Good Automated Manufacturing Practice (GAMP) is now in the 5th edition as a published standard by the International Society for Pharmaceutical Engineering (ISPE). Starting in 1989 (GAMP 1) as a simple “V” model where the development of the system documentation has a counterpart in the qualification stage, GAMP has progressed commensurate with the development of automated systems in the last 15 to 20 years.

Back in those times, computer systems had defined if not limited specific duties such as a building automation system that controlled temperature and humidity or small controller on a process skid. With advances in processor capabilities coupled with the explosion in the capacity of memory at decreasing prices - we find more things for computers to do. GAMP 5 was developed to recognize the trend to multifunctional automation systems such as the building automation system also acting as a batch record data storage and management system and a calibration manager. There is also an emphasis on the increasing burden of the life cycle management of these systems. Fifteen or Twenty years ago, high-end computer systems were being installed with virtually “no expense spared” efforts by the top pharmaceutical companies because it was easier to err on the side of added capability than to leave something out that may be the target of an FDA 483 observation, or worse a warning letter. Today, those efforts have left a legacy where the ongoing cost to maintain change control and revalidation for systems or their components that may not directly affect the drug chemical profile have become a large burden. Coupled with the public pressure to enhance patient safety, product quality and data integrity is a real industry need to control cost.

Cost control comes in the form of:
-Avoiding duplication in the documentation effort - specifically in the transfer of information from engineering and construction efforts to operation and maintenance efforts.
-Maximizing the value of supplier act - perform as much qualification as possible at the supplier’s facilities so that corrections can be made before the system is delivered on site and errors force unforeseen and expensive deployment delays.
-Performing a risk analysis for systems - to quantitatively determine exposure through a numerical assessment system that allows appropriate and defendable decisions to be made on the level and extent of the qualification study so that such systems can pass an FDA or third party audit.
-Using as much configurable software as possible - If little or no custom code is used, control of life cycle cost is greatly enhanced. 
-With added complexity comes the need for adaptive development models. If the traditional linear development model doesn’t fit a particular application, then a different model that addresses the specific needs of a project needs to be implemented.


Least-cost compliance is a concept to minimize the cost impact of compliance and validation activities across the entire computer system and IT infrastructure lifecycle.

Version 5 of the ISPE / GAMP® Guide extends the concepts of risk-based validation originally introduced by GAMP 4 in 2001.

With the approval and implementation of the (ICH) International Conference on Harmonization (ICH) Guidance Documents, in particular, Q7 Titled, Q7 Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients some computer validation guidelines are set.

Within the ICH Q7 document section 5.40 it states, “GMP related computerized systems should be validated. The depth and scope of validation depends on the diversity, complexity and criticality of the computerized application.” This guideline still gives the company some leverage as to the extent of validation required. A rationale statement can be provided that coincides with the level of validation provided.

ICH Guidelines refer to IQ and OQ to demonstrate the suitability of computer hardware and software to perform assigned tasks. Qualified commercial software does not require the same level of testing.

Audit trails and sufficient controls to prevent unauthorized access or changes to data shall be present to meet ICH Guidelines along with written procedures for the operation and maintenance of computerized systems.

Additional checks are required when critical data is manually entered. This can be performed by a second operator or by the system itself. This is usually accomplished by a supervisor or peer review of the manually entered data electronically in the form of electronic signature. This concept is no different than the additional signature required for approval of critical documents.

Incidents related to computerized systems should be recorded and investigated if quality is jeopardized. Changes to hardware or software should be documented in the form of a Change Control in order to maintain a validated state.

The ICH Guidelines also refer to having a back-up system in place in the case of failures or breakdowns. This is normally accomplished through a disaster recovery procedure where daily backups are performed and the software is maintained securely in case of a failure.

Within the ICH Q9 document section II.4 it states, “Quality Risk Management for Facilities, Equipment and Utilities Design of facility / Equipment.” The depth and scope of validation depends on the diversity, complexity and criticality of the computerized application.” Risk assessment consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards (as defined below).
1.What may go wrong?
2.What are the chances something will go
wrong?
3. What are the consequences (severity)?

Conclusions
The implementation of Calibration Asset management Software can greatly improve the day to day operations of a calibration program.This approach to Validating Calibration Software will allow the project to be implemented in an industry proving manner in which both time and money are saved and the software can be expedited into full operation while still maintaining compliance.