Embed Size (px)
DESCRIPTION
casfvx
Citation preview
GAMP 5 Page 7A Risk-Based Approach to Compliant GxP Computerized Systems
Table of Contents1 Introduction .......................................................................................................................11
1.1 Rationale for GAMP 5 ............................................................................................................................. 111.2 New and Revised Material ...................................................................................................................... 131.3 Purpose ................................................................................................................................................... 141.4 Scope ...................................................................................................................................................... 141.5 Business Benefits ................................................................................................................................... 151.6 Structure .................................................................................................................................................. 16
2 Key Concepts .................................................................................................................... 192.1 Key Concepts .......................................................................................................................................... 192.2 Key Terms ............................................................................................................................................... 21
3 Life Cycle Approach ......................................................................................................... 253.1 Computerized System Life Cycle ............................................................................................................ 253.2 Specification and Verification .................................................................................................................. 273.3 Computerized System Validation Framework ......................................................................................... 27
4 Life Cycle Phases ............................................................................................................. 294.1 Concept ................................................................................................................................................... 294.2 Project ..................................................................................................................................................... 294.3 Operation ................................................................................................................................................ 394.4 Retirement .............................................................................................................................................. 46
5 Quality Risk Management ................................................................................................ 475.1 Overview ................................................................................................................................................. 475.2 Science Based Quality Risk Management .............................................................................................. 485.3 Quality Risk Management Process ......................................................................................................... 49
6 Regulated Company Activities ........................................................................................ 536.1 Governance for Achieving Compliance .................................................................................................. 536.2 System Specific Activities ....................................................................................................................... 56
7 Supplier Activities ............................................................................................................ 657.1 Supplier Products, Applications, and Services ....................................................................................... 657.2 Supplier Good Practices ......................................................................................................................... 667.3 Quality Management System .................................................................................................................. 677.4 Requirements .......................................................................................................................................... 687.5 Supplier Quality Planning ....................................................................................................................... 697.6 Sub-Supplier Assessments ..................................................................................................................... 697.7 Specifications .......................................................................................................................................... 707.8 Design Reviews ...................................................................................................................................... 707.9 Software Production/Configuration ......................................................................................................... 707.10 Testing ..................................................................................................................................................... 717.11 Commercial Release .............................................................................................................................. 717.12 User Documentation and Training .......................................................................................................... 717.13 System Support and Maintenance During Operation ............................................................................. 727.14 System Replacement and Retirement .................................................................................................... 72
GAMP 5 – TOC ©2007 ISPE. All rights reserved. www.ispe.org
Page 8 GAMP 5A Risk-Based Approach to Compliant GxP Computerized Systems
8 Efficiency Improvements ................................................................................................. 738.1 Establishing Verifiable and Objective User Requirements ..................................................................... 738.2 Use of Risk-Based Decisions ................................................................................................................. 748.3 Leveraging Supplier Input ....................................................................................................................... 748.4 Leveraging Existing Documentation ....................................................................................................... 758.5 Efficient Testing Practice ......................................................................................................................... 758.6 Well Managed Handover ........................................................................................................................ 778.7 Efficient Change Management ............................................................................................................... 778.8 Anticipating Data Archiving and Migration Needs ................................................................................... 78
Appendices ....................................................................................................................... 81
Index ................................................................................................................................ 347
GAMP 5 – TOC ©2007 ISPE. All rights reserved. www.ispe.org
GAMP 5 Page 9A Risk-Based Approach to Compliant GxP Computerized Systems
Table of AppendicesManagement AppendicesAppendix M1 Validation Planning ............................................................................................................................ 81Appendix M2 Supplier Assessment ......................................................................................................................... 89Appendix M3 Science Based Quality Risk Management ....................................................................................... 105Appendix M4 Categories of Software and Hardware ............................................................................................. 127Appendix M5 Design Review and Traceability ....................................................................................................... 133Appendix M6 Supplier Quality and Project Planning ............................................................................................. 139Appendix M7 Validation Reporting ......................................................................................................................... 145Appendix M8 Project Change and Configuration Management ............................................................................. 149Appendix M9 Document Management ................................................................................................................... 153Appendix M10 System Retirement ........................................................................................................................... 157
Development AppendicesAppendix D1 User Requirements Specifications ................................................................................................... 163Appendix D2 Functional Specifications ................................................................................................................. 175Appendix D3 Configuration and Design ................................................................................................................ 179Appendix D4 Management, Development, and Review of Software ..................................................................... 187Appendix D5 Testing of Computerized Systems ................................................................................................... 195Appendix D6 System Descriptions ........................................................................................................................ 213Appendix D7 Data Migration .................................................................................................................................. 217
Operation AppendicesIntroduction to Operation Appendices ........................................................................................................................ 223Appendix O1 Handover .......................................................................................................................................... 229Appendix O2 Establishing and Managing Support Services ................................................................................. 231Appendix O3 Performance Monitoring ................................................................................................................... 237Appendix O4 Incident Management ...................................................................................................................... 241Appendix O5 Corrective and Preventive Action ..................................................................................................... 243Appendix O6 Operational Change and Configuration Management ..................................................................... 247Appendix O7 Repair Activity .................................................................................................................................. 253Appendix O8 Periodic Review ............................................................................................................................... 255Appendix O9 Backup and Restore ........................................................................................................................ 259Appendix O10 Business Continuity Management ................................................................................................... 267Appendix O11 Security Management ...................................................................................................................... 271Appendix O12 System Administration ..................................................................................................................... 275Appendix O13 Archiving and Retrieval .................................................................................................................... 277
Special Interest Topics AppendicesAppendix S1 Alignment with ASTM E2500 ............................................................................................................ 283Appendix S2 Electronic Production Records (EPR) .............................................................................................. 287Appendix S3 End User Applications Including Spreadsheets ............................................................................... 291Appendix S4 Patch and Update Management ...................................................................................................... 301Appendix S5 Managing Quality within an Outsourced IS/IT Environment ............................................................ 305Appendix S6 Organizational Change .................................................................................................................... 319
General AppendicesAppendix G1 GAMP® Good Practice Guide Summary .......................................................................................... 325Appendix G2 Glossary and Acronyms ................................................................................................................... 331Appendix G3 References ....................................................................................................................................... 343
GAMP 5 – TOC ©2007 ISPE. All rights reserved. www.ispe.org
