For those of us that have participated in developing and implementing new or upgrading existing software applications, from customized distributed control systems (a.k.a. manufacturing control systems) for automated control of Bioprocessing operations, manufacture of vaccines, production of API’s, etc., Building Management Systems, PLC controlled equipment, to Laboratory Information Management or other IT Systems, we are most likely familiar and have applied the life cycle approach presented in Good Automated Manufacturing Practice (GAMP) 5 Guideline entitled “A Risk Based Approach to Compliant GxP Computerized Systems” (2008). For those of you that are new to the game and are in the process of evaluating feasibility of a new project or have progressed to development of scope, budget, and preliminary engineering design, you need to familiarize yourself with GAMP 5 and begin developing policies, practices and procedures, consistent with its content as early as possible. Doing so will certainly increase your chances for completing the project in an efficient, cost effective, and most importantly, regulatory compliant, manner. This is possible because GAMP 5 incorporates ideas defined and described in FDA’s 21st Century Initiative; ICH documents Q8 Pharmaceutical Development, Q9 Quality Risk Management, and Q10 Pharmaceutical Quality Systems; ISPE’s Product Quality Lifecycle Implementation (PQLI) Initiative; and ASTM E2500 Standard Guide for Specification, Design and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment.
GAMP 5 is based on developing and integrating the following five concepts into a cohesive computerized system development, validation and maintenance program:
- Product and process understanding: System requirements must be developed to ensure the system is fit for its intended use focusing on aspects that are critical to patient safety, product quality and data integrity, including Critical to Quality Attributes and Critical Process Parameters.
- Life Cycle Approach with a QMS (Quality Management System): Activities and quality management systems need to be developed for each Life Cycle phase, from conception to retirement, that promote continuous process and system understanding through periodic reviews of performance and process data, root cause analysis of failures, change control, etc., assuring compliance with regulatory requirements.
- Scaleable Life Cycle Activities: Life Cycle Activities should be scaled according to system impact on patient safety, product quality, and data integrity; system complexity and novelty; and outcome of supplier assessments.
- Science Based Quality Risk Management: Risk Assessments should be performed to identify critical aspects that may impact on patient safety, product quality, and data integrity; develop and implement risk mitigation reduction strategies or controls to reduce risks to acceptable levels; and monitor controls to ensure ongoing effectiveness.
- Leveraging Supplier Involvement: Perform Supplier Assessments and follow up audits, and if acceptable, avoid duplication of activities by leveraging their knowledge, experience and documentation by seeking their assistance in developing specifications, testing, support, and maintenance where applicable
The following diagram, from ASTM E2500 introduces us to the Automated System Life Cycle by providing an overview of the Specification, Design and Verification process highlighting application of GEP’s, Risk Management, Design Review and Change Management throughout the life cycle.
Automated System Life Cycle |
GAMP 5 goes on to classify the Computerized System Life Cycle as follows:
- Concept
- Project
- Planning
- Specification, Configuration, and Coding
- Verification
- Reporting and Release
- Operation
- Retirement
Aspects relating to the Project Phase will be covered in future discussions. Stay tuned!