News and Views

GAMP 5 Second Edition – the Changes Pharmaceutical Laboratories Need to Know

by | 30 Nov, 2022

GAMP 5 Second Edition is the first significant update to GAMP 5 since 2008. A lot has happened since then, with the development of new technologies that are now commonplace, as well as technologies that are becoming increasingly important. There have also been changes to best practices for the development of computerised systems. So, what has changed in GAMP 5 Second Edition and how will those changes impact your pharmaceutical laboratory?

GAMP 5 Second Edition was released by the ISPE (International Society for Pharmaceutical Engineering) in July 2022.

 

Why Is There a Need for GAMP 5 Second Edition?

 

GAMP 5 is recognised across the world as the go-to guide for managing the compliance and validation of GxP computerised systems used in pharmaceutical operations. GAMP 5 covers the entire lifecycle of a computerised system, from commissioning and development to operation and updating to upgrading and retirement.

The aim of GAMP 5 is to help pharmaceutical companies “protect patient safety, product quality, and data integrity”.

The previous version of GAMP 5 achieved these aims but, in doing so, it also hampered innovation as technologies evolved. The new edition of GAMP 5 seeks to address this by facilitating innovation while still ensuring patient safety, product quality, and data integrity.

GAMP 5 Second Edition can be seen as part of the evolution from CSV (computerised system validation) to CSA (computer software assurance). In CSA, validation is risk-based and focused on patient safety and product quality, rather than being focused on documentation and box ticking.

GAMP 5 Second Edition is also better aligned with ITIL. ITIL, or Information Technology Infrastructure Library, is a framework for the full lifecycle management of IT services.

 

What Has Changed in GAMP 5 Second Edition?

 

Recognition of Agile Development

 

The previous version of GAMP 5 assumed computerised system development was a largely linear process. This no longer reflects reality, as the development of modern computerised systems typically involves an iterative approach.

In GAMP 5 Second Edition, there is now a new appendix that covers the now commonplace iterative and agile approaches to the development of computerised systems.

The linear approach hasn’t been completely discarded in GAMP 5 Second Edition, as it is still applicable in some situations, including when using off-the-shelf software applications. Therefore, the traditional V waterfall model for the development of computerized systems is still available.

However, GAMP 5 Second Edition now also accommodates more agile and iterative development methodologies.

 

Changes in Documentation Requirements

 

The revised documentation requirements in GAMP 5 Second Edition are largely based on the recognition of agile development processes. The result is a change in focus away from traditional documents like IQs (installation qualification), OQs (operational qualification), and PQs (performance qualification).

GAMP 5 Second Edition instead requires a risk-based approach to documentation. It also facilitates a move away from traditional documentation creation, as there is now guidance on how records can instead be kept on tools and systems.

 

Focus on Critical Thinking

 

The introduction of critical thinking in GAMP 5 Second Edition aligns the updated guidance with the new guidelines on CSA released by the FDA in September.

Critical thinking involves moving away from prescriptive approaches to validation, where box ticking is the outcome and innovation is obstructed. A prescriptive approach to validation also does not reflect the reality of lifecycle activities, as those lifecycle activities are all different.

With critical thinking, context is taken into account using a risk-based approach that considers factors like complexity and novelty. The topic of critical thinking is covered in one of the six new appendices in GAMP 5 Second Edition

 

The New Appendices in GAMP 5 Second Edition

 

The above points have mentioned new appendices in GAMP 5 Second Edition. The appendices reflect the main changes between the original version of GAMP 5 and the new Second Edition.

In addition to the new appendices, there are also changes to some of the original appendices. Here is a summary of what is new and what has changed:

  • New management appendices – IT Infrastructure (M11) and Critical Thinking (M12)
  • New development appendices – Agile Software Development (D8), Software Tools (D9), Distributed Ledger Systems (Blockchain) (D10), and Artificial Intelligence and Machine Learning (D11)
  • Amended and removed development appendices – User Requirements Specifications has been amended to Specifying Requirements (D1). Significant changes have been made to this appendix. Functional Specifications (previously D2) has been removed, with elements of this old appendix now incorporated into D1. Testing of Computerised Systems (D5) has received significant updates.
  • Amended and removed operational appendices – Repair Activity (previously O7) has been removed, with elements of this old appendix now incorporated into Operational Change and Configuration Management (O6).
  • Amended and removed special interest appendices – Managing Quality Within an Outsourced IS/IT Environment (previously S5) has been removed, with elements of this old appendix now incorporated into the new management appendix, IT Infrastructure (M11).

 

Why GAMP 5 Second Edition and Not GAMP 6?

 

In GAMP 5 Second Edition, the underlying approach to managing the compliance and validation of computerised systems remains the same. In fact, the only part of the main body text in the new guidelines that has been changed in any significant way is the introduction. Everything else is largely the same, with a few tweaks and clarifications.

What is different in GAMP 5 Second Edition are the appendices, as explained above. Therefore, GAMP 5 Second Edition maintains the overarching principles of the original guidance while also recognising and accommodating advances in technologies, processes, and infrastructure, both IT and OT.