Gamp5 new

TRACING THE HISTORY:

www.kvstech.com

INTRODUCTION
 GAMP 5 leverages risk management from GAMP 4 and
addresses the entire lifecycle of automated systems

 The biggest change being to provide more clearly defined
scalability for effort / deliverables versus the size /
complexity of projects, and to align with the various
regulatory bodies’ emphasis on risk / science-based GxPs.

 GAMP 5 aligns with major industry developments including
PQLI1, ICH Q8, Q9, Q10, and ASTM E2500 and points to
the future of computer systems compliance

www.kvstech.com

INTRODUCTION…

 GAMP 5 is applicable to a wide range of information
systems, lab equipment, integrated manufacturing systems,
and IT infrastructures

 After over 4 years of re-work GAMP 5 was released in Feb
2008,and is a major rewrite of GAMP 4 with significant
changes having as primary goals:

 Bringing procedures in line with the dynamic Life science
industry

 reducing the cost of compliance

www.kvstech.com

Coupled to this there is the need to:
 Avoid duplication of activities (e.g. by fully integrating engineering and
computer system activities so that they are only performed once)

 Leverage supplier activities to the maximum possible extent, while still
ensuring fitness for intended use.

 Scale all life cycle activities and associated documentation according to
risk, complexity and novelty.

 Recognise that most computerised systems are now based on
configurable packages, many of them networked.

 Acknowledge that traditional linear or waterfall development models are
not the most appropriate in all cases.

www.kvstech.com

GAMP DOCUMENTATION
STRUCTURE

www.kvstech.com

Drivers for GAMP 5

www.kvstech.com

GAMP-5 MODEL

www.kvstech.com

Few of the Important Points:

 GAMP 5 is not prescriptive. All lifecycle activities and associated documentation
are to be scaled according to risk, complexity, novelty. (Some examples):

• Risk: manufacturing process control = high risk, database containing

training records = low risk
• Complexity: SAP = high complexity, Excel spreadsheet calculating lab
results = low complexity.
• Novelty: Excel = used by millions worldwide, lab instrument PC
software = used by thousands worldwide, in-house developed
application - used only by the company that developed it.

 GAMP 5 - all about risk. Increasing complexity and/or novelty = higher risk =
more effort and deliverables.

 Moving away from traditional qualification terminology (e.g. IQ, OQ, PQ).
Terminology confuses people outside of the validation and QA departments.
Terminology is still available, but optional.

www.kvstech.com

Few of the Important Points. . .

 Most computerized systems now based on configurable packages, many of
them networked.

 Validate only if there could be an impact on patient safety, product quality,
data integrity. If none of these, no need to validate, good engineering
practice is sufficient.

 Need to be clear on the differences between system owner and process
owner.

 QA less involved than in the past. For example QA should review a URS
against the applicable regulations. URS technical review is for technical
subject matter experts. QA does not need to sign a design spec, as they do
not understand it.QA can verify that design specs are being produced for
projects but QA does not need to sign every document in a project.

 GAMP 5 approach is consistent with ASTM E2500-07 Standard Guide for
Specification, Design, and Verification of Pharmaceutical and
Biopharmaceutical Manufacturing Systems and Equipment.
www.kvstech.com

LIFE CYCLE APPROACH
It entails defining and performing activities in a systematic way from conception,
understanding requirements, through development, release & operational use to
system requirement

Specification, Design and verification Process

www.kvstech.com

LIFE CYCLE PHASES

www.kvstech.com

QUALITY RISK MANAGEMENT

 It is a systematic process for the assessment, control,
communication & review of risk.
 It is an iterative process used throughout the entire
computerized system life cycle from concept to retirement.
 For a given organization, a framework for making risk
management decisions should be defined to ensure
consistency of application across systems and business
functions.
 Terminology should be agreed upon, particularly regarding
definitions and metrics for key risk factors.

www.kvstech.com

Overview and Benefits of
risk management

www.kvstech.com

RISK ASSESSMENT METHOD

www.kvstech.com

RELATIONSHIP OF RISK,SEVERITY AND CONTROL

Effect on High Risk Priority
•Patient safety Use risk
•Data integrity assessment to
identify specific
controls and
rigor

Medium Risk
Priority
Use generic
checklist controls

Low Risk Priority
Use “Good
practice”

www.kvstech.com

SCIENCE BASED QUALITY RISK MANAGEMENT

 Determining the risks posed by a computerized system
requires a common and shared understanding of:

 Impact of the computerized system on patient safety, product
quality and data integrity
 Supported business processes
 CQA (Critical Quality Attributes) for systems that monitor or
control CPP (Critical Process parameters)
 User requirements
 Regulatory requirements
 Project approach
 System components and architecture
 System functions
 Supplier capability

www.kvstech.com

SCIENCE BASED QUALITY RISK MANAGEMENT…

 Managing the risks may be achieved by:

 Elimination by Design [EbD]

 Reduction to an acceptable level

 Verification to demonstrate that risks are managed
to an acceptable level

www.kvstech.com

Quality Risk Management Process

 The ICH Guideline ICH Q9 describes a systematic approach to
quality risk management intended for general application within
pharmaceutical industry
 It defines following two primary principles of quality risk
management
1.The evaluation of risk to quality should be based on scientific
knowledge and ultimately link to the protection of the patient.
2.The level of effort, formality and documentation of the quality
risk management process should be commensurate with the
level of risk.

www.kvstech.com

Quality Risk Management Process
• QRM structured according to
ICH Q9 & ISPE Guide

• Starts with system impact

• Including FMEA [Failure
Mode and Effects Analysis]

www.kvstech.com

RISK ASSESSMENT EFFORT SCALED
ACCORDING TO FUNCTION IMPACT

www.kvstech.com

GAMP CATEGORY
1

DIFFERENCE BETWEEN GAMP 4 AND GAMP 5

 OPERATING  INFRASTRUCTURE
SYSTEMS[GAMP-4] SOFTWARE[GAMP-5]

Only Operating Expanded greatly to
systems included cover established or
commercially available
layered software and
infrastructure software
tools

www.kvstech.com

GAMP CATEGORY
2

DIFFERENCE BETWEEN GAMP 4 AND GAMP 5…

 FIRMWARE  FIRMWARE
[GAMP-4] [GAMP-5]

Configurable and Discontinued-
non-configurable firmware is now
firmware only. treated as software
Custom firmware is in one of
Category 5 categories 3,4 or 5.

www.kvstech.com

GAMP CATEGORY
3


 STANDARD  NON-CONFIGURED
SOFTWARE PRODUCTS[GAMP-5]
PACKAGES[GAMP-4]
Off-the-shelf products
Commercially available used for business
standard software processes, as well as
packages. those that are
Configuration limited configurable, but for
to establishing the which only the default
run-time environment configuration is used

www.kvstech.com

GAMP CATEGORY
4


 CONFIGURABLE  CONFIGURED
SOFTWARE PRODUCTS[GAMP-5]
PACKAGES[GAMP-4]
Configured products
Configurable software provide standard
packages provide interfaces and functions
standard interfaces and that enable configuration
functions that enable of the application to
configuration of user- meet user specific
specific business or business processes.
manufacturing processes Configuration using a
vendor-supplied
language should be
handled as custom
components
(Category 5)

www.kvstech.com

GAMP CATEGORY
5


 CUSTOM (BESPOKE)  CUSTOM
SOFTWARE[GAMP-4] APPLICATIONS
[GAMP-5]

These systems are These systems or
developed to meet the subsystems are
specific needs of the developed to meet the
user company specific needs of the
regulated company.
Inherent risk is high

www.kvstech.com

Regulated Company Activities
 This involves activities at both the
organizational level and at the level of
individual system, therefore this section is
divided into..

1. Governance for achieving compliance
2. System specific activities

www.kvstech.com

1.Governance for achieving compliance
 ACTIVITIES…

 Establishing computerized systems compliance
policies and procedures
 Identifying clear roles and responsibilities
 Training
 Managing supplier relationships
 Maintaining a system inventory
 Planning for validation
 Continuous improvement activities

www.kvstech.com

2.System Specific Activities
 ACTIVITIES…

 Identify compliance standards
 Identify system
 User requirement specification
 Determine strategy for achieving compliance and fitness for
intended use
 Planning
 System specifications
 Development and review of software for custom applications
 Test strategy and testing
 Reporting and release
 Maintaining system compliance during operation
 System retirement

www.kvstech.com

Supplier Activities
 Supplier products, applications and services
 Supplier good practices
 Quality management system
 Requirements
 Supplier Quality Planning
 Sub-supplier assessments
 Specifications
 Design reviews
 Software production/configuration
 Testing
 Commercial release
 User documentation and training
 System support and maintenance during operation
 System replacement and retirement

www.kvstech.com

EFFICIENCY IMPROVEMENTS

 Establishing verifiable and objective user
requirements
 Use of risk based decisions
 Leveraging supplier input
 Leveraging existing documentation
 Efficient testing practice
 Well managed handover
 Efficient change management
 Anticipating data archiving and migration needs

www.kvstech.com

Critical Process Parameters (CPP’s)

“Process parameters whose variability impact a quality
attribute and therefore need to be controlled to ensure the
process produces the desired quality…….. and have an
effect on the CQA(s) of the drug substance or drug
product.”

A CPP remains critical even if it is controlled.

www.kvstech.com

Critical Quality Attributes (CQA’s)

“Physical, chemical, biological or microbiological
properties or characteristics that need to be controlled
(directly or indirectly) to ensure product quality.
(i.e. dissolution, potency, homogeneity, purity)”

www.kvstech.com

ASTM E2500
[American Standard for Testing Materials]

Provides a
 Risk / Science Based Approach
for
 Specification, Design & Verification
of
 Manufacturing Systems and Equipment
using
 Systematic, Efficient & Effective Methods

www.kvstech.com

LIFE CYCLE PHASE: CONCEPT
 During concept phase, the regulated company
considers opportunities to automate one or more
business processes based upon business need and
benefits.

 At this phase initial requirements will be developed
and potential solutions considered.

 From initial understanding of scope, costs and
benefits, a decision is made on whether to proceed
to the project phase.

www.kvstech.com

LIFE CYCLE PHASE: PROJECT

 The project phase involves…
 planning,
 supplier assessment & selection ,
 various levels of specification,
 configuration (or coding for custom applications) and
 verification leading to acceptance and release for
operation.

 Risk management is applied…
 to identify risks and
 to remove or reduce them to an acceptable level.

www.kvstech.com

LIFE CYCLE PHASE: OPERATION
 System operation, typically, is the longest phase and is
 managed by..
the use of defined, up to date, operational procedures
 applied by..
personnel who have appropriate training, education and
experience.

 key aspects :
 Maintaining control (including security),
 fitness for intended use and
 compliance

 important activity:

 The management of changes of different impact, scope and
complexity.

www.kvstech.com

LIFE CYCLE PHASE: RETIREMENT

 It involves decisions about…

 Data retention,
 Migration or destruction and
 The management of this processes

www.kvstech.com

ICH: International Conference on Harmonisation of technical
Requirements for Registration of Pharmaceuticals
for Human Use

ICH Q-Documents
 Q1 Stability
 Q2 Analytical Validation
 Q3 Impurities
 Q4 Pharmacopoeias
 Q5 Quality of Biotechnological Products
 Q6 Specifications
 Q7 Good Manufacturing Practice
 Q8 Pharmaceutical Development
 Q9 Quality Risk Management
 Q10 Pharmaceutical Quality Systems

www.kvstech.com

Pharmaceutical Development (Q8)
Past: Data transfer / Variable output
Present: Knowledge transfer / Science
based / Consistent output

Quality Risk Management (Q9)
Past: Used, however poorly defined
Present: Opportunity to use structured
process thinking

Pharmaceutical Quality Systems (Q10)
Past: GMP checklist
Future: Quality Systems across product
life cycle

www.kvstech.com

 HACCP:
Hazard Analysis and Critical Control
Points

www.kvstech.com

 PQLI
Physical Quality of Life Index

www.kvstech.com

 ISPE:
International Society for
Pharmaceutical Engineering

www.kvstech.com

PROJECT PHASE

www.kvstech.com

PLANNING
Planning should cover all required activities, responsibilities,
procedures and timeline

PLANNING • Activities should be scaled according to:
HIERARCHY
o System impact on patient safety, product
MULTI-SITE quality and data integrity (risk assessment)
o System complexity and novelty (Architecture
and categorization of system components)
SITE
o Outcome of supplier assessment Supplier
capability )
• User requirements are the responsibility
DEPARTMENT
of the user community and should be
OR AREA
maintained and controlled
• Approach should be based on product
and process understanding and relevant
SYSTEM regulatory requirements
www.kvstech.com

SPECIFICATION
 The role of specification is to enable systems to be
developed, verified and maintained

 The number and level of the detail of the
specifications will vary depending upon type of system
and its intended use

 Before use ,regulated company should ensure that
they are adequate to support subsequent activities,
including risk assessment, further specification and
development of the system, and verification as
appropriate

 Specification may be available from supplier
www.kvstech.com

CONFIGURATION AND CODING
 The requirements for configuration and coding
activities depend on the type of the system

 Any required configuration should be performed in
accordance with a controlled and repeatable
process

 The need for code reviews should be addressed as
part of risk management

 Configuration management is an intrinsic and vital
aspect of controlled configuration and coding

www.kvstech.com

VERIFICATION
 Verification confirms that specifications have been met

 This may involve multiple stages of reviews and testing
depending on the type of system, the development method
applied, and its use

 Testing computerized systems is a fundamental verification
activity

 Testing often is performed at several levels depending on the
risk, complexity and novelty

 There is a range of different types of testing possible
including normal case (positive), invalid case (negative),
repeatability, performance, volume/load, regression and
structural testing
www.kvstech.com

REPORTING
 Acceptance and release of the system for use in GxP
regulated activities should require the approval of…

 the process owner,
 system owner,
 quality unit representatives

 At the conclusion of the project, a computerized system
validation report should be produced summarizing…

 the activities performed,
 any deviations from the plan ,
 any outstanding and corrective actions,
 providing a statement of fitness for intended use of the
system

www.kvstech.com

Gamp5 new

More Related Content

What's hot (20)

Similar to Gamp5 new (20)

More from Kalpeshkumar Vaghela (20)

Recently uploaded (20)

Gamp5 new

Editor's Notes