The World of A Newbie in A Highly Regulated GAMP5 Arena

Introduction 

Before I started my role as a Business Analyst at Solidsoft Reply at the end of September 2024, I was very curious about the processes put in place to ensure patient safety. I was aware that working with the National Medicine Verification Systems (NMVS) would involve strict compliance, but I didn’t quite know what it would look like. 

Shortly after I started, I was introduced to GAMP 5 (Good Automated Manufacturing Practice, the 5 refers to the fifth publication of GAMP, published by the International Society for Pharmaceutical Engineering). I quickly realised the crucial role GAMP 5 plays in ensuring that automated systems are compliant with regulatory requirements, safe, and efficient. Now, as I dive deeper into the world of GAMP 5, I want to share my experience of getting started with it, and what I’ve learned along the way. 

What is GAMP 5? 

In simple terms, GAMP 5 is a set of guidelines designed to help businesses in regulated industries design, validate, and maintain automated systems that are compliant with strict regulations. GAMP 5 ensures that these systems help maintain product quality and patient safety, which are non-negotiable when dealing with medicine verification.  

Overcoming Challenges as a Beginner 

Though GAMP 5 provides a clear and structured approach, there are challenges when you’re just getting started. Here are a few I’ve encountered: 

Adhering to the process 

Ensuring that all the best practices are followed can take a lot of time and effort, especially if you’re dealing with complex systems. A lot of effort goes into making sure that everything is done to the highest possible level of quality. We ensure that each document, CR (Change Request) and FR (Fix Request) shared with NMVOs (National Medicine Verification Organisations) goes through internal quality checks. As part of that process, there usually will be a few updates made to each deliverable before sharing it with the wider audience.  

After it has been shared, it goes through numerous reviews by the NMVO CG (Customer Group), including IT and QA checks. Once the item has made its way through the CG review, it gets submitted to EMVO (European Medicine Verification Organisation) who ensure that all requests align with their vision of the European Medicine Verification System (EMVS). 

Each new addition to the system is rigorously tested and there is a great number of automated tests run by the QA team to ensure that the system meets the required quality requirements. Every version release is also accompanied by a set of documentation that must be created.  

Learning Curve 

As someone new to the world of GAMP 5, understanding the finer details of current processes can take a little bit of time. When first starting out it can feel a little overwhelming, but pieces of the puzzle do quickly start falling into place to eventually paint a complete picture. The work instructions that we need to follow while performing some of the day-to-day tasks was something I needed to get used to and its now becoming second nature. One example is ensuring that all CRs and FRs follow the set work instruction in Azure Dev Ops. Since I spend a lot of time working on requirements in DevOps I have been able to familiarise myself with the relevant work instruction and it’s now simpler to follow all the instructions as we have added some process improvements. 

Balancing Risk 

One of the most important aspects of GAMP 5 is its risk-based approach. Determining what qualifies as high or low risk wasn’t always straightforward for me at first, but it became clearer with more experience. Understanding the potential impact of different parts of the system helped me prioritise my efforts more effectively. If ever in doubt it is best to take a slightly more risk averse approach when designing solutions to ensure the integrity and robustness of the system. I also rely on other experts in the team and we work together on the Detailed Acceptance Criteria to ensure integrity of the system. After all, NMVS is an essential, round-the-clock system that must guarantee patient safety. 

What’s new? 

Working with GAMP5 has certainly been a different experience from what I was used to. With my experience of working in the Gambling sector, I was familiar with industries that require strict regulations but it was not quite the same compared to the NMVS. In most countries in which a gambling operator conducts business, they must adhere to a set of regulations established by the local gambling authority. The authorities will set out the requirements and operators will often require certification by an approved third-party company to ensure that they meet the operational and technical standards to protect consumers, ensure fair play, prevent fraud and combat money laundering.   

The way it works with the NMVS is quite different. For example, the descriptions and High-Level Requirements (HLACs) are shared and agreed upon before the features are implemented. The CG also shares these details with other stakeholders for their approval. Following this, the Detailed Acceptance Criteria (DACs) are agreed with the CG ahead of implementation and they are used as the main driver for our User Acceptance Testing (UAT) sessions. During UAT the QA Team will go through each line of the DACs and demonstrate how each requirement is met in a session with the CG. These can turn out to be quite detailed sessions, going through each requirement, in detail, and the team does a great job in demonstrating the new functionality.  

Conclusion 

It is fair to say that the world of GAMP5 can be challenging but vital to ensure that the NMVS is compliant with regulatory requirements and ensures patient safety. It is still early in my time with the company but during my time at Solidsoft Reply, I’ll continue to dive deeper into the world of GAMP 5 and support the team in development of the NMVS.

Solidsoft Reply is a leading technology company creating award-winning solutions utilising the Microsoft Azure cloud platform. As a globally acclaimed Microsoft AI Cloud Solutions Partner, we specialise in GS1 traceability systems worldwide, crucially ensuring the authenticity, legality, and safety of our customers’ products and services. Serving non-profits, NGOs, healthcare, and the pharmaceutical industries, we deliver technology for positive social impact. Your products, safe in our hands.