What about GAMP 5? How does it fit into 21 CFR? How to combine both?
For those of you are aren’t familiar with GAMP 5, it refers to a set of industry best practices for automated systems: Good Automated Manufacturing Practice. The gist of the GAMP guidelines is to use a risk-based approach to managing GxP computer systems. In essence: the higher the risk, the greater the degree of validation and control is needed.
The SDLC that we follow here in the life sciences practice is based on GAMP 5. We begin each project with an assessment of the system to determine its risk level (based on the system type and intended use), as well as whether it is GxP and, if so, subject to 21 CFR Part 11.
For systems that fall under Part 11, we follow a three-step process:
- List out the regulations that do and don’t apply to the system in the scope section of the requirements specification(s)
- Include requirements that correspond to the regulations that are in scope (these requirements are spelled out in our QA-controlled 21 CFR Part 11 policy)
- Test those requirements – along with all of the others – in the associated qualification phase. For example, we map functional requirements to the Operational Qualification (OQ) phase of validation and user requirements to the Performance Qualification (PQ) phase.
This is just one approach to combining GAMP 5 and 21 CFR Part 11 in computer system validation (CSV). If you have any comments or follow-up questions on this topic, we’d love to hear from you. To see what other questions were asked during the webinar, click here.