What is good automated manufacturing practice (GAMP)?
Good automated manufacturing practice (GAMP) is a set of guidelines for pharmaceutical manufacturers. GAMP aligns with the standards set by governmental certification agencies. GAMP is also a subcommittee of the International Society for Pharmaceutical Engineering (ISPE).
GAMP guidelines are used heavily by the pharmaceutical industry to ensure that drugs are manufactured with the required quality. GAMP Community of Practice is a pharmaceutical professionals' forum that ensures continued development and adoption of best practices in the field.
GAMP overview
Pharmaceutical and other manufacturers need to comply with governmental regulatory guidelines to sell their products. These guidelines include strict quality control standards but may not include information on how a company can reach these standards. In addition, different countries may have different standards -- for example, standards in the U.S. set by the Food and Drug Administration (FDA) may not match ones in Europe set by the European Medicines Agency.
GAMP steps in to fill this need for guidance and standard operating procedures for large-scale manufacturing.
Rather than testing quality control batches, GAMP makes quality testing an integral part of each stage of manufacturing. It includes testing facilities, equipment, materials acquisition and staff hygiene. GAMP publications include practice guides on calibration management, compliance, IT infrastructure, data archiving and process validation.
The most recent version of GAMP guidance is ISPE GAMP 5 Guide: A Risk-Based Approach to Compliant GxP Computerized Systems, Second Edition, published in 2022. It modernizes the approach with guidance on risk management principles and AI use.
The acronym GxP is used to cover the three major areas of pharmaceutical practice. Good manufacturing practice (GMP) is for pharmaceutical production, good laboratory practice (GLP) for research and development, and good clinical practice (GCP) for clinical trials.
Key guidance in GAMP 5
Different countries and industries may use different terms to describe the same thing or have slightly different standards. Establishing a unified baseline and common terminology helps businesses navigate these differences.
- Clear roles and responsibilities. Establishes the roles that need to be filled and how each section needs to work together.
- System lifecycle approach. Individual components do not exist in isolation. The whole structure needs to be considered when planning, from initial design to decommissioning.
- Flexible, risk-based approach. Give more attention to areas with the highest risk or safety concerns. More complex systems are given more validation.
- Supply chain management. Problems in the supply chain can have an impact on the product. Working with suppliers and providers helps to mitigate these risks. This is especially important as supply chain attacks become more prominent.
- Data management. Ensure data and systems are confidential, integral and available (CIA triad). Small lapses in these areas can have a major effect on operations or overall safety.
GAMP software categories
GAMP specifies four categories of software. These categories can help define the risk and complexity level present for each. The current categories are the following:
- Category 1 is infrastructure software. These are software systems that support other software. They are typically purchased from vendors and include things like operating systems, databases, networking and firewalls.
- Category 3 is nonconfigured software. This is simple software used mostly as is without much customization. This might include spreadsheets, data acquisition or custom databases.
- Category 4 is configurable software. This is purchased software heavily customized for use. This might include more complex calculations in spreadsheets, enterprise resource planning, or system controllers and programmable logic controllers.
- Category 5 is custom software. This software is programmed by the organization. This might be add-ins or plugins for purchased software, scripts or outright executable code.
- Category 2 is firmware and has been largely removed in GAMP 5. Firmware is now covered in the other categories.
CSV vs. CSA
Earlier versions of GAMP focused on computer system validation. CSV relies on distinct testing and documentation of each system and step. Each item in the chain has an associated test and proof. This is time-consuming and expensive. Also, as more resources move to modern cloud or machine learning stacks, it becomes increasingly difficult to validate these external resources.
The most recent version of GAMP 5 uses computer software assurance principles. CSA is a flexible, risk-based approach. It requires more critical thinking, instead of just checking boxes. This also enables a more nimble and efficient approach.
History of GAMP
GAMP was created in 1991 in the United Kingdom to address the pharmaceutical industry's desire to create guidelines that would improve understanding of changing expectations of regulatory agencies in Europe. This included improved working relationships with agencies in other countries, like the U.S. FDA.
GAMP also sought to encourage understanding of how CSV should be handled in the pharmaceutical industry. Since its creation, the standards organization has become a recognized creator of good practices worldwide.
Sustainable biopharmaceutical manufacturing uses green technologies to reduce waste and enhance product quality amid regulatory and environmental challenges. Learn how sustainability in biopharmaceutical manufacturing is advancing.