®
1 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
Embedding GAMP Compliance
into the Digital Health
Software
Dr. Sriram Rajagopalan
We will be starting the webinar shortly, please stand by…
All phones will be automatically on mute until the Q&A.
Webinar Starts at 10:00 AM Eastern Time Zone

®
®
Meet the Speaker
Dr. Sriram Rajagopalan
Enterprise Agile Evangelist
Education
Work
Experience
Training & Certification
Facilitating
Experience
PhD, MBA, MS, BE
PARP, PfMP, PgMP,
PMP, SP, RMP, ACP,
CSM, CSPO, ACC,
CSD, SCT, CSOXP,
SSBB, Instructional
Designer, Speaker,
Writer, and Author
Software Engineer,
Team Leader,
Business Analyst,
Project Manager,
Scrum Master, Agile
Coach, Director, Vice
President
Institutions in the
US, India, UK,
Canada,
Switzerland,
Brazil, & Vietnam

®
3 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Introduction
 Today’s webinar takes an exclusive focus on the Generation
Automation Manufacturing Protocol (GAMP)
 We will connect with Computer System Assurance (CSA),
Software Development Life Cycle, and Product/Project Lifecycle
(PLC)
 Our webinar is part of the Thought leadership series
 The webinars may introduce the concept using a tool

®
4 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Journey Map
GAMP
SDLC /
PLC
CSA
SpiraPlan
Disclaimer

®
5 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Drug Development Pipeline
This Photo by Unknown Author is licensed under CC BY
MANAGEMENT OF
SCIENCE
STAGES OF
DISCOVERY
SUPPLY CHAIN

®
®
So, Why is GAMP?

®
7 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
Lessons Learned on Adverse Effects
Uncontrolled science in an unregulated market is a recipe for disaster
This Photo by Unknown Author is licensed under CC BY-SA-NC
This Photo by Unknown Author is licensed under CC BY-ND

®
®
Pre-Clinical Trials
Clinical Trials
Drug Approval
Post-Approval Assessment
1. Each stage is loaded with uncertainty
2. Experimentation still needs a measurable objective
3. There are cost considerations in every stage
4. Management has criteria for entry and exit
5. Different people engage at different phases
6. There are legal and regulatory implications
Stages of Drug Development

®
®
> 2020
CSA Coming Soon
to any Software Near You
1991 -
2000
GAMP - 1, 2, and 3
21 CFR 820, 11 (D1)
CDER, CDRH, and CBER (CSV Use)
ISO 14971
<
1970
ISO
HACCP
2001 - 2010
21 CFR Part 11 (D2)
GAMP 4 and 5
1970 -
1990
ISPE
ISO 9001
ICH
Projected Timeline for Standards
One pattern you will continue to see increasingly prominent is the focus of “Risk Management”

®
10 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Bioaglityix (n.d.). Retrieved May 11, 2020, from https://www.bioagilytix.com/quality/good-laboratory-practices-glp/
GLP
Uniformity
Consistency
Reliability
Reproducibility
Quality
Integrity
Pre-clinical trials succeed only if they can prove that the NCE is checked
against safety, toxicity, pharmacokinetics, or metabolism in humans
A pre-requisite legal mandate is the assessment of the drug’s
mechanism of action (MOA) for risks to primary organ toxicity as well
as risks to potential organs of similar tissue or appropriate to the drug
GMP
Adherence
Quality
Stability
Safety
Sustainability
Integrity
Needs a person
with both business
acumen and detail
orientation
Generally accepted Processes

®
11 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Why does GAMP matter?
Proximity of the
Technology to
the Patient
Increasing
Digital Threats
Integration of
Innovative
Technology
Sustainability of
the Services
Castro E Melo JAGME, Faria Araújo NM. Impact of the Fourth Industrial Revolution on the Health Sector: A Qualitative Study. Healthc Inform Res. 2020 Oct;26(4):328-334. doi:
10.4258/hir.2020.26.4.328. Epub 2020 Oct 31. PMID: 33190467; PMCID: PMC7674813.
We are evolving from Software in Medical Devices (SiMD) to Software as a Medical Devices (SaMD)
Technological Convergence is impacting what I call as 4S (Safety, Stability, Sustainability, Security) in everything

®
12 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
GAMP Categories
GAMP
Class
Category Validation Action
1 Operating Systems Record Version
2 Instruments and Controllers Record Configuration and Calibration
3 Configurable Packages Audit supplier and validate any bespoke
code
4 Systems that are code or part of the code
that are configurable
Audit supplier and code, validate any
bespoke code and configure for full lifecycle
requirements
5 Expanded to COTS configurable* software
and tools that combine with systems and
bespoke code applying predicate rules and
information
Audit supplier, Validate all code, apply full
life cycle requirements*
* Ideas adapted from GAMP 5 (n.d.) Validation.net. Retrieved Jan 12, 2023 from https://www.validation-online.net/GAMP-5.html#gsc.tab=0 and modified/expanded with subjective interpretation

®
13 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
GAMP 5 Focus
Guide computerized systems
achieve ‘fit for intended use’
and meet regulatory
requirements by building on
industry good practice in an
efficient and effective manner
Patient Safety
Thinking from the end user
Product Quality
Incorporating Quality by Design)
Data Integrity
Transparency to Data Integrity from inception to retirement
1
2
3

®
14 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
GAMP Impact & Influencers
Effective
Governance of
Various Artifacts
Quality By Design Continuous Quality
Improvement
Critical to Quality
Attributes
Improving GxP and
Scaling Compliancy
Configurable
Systems and
Development
Use of
Documentation and
Knowledge
Managing Supplier
Relationship
Scientific Approach
to Risk
Management
Life Cycle Adoption

®
15 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
GAMP Impact & Influencers
Where does GAMP apply?
• Information Systems
• Computerized Laboratory Equipment
• Integrated Manufacturing Systems
• IT Infrastructure
What does GAMP focus?
• Aligning procedures & policies
• Reducing Cost of Compliance
• Bringing Fitness for Use thinking
• Integrating Artifacts for Quality
• Understanding Risks to delivery or not

®
16 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
GAMP Structure
 GAMP is principle driven framework leveraging many GxP
guides
GAMP
Structure
Guidelines
1
Good Practices
2
Guardrails
3
• Product Management
• Systems Development
• Projects & Operations
• Risk & Quality
Management
• Laboratory &
Manufacturing
• Life Cycle Process
Controls
• Testing and Automation
• Traceability & Auditability
• Training Materials
• Documentation
• Industry Precedents
• Templates
* This is Dr. Sriram Rajagopalan’s interpretation

®
17 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Computer Software Assurance
Evolution of Testing
• Traditional Validation measured absence of errors with multiple test runs and capturing screenshots for success and
failure scenarios
• Modern Testing measures the number and severity of issues detected using scripted and unscripted techniques
requiring screenshots only for failures
Integrated System Interfaces
• Supplier Assessment Program for the supplier processes and controls besides testing of their work packages
• Strong Internal change control process for both verification (things unchanged) and validation (things changed)
Repeated Evaluation of Risk / Governance Based on Internal Processes & Procedures
• Reference to detail procedures rather than repeating test steps
• Be critical about the evidence required for lifecycle activities
Adapting Lean Thinking to increase confidence of quality
• Create less documents and increase risk based testing (higher confidence for systems and interfaces)
• Validate with the end in mind for fitness for purpose

®
18 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Connection to SDLC
Product Knowledge Process Knowledge Regulatory Requirements Company Quality*
Plan
Do
Check
Act
Issue
Rule
Analysis
Conclusion
DESIGN
*Includes governance and system specific activities
Walbolt, S., Ale, D.W. (2018). The Ten Commandments of Writing an Effective Appellate Brief. Retrieved May 10, 2020, from https://www.carltonfields.com/Libraries/CarltonFields/Documents/2018/the-ten-commandments-of-writing-an-effective-appellate-brief.pdf

®
®
Project/Product Management Life Cycle
Idea initiated
Project selection Skill Assessment
Progressive Planning
Health Check
Training & Closure
Launch
Operational Excellence
Monitor & Control
Continuous
Improvement
Project & Team Kick off

®
20 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Risk
Management
Relationship: GAMP, SDLC, & CSA
User Requirements
Functional
Specifications
Design Specifications
Development
Installation
Qualification
Operational
Qualification
Performance
Qualification
PQ Verification
OQ Verification
IQ Verification
DQ Verification

®
21 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
®
Types of Quality Activities
Unscripted Testing
• Ad-hoc Testing – Undocumented Testing
• Error Guessing – Testing based on testers knowledge of failures
• Exploratory Testing – Experiential testing for unanticipated
patterns
Scripted Testing
• Robust Scripting – Testing for Traceability and Auditability
• Risk Based Testing – Combination of scripted and unscripted
testing
Food and Drug Administration (2022, September 13). Computer Software Assurance for Production and Quality System Software: Draft Guidance. Retrieved November 13, 2022, from https://www.fda.gov/media/161521/download

®
22 | 4/1/2023 © Copyright 2006-2018 Inflectra Corporation
SpiraPlan Demo
Customizable
Workflows
Electronic
Signature
Risk
Management
Unscripted
Testing

®
®
Summary
• Framework
• Applies to Life Sciences
• CSA focus extends to any industry
• Centered around Risk Management
GAMP
• Customizable Workflows
• Electronic Signatures
• Lifecycle approach to Quality
• Integrated Risk Management
SpiraPlan

®
®
Q & A
Webinar Administration
Ms. Thea Maisuradze
marketing@inflectra.com
Content
Email support@inflectra.com
Tag your question with the webinar title from Dr.
Sriram Rajagopalan