Skip links

GAMP5: Updated guidance on CSV

The Good Automated Manufacturing Practice (GAMP) guides have for the last 20 years provided a universally accepted approach for the development and use of computerised systems within international Pharmaceutical regulations. The guides are intended for users, suppliers and regulators to the industry and are produced by the International Society Pharmaceutical of Engineers (ISPE) the latest version 5 of the guide has been around now for nine years but is still regarded as  the practical best practice for computer system validation in the heathcare industries .

Computer Systems Validation (CSV): Value added?

The GAMP version 5 is built on the methodology established in previous versions of GAMP  usually referred to as the V-model. the V-Model approach is that at each step in the lifecycle of a Computerised System the functionality and behavior of the system(s) are verified and tested to ensure conformance with original specification and requirements. In addition Risk Management is built in to identify risks to patient safety, product quality or data integrity during the specification phase and to verify the risk controls (which may be software controls or written procedures)  during verification activities.

In principle this is a simple concept but with increasing complexity, inter-operability and integration such validation projects have a sizable impact on the implementation costs and efforts for the installation of new technology, often validation is done with the aim only to fill a regulatory requirement and this can lead to a negative perception and a view that computer validation does not provide any value added.

The challenge of ensuring patient safety, meeting regulatory demands and providing business benefits has deterred some manufactures, especially in regions where regulation for computer systems validation is poorly understood. In addition the prevalence of legacy systems and insufficient local resources to manage such projects has lead to manufactures having little or no verification of their systems.

In our experience, the benefits of validation is not only demonstrated by the leveraging of regulatory requirements to demolish trade barriers, but as a key tool for tracking and ensuring successful and high quality delivery of Information System. Some of the business benefits of the GAMP approach are:

  • Reduction in cost of achieving compliance
  • Cost effective operation and maintenance
  • Enabling innovation and new technology

These factors can lead to a very effective return on investment as long as the validation is managed correctly and is performed to industry accepted practices by experienced and knowledgeable resources.

Core components

GAMP5 has strong reference to three current focus areas for the industry and the US FDA’s 21st Century Initiative:

  • Quality Risk management
  • Quality by Design
  • Process Understanding
  • Continuous Improvement

In addition GAMP 5 is aligned with documents and standards from PIC/S, ICH and the American Society of Testing and Materials. GAMP5 aims to implement these initiatives at lower cost by:

  • Focusing attention on the highest impact
  • Applying risk management throughout the life cycle
  • Recognising configurable package design
  • Adopting flexible and scaleable ways of validation
  • Leveraging engineering and supplier activities

Good Practice: Where to Start?

GAMP5 states that a Quality Management System for Information Systems should cover the entire life cycle and be Risk Based- but what does this actually entail? And how to do this without overwork? Here we highlight three key points for particular focus:

  1. Risk Assessment an evaluation of the threat to quality and thus patient safety and should be made on scientific knowledge of the system specifications, and the business process being supported. Based on the assessed threat, the nature and level of control is determined; thus reduced validation effort maybe justified. GAMP5 outlines a 5 step process for Risk Management:
    • Perform initial Risk Assessment and determine impact
    • Identify functions or process steps with impact on safety and quality
    • Perform functional or workflow  Risk Assessments to identify controls
    • Implement and verify controls which may be in the software or can be by SOPs
    • Monitor controls
  1. Supplier Documentation – By utilising information, templates and documentation from suppliers and using the commissioning activity, a large reduction in duplication, inaccuracy and efforts can be made in the verification stage
  1. Change and Configuration Management – Change Control is the mechanism for ensuring that any changes of a system are made without affecting the validated state. Any investment in validation will be risked if Change Control is not maintained.

Change Control ensures that modifications are authorized, documented, tested and approved prior to implementation. In our experience change control is not well managed in our region.

Configuration Management is the control and documentation of the baseline system and upon which Changes are controlled.

Conclusions & Considerations

Validation of Information Systems, either those already implemented or prospective have a large impact on the costs associated with the use of these technologies in Pharmaceutical manufacturing. Validation should not be regarded as a necessary evil but rather a tool to ensure compliance, reduced cost of operation and a framework with which to successfully manage projects. Experienced resources and best practice techniques  ensure that benefits are achievable and validation becomes value added. The GAMP documents and Good Practice Guides provides much practical information to help with all aspects of CSV. Factorytalk Staff have been involved with preparing many of these Guides.