In the GAMP 5 guidelines, there is a system for Categorising Software applications ranging from Category 1 up to category 5 (1 being infrastructure software such as excel, RSlogix 500, Epas etc) and 5 being special bespoke software written from scratch. – Note: there is no “Category 2” in GAMP 5 it was another Software Category in GAMP 4 but has been eliminated in the latest revision GAMP 5.
At Tekpak, depending on the system we’re talking about our machine control applications generally fall under category 4 (could also be cat 3 or cat 5 depending on the particular project and application), for example if we are considering a standard casepacker or a standard Delta pick & place cell we will probably be using an already developed program that has been extensively reviewed, debugged and proven in similar plant processes and is using Standard PLC/PAC functions library IEC61131 (Elau, Allen Bradley, Lenze etc). In this case we will be only ‘configuring’ already developed program and function blocks by making small changes to particular code modules and changing parameter settings such as pick co-ordinates, timers, speeds etc – in this case it may be considered as a category 4 application. On the other hand if we have to write custom software modules or complete new bespoke applications and particularly if we have to write client specific code to generate, store or transmit electronic data records that are required to be maintained and reported by our clients to FDA under predicate rules (for eg. event date/time, or event sequences etc), then the software application will be category 5 and we would have to comply with CFR 21 part 11 (special requirements concerning the generation, storage and transmission of electronic records).
Generally it is the outcome of the clients’ validation risk assessment or validation determination statement which will determines the scope of validation needed to verify that the software will deliver all the items detailed in the URS and will define the software category of a particular system. The GAMP 5 software categories are guidelines open to interpretation and there can be some ambiguity as to which category a particular application falls into. Therefore validation requirements should be based on the risk assessment (but taking into account the software category) to avoid applying insufficient or excessive validation effort.
Generally, our applications software has been validated under “Standard Life Cycle Validation” in some cases, if the application is seen as critical to product quality, the software may be categorised as Cat 5 in which case we are asked to provide the details to allow validation as “Full Life Cycle Validation”