It’s here, it’s here! I’ve felt like Navin R. Johnson waiting for the new phone book to arrive. (You might have to Google this one if you’re under age 50.) The Second Edition of GAMP5 is out! My colleagues and I have had a chance to review and will be writing a few articles describing the major changes and how the regulated community might benefit from the application of this new guidance. In this series of articles, we will touch on the following topics:
- Computer Software Assurance (CSA)
- Use of Agile and other non-linear lifecycle models
- Increasing use of cloud technologies such as Software-as-a-Service (SaaS)
- Use of Artificial Intelligence (AI) and Machine Learning (ML)
In the meantime, I thought I’d quickly introduce you to one of the more subtle changes we encountered when poring through our crisp new copy of Edition Two. And that change is – the renaming of GAMP5 Software Category 3 from “Non-configured” software product to “Standard” software product. At first glance, this is a subtle change. However, this simple change could serve as a respite for frustrated validation engineers everywhere.
I was not in the room where it happened, but I am somewhat confident that at least one purpose of this change was to ward off the strict application of the word “non-configured.” It has always been my interpretation that a software product is characterized as GAMP5 category 4 versus 3 when the product is configured to support the regulated company’s business process. It has also been my understanding that a GAMP5 category 3 product could still require some configuration, but it shouldn’t require configuration to conform to a specific business process. Even though a clarification was made in GAMP5 Edition 1, I have witnessed the literal interpretation of the word “non-configured” and the creation of functional and configuration specification documents to contain a single alarm setpoint for a chart recorder.
The given example is an extreme one, but cases just like this have occurred when organizations have applied the word “non-configured” precisely. With the clarification that a software product can include limited configurations of parameterized values and still fall under the GAMP5 category 3 umbrella, hopefully, the industry can welcome flexibility in this instance without sacrificing patient safety, product quality, or data integrity.
As always, it is important to remember that any risk-based decision should be anchored in science and the application of critical thinking to product and process knowledge. If you’d like to discuss the nuances of GAMP5 software categorization or any other GAMP5 topic, reach out to me or one of my CAI colleagues.
About the Author:
Eric S. Collier, Assistant Director, Automation and IT
Eric has more than 30 years of experience as a project manager and software engineer providing best-in-class services and products to regulated industry in the areas of automation, manufacturing intelligence, computerized system validation, electronic records and signatures, and data integrity.