GAMP® 5 Guide: Categories, Requirements, and Validation

A detailed overview of Good Automated Manufacturing Practice guidelines (GAMP® 5). Read on to learn more about who it applies to, its contents, requirements, and systems validation according to GAMP® 5!


Computer-based systems validation in regulated industries is no walk in the park. To create a computer-based system that serves its purpose in a reliable, transparent, and most importantly safe way, companies developing pharmaceutical products need to meet various predefined requirements. That’s where GAMP comes in.

GAMP — or the Good Automated Manufacturing Practice — is the definitive industry guideline for creating compliant computer systems. Created in 1991 by pharmaceutical professionals, it was specifically designed to address industry needs and meet the evolving expectations of the FDA and regulatory bodies in Europe for computer system compliance and validation.

GAMP® 5 in a nutshell

In essence, GAMP represents a structured approach to validating computer systems in digital pharmaceutical products. GAMP® 5 is the latest standard of the guideline; it was released in February 2008 by the International Society for Pharmaceutical Engineering, also known as ISPE

It is important to note that rather than being a regulation, GAMP® 5 is a set of principles and procedures created to help validate automated computer systems for manufactured pharmaceutical products. In other words, this guideline helps manufacturers meet regulations they must comply with to go to market. These best practices are respected and used by regulated companies and their suppliers all over the world. 

Related reading:

Making the Case for ALM in Pharma Project Management

Who does it apply to?

GAMP® 5 aims to provide a comprehensive explanation of how pharmaceutical companies should validate their computer systems. In practice, this means that these recommendations apply both to the users of automated pharmaceutical products, as well as the manufacturers who create and market them. 

For users, the guideline outlines the principles that they should be aware of which assure computerized pharmaceutical products are appropriate for their intended purpose. For manufacturers, GAMP® 5 guides them to ensure their products meet necessary standards according to a risk-based approach to compliance.

A closer look at the contents of GAMP® 5 

As a whole, the guideline provides an interpretation of regulatory requirements in the field of pharma manufacturing, specifically, about computerized pharmaceutical production systems. First it outlines commonly used terminologies so that everyone can align on the production approach it suggests depending on the category of product. It then establishes a system lifecycle approach which covers good practices for the whole production process.

The guide also outlines a formal process of documentation, testing, and procedure that validate the necessary specifications for the product. It begins with a User Requirements Specification, which leads to a Functional Requirement and a Design Specification. The latter two elements form the foundation of a traceability matrix which creates a basis for formal testing. Testing leads to (ideally) Internal Acceptance, Factory Acceptance, and Site Acceptance. 

The five main principles of GAMP® 5’s risk-based approach to compliance are as follows:

  1. To have a clear understanding of product and process
  2. To manage the system lifecycle using a quality management system
  3. To make these lifecycle activities scalable
  4. To verify that the approach to risk management is science-based
  5. To leverage supplier involvement throughout the system

If pharmaceutical companies take these guidelines on board carefully and apply them, their products will be up to standards and they can avoid running into any complications in testing and auditing.

Helpful resource: 

Experts Talk: Using Pharmaceutical ALM for GAMP® 5 Compliance

Let’s talk software categories

Software categories are key to supporting the approach according to GAMP® 5 validation. To kick things off, systems are first evaluated and categorized by predefined labels depending on what the manufacturers intend to use it for and how complex the system is.

Then, rather than a “one size fits all approach”, GAMP® 5 standards recommend different lifecycles depending on the category of software the product falls into:

  • Infrastructure software

This refers to the operating system where the application software resides. (Examples: operating systems, databases, programming languages)

  • Nonconfigured products

This category includes software which can meet the requirements of the business process without modification, or is ‘used as installed’, as well as configurable software that is used but only with its default settings. (Examples: commercial off the shelf software, lab instruments, Programmable Logic controllers)

  • Configured products

Here the guideline describes software applications which are configured to meet user-specific business needs, which is the broadest and most complicated category of the four. (Examples: LIMS, SCADA, DCS, etc.)

  • Custom software

The last category includes software that is created to meet a bespoke business need. This is possibly the riskiest category, since it is often developed in-house from scratch and then customized, meaning a higher level of risk in the code.

Advantages of GAMP® 5 computer system validation 

At first, it may seem like just another standard to adhere to (understandably) – but GAMP® 5 is here to make your life easier in the long run. It aims to clarify the requirements you must meet, establish a common language as well as clear roles and responsibilities for all involved, and promote processes based on industry best practices.

Using a risk-based approach will also encourage you to plan and execute testing logically, focusing on areas of high risk and avoiding duplicate activities. Not to mention that it aligns with both US and EU regulations which govern computer system validation, 21 CFR Part 11 and Annex 11 respectively, as well as various other international standards. 

New call-to-action

By adhering to this guideline, you can significantly reduce risk when developing your product, confidently expand to new markets, and guarantee that your products are safe and fit for use.

The challenges

Computer software validation in regulated industries can be tricky, and GAMP® 5 validation is no exception. The software categories are broad and open to interpretation, and there is often ambiguity about where a certain software application falls. This has a chain reaction effect and influences how much validation work companies put into it.

GAMP® 5 also struggles to establish clear procedural controls. Although it provides guidelines and information on validating automated systems, it does not propose a concrete procedure for checking that those processes are in fact in place. Change management and control are also somewhat lacking in this guideline, which means that new modifications along the way can put system validation at risk.

In other words, companies should not rely solely on checking off a ‘GAMP® 5 checklist’ as it were, but should rather establish a more thorough validation process which this standard forms a crucial part of. 

Using a quality management system with a predefined template is the first step to expediting the validation process and making going to market a thorough and rewarding process. Intland’s Pharma GAMP® 5 Template was developed in collaboration with pharmaceutical automation experts and is designed to help pharma companies, suppliers, and system integrators achieve compliance smoothly and easily.

New call-to-action

Try codebeamer X now

Start your online trial of codebeamer X. Your 30-day trial is free – no strings attached, no credit card required!