GAMP® 5 Training Programme (Full Course)

How do you replace paper records with electronic data and make sure the system is completely transparent, robust and tamperproof? And how do you store those electronic data records so that they stand the test of time? How do you make sure for the computers in your manufacturing facility that nothing crashes or no data is lost? This short course is an introduction to the ISPE’s GAMP ®S guidelines and outlines how to manage your electronic data to ensure that it meets the FDA requirements for manufacturing safe medicines and medical devices.

• 1.1 Drivers for GAMP® 5
  In this presentation we learn about the primary drivers behind the issuing of the GAMP® S guidance document and its focus.
• 1.2 Life Cycle Phases of Computerized Systems
  In this lesson we explore the lifecycle of a computerized system from its early specification to its retirement and upgrade.
• 1.3 Computerized Systems in Regulated GxP Environments
  The objective of this lesson is being able to describe a computerized system to a regulatory inspector to demonstrate the system is in control and fit for use.
• 1.4 GAMP ®5 Software Categories
  In this lesson we look at ways to categorize computerized system from infrastructural and off-the-shelf software, to configurable and bespoke applications.
• 1.5 Operational Activities
  In this lesson we take a look at how to maintain a critical computerized system in a state of operational control using standard procedures.
• 1.6 Handover
  This lesson looks at ways to ensure that the environment into which the computerized system is to be received is prepared, to make sure that the system can be used and supported in a controlled manner.
• 1.7 Product and Process Understanding
  This lesson makes recommendations about application of subject matter expertise when supporting lifecycle activities for a computerized system amongst the end user and the supplier.
• 1.8 End-User Activities
  This lesson explains the responsibilities of the end user when it comes to supporting the lifecycle activities for a computerized system.

• 2.1 Supplier Activities
  This lesson explains the responsibilities of the supplier when it comes to supporting the lifecycle activities for a computerized system.
• 2.2 Validation Planning
  In this lesson we look at corporate and site level policy documents that define a regulated company’s overall approach to computerized system quality and compliance.
• 2.3 Science Based Quality Risk Management
  In this lesson we look at suggestions about where to apply risk management throughout the lifecycle of a computerized system and how to manage the process for various categories of systems.
• 2.4 Risk Management Considerations – Generic Hazards
  In this lesson we look at an approach to conducting risk assessments on computerized systems based on their impact to product quality, patient safety and data integrity. We also list generic hazards for a computerized system associated with physical/environmental conditions, hardware and software, and human­
  relat ed.
• 2.5 Requirements Traceability Matrix (RTM)
  In this lesson we introduce the Requirements Traceability Matrix (RTM); an important project document for tracing all user requirements to design specifications and appropriate verification tests.
• 2.6 Efficiency Improvements (Continuous Improvements)
  In this lesson we look at suggestions on ways to improve efficiencies throughout the lifecycle of a computerized system.
• 2.7 Categorization of Laboratory Computerized Systems
  This lesson explains the GAM P® system for categorizing Laboratory Computerized Systems.

• 3.1 Organizational Change – Impact During Project Lifecycle
  This lesson looks at various ways to manage projects during episodes of major organizational changes.
• 3.2 Outsourced IS/IT Environment
  Here we look at the contract considerations when we choose to outsource control of our IS/IT systems to a third-party vendor.
• 3.3 IT Compliance – Key Concepts and Infrastructure Elements
  In this lesson we look at ways to standardize our IT Infrastructure Elements to facilitate and somewhat ‘modularize’ our compliance strategy.
• 3.4 Development versus Implementation Life Cycle
  In this lesson we describe how to implement various computerized systems based on their software cat egory; where from a user’s perspective the lower categories require less vendor input and where the higher categories require more.
• 3.5 Specification, Design and Verification
  In this lesson we review the ASTM International standard E 2500 – 07 ‘Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment’.
• 3.6 Testing Documentation Structure & Verification Terminology
  In this lesson we look at good practices regarding the organization of testing documentation on a project and we also examine legacy and modern terms for testing documentation used in the medicinal products’ industries.
• 3.7 Scalable Validation Deliverables
  This lesson recommends a range of scaleable validation deliverables over the range of software categories where we see increasing intricacy with increasing category designation.
• 3.8 Patch and Update Management
  In this lesson we consider suitable management strategies for implementation of software patches and upgrades to an existing computerized system operating in a regulated environment.
• 3.9 Operational Change and Configuration Management
  This lesson describes how to manage the configuration of a computerized system in a regulated environment during the operation and maintenance phase and keep it current and relevant where we’re in a period of continuous change and upgrading.
• 3.10 Repair Activity
  In this lesson we discuss a process by which non-functional systems are returned to a functional state under the control of a repair activity procedure.
• 3.11 Periodic Review
  In this lesson we’re going to look at a method to ensure a computerized system remains compliant with regulatory requirements throughout its operational life, remains fit for intended use, and continually satisfies company policies and procedures.
• 3.12 Backup and Restore
  In this lesson we describe a mechanism to protect electronic information assets against loss of original data and subsequent accurate restoration of assets when required.

• 4.1 Electronic Data Archiving
  In this lesson we describe a suitable data archiving strategy for moving data that is no longer actively used in the active environment where it was created to a separate data storage area for long-term retention.
• 4.2 Typical Tasks Supporting Validation
  Here we look at recommendations from the FDA regarding tasks that may support validation of a computerized system in a regulated environment.
• 4.3 Security Management
  In this lesson we define the controls required for securing a computerized system in an operational envi ronment.
• 4.4 Business Continuity Management
  In this lesson we discuss how to regain access to an IT system and its data following a disaster, and how to restore critical business processes following a disruption while continuing to provide product or services.
• 4.5 Relationship Between System Backup, Archival, and Disaster Recovery
  In this lesson we look at the inter-relationship amongst the accurate and reproducible backing up of digital assets (data and software), the archiving of closed business transactions and master data relocation to an external system, and the regaining of access to an IT system (including software, hardware and data) following a disaster.
• 4.6 System Retirement, Decommissioning and Disposal
  This lesson describes appropriate controls that need to be in place when removing a computerized system from day to day use through obsolescence or replacement.
• 4.7 Copies of Records
  This lesson considers methods on how to preserve the content and meaning of an electronic record when making a copy.