Category of software
Application are categorized into following software categories as per GAMP 5 guideline
1. Category 1 – Infrastructure Software:- There are two types of software in this category:
A. Commercially available layered software: – Software upon which applications are built or applications are developed to run under the control of this kind of software. E.g., Database managers, programming languages, Middleware, ladder logic interpreters etc.
B. Infrastructure software tools: This software not used directly for business purpose but supports/manages the computer hardware/ network Infrastructure. E.g., operating systems, network monitoring software, batch job scheduling tools, security software, anti-virus.
Typical Approach for validation:- Record version number, verify correct installation by following approved installation procedure.
2. Category 2 – This Category is no longer used in GAMP 5
Category 2 Firmware is no longer a separate category, since modern firmware can be so sophisticated that there is no longer any justification for differentiation. Firmware can fit into any of the categories depending on the nature of the embedded software.
3. Category 3 – Non-Configured Products (COTS As-Is)
This category includes off-the-shelf products used for business purposes. In this type of software no customization or configuration performed.
Systems that cannot be configured to conform to business processes and systems that are configurable but for which only the default configuration is used or only run time or environmental configurations are done. E.g., Firmware based applications, COTS software, and instruments software.
Supplier assessment may not be necessary, the need for, and extent of; supplier assessment should be based on risk.
Typical Approach for validation: –
1. Abbreviated Life cycle approach (Validation plan, combined URS/Functional/Design specification, testing against predetermined acceptance criteria, validation report)
2. Risk Based supplier assessment,
3. URS,
4. Record version number, verify correct installation by following approved installation procedure,
5. Risk-based tests against requirements, SOPs.
Functional and design specification may not be necessary or can be combined in one document.
Validation of category 3 software may be performed directly on production environment based on risk analysis.
4. Category 4 – Configured Products
Configurable software products provide standard interfaces and functions that enable configuration of user specific business processes.
Standard functionality of the software can be configured from front end to use a specific function without altering the basic program (change in coding from backend) to meet the business requirements/needs. E.g. ERP, SAP, LIMS.
Typical Approach for validation: –
1. Life cycle approach (validation plan, URS, Functional/Design Specification (may be combined), Traceability, Documented testing against predetermined acceptance criteria, validation report)
2. Risk Based supplier assessment, Demonstrate supplier has adequate QMS,
3.Record version number, verify correct installation by following approved installation procedure.
4. Risk-based tests against requirements, SOPs.
5. Category 5 – Custom Applications
These systems or subsystems are developed to meet the specific needs of the regulated company, this software are custom designed and coded to suit the business, this may be the custom extension to an existing system. E.g., Internally and externally developed IT systems, Custom ladder logic, Custom firmware etc.
Same as for configurable,
Typical Approach for validation: – same as configurable, plus:-
More rigorous supplier assessment with possible supplier audit, possession of full life cycle documents (FS, DS, Structural testing), Design and source code review
Category 4 and 5 software shall be tested on test environment (QA environment), followed by validation environment (UAT environment). After successful UAT, software shall be installed in production environment. In case of category 5 software unit testing shall be performed in development environment.
Categories of Hardware
1. Hardware Category 1 – Standard Hardware Components:-
2. Hardware Category 2 – Custom Built Hardware Components