Overview of
Computerized Systems Compliance Using the GAMP® 5 Guide
Jim John
ProPharma Group, Inc. (816) 682-2642
Who Cares About CSV?
• Systems throughout the organization involved in the development, production, storage and distribution of pharmaceutical products or medical devices have to be considered
• Resources involved in any way with IT,
computer, or automated systems is affected: – Developers
– Maintainers – Users
Purpose of This Presentation
• To discuss and clarify key topics
• Get to know the evolution of the GAMP
Methodology to the latest release
• Consider where GAMP 5 concepts can improve your existing methodology
GAMP Objectives
GAMP® guidance aims to achieve computerized systems that are fit for
intended use and meet current regulatory requirements, by building upon existing industry good practice in an efficient and effective manner.
Guidance
• It is not a prescriptive method or a standard, but..
– Pragmatic guidance – Approaches
– Tools for the practitioner
• Applied with expertise and good judgement
Evolution of GAMP Guidance
5 4 3 2 1Calibration Legacy Systems Laboratory VPCS
ERES Testing Data Archiving Global Information Systems IT Infrastructure
Other Drivers
• Avoid duplication • Leverage suppliers • Scale activities • Reflect today – Configurable packages – Development models 8Key Objectives
9
patient safety
product quality
10
GAMP
Document
Structure
Main Body Overview
• Key Concepts
• Life Cycle
• Quality Risk Management
• Regulated Company Activities
• Supplier Activities
• Efficiency Improvements
5 Key Concepts
• Life Cycle Approach Within a QMS
• Scaleable Life Cycle Activities
• Process and Product Understanding
• Science-Based Quality Risk Management
• Leveraging Supplier Involvement
Product and Process Understanding
• Basis of science- and risk-based decisions • Focus on critical aspects
– Identify – Specify – Verify
• CQAs / CPPs
Life Cycle Approach Within a QMS
• Suitable Life Cycle
–Intrinsic to QMS
• Continuous improvement
Specify Plan Verify Configure & Code Report R isk M an ag em en t
A Basic Framework For Achieving Compliance and Fitness For Intended Use
Figure xx:
Figure 3.3: A General Approach for Achieving Compliance and Fitness for Intended Use
Source Figure 3.3, GAMP 5 A Risk Based Approach to Compliance GxP Computerized Systems © Copyright ISPE 2008. All rights reserved.
GAMP V Model Transition
Verifies User Requirement Specification Functional Specification Design Specification System Build Installation Qualification Operational Qualification Performance Qualification Verifies Verifies
Scaleable Life Cycle Activities
• Risk
• Complexity and Novelty • Supplier
Science Based Quality Risk
Management
Focus on patient safety, product quality,
and data integrity…
18
Assessment
Control
Communication
Review
Based on
ICH Q9
Leveraging Supplier Involvement
• Assess: – Suitability – Accuracy – Completeness • Flexibility: – Format – Structure • Requirements gathering • Risk assessments • Functional / other specifications • Configuration • Testing • Support and maintenance 19Compatibility with Other Standards
ASTM E2500 Standard Guide for
Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment
GAMP 5 Ongoing Operations GAMP 5 Reporting and Release GAMP 5 Verification GAMP 5 Specification Configuration Coding GAMP 5 Planning
GAMP5 and ASTM E2500
Good Engineering Practice
Risk Management Design Review Change Management Requirements Specification and Design Verification Acceptance and Release Operations & Continuous Improvement Product Knowledge Process Knowledge Regulatory Requirements Company Quality Regs.
Governance
• Policies and procedures
• Roles and responsibilities
• Training
• Supplier relationships
• System inventory
• Planning for compliance & validation
• Continuous improvement
Stages Within the Project Phase
• Planning
• Specification, configuration, and coding
• Verification
• Reporting and release
Planning
• Activities • Responsibilities • Procedures • Timelines 26 See Appendix M1Specification, Configuration, &
Coding
• Specifications allow – Development – Verification – Maintenance• Number and level of detail varies
• Defined process
Verification
• Testing • Reviews
• Identify defects!
Supporting Processes
• Risk Management
• Change and Configuration Management
• Design Review
• Traceability
• Document Management
Design Review
• Planned • Systematic • Identify Defects • Corrective Action • Scaleable – Rigor/Extent – Documentation 30Traceability
Requirements Specification Design Verification Configure/CodeGAMP 5 Categories
Category GAMP 4 GAMP 5
1 Operating system Infrastructure software
2 Firmware No longer used
3 Standard software packages Non-configured products
4 Configurable software
packages Configured products
5 Custom (bespoke) software Custom applications
GAMP 5
Quality Risk Management
Critical Processes are Those Which:
• Generate, manipulate, or control data supporting regulatory safety and efficacy submissions
• Control critical parameters in preclinical, clinical, development, and manufacturing
• Control or provide information for product release
• Control information required in case of product recall • Control adverse event or complaint recording or
reporting
• Support pharmacovigilance (investigation of Adverse risks)
Definitions
• Harm Damage to health, including the damage that can occur from loss of product quality or availability.
• Hazard The potential source of harm.
• Risk The combination of the
probability of occurrence of harm and the severity of that harm.
• Severity A measure of the possible consequences of a hazard.
Step 1 – Initial Risk Assessment
• Based on business processes, user requirements, regulatory requirements and known functional areas
36
Don’t repeat unnecessarily!
Inputs Outputs GxP or non-GxP Major Risks Considered Overall Risk User Requirements GxP Regulations Previous Assessments
Step 2 – Identify Functions with GxP Impact
• Functions with impact on patient safety, product quality, and data integrity 37 Specifications System Architecture Categorization of Components Inputs Outputs List of Functions to be further evaluated
Step 3 – Perform Functional Risk Assessments & Identify Controls
Functions from Step 2 SME Experience
Scenarios
Possible Hazards
38
Breakdown of Risks to Low, Medium and High.
Detailed
Assessments and Mitigation for High
Functional Risk Assessment
• Identify
– Hazards and risk scenarios
– Severity – impact on safety quality or other harm
– Probability – Detectability
GAMP Risk Assessment Tool
40 Probability Severity Low Medium High Low Medium High Class 3 Class 2 Class 1A simple two-step process:
GAMP Risk Assessment Tool
41 Priority 1 Priority 3 Priority 2 3 2 1 High Medium Low Risk Class DetectabilityStep 3 (continued) Controlling the Risk
42 Mitigation Strategies
• Change the process
• Change the design
• Add new features
• Apply external procedures
Scenarios with High Risk from Functional
Analysis
Step 4 – Implement & Verify Appropriate Controls
• Verification activity should demonstrate that the controls are effective in performing the required risk
reduction.
Step 5 – Review Risks Monitor Controls
Establish Periodic Review of Control Effectiveness Apply Risk Process in Change Management Activities 44 Frequency and extent of any periodic review should be based on the level of risk
Risk-Based Decisions
What do they impact ?
• Number and depth of design reviews
• Need for, and extent of, source code review • Rigor of supplier evaluation
• Depth and rigor of functional testing
Operation Appendices
• O1 – Handover
• O2 – Establishing & Managing Support Services
• O3 – Performance Monitoring • O4 – Incident Management • O5 – Corrective and
Preventive Action (CAPA) • Performance Monitoring
• O6 – Operational Change & Configuration Management
• O7 – Repair Activity • O8 – Periodic Review
• O9 – Backup and Restore • O10 – Business Continuity
Management
• O11 – Security Management • O12 – System Administration • O13 – Archiving and Retrieval
Summary
• GAMP 5 provides more flexibility in the number and types of validation lifecycle products used.
• Application of Risk and use of SME Knowledge are keys to success