Changes in Software Development Documentation in GAMP 5

ISPE has just released version 5 of GAMP, Good Automated Manufacturing Practices. GAMP 5 emphasizes a cost effective approach to compliance, while incorporating recent regulatory and industry developments that focus attention on patient safety, product quality and data integrity.

Primary Changes between GAMP 4 and GAMP 5

• Risk Assessment – One of the principal focuses in GAMP 5 is the focus on risk assessment throughout the software development process. GAMP 5 guidelines state that risk assessment should be performed at critical junctures in the software life cycle, including during all requirement gathering phases in the development cycle, the beginning of each change control cycle and before system decommissioning.
• Scalability – All testing and validation efforts should be appropriate to the system. The scale of the testing effort should reflect the relative risk present in the system.
• Increased Focus on Computer System Life Cycle – Companies need to retain control over their computer systems and system data, from system concept to system decommissioning.
• Avoid Duplication of Activities – It is not necessary to repeat testing performed by qualified vendors and other third parties, so long as this testing is appropriately documented. One of the primary goals of GAMP 5 is to reduce the cost and effort of regulatory compliance. Each additional testing step should not repeat previous efforts. Supplier testing can be included as part of the testing effort.
• Increased awareness of Configurable and Networked Systems – GAMP 5 fits into the ITIL framework, which is widely used for managing systems. Software testing should focus on the specific configuration of the program, not core operational characteristics, especially when the supplier can demonstrate testing of the core operational functionality of the system.
• Comprehensive Guidelines on Operational Aspects – GAMP 5 has increased the specificity of requirements for maintaining operational systems under change control. Configuration Management has been added to the Appendix on Operational Change Control, O6.
• Clarity and Flexibility – GAMP 5 strives to simultaneously make all aspects of software testing more explicit, while not restricting good testing procedures and practices. There are numerous changes throughout GAMP 5 which attempt to clarify key roles in the testing, risk assessment and supplier evaluation processes while not adding undue paperwork or effort.

The new GAMP 5 emphasizes leveraging risk assessment and risk management to scale validation efforts appropriately. GAMP 5 favors a holistic approach to risk management, not individual risk assessments of each individual computer systems. Risk is so important that it’s in the new subtitle of the standard: A Risk-Based Approach to Compliant GxP Computerized Systems

Ofni Systems can help your company review their policies and practices to ensure they follow the best practices guidelines outlined in GAMP 5. Ofni Systems can also provide your employees with the training to remain in compliance with all applicable regulations.