overview of computerized systems compliance using the gamp® 5 guide
DESCRIPTION
By Jim John, ProPharma GroupTRANSCRIPT
![Page 1: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/1.jpg)
Overview of Computerized Systems Compliance
Using the GAMP® 5 Guide
Jim JohnProPharma Group, Inc.(816) [email protected]
![Page 2: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/2.jpg)
Who Cares About CSV?• Systems throughout the organization involved
in the development, production, storage and distribution of pharmaceutical products or medical devices have to be considered
• Resources involved in any way with IT, computer, or automated systems is affected:– Developers– Maintainers– Users
![Page 3: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/3.jpg)
Purpose of This Presentation
• To discuss and clarify key topics• Get to know the evolution of the GAMP
Methodology to the latest release• Consider where GAMP 5 concepts can
improve your existing methodology
![Page 4: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/4.jpg)
GAMP Objectives
GAMP® guidance aims to achieve computerized systems that are fit for intended use and meet current regulatory requirements, by building upon existing industry good practice in an efficient and effective manner.
4
![Page 5: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/5.jpg)
Guidance• It is not a prescriptive method or a standard,
but..– Pragmatic guidance– Approaches– Tools for the practitioner
• Applied with expertise and good judgement
5
![Page 6: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/6.jpg)
Evolution of GAMP Guidance
54321Calibration Legacy SystemsLaboratory VPCSERES TestingData Archiving Global Information SystemsIT Infrastructure
![Page 7: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/7.jpg)
Drivers
![Page 8: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/8.jpg)
Other Drivers• Avoid duplication• Leverage suppliers• Scale activities• Reflect today
– Configurable packages– Development models
8
![Page 9: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/9.jpg)
Key Objectives
9
patient safety product quality
data integrity
![Page 10: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/10.jpg)
10
GAMPDocumentStructure
![Page 11: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/11.jpg)
Main Body Overview• Key Concepts• Life Cycle• Quality Risk Management• Regulated Company Activities• Supplier Activities• Efficiency Improvements
11
![Page 12: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/12.jpg)
5 Key Concepts
• Life Cycle Approach Within a QMS• Scaleable Life Cycle Activities• Process and Product Understanding• Science-Based Quality Risk Management• Leveraging Supplier Involvement
12
![Page 13: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/13.jpg)
User and Supplier Life Cycles
![Page 14: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/14.jpg)
Product and Process Understanding
• Basis of science- and risk-based decisions• Focus on critical aspects
– Identify– Specify– Verify
• CQAs / CPPs
14
![Page 15: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/15.jpg)
Life Cycle Approach Within a QMS
• Suitable Life Cycle–Intrinsic to QMS
• Continuous improvement
15
![Page 16: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/16.jpg)
Specify
Plan
Verify
Configure& Code
Report
Risk M
anag
emen
t
A Basic Framework For Achieving Compliance and Fitness For Intended Use
Figure xx:Figure 3.3: A General Approach for Achieving Compliance and Fitness for Intended Use
Source Figure 3.3, GAMP 5 A Risk Based Approach to Compliance GxP Computerized Systems © Copyright ISPE 2008. All rights reserved.
GAMP V Model Transition
VerifiesUser Requirement Specification
Functional Specification
DesignSpecification
System Build
InstallationQualification
OperationalQualification
Performance Qualification
Verifies
Verifies
![Page 17: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/17.jpg)
Scaleable Life Cycle Activities
• Risk• Complexity and Novelty• Supplier
17
![Page 18: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/18.jpg)
Science Based Quality Risk Management
Focus on patient safety, product quality, and data integrity…
18
AssessmentControl
CommunicationReview
Based on ICH Q9
![Page 19: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/19.jpg)
Leveraging Supplier Involvement
• Assess: – Suitability– Accuracy– Completeness
• Flexibility:– Format– Structure
• Requirements gathering
• Risk assessments• Functional / other
specifications• Configuration• Testing• Support and
maintenance 19
![Page 20: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/20.jpg)
Life Cycle Phases
![Page 21: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/21.jpg)
Compatibility with Other Standards
ASTM E2500 Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment
21
![Page 22: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/22.jpg)
GAMP 5Ongoing
Operations
GAMP 5Reporting
and
Release
GAMP 5Verification
GAMP 5Specification
Configuration
Coding
GAMP 5
Planning
GAMP5 and ASTM E2500Good Engineering Practice
Risk Management
Design Review
Change Management
Requirements Specificationand Design
Verification AcceptanceandRelease
Operations &Continuous Improvement
ProductKnowledge
ProcessKnowledge
RegulatoryRequirements
Company Quality Regs.
The Specification, Design, and Verification Process – Diagram from ASTM E2500
![Page 23: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/23.jpg)
Governance
• Policies and procedures• Roles and responsibilities• Training• Supplier relationships• System inventory• Planning for compliance & validation• Continuous improvement
23
![Page 24: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/24.jpg)
Stages Within the Project Phase
• Planning• Specification, configuration, and
coding• Verification• Reporting and release
24
![Page 25: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/25.jpg)
![Page 26: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/26.jpg)
Planning
• Activities• Responsibilities• Procedures• Timelines
26
See Appendix M1
![Page 27: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/27.jpg)
Specification, Configuration, & Coding
• Specifications allow– Development– Verification– Maintenance
• Number and level of detail varies
• Defined process
27
![Page 28: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/28.jpg)
Verification
• Testing• Reviews• Identify defects!
28
![Page 29: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/29.jpg)
Supporting Processes
• Risk Management• Change and Configuration Management• Design Review• Traceability• Document Management
29
![Page 30: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/30.jpg)
Design Review
• Planned• Systematic• Identify Defects• Corrective Action• Scaleable
– Rigor/Extent– Documentation
30See also Appendix M5
![Page 31: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/31.jpg)
Traceability
Requirements
Specification
Design
Verification
Configure/Code
![Page 32: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/32.jpg)
GAMP 5 CategoriesCategory GAMP 4 GAMP 5
1 Operating system Infrastructure software
2 Firmware No longer used
3 Standard software packages Non-configured products
4 Configurable software packages Configured products
5 Custom (bespoke) software Custom applications
Cont
inuu
m
![Page 33: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/33.jpg)
GAMP 5Quality Risk Management
33
![Page 34: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/34.jpg)
Critical Processes are Those Which:• Generate, manipulate, or control data supporting
regulatory safety and efficacy submissions• Control critical parameters in preclinical, clinical,
development, and manufacturing• Control or provide information for product release• Control information required in case of product recall• Control adverse event or complaint recording or
reporting• Support pharmacovigilance (investigation of Adverse
risks)
34
![Page 35: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/35.jpg)
Definitions
• Harm Damage to health, including the damage that can occur from loss of product quality or availability.
• Hazard The potential source of harm.• Risk The combination of the
probability of occurrence of harm and the severity of that harm.
• Severity A measure of the possible consequences of a hazard.
35
![Page 36: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/36.jpg)
Step 1 – Initial Risk Assessment
• Based on business processes, user requirements, regulatory requirements and known functional areas
36Don’t repeat unnecessarily!
Inputs Outputs
GxP or non-GxP
Major Risks Considered
Overall Risk
User Requirements
GxP Regulations
Previous Assessments
![Page 37: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/37.jpg)
Step 2 – Identify Functions with GxP Impact
• Functions with impact on patient safety, product quality, and data integrity
37
Specifications
System Architecture
Categorization of Components
Inputs Outputs
List of Functions to be further evaluated
![Page 38: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/38.jpg)
Step 3 – Perform Functional Risk Assessments & Identify Controls
Functions from Step 2
SME Experience
Scenarios
Possible Hazards
38
Breakdown of Risks to Low, Medium and High.
Detailed Assessments and Mitigation for High
Inputs Outputs
![Page 39: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/39.jpg)
Functional Risk Assessment
• Identify– Hazards and risk scenarios– Severity – impact on safety quality or
other harm– Probability– Detectability
39
![Page 40: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/40.jpg)
GAMP Risk Assessment Tool
40
Probability
Seve
rity
Low
Medium
High
Low
Med
ium
Hig
h
Class 3
Class 2
Class 1
A simple two-step process:
Plot Severity vs. Probability to obtain Risk Class
![Page 41: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/41.jpg)
GAMP Risk Assessment Tool
41
Priority 1
Priority 3
Priority 2
3
2
1
Hig
h
Med
ium
Low
Ris
k C
lassDetectability
Plot Risk Class vs. Detectability to obtain Risk Priority
![Page 42: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/42.jpg)
Step 3 (continued) Controlling the Risk
42
Mitigation Strategies
• Change the process• Change the design• Add new features• Apply external
procedures
Scenarios with High Risk from Functional Analysis
Inputs Outputs
![Page 43: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/43.jpg)
Step 4 – Implement & Verify AppropriateControls
• Verification activity should demonstrate that the controls are effective in performing the required risk reduction.
43
![Page 44: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/44.jpg)
Step 5 – Review Risks Monitor Controls
Establish Periodic Review of Control Effectiveness
Apply Risk Process in Change Management Activities
44
Frequency and extent of any periodic review should be based on the level of risk
![Page 45: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/45.jpg)
Risk-Based Decisions What do they impact ?
• Number and depth of design reviews • Need for, and extent of, source code review• Rigor of supplier evaluation• Depth and rigor of functional testing
45
![Page 46: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/46.jpg)
Operation Appendices• O1 – Handover• O2 – Establishing & Managing
Support Services• O3 – Performance Monitoring• O4 – Incident Management• O5 – Corrective and
Preventive Action (CAPA)• Performance Monitoring• O6 – Operational Change &
Configuration Management
• O7 – Repair Activity• O8 – Periodic Review• O9 – Backup and Restore• O10 – Business Continuity
Management• O11 – Security Management• O12 – System Administration• O13 – Archiving and Retrieval
46
![Page 47: Overview of Computerized Systems Compliance Using the GAMP® 5 Guide](https://reader035.vdocuments.site/reader035/viewer/2022081715/54be1be14a795948378b4576/html5/thumbnails/47.jpg)
Summary
• GAMP 5 provides more flexibility in the number and types of validation lifecycle products used.
• Application of Risk and use of SME Knowledge are keys to success
47