In software development for regulated industries, ensuring compliance with regulations such as 21 CFR Part 11 and EU Annex 11 requires a systematic and structured approach. In this blog, we explore how adhering to the principles of ISPE GAMP® 5, can guide software providers in aligning their activities to ensure compliance. In this blog, let’s explore how to approach supplier activities in alignment with ISPE GAMP® 5, focusing on practical steps for ensuring compliance.

What is GAMP® 5?

GAMP® 5, developed by the International Society for Pharmaceutical Engineering (ISPE), stands for Good Automated Manufacturing Practice. It provides guidelines for the validation of computerized systems in the pharmaceutical and healthcare industries. GAMP® 5 emphasizes a risk-based approach to ensure that computerized systems are fit for their intended use, compliant with regulations, and capable of consistently producing quality products.

What is SDLC?

The Software Development Life Cycle (SDLC) is a structured process for developing software applications, from planning to deployment and maintenance. Following SDLC ensures projects are completed efficiently, with high quality and within budget. In regulated industries, adhering to SDLC is crucial as it provides a systematic approach to software development, ensuring systems meet regulatory requirements and industry standards.

What are the activities to ensure compliance as a software provider?

  1. Establish QMS: Software providers must establish a Quality Management System (QMS) comprising documented procedures and standards. This QMS ensures that activities are carried out by competent and trained staff, conforming to defined procedures and standards. Continual improvement is promoted, encouraging the adoption of current software methods, best practices, and tools.
  2. Establish Requirements: Software providers work closely with regulated companies to ensure clear requirements are defined or provided. This collaboration ensures alignment with the client’s objectives and regulatory obligations.
  3. Quality Planning: Software providers define how their QMS will be implemented for specific products, applications, or services. This planning ensures that processes are tailored to meet regulatory standards and client requirements.
  4. Assessments of Sub-Suppliers: Software providers conduct formal assessments of sub-suppliers as part of the selection and quality planning process. This ensures that sub-suppliers meet the necessary quality standards and regulatory requirements.
  5. Produce Specifications: Software providers specify the system to meet defined requirements, ensuring clarity and alignment throughout the development process.
  6. Perform Design Review: Formal design reviews are conducted against requirements, standards, and identified risks to ensure that the system will meet its intended purpose and that adequate controls are established to manage risks effectively.
  7. Software Production/Configuration: Software is developed in accordance with defined standards, including code review processes. Configuration follows defined rules and recommendations, with documentation to ensure compliance and traceability.
  8. Perform Testing: Software providers test their products, or applications in accordance with approved test plans and specifications to validate functionality and reliability.
  9. Commercial Release of the System: System releases to customers are performed in accordance with formal procedures, meeting predefined criteria and standards.
  10. Provide User Documentation and Training: Software providers provide adequate system management documentation, operational documentation, and training to empower users and ensure effective system operation.
  11. Support and Maintain the System in Operation: Software providers provide ongoing support and maintenance services, coupled with robust change management processes to manage system changes effectively.
  12. System Replacement and Retirement: Software providers manage the replacement or withdrawal of products/services in accordance with documented processes and plans. They may also support regulated companies with the retirement of computerized systems in accordance with regulatory procedures.

In conclusion, adherence to ISPE GAMP® 5 principles in supplier activities is essential for ensuring compliance with GxP regulations. Assurea plays a pivotal role in guiding clients and software providers through the complexities of regulatory compliance, ensuring their products, applications, and services meet the expectations of regulated companies.

Reference: International Society for Pharmaceutical Engineering. GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems. 2nd ed., ISPE, 2022