Overview of Computerized Systems Compliance Using the GAMP® 5 Guide


Published on

By Jim John, ProPharma Group

Published in: Technology, Business
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Overview of Computerized Systems Compliance Using the GAMP® 5 Guide

  1. 1. Overview ofComputerized Systems ComplianceUsing the GAMP® 5 GuideJim JohnProPharma Group, Inc.(816) 682-2642jim.john@propharmagroup.com
  2. 2. Who Cares About CSV?• Systems throughout the organization involvedin the development, production, storage anddistribution of pharmaceutical products ormedical devices have to be considered• Resources involved in any way with IT,computer, or automated systems is affected:– Developers– Maintainers– Users
  3. 3. Purpose of This Presentation• To discuss and clarify key topics• Get to know the evolution of the GAMPMethodology to the latest release• Consider where GAMP 5 concepts canimprove your existing methodology
  4. 4. GAMP ObjectivesGAMP® guidance aims to achievecomputerized systems that are fit forintended use and meet current regulatoryrequirements, by building upon existingindustry good practice in an efficient andeffective manner.4
  5. 5. Guidance• It is not a prescriptive method or a standard,but..– Pragmatic guidance– Approaches– Tools for the practitioner• Applied with expertise and good judgement5
  6. 6. Evolution of GAMP Guidance54321Calibration Legacy SystemsLaboratory VPCSERES TestingData Archiving GlobalInformation SystemsIT Infrastructure
  7. 7. Drivers
  8. 8. Other Drivers• Avoid duplication• Leverage suppliers• Scale activities• Reflect today– Configurable packages– Development models8
  9. 9. Key Objectives9patient safetyproduct qualitydata integrity
  10. 10. 10GAMPDocumentStructure
  11. 11. Main Body Overview• Key Concepts• Life Cycle• Quality Risk Management• Regulated Company Activities• Supplier Activities• Efficiency Improvements11
  12. 12. 5 Key Concepts• Life Cycle Approach Within a QMS• Scaleable Life Cycle Activities• Process and Product Understanding• Science-Based Quality Risk Management• Leveraging Supplier Involvement12
  13. 13. User and Supplier Life Cycles
  14. 14. Product and Process Understanding• Basis of science- and risk-based decisions• Focus on critical aspects– Identify– Specify– Verify• CQAs / CPPs14
  15. 15. Life Cycle Approach Within a QMS• Suitable Life Cycle–Intrinsic to QMS• Continuous improvement15
  16. 16. SpecifyPlanVerifyConfigure& CodeReportRiskManagementA Basic Framework For Achieving Complianceand Fitness For Intended UseFigure xx:Figure 3.3: A General Approach for Achieving Compliance and Fitness for Intended UseSource Figure 3.3, GAMP 5 A Risk Based Approach to Compliance GxP Computerized Systems © Copyright ISPE 2008. All rights reserved.GAMP V Model TransitionVerifiesUser RequirementSpecificationFunctionalSpecificationDesignSpecificationSystemBuildInstallationQualificationOperationalQualificationPerformanceQualificationVerifiesVerifies
  17. 17. Scaleable Life Cycle Activities• Risk• Complexity and Novelty• Supplier17
  18. 18. Science Based Quality RiskManagementFocus on patient safety,product quality,and data integrity…18AssessmentControlCommunicationReviewBased onICH Q9
  19. 19. Leveraging Supplier Involvement• Assess:– Suitability– Accuracy– Completeness• Flexibility:– Format– Structure• Requirementsgathering• Risk assessments• Functional / otherspecifications• Configuration• Testing• Support andmaintenance 19
  20. 20. Life Cycle Phases
  21. 21. Compatibility with Other StandardsASTM E2500 Standard Guide forSpecification, Design, and Verification ofPharmaceutical and BiopharmaceuticalManufacturing Systems and Equipment21
  22. 22. GAMP 5OngoingOperationsGAMP 5ReportingandReleaseGAMP 5VerificationGAMP 5SpecificationConfigurationCodingGAMP 5PlanningGAMP5 and ASTM E2500Good Engineering PracticeRisk ManagementDesign ReviewChange ManagementRequirements Specificationand DesignVerification AcceptanceandReleaseOperations &ContinuousImprovementProductKnowledgeProcessKnowledgeRegulatoryRequirementsCompanyQuality Regs.The Specification, Design, and Verification Process – Diagram from ASTM E2500
  23. 23. Governance• Policies and procedures• Roles and responsibilities• Training• Supplier relationships• System inventory• Planning for compliance & validation• Continuous improvement23
  24. 24. Stages Within the Project Phase• Planning• Specification, configuration, andcoding• Verification• Reporting and release24
  25. 25. Planning• Activities• Responsibilities• Procedures• Timelines26See Appendix M1
  26. 26. Specification, Configuration, &Coding• Specifications allow– Development– Verification– Maintenance• Number and level ofdetail varies• Defined process27
  27. 27. Verification• Testing• Reviews• Identify defects!28
  28. 28. Supporting Processes• Risk Management• Change and Configuration Management• Design Review• Traceability• Document Management29
  29. 29. Design Review• Planned• Systematic• Identify Defects• Corrective Action• Scaleable– Rigor/Extent– Documentation30See also Appendix M5
  30. 30. TraceabilityRequirementsSpecificationDesignVerificationConfigure/Code
  31. 31. GAMP 5 CategoriesCategory GAMP 4 GAMP 51 Operating system Infrastructure software2 Firmware No longer used3 Standard software packages Non-configured products4Configurable softwarepackagesConfigured products5 Custom (bespoke) software Custom applicationsContinuum
  32. 32. GAMP 5Quality Risk Management33
  33. 33. Critical Processes are Those Which:• Generate, manipulate, or control data supportingregulatory safety and efficacy submissions• Control critical parameters in preclinical, clinical,development, and manufacturing• Control or provide information for product release• Control information required in case of product recall• Control adverse event or complaint recording orreporting• Support pharmacovigilance (investigation of Adverserisks)34
  34. 34. Definitions• Harm Damage to health, including thedamage that can occur from lossof product quality or availability.• Hazard The potential source of harm.• Risk The combination of theprobability of occurrence of harmand the severity of that harm.• Severity A measure of the possibleconsequences of a hazard.35
  35. 35. Step 1 – Initial Risk Assessment• Based on business processes, user requirements, regulatoryrequirements and known functional areas36Don’t repeat unnecessarily!Inputs OutputsGxP or non-GxPMajor RisksConsideredOverall RiskUser RequirementsGxP RegulationsPrevious Assessments
  36. 36. Step 2 – Identify Functions with GxP Impact• Functions with impact on patient safety, product quality, anddata integrity37SpecificationsSystem ArchitectureCategorization ofComponentsInputs OutputsList of Functions tobe further evaluated
  37. 37. Step 3 – Perform Functional Risk Assessments& Identify ControlsFunctions from Step 2SME ExperienceScenariosPossible Hazards38Breakdown of Risksto Low, Medium andHigh.DetailedAssessments andMitigation for HighInputs Outputs
  38. 38. Functional Risk Assessment• Identify– Hazards and risk scenarios– Severity – impact on safety quality orother harm– Probability– Detectability39
  39. 39. GAMP Risk Assessment Tool40ProbabilitySeverityLowMediumHighLowMediumHighClass 3Class 2Class 1A simple two-step process:Plot Severity vs. Probability to obtain Risk Class
  40. 40. GAMP Risk Assessment Tool41Priority 1Priority 3Priority 2321HighMediumLowRiskClass DetectabilityPlot Risk Class vs. Detectability to obtain Risk Priority
  41. 41. Step 3 (continued) Controlling the Risk42Mitigation Strategies• Change the process• Change the design• Add new features• Apply externalproceduresScenarios withHigh Risk fromFunctionalAnalysisInputs Outputs
  42. 42. Step 4 – Implement & Verify AppropriateControls• Verification activityshould demonstratethat the controls areeffective in performingthe required riskreduction.43
  43. 43. Step 5 – Review Risks Monitor ControlsEstablish Periodic Reviewof Control EffectivenessApply Risk Process inChange ManagementActivities44Frequency andextent of anyperiodic reviewshould be based onthe level of risk
  44. 44. Risk-Based DecisionsWhat do they impact ?• Number and depth of design reviews• Need for, and extent of, source code review• Rigor of supplier evaluation• Depth and rigor of functional testing45
  45. 45. Operation Appendices• O1 – Handover• O2 – Establishing & ManagingSupport Services• O3 – Performance Monitoring• O4 – Incident Management• O5 – Corrective andPreventive Action (CAPA)• Performance Monitoring• O6 – Operational Change &Configuration Management• O7 – Repair Activity• O8 – Periodic Review• O9 – Backup and Restore• O10 – Business ContinuityManagement• O11 – Security Management• O12 – System Administration• O13 – Archiving and Retrieval46
  46. 46. Summary• GAMP 5 provides more flexibility in thenumber and types of validation lifecycleproducts used.• Application of Risk and use of SMEKnowledge are keys to success47