GAMP 5 Categories, V Model and 21 CFR Part 11, EU Annex 11

What is GAMP 5?

• Good Automated Manufacturing Practice, Founded in 1991. International Society for Pharmaceutical Engineering (ISPE) sets the guidelines for manufacturers and the current Version is GAMP 5.
• GAMP describes a set of principles and procedures that help ensure that pharmaceutical Software (Like QMS Software, LMS software, DMS software etc.) has required quality.
• Computer system validation (CSV) following GAMP guidelines require users and suppliers to work together so that responsibilities regarding the validation process are understood.
• For users: GAMP provides a documented assurance that a system is appropriate for the intended use before it goes “live.”
• Suppliers can use GAMP to test for avoidable defects in the supplied system to ensure quality products are produced.

Why GAMP 5?

• Facilitates the interpretation of regulatory requirements.
• Establishes a common language and terminology.
• Promotes a system life cycle approach based on good practice.
• Clarifies roles and responsibilities.
• Focus attention on those computerized systems with the most impact on patient safety, product quality, and data integrity
• Avoid duplication of activities

There are five key concepts to GAMP 5:

• Product and Process Understanding
• Lifecycle approach within QMS
• Scalable Lifecycle Activities
• Science Based Quality Risk Management
• Leveraging Supplier Involvement

GAMP 5 Categories

Note: Category 2 is discontinued

Difference between Category 4 and Category 5 in GAMP 5

• Configuration and customization of software are terms that are poorly defined in the validation world and frequently used interchangeably, especially in a vendor’s marketing literature.
• It is important to understand the difference between these two terms as they mean entirely different things and consequently can have a dramatic impact on the amount of validation work that you could undertake.

Configuration: The modification of the function of a software product to meet the business process or user requirements using tools supplied by the supplier. These tools can include the input of user-defined text strings for drop-down menus, turning software functions on or off, graphical dragging and dropping of information elements, and creation of specific reports using the standard functionality of the package.

Customization: The writing of software modules, scripts, procedures, or applications to meet business requirements. This can be achieved using an external programming language (such as C++ or .NET or PL*SQL for database procedures), macro instructions, or an internal scripting language specific for a commercial application.

Depending on the user requirements the same implementation can be Category 4 or 5

What is SDLC Model?  What model GAMP 5 Suggests?

The software development life cycle (SDLC) is a framework defining tasks performed at each step in the software development process.

• SDLC is a structure followed by a development team within the software organization.
• It consists of a detailed plan describing how to develop, maintain and replace specific software.
• The life cycle defines a methodology to deliver the quality of software and the overall development process.

• 21 CFR (Code of Federal Regulations) Part 11 has defined by the US FDA regulations that set forth the criteria applies to electronic records and electronic signatures that persons create, modify, maintain, archive, retrieve, or transmit under any records or signature requirement set forth in the Federal Food, Drug, and Cosmetic Act, the Public Health Service Act, or any FDA regulation
• Annex 11 is part of the European GMP Guidelines and defines the terms of reference for computerized systems software used by organizations in the pharmaceutical industry.

Queries?

• Any relation between GAMP 5 or v Model with 21 CFR Part 11?
• Both are the set of guidelines which are used to validate a computer-based software used in pharma manufacturing companies.
• The guidelines are predefined, and software should comply with the guidelines.
• GAMP talks about “the How” and the 21 CFR talks “the What” during the Validation of computer-based software for Pharma companies.
• GAMP is a methodology and 21 CFR are a regulation
• 21 CFR Part 11 is US FDA and Annex 11 is EU guidelines.
• A Company is delivering software to the banking sector they never heard of part 11 but when the Pharma customer wants them to map Part 11 requirements will the solution comply with them?
• Even if a company is delivering software to the banking sector, the solution will generally comply with part 11 requirements.
• In banking software’s there may not be the reference of Part 11, but the requirements of Part 11 will be met by the banking software’s
• A software company is following SDLC models from the past 8 years. For the first time, they are delivering a pharma software solution. When the customer team comes for an audit what software development methodologies they need to demonstrate to win the auditor.
• Whenever there is an audit of the customer need to explain the detailed procedure followed to develop software right from the beginning of User requirement gathering to the maintenance and support.
• Even if the company does not know the standard guidelines, we can map the existing followed procedure with the guidelines and standards to comply with client requirements.
• The company which comes to audit have a set of guidelines or criteria which the supplier should comply to pass the audit.
• The pharma companies investigate whether the software follows GAMP, or Part 11 or EU annexure 11.
• To win the auditor the company must have followed an SDLC Methodology with Proper Reviews and Tracking.
• A software company doesn’t want to follow the V model, still wanted to deliver pharma software (Quality Management Software, Document Management System, ANDA and DMF tracker etc.). Will this be acceptable to Pharma Company?

Acceptable if Software Company follows standard SDLC models and follows the Standards for developing and managing the code.

For further queries, and suggestions reach out to info@amplelogic.com or contact us