GAMP 5 second edition. Main updates summary

In July 2022 ISPE issued the second edition of the GAMP 5 guide. Since the issuance of the first edition in 2008, multiple changes have occurred in the computerized systems, the technologies involved and their validation; Accordingly, ISPE has been issuing specific guides during these years. This full revision of the most widely used computer system management guide for GxP regulated environments, has been long awaited.


Whilst a good part of the guide keeps the structure and contents of the initial edition, several interesting new topics are introduced, together with small changes and increased detail throughout the whole guide):

  • Critical thinking: selection, definition and implementation methodology of new systems should not be based on strict structures and templates. Processes must be mapped and understood, process risks and key points must be found, and this information must be used for ensuring that the system is fit for purpose with the best implementation strategy.
  • Management of Cloud-Based systems (IaaS, PaaS, SaaS), by means of proper qualification and management of suppliers
  • Use of AGILE methodology for implementation of regulated software, including DevOps and continuous integration / continuous deployment management. (not a small move taking into account the traditional waterfall model followed.
  • New approach to System Testing, moving from a strict stage and protocol-based approach to a more flexible one, which is aligned with the Computer Software Assurance (CSA) initiative of the FDA.
  • Encouragement of software tools usage, for managing the implementation, testing and maintenance of computerized systems: from paper documentation to distributed electronic information.
  • Management of IT infrastructure, management of Machine Learning systems, Blockchain systems, etc.


As a summary, the guide has been updated to describe the state-of-the-art in the management and validation of computerized system, moving from a strict formalism to a more flexible approach, which, when correctly applied, will provide effort saving benefits to the regulated companies, whilst ensuring that the compliance level is maintained.


TDV, as leading computer system validation company, has already used in real-world projects, most of the strategies now described in the guide.