The International Society of Pharmaceutical Engineering’s GAMP® 5 guidelines steer validation practices for pharma companies to meet computerized system expectations. Members of the GAMP steering committees, Lorrie Schuessler, Charlie Wakeham and Stephen Ferrell, share the some of the key changes in the second edition update and how these should be interpreted by those working in pharmaceutical manufacturing.
Since 1991, GAMP® – a community of practice within the International Society for Pharmaceutical Engineering (ISPE) – has set the tone for the validation practices necessary for regulated pharmaceutical companies to meet the computerized system expectations of the US Food and Drug Administration (FDA), the European Medicines Agency (EMA), the World Health Organization (WHO), the Medicines and Healthcare Regulatory Agency (MHRA) in the UK, the Chinese National Medicinal Products Administration and other global regulatory bodies. Since their outset the GAMP guides have promoted using a balanced risk-based pragmatism to achieve compliance and the July 2022 release of GAMP 5 second edition strongly encourages the use of critical thinking to support that.
As ISPE GAMP 5 Second Edition notes in the preface “Operating in a highly regulated industry may lead practitioners to apply prescriptive and rigid compliance-based approaches that are not commensurate with and not effective in managing any actual risk to the product and the patient.” 1
The validation of computerized systems should be focused on ‘intended use’ and scaled commensurate with the risks to patient safety, product quality and data integrity”
The focus until now has too often been on compliance and not on quality. The industry approach to validation has in some cases been overly burdensome, despite the best effort of the GAMP Community of Practice, the US FDA and other regulators to reinforce through presentations and guidance that the validation of computerized systems should be focused on ‘intended use’ and scaled commensurate with the risks to patient safety, product quality and data integrity. Validation projects have often been documentation-focused exercises, more befitting a grammar exercise than artifacts supportive of regulated activity.
This report addresses the key factors shaping pharmaceutical formulation, including regulation, QC and analysis.
Access the full report now to discover the techniques, tools and innovations that are transforming pharmaceutical formulation, and learn how to position your organisation for long-term success.
What you’ll discover:
Key trends shaping the pharmaceutical formulation sector
Innovations leading progress in pharmaceutical formulation and how senior professionals can harness their benefits
Considerations and best practices when utilising QbD during formulation of oral solid dosage forms
The original iteration of ISPE GAMP 5 was released in 2008 arriving in the nascent stages of what has become the cloud revolution and certainly before the widespread adoption of agile development methodologies, meaningful augmented reality, machine learning and artificial intelligence use cases in the life sciences industry.
Given the rapid acceptance of ‘as-a-service’ software models and significant outsourcing of previously in-house IT functions, there was a feeling that there was a need to assess and update the guidance.
Given the rapid acceptance of ‘as-a-service’ software models and significant outsourcing of previously in-house IT functions, there was a feeling that there was a need to assess and update the guidance. The original GAMP core principles are now applied more broadly by the Second Edition to allow contemporary and competent practitioners the freedom to employ innovative and evolving technologies without the previously assumed documentation burden.
While much software development now follows a more agile approach, changes – in the form of updates to the operating environment and software applications – are now frequent and essential to sustain data integrity and data security as well as operational efficiency. This required a paradigm shift from the previous ‘validate the system and keep it static and unchanged for as long as possible’ mindset to a dynamic and flexible approach to maintaining the system in a validated state of control throughout its operational life. Moving from ‘snapshot’-type qualification activities to real-time monitoring and control for the IT infrastructure supports this flexibility.
For the purposes of this discussion, we will focus on what we consider to be the most significant changes to GAMP 5 but we would encourage the reader to review the guidance in its entirety within the context of their regulated business activities. The GAMP 5 Second Edition includes:
Six completely new appendices
Significant updates to three of the original appendices
Removal of a further three appendices.
This article primarily discusses Appendix D5 Testing of Computerized Systems and Appendix M12 Critical Thinking. Taken together these appendices provide the validation practitioner with broad contemporary thinking that can be applied to their day-to-day project activities.
Testing of Computerized Systems – Appendix D5
The validation of commercially available software applications has largely followed the GAMP V-model. While that model remains relevant from a planning and workflow perspective, ISPE GAMP 5 Second Edition is fully supportive of agile development and iterative testing methodologies and practices.
The GAMP 5 Second Edition guide emphasises that focus should be on value-adding activities rather than documentation for documentation’s sake.”
The GAMP 5 Second Edition guide emphasises that focus should be on value-adding activities rather than documentation for documentation’s sake. System information and test evidence still need to be captured but the format of the information captured can be flexible as long as it is attributable, protected against unauthorised changes and available when needed. There is also encouragement to use tools where possible to increase validation efficiency and defect detection.
For example, previous approaches to documenting the execution of a validation test case may have required the tester to initial and date each step. ISPE GAMP 5 Second Edition encourages critical thinking to reduce the instances of initials and dates while still ensuring that the identity of the individual or individuals performing any test is known, transparent, and easily attributable.
Another common and wasted effort used in the past was to write test cases which were then informally run to confirm the validity of the scripted instructions before running formally to provide supposed evidence of the system’s fitness for intended use; repeating the same test cases does nothing for defect detection and instead just contributes to that generation of documentation that so many have mistakenly believed is core to validation.
The revision of Appendix D5 also includes an expansion of the computer software assurance concepts from the ISPE GAMP® RDI Data Integrity by Design guide,2 Appendix S2 – Computer Software Assurance, in which the reader is encouraged to apply additional, non-traditional testing approaches, reflective of current software industry good testing practice, to challenge the system’s fitness for intended use. Ad hoc testing, error guessing, exploratory testing, and day-in-the-life testing are all introduced with the intention of increasing test coverage and rigour while simultaneously documenting less.
The use of contextualised functional risk assessments is also highlighted to allow the validation practitioner to scale their test cases commensurate with the assessed patient safety, product quality or data integrity risk that a particular requirement manifests.
The GAMP 5 Second Edition also provides a great deal of encouragement for regulated companies to leverage vendor documentation, stating “…testing may occur both in the vendor’s development life cycle and in the regulated company’s implementation life cycle”. This aligns well with newly-issued FDA draft guidance on Computer Software Assurance, which states: “Because the computer software assurance effort is risk-based, it follows a least-burdensome approach, where the burden of validation is no more than necessary to address the risk.”3
Critical Thinking in GAMP 5 – Appendix M12
The new critical thinking appendix M12 provides perhaps the clearest insight as to contemporary thinking within the GAMP Community of Practice, and states that, “…while GAMP 5 promotes a risk-based approach to ensuring fitness for intended use, some practitioners do not apply sufficient thought to ensure the approach they are taking is customised and proportionate to the needs of different systems”.
Critical thinking should not be reserved just for the testing stages within a validation project, nor should it be constrained to just the validation project. Consider critical thinking as a cradle to grave approach, for example:
Realising efficiency and robustness gains during system planning by focusing on what the system must do based on a business process map, defining what stages of the data lifecycle it is supporting and avoiding the pointless verbiage that so often creeps into system requirements.
Contextualising risk management, that is to say, that not every risk is fatal, and that often remedial strategies can successfully lower risk to levels that would be considered acceptable and as low as reasonably possible.
Tailoring system training around the routine tasks of the different system user types, ensuring that each user type is given training centered on their tasks and responsibilities.
Providing ‘how to’ videos and wikis available at the point of use for the system, rather than relying on distributing printouts of long and complex written standard operating procedures (SOPs).
The concept of using widely available requirements management tools is further reinforced in this appendix. Validation practitioners are encouraged to consider the value proposition of all activities particularly in validation preparation, execution and review.
GXP requirements and system attributes are kept in sharp focus, and only those requirements that have a defined patient safety, product quality or data integrity impact should be subject to risk remediation treatments.
Takeaways from ISPE’s GAMP 5 Second Edition update
In conclusion, there should be no doubt that ISPE GAMP 5 Second Edition is the written equivalent of a rousing quality sermon. Compliance is the minimum viable product, but it is quality that is the minimum lovable product and ultimate goal of the Second Edition.
Arbitrary comments, excessive evidence gathering, and non-focused testing are roundly rejected by ISPE GAMP 5 Second Edition.”
The chapter leads, the contributing authors, the countless peer reviewers and the regulators named and acknowledged in ISPE GAMP 5 Second Edition collectively affirm that the non-value-added processes, and outputs that have crept into our profession should have their necessity and providence thoroughly challenged. Arbitrary comments, excessive evidence gathering, and non-focused testing are roundly rejected by ISPE GAMP 5 Second Edition. The guide itself is utterly unambiguous, and all but the most determined will struggle to find multiple meanings within its chapters and appendices.
ISPE GAMP 5 Second Edition provides us with a clear concise pathway to drive our technology solutions in support of product quality and then subsequently maintain them in a validated state of control throughout their operational life. In this way, validation transforms from a perceived burden into a facilitator for the safe use of innovative technologies and processes.
References
ISPE GAMP 5 Second Edition: A Risk-Based Approach to Compliant GxP Computerized Systems, ISPE, 2022.
ISPE GAMP, RDI Good Practice Guide: Data Integrity by Design, ISPE, 2020.
FDA, Computer Software Assurance for Production and Quality System Software – Draft Guidance. FDA, 2022.
Charlie Wakeham currently serves as Secretary of ISPE GAMP Global Council and on the GAMP Global CSA SIG Leadership Team. She has contributed to nine GAMP guides including GAMP 5 Second Edition and received the ISPE Max Seales Yonker Member of the Year award in 2019 for her work training regulatory agencies. Charlie is the APAC GxP Compliance Manager for Waters Corporation with more than 20 years of industry experience developing and validating computerized systems for regulated production and laboratory environments.
This website uses cookies to enable, optimise and analyse site operations, as well as to provide personalised content and allow you to connect to social media. By clicking "I agree" you consent to the use of cookies for non-essential functions and the related processing of personal data. You can adjust your cookie and associated data processing preferences at any time via our "Cookie Settings". Please view our Cookie Policy to learn more about the use of cookies on our website.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorised as ”Necessary” are stored on your browser as they are as essential for the working of basic functionalities of the website. For our other types of cookies “Advertising & Targeting”, “Analytics” and “Performance”, these help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these different types of cookies. But opting out of some of these cookies may have an effect on your browsing experience. You can adjust the available sliders to ‘Enabled’ or ‘Disabled’, then click ‘Save and Accept’. View our Cookie Policy page.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Cookie
Description
cookielawinfo-checkbox-advertising-targeting
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertising & Targeting".
cookielawinfo-checkbox-analytics
This cookie is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
This cookie is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Performance".
PHPSESSID
This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
zmember_logged
This session cookie is served by our membership/subscription system and controls whether you are able to see content which is only available to logged in users.
Performance cookies are includes cookies that deliver enhanced functionalities of the website, such as caching. These cookies do not store any personal information.
Cookie
Description
cf_ob_info
This cookie is set by Cloudflare content delivery network and, in conjunction with the cookie 'cf_use_ob', is used to determine whether it should continue serving “Always Online” until the cookie expires.
cf_use_ob
This cookie is set by Cloudflare content delivery network and is used to determine whether it should continue serving “Always Online” until the cookie expires.
free_subscription_only
This session cookie is served by our membership/subscription system and controls which types of content you are able to access.
ls_smartpush
This cookie is set by Litespeed Server and allows the server to store settings to help improve performance of the site.
one_signal_sdk_db
This cookie is set by OneSignal push notifications and is used for storing user preferences in connection with their notification permission status.
YSC
This cookie is set by Youtube and is used to track the views of embedded videos.
Analytics cookies collect information about your use of the content, and in combination with previously collected information, are used to measure, understand, and report on your usage of this website.
Cookie
Description
bcookie
This cookie is set by LinkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
GPS
This cookie is set by YouTube and registers a unique ID for tracking users based on their geographical location
lang
This cookie is set by LinkedIn and is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc
This cookie is set by LinkedIn and used for routing.
lissc
This cookie is set by LinkedIn share Buttons and ad tags.
vuid
We embed videos from our official Vimeo channel. When you press play, Vimeo will drop third party cookies to enable the video to play and to see how long a viewer has watched the video. This cookie does not track individuals.
wow.anonymousId
This cookie is set by Spotler and tracks an anonymous visitor ID.
wow.schedule
This cookie is set by Spotler and enables it to track the Load Balance Session Queue.
wow.session
This cookie is set by Spotler to track the Internet Information Services (IIS) session state.
wow.utmvalues
This cookie is set by Spotler and stores the UTM values for the session. UTM values are specific text strings that are appended to URLs that allow Communigator to track the URLs and the UTM values when they get clicked on.
_ga
This cookie is set by Google Analytics and is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. It stores information anonymously and assign a randomly generated number to identify unique visitors.
_gat
This cookies is set by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites.
_gid
This cookie is set by Google Analytics and is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
Advertising and targeting cookies help us provide our visitors with relevant ads and marketing campaigns.
Cookie
Description
advanced_ads_browser_width
This cookie is set by Advanced Ads and measures the browser width.
advanced_ads_page_impressions
This cookie is set by Advanced Ads and measures the number of previous page impressions.
advanced_ads_pro_server_info
This cookie is set by Advanced Ads and sets geo-location, user role and user capabilities. It is used by cache busting in Advanced Ads Pro when the appropriate visitor conditions are used.
advanced_ads_pro_visitor_referrer
This cookie is set by Advanced Ads and sets the referrer URL.
bscookie
This cookie is a browser ID cookie set by LinkedIn share Buttons and ad tags.
IDE
This cookie is set by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
li_sugr
This cookie is set by LinkedIn and is used for tracking.
UserMatchHistory
This cookie is set by Linkedin and is used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
VISITOR_INFO1_LIVE
This cookie is set by YouTube. Used to track the information of the embedded YouTube videos on a website.
Lorrie Vuolo-Schuessler has been involved with ISPE and the GAMP© Community of Practice leadership since 2002 and is currently Chair of the GAMP Americas Steering Committee and a member of the GAMP Global Leadership Team. Lorrie is leader of the GAMP laboratory Special Interest Group and Co-Chair of the GAMP Data Integrity Special Interest Group.
Charlie Wakeham currently serves as Secretary of ISPE GAMP Global Council and on the GAMP Global CSA SIG Leadership Team. She has contributed to nine GAMP guides including GAMP 5 Second Edition and received the ISPE Max Seales Yonker Member of the Year award in 2019 for her work training regulatory agencies. Charlie is the APAC GxP Compliance Manager for Waters Corporation with more than 20 years of industry experience developing and validating computerized systems for regulated production and laboratory environments.
Stephen Ferrell is a member of the GAMP Steering Committee, a contributing author to the ISPE GAMP 5 Second Edition, the primary author/project lead for the GAMP© IT Infrastructure Control and Compliance Guide and a contributing author to the GAMP© Enabling Innovation Guide. Stephen has 20 plus years of IT Compliance experience in the regulated Life Sciences and currently leads the IT Governance & Software Assurance practices within CompliancePath an Ideagen company.
