The Elsmar Cove Wiki More Free Files The Elsmar Cove Forums Discussion Thread Index Post Attachments Listing Failure Modes Services and Solutions to Problems Elsmar cove Forums Main Page Elsmar Cove Home Page
Google
  Web Elsmar.com
*Please be aware that SOME RECENT forum threads may not yet be indexed by Google.
PDA

View Full Version : Evaluating Software for GMP Criticality?

Gert Sorensen
13th July 2007, 03:01 AM
Hi,

have any of you had any experience evaluating software for GMP criticality? I am thinking of Q-systems, databases etc. not software in production equipment. If that is the case, could you share some of your experiences? How did you do it, how did you organize the documentation etc.

Thanks in advance!


Gert
Marc
18th August 2007, 05:46 PM
Anyone have any comments on evaluating software for GMP criticality?
QA7458
7th November 2007, 11:46 AM
I work in the pharmaceutical industry and as part of my role I audit company validation documents for computerized system. For guidance on this issue I find ‘GAMP guide for validation of automated systems, published by ISPE’ a particularly useful document.

The criticality of software can be categorized into 5 distinct categories as follows (5 being the most critical) in my experience depending on what the databases are used for they would either be a category 3 or 4.:

GAMP Software Category 5- Custom (Bespoke) Software
Example software
Software designed to client needs e.g. PLC

GAMP Software Category 4 Configurable software
Customized application software

GAMP Software Category 3 Commercial off the shelf
Standard application software. ‘Source code not supplied’ / established customer base

GAMP Software Category 2 Firmware
Process instruments (controlling or recording e.g. temperature, pressure or conductivity)

GAMP Software Category 1
Operating systems Windows, DOS, Unix

The criticality drives the scope of validation activity for the software. For category 3 software in the operating environment I would expect to see SOP’s for:
• Versions-should be standard
• Control over access and use
• Control over profiles (e.g. user, admin)
• Compatibility with O/S and applications

In the development environment
• Predefined requirements / design
• Experience of supplier to pharmaceutical industry
• History / pedigree
• Knowledge base
• Support levels
• QA accreditation / Questionnaire

For category 4 software in the operating environment I would expect to see SOP’s for:
As Cat. 3 and
• Configuration management
• Patches and upgrades / impact on other modules
• Control over access and use

In the development environment
• Full lifecycle development and risk assessments
• Experience of supplier to pharmaceutical industry
• QA accreditation / Questionnaire / Audit
• History / pedigree / software std. modules


For the SDLC (software development lifecycle) again depending on the scope of the system the documents I would expect to see would be as per the validation V model.

Further reading

V-Model

http://ispe.org/page.ww?section=GAMP+COP&name=GAMP+Europe
(Apologies I can't post links yet)

Hope this helps

EDIT: Made links active - Marc
QA7458
12th November 2007, 05:55 PM
Just a brief follow on from my last post. Find attached a GMP criticality assesment form and a flow chart detailing a GMP risk assessment process.

You will have to adapt these for your own industry, but they may give you a starting point to develop your own documentation.