qcipharma - Large expertise in advising QA-IT & CSV for Lifes Sciences Industry

GAMP5 Methodology for Computer Systems Validation(CSV) in GxP

A Risk-Based approach (GAMP5)

GAMP5 defines RISK as the combination of the PROBABILITY of the occurrence of the damage and the SEVERITY of that damage.

FUNDAMENTAL PRINCIPLES of Quality Risk Management:

-Risk Assessment must be based on scientific knowledge, focus on CRITICAL aspects, develop controls to MITIGATE RISKS and, ultimately, be linked to patient safety and protection.
-The LEVEL of effort, formality and documentation of the Quality Risk Management process must be in accordance with the LEVEL of associated Risk.

GAMP5 Software Categories

The GAMP Categories were originally introduced to provide an initial Assessment as to the Validation Requirements, how deep to Test.

In GAMP4 there were five Software Categories. These have been revised in GAMP5 to four categories:
Category 1: Infrastructure Software including Operating Systems, Database Managers, Middleware software(connectivity), etc.
Category 3: Non Configurable software including, Commercial Off The Shelf software(COTS), Office automation Software, Laboratory Instruments/Software.
Category 4: Configured Software including, Standard LIMS, ERP's, EDMS, DCS, CDS, etc.
Category 5: Bespoke Software (Full bespoke ERP, full bespoke LIMS,... or specific bespoke Modules or specific new Programs, developed modifing code(Cat.5), complementing the Standard Configured System(Cat.4)
NOTE: Cat.2 from GAMP4 was removed in GAMP5. This related to Firmware, that first was considered to be used for simple instruments. However as technology has advanced it has been recognised that complex software can be embedded (as firmware) within systems, that must be considered Cat.4 or Cat.5.

GAMP5 Nomenclature

Validation protocols according to current GAMP5 Guide nomenclature:
VMP = Validation Master Plan
RA = Risk Analysis
DQ = Dessign Qualification
CT = Configuration Testing (old IQ)
CTR = Configuration Testing Report
FT = Functional Testing (old OQ)
FTR = Functional Testing Report
RT = Requirements Testing (old PQ)
RTR = Requirements Testing Report
VFR = Validation Final Report
TM = Traceability Matrix

Validate a Computerized System following the GAMP5 Methodology, and GxP regulations, applying its principles, raises the performance of a Risk Analysis(RA), and an adequate Test design
in each Validation Phase, following the different 4 GAMP5 Software Categories that can have an specific System, to be able to MITIGATE the RISK as much as possible,
and thus maintain the Quality of the System, and therefore Quality of the Product manufactured, the Health of the Patient, Security, and Data Integrity,
to have the Computerized System under control, and to be able to demonstrate it to third parties.