GAMP aims to deliver a cost-effective framework of good practice to ensure that computerized systems are effective and of high quality, fit for intended use, and compliant with applicable regulations.

Maintaining the principles and framework of the first edition, ISPE GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition) updates their application in the modern world including the increased importance of service providers, evolving approaches to software development, and expanded use of software tools and automation. It highlights the use of critical thinking by knowledgeable and experienced SMEs to define appropriate approaches.

The ISPE GAMP Community of Practice (CoP) performs regular ongoing assessments and reviews of GAMP knowledge against current practices and regulatory and technology developments. ISPE GAMP 5 Second Edition therefore embraces and reflects:

• Increased importance of service providers, which includes encouraging regulated companies to maximize supplier involvement to leverage knowledge, experience, and documentation where possible
• Evolving approaches to software development, emphasizing that the GAMP specification and verification approach is not inherently linear but also fully supports iterative and incremental methods
• Increased use of software tools and automation to achieve greater control, higher quality, and lower risks throughout the life cycle.

Furthermore, this Guide highlights the importance of applying critical thinking by knowledgeable and experienced SMEs when defining the appropriate approach for specific circumstances.

Discussion of current FDA activity on Computer Software Assurance (CSA) approaches and clear links to ISPE/GAMP guidance on Data Integrity (DI) have been added.

The Appendices have been expanded to incorporate new and evolving topics in the life sciences industry such as blockchain, Artificial Intelligence/Machine Learning (AI/ML), cloud computing, and Open-Source Software (OSS).

This Guide is intended for use by regulated companies, suppliers, and regulators. Suppliers include providers of software, hardware, equipment, system integration services, IT service providers, and IT support services, both internal and external to the regulated company.