Happy 30th Anniversary to the GAMP® Community of Practice!
In 2021, the ISPE GAMP® Community of Practice (CoP) is celebrating 30 years of promoting industry good practice for computerized systems and encouraging technical innovation and progress, while protecting patient safety, product quality, and data integrity.
The ISPE GAMP® Community of Practice promotes the understanding of the regulation and use of computerized systems within the pharmaceutical, biopharmaceutical, and medical device industries, as well as other regulated organizations, and works with other ISPE Community of Practices to ensure a consistent ISPE message.
The GAMP® Community of Practice forms relationships, coordinated through ISPE, with like-minded industry associations and competent regulatory authorities aimed at creating globally harmonized quality approaches to implementation and operation of computerized systems. The GAMP® Community of Practice also involves many suppliers and service providers, aiming to identify and share best practices, with the goal of having a positive influence on the quality of computerized systems used in the industry.
Objectives
GAMP’s objectives have progressed from a focus on compliance to include encouragement and support for innovation and technical progress that benefits both the patient and the public.
The scope of GAMP® has also moved from a primary emphasis on pharmaceutical manufacturing to embrace the whole life cycle for various GxP-regulated areas, including medical devices and blood products.
The integrity and accuracy of records and data are essential throughout the product life cycle, from research and development to preclinical studies, clinical trials, production, and quality control to marketing. This is also reflected in the objectives and activities of GAMP®: support for the achievement of data integrity is now a central objective for GAMP®, and significant GAMP® guidance on the topic has been published.
Publishing reliable and useful guidance on all aspects of GAMP® is a major objective for the Community of Practice. By building upon existing industry good practice in an efficient and effective manner, GAMP® guidance aims to achieve computerized systems that are fit for intended use and meet current regulatory requirements. GAMP® guidance also aims to apply the latest quality risk management approaches to promote innovative and technical advancement, while safeguarding patient safety and product quality. Furthermore, GAMP® guidance provides principles and practices to ensure regulated records and data are complete, consistent, and accurate throughout the data life cycle.1
History
The organization that we know as GAMP® was initiated in 1991 by David Selby (Glaxo), the founding chair; Clive Tayler (Wellcome); Tony Margetts (ICI Pharmaceuticals); and a small team of other experts in the United Kingdom who realized that the pharmaceutical industry needed to consider and meet evolving regulatory agency expectations for computerized system compliance and validation. This realization was primarily prompted by a number of pivotal US FDA inspections in the late 1980s and early 1990s.
During this period, the FDA and other regulators were taking an increasing interest in the role of computerized systems in regulated processes and had concluded that the reliability and integrity of these systems played an important role in product quality and patient safety. In response to this increased scrutiny, it became clear that an industry reaction was required, including guidance on expectations and good practice.
Tony Trill, Principal Inspector for the Medicines Control Agency (now MHRA) on Computerised Systems, was a strong advocate for GAMP® during the 1990s, helping to establish it as a point of reference for suppliers, pharmaceutical companies, and regulators alike. It was Trill who first suggested the GAMP® acronym (as shorthand for Good Automated Manufacturing Practice) at the launch event.
The first document, the GAMP® Supplier Guide, produced by a subteam led by Tony Margetts, was released to the GAMP® membership on 1 March 1994 and officially published a year later. As expectations and industry good practices continued to evolve, so did the guide, with the launch of GAMP® 2 in Amsterdam in late 1996 and a two-volume GAMP® 3 in 1998. By this time, GAMP® was a truly international effort with increasing involvement from contributors from around the world.
GAMP® became part of ISPE in 2000, supporting the wider global reach that the guidance generated and the opportunities such a collaboration offered.
As GAMP® evolved, more and more pharmaceutical companies began to join to share experiences and develop materials that could be shared with other companies and with suppliers. In those early days, suppliers could attend GAMP® conferences and comment on GAMP® materials but they could not participate in the meetings held for the pharmaceutical companies. This prompted the MHRA to support the creation in 1995 of the “Supplier Forum,” where suppliers could discuss emerging expectations for computer validation and coordinate a voice into the work of the GAMP® Forum. Under the chairmanship of Guy Wingate (ICI Eutech), the Supplier Forum quickly grew, and in 1998 it merged into the GAMP® organization, allowing both pharmaceutical companies and suppliers to work together in a more integrated manner on the development of GAMP® guidance. Wingate later joined GlaxoWellcome, served as Chair of the GAMP® Industry Board for 10 years, and led the development of GAMP® 4 and GAMP® 5.
The initial GAMP® guides were focused primarily on GMP systems. In late 2001, the scope was broadened to all GxP systems with the release of GAMP® 4. This version quickly established itself as the definitive source of industry good practice for computerized system compliance and validation. Between 2001 and 2008, a number of ISPE GAMP® Good Practice Guides (GPGs) applied, expanded, and clarified the principles of GAMP® good practice to a wide variety of computerized systems and regulatory areas. The topics covered by these GPGs include calibration, process control systems, laboratory systems, infrastructure, global information systems, and manufacturing execution systems (MES).
Two of the most noteworthy GAMP® guides are GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems2 and the ISPE GAMP® Guide: Records and Data Integrity3 (see sidebar). Both of these guides are supported by GPGs exploring selected topics in greater depth.
Current Activities
As technology constantly and rapidly changes and advances, GAMP® evolves to explore how such new technology and approaches can be used in an effective, efficient, and compliant manner for the benefit of the patient. Some—but certainly not all—of the key areas of GAMP® activity are described in the following sections.
Agile Approaches
GAMP® supports the use of incremental, iterative, and evolutionary approaches, including Agile, for product development and development of custom applications. Success factors in this area include a robust quality management system within an appropriate organizational culture, well-trained and highly disciplined teams following a well-defined process supported by effective tools and automation, and appropriate customer or product owner involvement.
As part of its efforts in this area, GAMP® has advocated for programs such as the FDA Center for Devices and Radiological Health Case for Quality initiative, which supports the adoption of appropriate Agile approaches to encourage innovation, eliminate unnecessary costs, and help focus on real quality and fitness for intended use. 4, 5
The GAMP® Agile Special Interest Group (SIG) is working in the following areas:
- Certainty mindset versus a discovery mindset
- User requirements
- Continuous testing instead of testing at the end
- Validation and compliance in an Agile world
- The benefits of tools instead of documents
- Bringing together system development and operations
For further information on the output from the Agile Special Interest Group, and other GAMP® Special Interest Groups,
Cloud Computing
Cloud computing is a significant area with great opportunities for innovation and business benefit. There is a substantial move toward using some elements of cloud computing for some GxP applications, and it seems inevitable that cloud-based applications will increase in importance for the pharma industry. The GAMP® Cloud Special Interest Group has published valuable guidance,6, 7, 8 and is developing more. The life sciences quality assurance and compliance community must define and advocate realistic approaches that encourage innovation as well as safeguard quality and compliance.
Flexible, practical, and pragmatic approaches to assessment and management of technology service providers are further discussed in an iSpeak Blog post.9 The Manufacturing Execution Systems Special Interest Group is also working to increase understanding of the implications of implementing systems within the MES domain using applications hosted in the cloud.
Blockchain
Distributed ledger technologies, such as blockchain, are gaining momentum within the life sciences industries, with several use cases being taken into production.
The Blockchain Special Interest Group was initiated in 2018 to explore the role of decentralized and distributed networks within pharmaceutical manufacturing, with the primary objectives of learning about the technology by understanding use cases and specific technologies being used and educating stakeholders about these matters.
Periodically, the Special Interest Group publishes articles in this magazine. One of these articles, “Blockchain for Pharmaceutical Engineers” (January/February 2019), won an APEX award for technical writing. The article discusses how blockchain technology may disrupt the way data are collected and managed within regulated processes, includes a nontechnical summary of blockchain’s features, and discusses blockchain use cases currently being piloted by life sciences companies.10
The Blockchain Special Interest Group is also working in the area of open source software (OSS) in regulated environments. OSS is in mainstream use by life sciences companies and IT service providers because such components can lead to faster systems development, profitable service models, increased use of distributed and decentralized systems (blockchains), and improved social collaboration tools. The work in this area focuses on network protocols and governance models based on user communities.
Software Automation and AI
The pharma industry is increasingly relying on software to automate many functions previously performed by humans. As our computer systems become more integrated and data sets become more robust, computer science is advancing our ability to learn from those data and draw conclusions about what might or should happen next. We are now reaching a point where algorithms are sophisticated enough to begin making decisions for us in the form of artificial intelligence (AI).
The Software Automation and Artificial Intelligence Special Interest Group explores the impact of AI on regulated processes, broadly covering the topics of robotic process automation, machine learning, and AI in general. The Special Interest Group aims develop a point of view on how to validate and rely upon these technologies in a compliant manner, while managing potential risks to patient safety and product quality. The Special Interest Group differentiates between deterministic and nondeterministic systems and focuses on the evolution of self-governing software.
Infrastructure
IT infrastructure management is increasingly achieved using automated deployment, monitoring, and configuration management controls. Traditional approaches to IT infrastructure qualification with manually documented specifications and qualification protocols do not effectively address the need for ongoing operational management of IT infrastructure and continuous verification that controls are operating effectively. The use of traditional
documentation-based qualification activities does not ensure the effective operation, security, and performance of IT infrastructure, and does not adequately protect against cybersecurity threats.
Conclusion
The GAMP® Community of Practice is proud of its many accomplishments over the past three decades and looks forward to contributing to industry growth and innovation for decades to come.
Spotlight: Two Essential GAMP® Guides
In 30 years, the GAMP® Community of Practice has published many outstanding guides, including GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems and the ISPE GAMP® Guide: Records and Data Integrity.
GAMP® 5
GAMP® 5 is the current iteration of the GAMP® guidance and was published in 2008. It was created in response to the changing regulatory and industry environment, which placed greater emphasis on science- and risk-based management approaches, product and process understanding, and the application of quality by design concepts.
GAMP® 5 provides a cost-effective framework of good practice to ensure that GxP-regulated computerized systems are fit for intended use and compliant with applicable regulations. The framework aims to safeguard patient safety, product quality, and data integrity, while also delivering business benefit.
The guide also provides guidance for suppliers to the life sciences industry, including supplier good practice and how to meet the requirements and expectations of regulated customers. Key GAMP® 5 concepts are illustrated in Figure 1.
ISPE GAMP® Guide: Records and Data Integrity
Published in 2017, the ISPE GAMP®Guide: Records and Data Integrity is a complete and comprehensive reference to records and data integrity (RDI), providing principles and practical guidance on meeting current expectations and requirements for the management of GxP-regulated records and data, ensuring that they are complete, consistent, secure, accurate, and available throughout their life cycle.
This RDI guide is intended as a stand-alone ISPE GAMP® guide, is aligned with GAMP® 5, and has been designed to be used in parallel with GAMP® 5. Topics covered in the RDI guide include regulatory focus areas, the data governance framework, the data life cycle (Figure 2), culture and human factors, and the application of quality risk management to data integrity.
The following Good Practice Guides support the GAMP® Guide: Records and Data Integrity: