gamp automated manufacturing practices · 10/7/2004 [email protected] good automated manufacturing...

10/7/2004 [email protected]

Good Automated Manufacturing Practices (GAMP)

Klaus Krause, AmgenISPE/GAMP Americas Steering Committee

ISPE San Francisco/Bay Area Chapter Meeting, October 7, 2004


Presentation Overview

I. GAMP - Organization and Objectives

II. GAMP4 Guide for Validation of Automated Systems


Part 1

GAMP Organization and Objectives


Pivotal InspectionBefore

AfterValidation PlanAdditionally:

SpecificationDesign Review (DQ)Source Code ReviewSupplier Audit

IQ

OQ

PQ

Validation Report


GAMP Objectives

Achieve Compliance by building upon existing industry good practices in an effective and efficient manner


GAMP Forum

Special Interest Groups (SIGs)

European Steering

Committee

AmericasSteering

Committee

GAMP Council

IndustryBoard

Local ISPE


GAMP CouncilTechnical Sub-Committee of ISPE

Set DirectionsInfluence Industry and Regulators on the Interpretation of Regulations pertaining to:

Information SystemsControl SystemsLaboratory Systems


GAMP Organizations

GAMP DACH

GAMP Americas

JETT

Supplier ForumSupplier Forum

GAMP Europe

GAMP Japan



Laboratory Systems IT Infrastructure QualificationManufacturing Execution SystemsElectronic Data ArchivingGlobal Information SystemsResearch and Development Systems



Building Management SystemsTesting of GxP Critical Systems JETT Consortium


Organizational Links

APV (Germany) GMA/NAMUR (Germany) JETT ISPE


Links to Regulatory Agencies

FDAMCAEuropean Union


Influence

Established reference in UK/Europe Cited by regulators as baseline practice by regulators (inc. FDA and MCA)Training of FDA Inspectors


GAMP Good Practices Guides

GAMP4 Validation of Automated SystemsCalibration ManagementValidation of Process Control SystemsValidation of Legacy Systems



In PreparationValidation of Laboratory SystemsIT Infrastructure QualificationValidation of Manufacturing Control Systems (MES)Validation of Global Information Systems



In PreparationValidation of R&D SystemsValidation of Building Management SystemsTesting of GxP Critical SystemsRisk based Qualification of Equipment


Questions ?


Part II

GAMP4 Guide for Validation of Automated Systems


GAMP4 Principles

Create simple, well understood rulesScale validation for size, criticality, and complexityBenefit from supplier capabilitiesBenefit from configurable SW packagesMaintain validated state of the system in the operational environment


GAMP4 Principles

Harmonize GAMP terminology with international quality concepts and industry initiativesCollaborate with other industry groupsAchieve greater awareness of GAMP internationally


Structure of GAMP4 Guidance

GAMP4 Guide is main bodyGood Practices Guides are supplements to GAMP4 GuideGuidance follows validation life cycleGxP Compliance Solutions for System Users and Suppliers


Structure of GAMP4 Guide

GAMP Principles and Framework

Appendices

Management Development Operation


GAMP4 Themes

System Development Life CycleValidation PlanningRisk and Impact AssessmentSupplier Quality ManagementSpecificationsDesign ReviewFormal Testing/Verification


Automated SystemEnvironment: Legal, Organizational, Physical, Technical

Documentation

Equipment, InstrumentsComputer Hardware

System Software

Application SW

Data

Used together …for a given task


GAMP4 Software Categories

1 - Operating Systems2 - Firmware3 - Standard Software Packages4 - Configurable Software Package5 - Custom Software


GAMP4 Life CycleUser Requirements

Specifications PerformanceQualification

FunctionalSpecifications

DesignSpecifications

InstallationQualification

OperationalQualificationrelated to

related to

related to

System Build


System Verification & Validation

Sys. Req.

System User Requirements

Supplier Hardware Software Data0101 0110 1010 1011 0101 1101 0101 0110

QMS

Design Review

Audit Report

Qualific. Protocol

Test Report

Verification Protocol

Review Protocol

= Validation Summary Report


Management of the Validation

Validation PlanningSupplier AuditRisk AssessmentCategories of Software and HardwareDesign Review and Traceability MatrixQuality and Project PlanningDocument ManagementProject Change ControlValidation Reporting


Validation Planning

StrategyDeliverablesResponsibilitiesStandards and Procedures

Formally approved Plan


System Categorization

Many systems contain software components of more than one category:

Operating SystemConfigurable applicationFirmwareCustom modules


Supplier Assessment

Guidance and tools on: Assessment of capabilities and productAuditsManagement


User – Supplier RelationshipPrimary Responsible for TestingPrimary Responsible for Specification

System Acceptance Testing(Operational Qualification

of Computer/PLC)

System Acceptance Testing(Operational Qualification

of Computer/PLC)

Hardware Acceptance Testing(Installation Qualification

of Computer/PLC)

Hardware Acceptance Testing(Installation Qualification

of Computer/PLC)

FunctionalSpecification

Hardware DesignSpecification

Testing of the URS

Testing of the Functional Specification

Testing of theHardware Specification

User RequirementsSpecification

PerformanceQualification

UserUser

User

and

Supplier

User

and

Supplier

Software DesignSpecification

Software DesignSpecification

Code ModulesCode Modules

Software ModuleSpecification

Software ModuleSpecification Software Module TestingSoftware Module Testing

Software IntegrationTesting

Software IntegrationTesting

Supplier

Supplier

Review and TestModules


Validation Strategy

Based on:Risk AssessmentAssessment and Categorization of System ComponentsSupplier Assessment


Risk and Impact Assessment

Identify ProcessesAnalyze:

Risk scenariosEffects for each eventLikelihood of eventsSeverity of ImpactLikelihood of Detection

Plan for Risk Management


Validation ActivitiesPlanning Prepare written Validation Plan.

Specification Specify and agree what is required. Perform Design Reviews

Prepare document to describe how the equipment or system is to be tested.

Test PlanningIQ, OQ, PQ

TestingIQ, OQ, PQ

Perform tests and collect results.

..Review results to show that the systemperforms as specified, report conclusions

plus any reservationsReview


Validation Approach

Category 1: Operating SystemRecord version (incl. Service pack)Challenge OS indirectly by the functional


Validation Approach

Category 2: Firmware (Off-the-Shelf)

IQ: Verify name, version, configuration, and calibrationOQ: Test functionalityChange Control for firmware and configuration

parametersSupplier Audit for complex or critical

applications


Validation Approach

Category 3: Standard Software PackagesConfiguration limited to the environment and

parametersIQ verifies name and version

OQ tests user requirements

Supplier Audit for critical applications


Validation Approach

Category 4: Configurable Software PackagesTreat like Category 5 if platform and package not mature

and well-known


Validation Approach

Category 5: Custom SoftwareExecute complete Validation Life Cycle


Qualification Approach

Category 1: Standard Hardware ComponentRecord Model, Version, Serial number of pre-assembled hardwareVerify installation and ConnectionsUse hardware data sheet or other specifications for information on sealed unitsApply change control and configuration management


Qualification Approach

Category 2: Custom Built HardwareSame as Category 1, plus:

Design Specifications with configurationAcceptance TestingSupplier Audit of development processVerification of Compatibility for components from different SourcesVerification at IQ


System DevelopmentBuild System and Achieve Validated State

User Requirement SpecificationFunctional SpecificationHardware Design SpecificationSoftware Design SpecificationProduction, Control, and Review of SoftwareTesting of Automated System


System Specifications

Define the SystemAllow further Specifications to be developedAllow the System to be developedAllow Maintenance of the System


Design Review (1)

Evaluate Deliverables against Standards and requirementsIdentify problems and propose corrective actions


Design Review (2)

Are all Requirements addressed?Is functionality appropriate and consistent?Will the system meet predefined standards?Is system appropriately tested?


Requirements Traceability

Forward and backward traceability:

System Requirements Design Test


Traceability Matrix

NNText…2.2YNText…2.1

SATEST39.6

DS_DOC16.2

FS02 4.2.5NYText…2.0

SATEST37.8

DS_DOC14.5

FS02 3.1.4YYText…..1.0

Test Ref (IQ, OQ, PQ, FAT, SAT)

DS Ref FS RefOther?GxP?DescriptionURSRef


Software Control

Module Traceability and IdentificationDesign and Documentation PrinciplesGood Programming PracticeSource Code Review


Testing of Systems

Test Planning, Specification, Execution, DocumentationScope of TestingTest SpecificationsTest DeliverablesGood Practices for Testing


System OperationMaintain Validated State

Periodic ReviewService Level AgreementAutomated System SecurityOperational Change ControlPerformance Monitoring

Record Retention, Archive, and RetrievalBackup and Recovery of Software and DataBusiness Continuity Planning


GAMP4 Recap

GxP Computer Compliance SolutionsIntegration of Quality Standards (ISO9000) and Industry Standards (IEEE)Consensus of Regulators, Life Science Industry, and Consultants


Acknowledgments

Dr. David Selby, Selby Hope International

Sion Wyn, Conformity

Arthur Perez, PhD, Novartis


Questions ?


Thank You

for your Interest in GAMP

gamp automated manufacturing practices · 10/7/2004 [email protected] good automated manufacturing...

Documents