Follow
Computer System Validation (CSV) is the process for ensuring that a computer system meets its intended use and complies with regulatory requirements.
GAMP 5 is a set of guidelines published by (ISPE) for CSV in the life sciences industry.
GAMP 5 categorizes computer systems in a way that helps determine the level of validation effort required to ensure data integrity and compliance.
Here’s the GAMP 5 categories with examples:
Category 1: Infrastructure Software
This is the simplest category, encompassing software that provides the foundation for running other applications.
Examples:
Operating Systems (Windows, macOS, Linux)
Database Management Systems (MySQL, Oracle, SQL Server)
Network management software (firewalls, routers)
Virtualization software (VMware, Hyper-V)
Category 3: Non-Configurable Software
This category includes pre-configured, commercially available software (COTS) that’s used “as-is” with minimal to no configuration options.
Examples:
Laboratory instruments with embedded software (spectrometers, chromatography systems)
Off-the-shelf data acquisition software
Statistical analysis software (SAS, R)
Electronic document management systems (EDMS)
Category 4: Configurable Software
This category covers software that allows for customization through settings and parameters.
Examples:
Laboratory Information Management Systems (LIMS)
Supervisory Control and Data Acquisition Systems (SCADA)
Distributed Control Systems (DCS)
Electronic Batch Records (EBR) systems
Chromatography Data Systems (CDS)
Category 5: Custom Software
This category encompasses bespoke software specifically designed for a unique purpose within an organization.
Examples:
In-house developed data analysis tools
Custom laboratory instrument control software
Electronic laboratory notebooks (ELN) designed for a specific research group
GAMP 5 emphasizes a risk-based validation approach. Here’s a concise overview for validation requirements:
Category 1 (Infrastructure Software): Minimal to no formal validation needed. Focus on proper configuration, version control, and change management.
Category 3 (Non-Configurable Software): Validation focuses on functionality and accuracy. This might involve testing with standards, reviewing supplier documentation, and user acceptance testing.
Category 4 (Configurable Software): Requires more stringent validation due to configuration possibilities. This may involve configuration review, functional testing, and data integrity testing.
Category 5 (Custom Software): Demands the most rigorous validation due to its unique design. This typically follows a full lifecycle approach with requirements definition, design verification, development validation, and comprehensive testing.
Note:
Previously, in GAMP 4, Category 2 was designated for firmware. Firmware is software embedded in hardware devices that provides low-level control. Firmware has become more sophisticated and can range from simple control programs to complex systems.
