.