Professional Documents
Culture Documents
5 Software Categories
January 21, 2013| Software Validation, Validation Articles | 2 comments
Additional software for managing the infrastructure the process control system
includes:
Operating Systems
Anti-virus Software
Active Directory / Domain Controller
Database Software (SQL / Oracle)
Server and Network Hardware
Virtual Environments
Firewalls, including configuration
Server and Network Monitoring Tools
Backup Systems
Note: Infrastructure should be built, configured and deployed in accordance with
defined process / procedure and critical aspects and / or configuration verified.
Infrastructure is qualified but not validated. The validation is performed on the
hosted application not on the infrastructure.
There is no fixed rule as to the validation approach for GAMP Category 3 systems.
This should be combined with the impact or criticality of the process that the
system is monitoring and / or controlling. It can support decisions as to lifecycle
steps that may not need to be performed for example Source Code Reviews,
limited verification activities and greater reliance on vendor test documentation.
As with any supplier you should ensure that the software has been performed in
accordance with an appropriate quality management system. However the GAMP
Category can support the decision as to the level of supplier assessment that
needs to be performed (Postal Questionnaire rather than Full Site Audit.
EU Annex 11 states that the need for an audit should be based on a risk
assessment refer to the Validation Determination post.
Bespoke software is software that is generally written from scratch to fulfil the
business need. As this software is going the full development lifecycle there is a
higher level of risk of errors within the application code.
In terms of a Process Control System GAMP Category 5 software may range from
PLC logic (Ladder, Sequence Flow Chart, C++, etc.) to custom scripts written
within the SCADA / DCS system.
As GAMP Software Category 5 the level of verification through software testing
(FAT, SAT, IQ, OQ, etc.) will be increased. The level and formality of performing
and documenting this testing will be determined on the GMP Impact (Product
Quality, Patient Safety, Data Integrity and GMP regulatory requirements).
Summary
The Validation Determination can be used to identify each component of the
system and the associated software category(s).
The GAMP Software Category may be used to support Computer Systems
Validation decisions which may be documented within the Validation
Determination Statement or within the Validation Plan.
The GAMP Category can also be used to support further risk assessments, for
example consider the type of software category for controlling / monitoring each
function. The likelihood of failure or the failure going undetected may be lower
for less complex / novel software.