Selecting the Right GAMP® 5 Software Category for Your Environmental Monitoring System

GAMP 5 Software Categories
Paul Daniel, Senior Regulatory Compliance Expert
Paul Daniel
Senior GxP Regulatory Expert
Published:
Life Science

Recently, our Senior Regulatory Expert, Paul Daniel, was asked by a viewLinc customer how to categorize their continuous monitoring system according to GAMP® 5. The customer, who was installing a new viewLinc Continuous Monitoring System, expected their system would be Category 4 based on reading our article on a GAMP-Based Approach to Environmental Monitoring Systems for GxP Applications, but they wanted to be certain...


Paul explained:

In regulated environments, continuous monitoring systems are typically Category 4 because Category 3 systems are often too simple to be effective. GAMP Category 3 systems cannot be configured to meet the typical quality system requirements of life science or GxP-regulated applications. Conversely, Category 5 systems are often too customized, making validation difficult, time-consuming, and expensive. Moreover, life science firms rarely possess the software development expertise required to design and manage a customized monitoring system.

GAMP Category 4 offers the right mix of simplicity and configurability. This category includes two types of systems:

1. Systems like the viewLinc CMS, which can be easily configured to match operational needs and business processes without custom code or different modules.

2. Systems assembled from known modules, which result in a few versions of the “same” package due to module combinations. A highly configurable system without software changes is usually preferred because it is easier to validate, maintain, and support.
However, in some cases, the viewLinc CMS could be considered GAMP Category 3.

For instance, many customers in Japan have categorized their monitoring system as Category 3, but they follow their own version of GAMP-like rules adopted by the government. Most European and US experts consider viewLinc as Category 4. To paraphrase one of the authors of GAMP5, “viewLinc can be considered a lightweight Category 4 system simply because it is adaptable and needs configuration, but not because it involves complicated coding.”

The categorization of systems is the responsibility of the system owner, not the system vendor. A strict interpretation of Category 3 would include the ability to use the system as is, out of the box. Category 5 is a custom-built system, while Category 4 lies in between. For example, a monitoring system where you can turn on alarming and assign several levels of thresholds is a Category 4 system. You have configured the system by assigning alarm thresholds unique to your application needs without writing customized code.

A useful analogy is a new car. The standard model with cloth seats, blue color, and a basic engine is a Category 3 model. If you add leather seats, metallic pearl white paint, and a bigger engine, it becomes a Category 4 model because of the factory-added options. If you further modify the car with racing seats, custom paint, and a modified engine, it becomes a Category 5 custom system.

One of the most important considerations in choosing a monitoring system is the cost of ownership, particularly system validation. A Category 3 system likely needs minimal validation due to its simplicity. Category 4 systems, with their additional configuration, require greater validation effort. However, the additional effort is often worth it to ensure the system fulfills process requirements. For Category 5, the validation workload can be exorbitant.

With viewLinc’s GxP System Documentation (including User Requirements Specification (URS), Functional Specification (FS), Design Qualification (DQ),  Risk Assessment (RA), Traceability Matrix ™ and the template IQOQ Validation Protocols), most of the documentation work for validating viewLinc is provided, greatly mitigating the validation effort involved.

Sometimes, it comes down to definitions. For example, if you can turn on a function, then the system is Category 4. Since we can turn on alarming in viewLinc, it is a Category 4 system. However, if viewLinc started with alarming turned on by default, is it then a Category 3 system? This is an example of how viewLinc might be categorized as either Category 3 or 4. The simplest installation of viewLinc might be Category 3. But a conservative approach would be:

a) viewLinc is highly configurable,
b) configuration needs to be tracked and controlled, and
c) tracking and controlling configuration is a Category 4 activity.

I am reminded of a statement by one of the authors of GAMP, regarding the latest revision (GAMP 5 Rev 2). They mentioned that the authors considered doing away with the categorization concept, thinking it might prevent system owners from critically evaluating their systems. Some owners might categorize their systems incorrectly and then follow the guidance of their chosen category, resulting in either too little or too much work to support the system.

One of the goals of GAMP 5 Revision 2 is to prioritize patient safety and product quality over compliance and encourage critical thinking from industry stakeholders. Although the categorization concept was retained, the second revision of GAMP has updated information on categories to show that computerized systems can often combine components from different categories. The software category is just one factor in a risk-based approach. It recommends finding the optimal benefit of a system based on the intersection of fitness for intended use, application risk assessments, and levels of assurance.

Whatever category you choose for your monitoring system, GAMP 5 encourages us to think critically about the system, validation processes, and to take a risk-based approach that focuses on patient safety and product efficacy. A risk assessment can decrease the workload in supporting a monitoring system by focusing efforts on Category 4 activities like configuration management, saving time and effort on activities like qualification testing.

For further information, we invite you to read the white paper, “Using the ISPE’s GAMP Methodology to Validate Environmental Monitoring System Software.”
 

We also invite you to view the webinar recording, linked below...

Webinar: How to Validate System Software According to GAMP Principles

In this webinar,  you will learn how to validate your monitoring system software according to best practices outlined in GAMP 5. You'll get several tools for ensuring your validation efforts align with the ISPE's guidelines.

Key takeaways

  • How to develop a User Requirements Specification (URS) Document
  • Steps to creating a Traceability Matrix
  • Three different types of software systems and their validation processes: Off-the-Shelf, Configured, Custom
  • How to create a Functional Specification Document (FSD), or obtain an adequate FS from a system vendor

Watch now

Add new comment