GAMP 5

A Risk-Based Approach to Compliant GxP Computerized Systems

Page 7

Table of Contents
1

Introduction ....................................................................................................................... 11
1.1
1.2
1.3
1.4
1.5
1.6

Key Concepts .................................................................................................................... 19

2.1
2.2

Overview ................................................................................................................................................. 47
Science Based Quality Risk Management .............................................................................................. 48
Quality Risk Management Process ......................................................................................................... 49

Regulated Company Activities ........................................................................................ 53

6.1
6.2

Concept ................................................................................................................................................... 29
Project ..................................................................................................................................................... 29
Operation ................................................................................................................................................ 39
Retirement .............................................................................................................................................. 46

Quality Risk Management ................................................................................................ 47

5.1
5.2
5.3

Computerized System Life Cycle ............................................................................................................ 25

Specification and Verification .................................................................................................................. 27
Computerized System Validation Framework ......................................................................................... 27

Life Cycle Phases ............................................................................................................. 29

4.1
4.2
4.3
4.4

Key Concepts .......................................................................................................................................... 19

Key Terms ............................................................................................................................................... 21

Life Cycle Approach ......................................................................................................... 25

3.1
3.2
3.3

Rationale for GAMP 5 ............................................................................................................................. 11

New and Revised Material ...................................................................................................................... 13
Purpose ................................................................................................................................................... 14
Scope ...................................................................................................................................................... 14
Business Benefits ................................................................................................................................... 15
Structure .................................................................................................................................................. 16

Governance for Achieving Compliance .................................................................................................. 53

System Specific Activities ....................................................................................................................... 56

Supplier Activities ............................................................................................................ 65

7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
7.10
7.11
7.12
7.13
7.14

GAMP 5 TOC

Supplier Products, Applications, and Services ....................................................................................... 65

Supplier Good Practices ......................................................................................................................... 66
Quality Management System .................................................................................................................. 67
Requirements .......................................................................................................................................... 68
Supplier Quality Planning ....................................................................................................................... 69
Sub-Supplier Assessments ..................................................................................................................... 69
Specifications .......................................................................................................................................... 70
Design Reviews ...................................................................................................................................... 70
Software Production/Configuration ......................................................................................................... 70
Testing ..................................................................................................................................................... 71
Commercial Release .............................................................................................................................. 71
User Documentation and Training .......................................................................................................... 71
System Support and Maintenance During Operation ............................................................................. 72
System Replacement and Retirement .................................................................................................... 72

2007 ISPE. All rights reserved.

www.ispe.org

Page 8

GAMP 5
A Risk-Based Approach to Compliant GxP Computerized Systems

Efficiency Improvements ................................................................................................. 73

8.1
8.2
8.3
8.4
8.5
8.6
8.7
8.8

Establishing Verifiable and Objective User Requirements ..................................................................... 73

Use of Risk-Based Decisions ................................................................................................................. 74
Leveraging Supplier Input ....................................................................................................................... 74
Leveraging Existing Documentation ....................................................................................................... 75
Efficient Testing Practice ......................................................................................................................... 75
Well Managed Handover ........................................................................................................................ 77
Efficient Change Management ............................................................................................................... 77
Anticipating Data Archiving and Migration Needs ................................................................................... 78

Appendices ....................................................................................................................... 81
Index ................................................................................................................................ 347

GAMP 5 TOC

2007 ISPE. All rights reserved.

www.ispe.org

GAMP 5
A Risk-Based Approach to Compliant GxP Computerized Systems

Page 9

Table of Appendices
Management Appendices
Appendix M1
Appendix M2
Appendix M3
Appendix M4
Appendix M5
Appendix M6
Appendix M7
Appendix M8
Appendix M9
Appendix M10

Validation Planning ............................................................................................................................ 81

Supplier Assessment ......................................................................................................................... 89
Science Based Quality Risk Management ....................................................................................... 105
Categories of Software and Hardware ............................................................................................. 127
Design Review and Traceability ....................................................................................................... 133
Supplier Quality and Project Planning ............................................................................................. 139
Validation Reporting ......................................................................................................................... 145
Project Change and Configuration Management ............................................................................. 149
Document Management ................................................................................................................... 153
System Retirement ........................................................................................................................... 157

Development Appendices
Appendix D1
Appendix D2
Appendix D3
Appendix D4
Appendix D5
Appendix D6
Appendix D7

User Requirements Specifications ................................................................................................... 163

Functional Specifications ................................................................................................................. 175
Configuration and Design ................................................................................................................ 179
Management, Development, and Review of Software ..................................................................... 187
Testing of Computerized Systems ................................................................................................... 195
System Descriptions ........................................................................................................................ 213
Data Migration .................................................................................................................................. 217

Operation Appendices
Introduction to
Appendix O1
Appendix O2
Appendix O3
Appendix O4
Appendix O5
Appendix O6
Appendix O7
Appendix O8
Appendix O9
Appendix O10
Appendix O11
Appendix O12
Appendix O13

Operation Appendices ........................................................................................................................ 223

Handover .......................................................................................................................................... 229
Establishing and Managing Support Services ................................................................................. 231
Performance Monitoring ................................................................................................................... 237
Incident Management ...................................................................................................................... 241
Corrective and Preventive Action ..................................................................................................... 243
Operational Change and Configuration Management ..................................................................... 247
Repair Activity .................................................................................................................................. 253
Periodic Review ............................................................................................................................... 255
Backup and Restore ........................................................................................................................ 259
Business Continuity Management ................................................................................................... 267
Security Management ...................................................................................................................... 271
System Administration ..................................................................................................................... 275
Archiving and Retrieval .................................................................................................................... 277

Special Interest Topics Appendices

Appendix S1
Appendix S2
Appendix S3
Appendix S4
Appendix S5
Appendix S6

Alignment with ASTM E2500 ............................................................................................................ 283

Electronic Production Records (EPR) .............................................................................................. 287
End User Applications Including Spreadsheets ............................................................................... 291
Patch and Update Management ...................................................................................................... 301
Managing Quality within an Outsourced IS/IT Environment ............................................................ 305
Organizational Change .................................................................................................................... 319

General Appendices
Appendix G1
Appendix G2
Appendix G3
GAMP 5 TOC

GAMP Good Practice Guide Summary .......................................................................................... 325

Glossary and Acronyms ................................................................................................................... 331
References ....................................................................................................................................... 343
2007 ISPE. All rights reserved.

www.ispe.org