So far in our series on GAMP 5 we’ve provided a high level overview of the five major GAMP concepts, and a more in depth discussion of Concept 1, Process Knowledge and Understanding. In this installment we’ll look in more detail at Concept 2, the use of a defined System Life Cycle (SLC).
A well-documented system life cycle provides a sound basis for the definition, design, development, and deployment of regulatory compliant computerized systems. Traditional System Life Cycle methodologies are structured into phases. While specific methodologies may differ in terminology used, the following are elements found in the GAMP 5 guidelines.
GAMP breaks the overall SLC into four major phases.
The concept phase addresses early evaluation and planning activities to determine if an automated solution is suitable for supporting a specific business process. High level assessments of benefits and costs may be considered to justify further investment in pursuing potential computerized solutions.
Based upon a decision to proceed from conceptual planning, the project phase covers all aspects of system development and implementation. Multiple sub-phases support a controlled approach to providing a compliant computerized solution to support the regulated business process. Each sub-phase will produce key deliverables that provide evidence that the system is fit for its intended purpose, i.e., Computer System Validation.
1. Planning: During the planning sub-phase specific activities, budgets, schedules, and resources are identified that will be required to support successful system implementation. For validation purposes key aspects of the planning process are documented in the Validation Plan.
2. Specification: The Specification sub-phase is focused on identifying requirements that the proposed system must meet. From basic requirements detailed functional and technical design specifications may be documented to guide the development and configuration of the new system. This is often a sub-phase that is short-changed in the amount of time and effort allocated. A well though-out and verified design can save time and improve quality downstream in the overall life cycle.
3. Configuration and Coding: Once a verified design has been completed efforts turn toward the development of the functional system. Historically this phase may have involved a significant amount of custom code development. With today’s automated solutions and the prevalent use of commercial off the shelf systems (COTS), this phase will likely center on configuration of vendor provided software to meet specific business needs.
4. Verification: A key aspect of any System Life Cycle involves testing of the developed and configured system to verify that it performs as intended. For regulated systems this has been traditionally addressed through Installation, Operational, and Performance Qualification (IQ, OQ, PQ). The term verification is increasingly applied, as outlined in the GAMP 5 guidance, to cover a broader range of testing activities that can be applied at various technical and functional levels of the system. Regardless of the terminology applied, testing activities provide documented evidence for the proper technical and functional performance of the system.
5. Reporting: To conclude the Project phase of the SLC, results of verification and other project activities are summarized to verify that planned criteria, particularly relative to system validation, have been achieved. Summary reports provide closure to the Project phase and a transition to production use and ongoing operation.
The Operation phase of the typical System Life Cycle is supported primarily through Standard Operating Procedures developed and verified as key deliverables during system development. Key processes to consider include incident and problem management, system backup and recovery, system administration, change and configuration management, ongoing access controls, and periodic review. Emphasis is on maintaining a controlled and validated state for the system through the remainder of its life.
Eventually any system will reach the end of its productive life, often driven by advances in technology and changes in the needs of supported business processes. The final phase of the typical SLC focuses on activities that are important for the effective decommissioning of the system and transition to a new system to support. Particular attention should be given to the migration or archive of critical business data to ensure its retention is consistent with company policies and regulatory requirements.
While a robust System Life Cycle can effectively manage large scale system projects, it must also be flexible enough to handle smaller less complex projects. In our next installment of our GAMP concept series, we’ll look at Concept 3, Scalability of the SLC based upon system risk.
If you’re interested in a more depth discussion of the GAMP 5 concepts and their particular application to Risk based validation of process control systems, please join me in my next ISPE sponsored training in Tampa, FL on December 1-2, 2014.