GAMP stands for Good Au­to­ma­ted Ma­nu­fac­tu­ring Prac­ti­ce. The num­ber five re­pres­ents ver­si­on 5 which is curr­ent­ly the most up-to-date im­ple­men­ta­ti­on. GAMP5 of­fers a prag­ma­tic and prac­ti­cal gui­de for the im­ple­men­ta­ti­on of a GxP-com­pli­ant con­pu­ter-ba­sed sys­tem. It in­cludes va­rious and sca­lable ca­li­da­ti­on ap­proa­ches and stra­te­gies. The­se are al­ways risk-ba­sed and sum­ma­ri­ze many other gui­de­lines and stan­dards in the phar­maceu­ti­cal in­dus­try. GAMP5 is na­med as an in­dus­try stan­dard as it is also re­fer­red to in of­fi­ci­al do­cu­ments. Thus it has evol­ved as the stan­dard set of ru­les for the va­li­da­ti­on of com­pu­ter-ba­sed sys­tems in the phar­maceu­ti­cal in­dus­try. Ho­we­ver, the GAMP5 is not a stan­dard and the­r­e­fo­re has no bin­ding character.

The va­li­da­ti­on ef­forts ac­cor­ding to GAMP in prac­ti­se de­pend on the pa­ra­me­ters for data se­cu­ri­ty, the com­ple­xi­ty and no­vel­ty of the IT sys­tem used. The­se af­fect the per­spec­ti­ves and pro­ce­du­res and de­li­be­ra­te de­cis­i­ons must be made. In­iti­al­ly, a ba­sic risk eva­lua­ti­on is con­duc­ted and then the ef­fects of the sys­tem are ana­ly­zed. Af­ter­wards, the func­tions are de­ter­mi­ned which may af­fect the data se­cu­ri­ty, the pro­duct qua­li­ty and the data in­te­gri­ty. Ba­sed on the­se func­tions, the func­tion­al risk as­sess­ment be­g­ins and the scope and num­ber of checks for the com­pu­ter-ba­sed sys­tem are spe­ci­fied. The­se must then be im­ple­men­ted and ve­ri­fied ac­cor­din­gly. The re­sul­ting mo­ni­to­ring of the en­ti­re life­cy­cle al­lows the op­ti­miza­ti­on of pro­ce­du­res and pro­ces­ses, such as the avo­id­ance of du­pli­ca­te ac­ti­vi­ties th­rough the in­te­gra­ti­on of com­pu­ter sys­tem activities.

If an or­ga­niza­ti­on in the re­gu­la­ted con­text wants to em­power its­elf with works of an IT sup­pli­er, then the ap­proach of in­iti­al ve­ri­fi­ca­ti­on of ade­qua­ten­ess and re­lia­bi­li­ty of the sup­pli­er also ap­pli­es here. The IT com­pa­ny its­elf has to con­sis­t­ent­ly im­ple­ment the agreed qua­li­ty assu­rance me­a­su­res and thus mo­ves into the fo­cus of the re­gu­la­to­ry aut­ho­ri­ties. This fact re­sults in some re­qui­re­ments for the sup­pli­er. In this con­text, GAMP5 re­gards a qua­li­ty-assu­red sof­wa­re de­ve­lo­p­ment as ade­qua­te that fol­lows a life­cy­cle mo­del (V mo­del), i.e. a qua­li­ty-assu­red and do­cu­men­ted ad­jus­t­ment and im­ple­men­ta­ti­on of the soft­ware with the re­spec­ti­ve qua­li­ty-assu­red main­ten­an­ce and sup­port. The aspects have to be il­lus­tra­ted ba­sed on a qua­li­ty ma­nage­ment sys­tem.