GAMP 5 - Good Automated Manufacturing Practice
GAMP 5 (Good Automated Manufacturing Practice 5) is the INTERNATIONAL SOCIETY FOR PHARMACEUTICAL ENGINEERING (ISPE) flagship guide for Computerised Systems Validation in GxP-regulated environments (pharmaceutical + medical device + biotech + healthcare manufacturing + laboratories). Current edition GAMP 5 SECOND EDITION published July 2022 + supersedes the 2008 First Edition. KEY CONCEPTS: (a) RISK-BASED APPROACH - effort proportional to risk + complexity + regulatory impact; (b) LIFE CYCLE APPROACH - V-Model lifecycle with Specification + Verification phases mirrored; (c) CRITICAL THINKING - applying judgment over checkbox compliance; (d) LEVERAGE SUPPLIER INVOLVEMENT - reduce duplication via supplier qualification + documentation reuse + audit; (e) SCALABILITY - approach scales from small bench instruments to enterprise ERP/MES; (f) GxP regulatory alignment - 21 CFR Part 11 (FDA Electronic Records + Electronic Signatures) + EU Annex 11 (Computerised Systems) + ICH Q9 Quality Risk Management + ICH Q10 Pharmaceutical Quality System + FDA Computer Software Assurance (CSA) 2023 Draft Guidance. 5 SOFTWARE CATEGORIES (Appendix M4): Category 1 INFRASTRUCTURE (operating systems + databases + network); Category 2 was deprecated in 1st Edition; Category 3 NON-CONFIGURED PRODUCTS (commercial off-the-shelf); Category 4 CONFIGURED PRODUCTS (commercial with configuration); Category 5 CUSTOM APPLICATIONS (in-house developed). 2ND EDITION (2022) UPDATES: AI + machine learning systems; cloud + SaaS; agile + iterative development; DevOps; data integrity by design; explicit critical thinking emphasis; data integrity ALCOA+ deepening; computer software assurance (FDA CSA Draft Guidance 2022) alignment + replacing some traditional CSV. APPLICATION: typical implementation includes URS (User Requirements Specification) + FS (Functional Specification) + DS (Design Specification) + IQ (Installation Qualification) + OQ (Operational Qualification) + PQ (Performance Qualification) + Traceability Matrix + Risk Assessment + Change Control + Periodic Review + Data Integrity Controls + Decommissioning. AUDITORS: FDA + EMA + MHRA + PMDA + Health Canada + Brazilian ANVISA + China NMPA + other regulators inspect against GAMP 5 + Part 11 + Annex 11 + national regulations.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (7)
GAMP 5: 2nd Edition (2022) - AI/ML + Cloud + Agile + DevOps + Computer Software Assurance (CSA)
| Code | Title |
|---|---|
| GAMP5-2nd-Edition-AI-Cloud-Agile-CSA | 2nd Edition (2022) - AI/ML, Cloud, Agile, DevOps and Computer Software Assurance (CSA) |
GAMP 5: 5 Software Categories (Cat 1 Infrastructure, Cat 3 Non-Configured, Cat 4 Configured, Cat 5 Custom)
| Code | Title |
|---|---|
| GAMP5-Software-Categories | 5 Software Categories (Appendix M4) - Infrastructure, Non-Configured, Configured, Custom |
GAMP 5: Data Integrity (ALCOA+), Electronic Records and 21 CFR Part 11 / EU Annex 11
| Code | Title |
|---|---|
| GAMP5-DataIntegrity-Part11-Annex11 | Data Integrity (ALCOA+), 21 CFR Part 11 + EU Annex 11 + Electronic Records |
GAMP 5: ISPE Guide Status, Copyright, GxP Regulatory Coordination and 2024-2025 Updates
| Code | Title |
|---|---|
| GAMP5-CrossMapping-NIST-ISO | Crosswalk to NIST CSF, ISO 27001/27017, ISO 13485 (Medical Devices) and ITIL |
| GAMP5-Crosswalk-ICH-FDA-EMA-MHRA | Crosswalk to ICH Q9/Q10, FDA Part 11, EU Annex 11, MHRA Data Integrity and Sectoral Standards |
| GAMP5-ISPE-Status-Copyright-Coordination | ISPE Guide Status, Copyright, GxP Regulatory Coordination and 2024-2025 Updates |
| GAMP5-Implementation-Roadmap | GAMP 5 Implementation Roadmap - Organizational Roles, Training and Tooling |
| GAMP5-Status-2024-2025-CSA-AI | GAMP 5 Status, FDA CSA Final Guidance and AI/ML in Pharma 2024-2025 |
GAMP 5: Risk-Based Approach, Critical Thinking and 5 Key Concepts
| Code | Title |
|---|---|
| GAMP5-Risk-CriticalThinking | Risk-Based Approach, Critical Thinking and 5 Key Concepts |
GAMP 5: Supplier Assessment, Operational Phase, Change Control and Periodic Review
| Code | Title |
|---|---|
| GAMP5-Supplier-Operations-Change-Periodic | Supplier Assessment, Operational Phase, Change Control and Periodic Review |
GAMP 5: V-Model Lifecycle and Specification Documents (URS, FS, DS, IQ, OQ, PQ)
| Code | Title |
|---|---|
| GAMP5-Lifecycle-VModel-URS-FS-DS-IQOQPQ | V-Model Lifecycle - URS + FS + DS + IQ + OQ + PQ + Traceability |
Your Compliance Coverage
If you comply with GAMP 5 - Good Automated Manufacturing Practice, you already cover:
Annex 11 to EU GMP - Computerised Systems
45%
5 controls mapped
Compare →OWASP Top 10:2025
36%
4 controls mapped
Compare →OWASP DevSecOps Maturity Model (DSOMM)
36%
4 controls mapped
Compare →+ 88 more: Azure Security Benchmark (36%), AWS Well-Architected Security Pillar (36%)
See all 91 mapped frameworks ↓Maps to 91 other frameworks
Frequently Asked Questions
What is GAMP 5 - Good Automated Manufacturing Practice?
GAMP 5 - Good Automated Manufacturing Practice is a compliance framework from International with 7 domains and 11 controls. GAMP 5 (Good Automated Manufacturing Practice 5) is the INTERNATIONAL SOCIETY FOR PHARMACEUTICAL ENGINEERING (ISPE) flagship guide for Computerised Systems Validation in GxP-regulated environments (pharmaceutical + medical device + biotech + healthcare manufacturing + laboratories). Current edition GAMP 5 SECOND EDITION published July 2022 + supersedes the 2008 First Edition. KEY CONCEPTS: (a) RISK-BASED APPROACH - effort proportional to risk + complexity + regulatory impact; (b) LIFE CYCLE APPROACH - V-Model lifecycle with Specification + Verification phases mirrored; (c) CRITICAL THINKING - applying judgment over checkbox compliance; (d) LEVERAGE SUPPLIER INVOLVEMENT - reduce duplication via supplier qualification + documentation reuse + audit; (e) SCALABILITY - approach scales from small bench instruments to enterprise ERP/MES; (f) GxP regulatory alignment - 21 CFR Part 11 (FDA Electronic Records + Electronic Signatures) + EU Annex 11 (Computerised Systems) + ICH Q9 Quality Risk Management + ICH Q10 Pharmaceutical Quality System + FDA Computer Software Assurance (CSA) 2023 Draft Guidance. 5 SOFTWARE CATEGORIES (Appendix M4): Category 1 INFRASTRUCTURE (operating systems + databases + network); Category 2 was deprecated in 1st Edition; Category 3 NON-CONFIGURED PRODUCTS (commercial off-the-shelf); Category 4 CONFIGURED PRODUCTS (commercial with configuration); Category 5 CUSTOM APPLICATIONS (in-house developed). 2ND EDITION (2022) UPDATES: AI + machine learning systems; cloud + SaaS; agile + iterative development; DevOps; data integrity by design; explicit critical thinking emphasis; data integrity ALCOA+ deepening; computer software assurance (FDA CSA Draft Guidance 2022) alignment + replacing some traditional CSV. APPLICATION: typical implementation includes URS (User Requirements Specification) + FS (Functional Specification) + DS (Design Specification) + IQ (Installation Qualification) + OQ (Operational Qualification) + PQ (Performance Qualification) + Traceability Matrix + Risk Assessment + Change Control + Periodic Review + Data Integrity Controls + Decommissioning. AUDITORS: FDA + EMA + MHRA + PMDA + Health Canada + Brazilian ANVISA + China NMPA + other regulators inspect against GAMP 5 + Part 11 + Annex 11 + national regulations. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does GAMP 5 - Good Automated Manufacturing Practice have?
GAMP 5 - Good Automated Manufacturing Practice has 11 controls organised across 7 domains. The largest domains are GAMP 5: ISPE Guide Status, Copyright, GxP Regulatory Coordination and 2024-2025 Updates (5 controls), GAMP 5: 2nd Edition (2022) - AI/ML + Cloud + Agile + DevOps + Computer Software Assurance (CSA) (1 controls), GAMP 5: 5 Software Categories (Cat 1 Infrastructure, Cat 3 Non-Configured, Cat 4 Configured, Cat 5 Custom) (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does GAMP 5 - Good Automated Manufacturing Practice map to?
GAMP 5 - Good Automated Manufacturing Practice maps to 91 other compliance frameworks. The top mapping partners are Annex 11 to EU GMP - Computerised Systems (45% coverage), OWASP Top 10:2025 (36% coverage), OWASP DevSecOps Maturity Model (DSOMM) (36% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with GAMP 5 - Good Automated Manufacturing Practice compliance?
Start your GAMP 5 - Good Automated Manufacturing Practice compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about GAMP 5 - Good Automated Manufacturing Practice requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 11 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required