As pharmaceutical plants adopt automated systems and digital management platforms, the integrity and reliability of computerized systems become critical. Computer Systems Validation (CSV) is the formal process of documenting that a computerized system meets its pre-defined specifications. The global standard for CSV is the ISPE’s GAMP 5 (Good Automated Manufacturing Practice) framework.
The V-Model Lifecycle Approach
GAMP 5 advocates for a structured "V-model" lifecycle approach, which maps development activities directly to validation testing:
- User Requirement Specification (URS): The foundation document detailing what the system must do from a user perspective.
- Functional Specification (FS): Translates the URS into specific software and hardware capabilities.
- Testing Phase (IQ/OQ/PQ): Installation Qualification (IQ) verifies components are installed correctly, Operational Qualification (OQ) tests functional thresholds, and Performance Qualification (PQ) confirms the system functions reliably under normal load.
GAMP 5 Software Categories
To optimize validation efforts, GAMP 5 divides software into categories based on complexity and customization:
- Category 1: Infrastructure software (e.g., operating systems) — requires only version control.
- Category 3: Non-configured software (commercial off-the-shelf) — requires basic verification of installation.
- Category 4: Configured software (e.g., LIMS, SCADA) — requires verification of configuration settings against user requirements.
- Category 5: Custom software (bespoke code) — requires full life-cycle validation, design reviews, and source code audits.
Risk-Based Validation
By conducting a formal risk assessment (typically using FMEA), validation teams can focus resources on high-risk functions that directly impact product quality, data integrity, and patient safety, ensuring a cost-effective and compliant validation process.