Ispe sf ch_gamp

10/7/2004 Kkrause@Amgen.com
Good Automated Manufacturing
Practices (GAMP)
Klaus Krause, Amgen
ISPE/GAMP Americas Steering Committee
ISPE San Francisco/Bay Area Chapter Meeting, October 7, 2004

Presentation Overview
I. GAMP - Organization and Objectives
II. GAMP4 Guide for Validation of Automated
Systems

Part 1
GAMP Organization and Objectives

Pivotal Inspection
Before
AfterValidation Plan
Additionally:
Specification
Design Review (DQ)
Source Code Review
Supplier Audit
IQ
OQ
PQ
Validation Report

GAMP Objectives
Achieve Compliance by building upon
existing industry good practices in an
effective and efficient manner

GAMP Forum
Special Interest Groups (SIGs)
European
Steering
Committee
Americas
Steering
Committee
GAMP
Council
Industry
Board
Local
ISPE

GAMP Council
Technical Sub-Committee of ISPE
Set Directions
Influence Industry and Regulators on the
Interpretation of Regulations pertaining to:
Information Systems
Control Systems
Laboratory Systems

GAMP Organizations
GAMP DACH
GAMP Americas
JETT
Supplier ForumSupplier Forum
GAMP Europe
GAMP Japan

Laboratory Systems
IT Infrastructure Qualification
Manufacturing Execution Systems
Electronic Data Archiving
Global Information Systems
Research and Development Systems

Building Management Systems
Testing of GxP Critical Systems
JETT Consortium

Organizational Links
APV (Germany)
GMA/NAMUR (Germany)
JETT
ISPE

Links to Regulatory Agencies
FDA
MCA
European Union

Influence
Established reference in UK/Europe
Cited by regulators as baseline practice
by regulators (inc. FDA and MCA)
Training of FDA Inspectors

GAMP Good Practices Guides
GAMP4 Validation of Automated Systems
Calibration Management
Validation of Process Control Systems
Validation of Legacy Systems

In Preparation
Validation of Laboratory Systems
IT Infrastructure Qualification
Validation of Manufacturing Control
Systems (MES)
Validation of Global Information Systems

In Preparation
Validation of R&D Systems
Validation of Building Management
Systems
Testing of GxP Critical Systems
Risk based Qualification of Equipment

Questions ?

Part II
GAMP4 Guide for Validation of
Automated Systems

GAMP4 Principles
Create simple, well understood rules
Scale validation for size, criticality, and
complexity
Benefit from supplier capabilities
Benefit from configurable SW packages
Maintain validated state of the system in the
operational environment

GAMP4 Principles
Harmonize GAMP terminology with
international quality concepts and industry
initiatives
Collaborate with other industry groups
Achieve greater awareness of GAMP
internationally

Structure of GAMP4 Guidance
GAMP4 Guide is main body
Good Practices Guides are supplements to
GAMP4 Guide
Guidance follows validation life cycle
GxP Compliance Solutions for System Users
and Suppliers

Structure of GAMP4 Guide
GAMP Principles and Framework
Appendices
Management Development Operation

GAMP4 Themes
System Development Life Cycle
Validation Planning
Risk and Impact Assessment
Supplier Quality Management
Specifications
Design Review
Formal Testing/Verification

Automated System
Environment: Legal, Organizational, Physical, Technical
Documentation
Equipment, Instruments
Computer Hardware
System Software
Application SW
Data
Used together …for a given task

GAMP4 Software Categories
1 - Operating Systems
2 - Firmware
3 - Standard Software Packages
4 - Configurable Software Package
5 - Custom Software

GAMP4 Life Cycle
User Requirements
Specifications
Performance
Qualification
Functional
Specifications
Design
Specifications
Installation
Qualification
Operational
Qualificationrelated to
related to
related to
System Build

System Verification & Validation
Sys. Req.
System User Requirements
Supplier Hardware Software Data
0101 0110
1010 1011
0101 1101
0101 0110
QMS
Design
Review
Audit
Report
Qualific.
Protocol
Test
Report
Verification
Protocol
Review
Protocol
= Validation
Summary
Report

Management of the Validation
Validation Planning
Supplier Audit
Risk Assessment
Categories of Software and Hardware
Design Review and Traceability Matrix
Quality and Project Planning
Document Management
Project Change Control
Validation Reporting

Validation Planning
Strategy
Deliverables
Responsibilities
Standards and Procedures
Formally approved Plan

System Categorization
Many systems contain software components
of more than one category:
Operating System
Configurable application
Firmware
Custom modules

Supplier Assessment
Guidance and tools on:
Assessment of capabilities and product
Audits
Management

User – Supplier Relationship
Primary Responsible for TestingPrimary Responsible for Specification
System Acceptance Testing
(Operational Qualification
of Computer/PLC)
System Acceptance Testing
(Operational Qualification
of Computer/PLC)
Hardware Acceptance Testing
(Installation Qualification
of Computer/PLC)
Hardware Acceptance Testing
(Installation Qualification
of Computer/PLC)
Functional
Specification
Hardware Design
Specification
Testing of the URS
Testing of the
Functional Specification
Testing of the
Hardware Specification
User Requirements
Specification
Performance
Qualification
User
User
User
and
Supplier
User
and
Supplier
Software Design
Specification
Software Design
Specification
Code Modules
Code Modules
Software Module
Specification
Software Module
Specification Software Module Testing
Software Module Testing
Software Integration
Testing
Software Integration
Testing
Supplier
Supplier
Review and Test
Modules

Validation Strategy
Based on:
Risk Assessment
Assessment and Categorization of System
Components
Supplier Assessment

Risk and Impact Assessment
Identify Processes
Analyze:
Risk scenarios
Effects for each event
Likelihood of events
Severity of Impact
Likelihood of Detection
Plan for Risk Management

Validation Activities
Planning Prepare written Validation Plan.
Specification
Specify and agree what is required.
Perform Design Reviews
Prepare document to describe how the
equipment or system is to be tested.
Test Planning
IQ, OQ, PQ
Testing
IQ, OQ, PQ
Perform tests and collect results.
..Review results to show that the system
performs as specified, report conclusions
plus any reservations
Review

Validation Approach
Category 1: Operating System
Record version (incl. Service pack)
Challenge OS indirectly by the functional

Validation Approach
Category 2: Firmware (Off-the-Shelf)
IQ: Verify name, version, configuration, and
calibration
OQ: Test functionality
Change Control for firmware and configuration
parameters
Supplier Audit for complex or critical
applications

Validation Approach
Category 3: Standard Software Packages
Configuration limited to the environment and
parameters
IQ verifies name and version
OQ tests user requirements
Supplier Audit for critical applications

Validation Approach
Category 4: Configurable Software Packages
Treat like Category 5 if platform and package not mature
and well-known

Validation Approach
Category 5: Custom Software
Execute complete Validation Life Cycle

Qualification Approach
Category 1: Standard Hardware Component
Record Model, Version, Serial number of pre-
assembled hardware
Verify installation and Connections
Use hardware data sheet or other specifications for
information on sealed units
Apply change control and configuration
management

Qualification Approach
Category 2: Custom Built Hardware
Same as Category 1, plus:
Design Specifications with configuration
Acceptance Testing
Supplier Audit of development process
Verification of Compatibility for components
from different Sources
Verification at IQ

System Development
Build System and Achieve Validated State
User Requirement Specification
Functional Specification
Hardware Design Specification
Software Design Specification
Production, Control, and Review of Software
Testing of Automated System

System Specifications
Define the System
Allow further Specifications to be developed
Allow the System to be developed
Allow Maintenance of the System

Design Review (1)
Evaluate Deliverables against Standards and
requirements
Identify problems and propose corrective
actions

Design Review (2)
Are all Requirements addressed?
Is functionality appropriate and consistent?
Will the system meet predefined standards?
Is system appropriately tested?

Requirements Traceability
Forward and backward traceability:
System Requirements Design Test

Traceability Matrix
NNText…2.2
YNText…2.1
SATEST3
9.6
DS_DOC1
6.2
FS02
4.2.5NYText…2.0
SATEST3
7.8
DS_DOC1
4.5
FS02
3.1.4YYText…..1.0
Test Ref
(IQ, OQ, PQ,
FAT, SAT)
DS RefFS RefOther?GxP?DescriptionURS
Ref

Software Control
Module Traceability and Identification
Design and Documentation Principles
Good Programming Practice
Source Code Review

Testing of Systems
Test Planning, Specification, Execution,
Documentation
Scope of Testing
Test Specifications
Test Deliverables
Good Practices for Testing

System Operation
Maintain Validated State
Periodic Review
Service Level Agreement
Automated System Security
Operational Change Control
Performance Monitoring
Record Retention, Archive, and Retrieval
Backup and Recovery of Software and Data
Business Continuity Planning

GAMP4 Recap
GxP Computer Compliance Solutions
Integration of Quality Standards (ISO9000)
and Industry Standards (IEEE)
Consensus of Regulators, Life Science
Industry, and Consultants

Acknowledgments
Dr. David Selby, Selby Hope International
Sion Wyn, Conformity
Arthur Perez, PhD, Novartis

Thank You
for your Interest in GAMP

Ispe sf ch_gamp

In this document

More Related Content

What's hot

Viewers also liked

Similar to Ispe sf ch_gamp

Recently uploaded

Ispe sf ch_gamp