Review of GAMP®5 Second Edition
Recommendation
11-13 December 2024
At the end of July 2022 ISPE published an updated version of the widely accepted GAMP®5 guidance on 'A Risk-Based Approach to Compliant GxP Computerised Systems'. This revised Good Practice Guide supersedes the original GAMP®5 published in 2008.
The objectives of this update are to reflect various and ongoing technical developments which have increasingly influenced how computerised systems are developed and implemented for industry use. At the same time, the guidance further encourages good practice in critical thinking and knowledge management to achieve effective and efficient computerised system validation (and is fully aligned with the much-anticipated US FDA guidance on Computer Software Assurance (CSA) published as a draft in September 2022 - commented by the ECA Expert Working Group).
Increasingly computerised systems are developed in an iterative and incremental manner using rapid development methodologies such as Agile, fully supported by mature software development, life-cycle management, and automated testing tools. In addition, applications and IT infrastructure are frequently provided 'off-premise' as a service to regulated customers by multiple cloud service providers. For these reasons the validation of computerised systems increasingly relies on sound supplier evaluation, and establishing comprehensive service level agreements, to ensure compliance throughout the computerised system life cycle. Issues arising from this changed environment have driven many of the GAMP®5 Second Edition revisions.
The GAMP®5 Second Edition guidance document now extends to over 400 pages, however the core principles requiring good planning, clear requirements and specification activities, and effective verification processes remain in place. The original GAMP®5 guidance structure (Main Body plus topic sections containing multiple appendices) has been maintained, though the content has been thoroughly reviewed and revised to reflect the added emphasis on pragmatic approaches and facilitating technological innovation.
Of particular note is a move away from the habitual creation of paper documentation as validation 'deliverables' to a critical risk-based evaluation of evidential records created during concept, project, operation, and retirement phases. Where compliance can be adequately demonstrated by the review of electronic records held within well-evaluated tools and validated applications the production of hard-copy documents is considered non-value adding. This is likely to drive significant changes to computerised system validation approaches within the industry.
Another innovation is that the guide and supporting materials are now only available from ISPE as a download in electronic .pdf format. There are approximately 50 topic sections included in the guide, along with some example forms and supplier questionnaires. New content includes appendices on Agile software development, Artificial Intelligence and Machine Learning (AI/ML) based systems, and Distributed Ledger Systems (Blockchain). Sections on Electronic Batch Records and the Operation Phase have been comprehensively revised and other topics have been combined or retired. Recent ISPE GAMP® guidances on Data Integrity, Knowledge Management and Enabling Innovation are also extensively cross-referenced. References to relevant regulations, regulatory and industry guidelines and external standards have also been brought up to date.
The reviewer considers this a timely and comprehensive update which should extend the currency of the GAMP® computerised system validation framework well into the future.
Author: Rob Stephenson