GMP - Fabrice Jansen - CSV with GAMP5

Validation of Computerized Systems with GAMP 5

+33 6 52 17 63 68

csv@fjansen.cc

Update date: 10.05.2024

CSV with GMP

CSV with GMP

GMP Standard - Good Manufacturing Practice

GMP standard (Good Manufacturing Practice) is a system of norms, rules and guidelines regarding production:

medicines
medical devices
diagnostic products
food
food additives
active ingredients
I. Principle

This Annex applies to all types of computerized systems used in activities regulated by these Rules.
A computerized system is a collection of software and hardware components that work together to perform specific functions.
The application of the computerized system must be validated and the information technology infrastructure must be qualified.
If a computerized system replaces manual operation, this should not result in a reduction in product quality, process control or quality assurance. The overall process risks should not increase.
II. General requirements

Risk management (1)

5. Risk management must be applied throughout the life cycle of a computerized system to ensure patient safety, data integrity, and product quality. As part of the risk management system, decisions on the scope of validation testing and data integrity controls should be based on a sound and documented risk assessment of the computerized system.

Staff (2)

6. Close cooperation should be maintained between all relevant personnel involved in the process, such as the process owner, system owner, authorized persons and technical personnel. All personnel must have the necessary qualifications, level of access and specific authority to perform their assigned duties.

Suppliers and service providers (3)

7. (3.1) If third parties are involved in the supply, installation, setup, configuration, integration, validation, maintenance (including through remote access), modification or maintenance of computerized systems, provision of related services or data processing (in particular, suppliers, service providers), then contracts are concluded between the manufacturer and these third parties. It is recommended that such agreements establish the responsibility of third parties for the proper performance of their duties.
8. (3.2) Competence and reliability of suppliers are key conditions for selecting a supplier of a software product or service. The need to evaluate a supplier should be based on a risk assessment.
9. (3.3) Documentation accompanying commercially released off-the-shelf software products must be reviewed by the manufacturer's authorized personnel to determine compliance with the manufacturer's requirements.
10. (3.4) Information on the quality system and assessments of suppliers or developers of software and installed computerized systems should be available to reviewers upon request.

III. Project stage

Validation (4)

11. (4.1) Validation documentation and reports should cover appropriate stages of the computerized system life cycle. The manufacturer must justify its standards, protocols, acceptance criteria, procedures and records based on a risk assessment.
12. (4.2) Validation documentation should include change control records (if applicable) and reports of any deviations identified during the validation process.
13. (4.3) There must be a current list (registry) of all computerized systems in use, indicating their functionality that falls within the requirements of these Rules.
14. For critical computerized systems, there must be a detailed current description of the physical and logical relationships, data flows and interfaces with other systems or processes, the required resources of all computer hardware and software, and the available security measures.
15. (4.4) User requirements specifications shall describe the required functions of the computerized system based on a documented assessment of the risks and impacts in terms of compliance with these Rules. User requirements must be traced throughout the life cycle of the computerized system.
16. (4.5) The manufacturer shall take all steps to ensure that the computerized system is developed in accordance with an appropriate quality management system. The supplier must be assessed accordingly.
17. (4.6) In order to validate computerized systems that are custom-made or modified in accordance with customer requirements, it is necessary to develop a documented procedure for assessing the quality and operational characteristics of the computerized system at all stages of its life cycle and issuing appropriate reports.
18. (4.7) It is necessary to provide evidence of the conformity of the methods and schemes tested