Gamp 5 Software Categories [upd] Official

By correctly identifying the category early in the project, you eliminate unnecessary documentation, reduce testing time, and focus your energy on the areas that actually pose a risk to product quality and patient safety.

This requires a more robust lifecycle. You need a URS , a Configuration Specification , and formal testing (IQ/OQ/PQ) to ensure the specific configuration is stable and meets business needs. Risk assessments are critical here. Category 5: Custom Applications gamp 5 software categories

Highest Validation approach: Most rigorous – full SDLC (software development life cycle) including design review, code review, unit testing, integration testing. By correctly identifying the category early in the

GAMP 5 2nd Edition (2022) introduces “ Category 2 ” as obsolete (previously firmware), merging its concepts into Categories 1 & 3. Risk assessments are critical here

Categorization is not a "one and done" task. If you take a Category 3 product and add a custom script to it, the entire system (or at least that module) effectively becomes Category 5. Always align your validation strategy with the present in the system to ensure patient safety and data integrity.

Imagine you are implementing a new SCADA system (Category 4).