3 things we learned at this year's ISPE GAMP forum

The annual GAMP forum hosted by the International Society of Pharmaceutical Engineering (ISPE) is the perfect event for keeping up-to-date with the requirements and challenges of Good Automated Manufacturing Practice.

Implementation Manager Liam Pollard helps Qualsys customers from a range of industries build and validate electronic quality management systems around the principles of GAMP.

Last week Liam made his yearly trip to the GAMP forum at AstraZeneca's Macclesfield site.

Here are his 3 key takeaways from the 2019 forum.


AstraZeneca GAMP



1. Culture is predator and prey


At Qualsys we say it time and time again: 

Building complex and granular quality processes is great. But without a supportive culture of quality and staff engagement, the whole thing falls apart quickly.

Julie Avery, Director of Human Factors at GlaxoSmithKline, echoed this sentiment at the GAMP forum. 

Julie found that embedding GAMP principles at GSK relies on creating the proper culture for staff to understand and follow GAMP's requirements.

But to put the right culture in place, the problem of 'psychological safety' had to be tackled first.

Julie went so far as to revise management guru Peter Drucker's famous 'culture eats strategy for breakfast' with this:


Psychological safety


Culture eats strategy for breakfast, but psychological safety eats culture for lunch.

In other words: defensiveness, fear of admitting mistakes and resistance to change are all powerful factors which stand in the way of a GAMP-supportive quality culture.

Julie recommended:


  • Asking how a deviation or error occurred, rather than why, to encourage a more forthcoming and less defensive answer
  • Recording and openly discussing common 'traps' in manufacturing processes, to make staff less likely to fall into them and less guilty if they do
  • Scheduling frequent 'continuous improvement' 1-on-1 time for candid discussion and issue-fixing
  • Solving problems as a team with frequent 'after-action reviews'
  • Bringing QMS documents to life with frequent observation walks and info-sharing


Creating an environment where people can admit to mistakes and work together to fix them is for GSK the key to cementing good automated manufacturing practice.


2. Electronic systems are absolutely vital


90% of the world's data was created in the last 2 years.

This fact perfectly highlights the explosion of data taking place in the modern age.

The main development for the 'healthcare paradigm', as AstraZeneca's IT Capability Lead Liz Nevin calls it, will be leveraging and connecting this data for the good of the patient and of data integrity.

AstraZeneca is embracing the shift to electronic quality management, and saw an increase in right-first-time manufacture from 74% to 95% after transitioning to paperless batch records.

Organisations chasing GAMP, pharmaceutical or not, have an unprecedented amount of quality, manufacturing and process data at their fingertips.

Thinking how to capture and apply the data you want will be a huge step towards achieving GAMP at any business.


See how one of our customers uses EQMS for GAMP 5 Category 4 compliance


risk management software


3. You will be hacked


James Gannon, Digital Protection Officer at Lyfegen, delivered this sobering news at the GAMP forum.

Instead of treating hacking as a preventable risk, GAMP organisations need to assume the worst and consider how to minimise the impact of any cyber incursion when it does happen.

An organisation which didn't do this was Medtronic, the world's largest medical device company.

Their MiniMed insulin pumps cleared the 510(k) hurdle and hit the market - until a hack revealed the capability for cyber criminals to remotely control the pumps, with potentially fatal consequences for patients. An expensive national recall was ordered.

Rather than treating GAMP quality validation and cyber security as 2 separate streams, CSV professionals need to understand cyber security and embed it into each stage of product development.

Hacking is now more widespread and nefarious than it's ever been. Organisations like Zerodium sell vulnerability information, while the Chinese state's PLA Unit 61398 is solely focused on conducting cyber incursions.

At a hacking conference in Las Vegas this year, every single medical device presented was successfully hacked. 

The FDA is gradually becoming aware of this problem, including cyber security management guidance in its premarket submission processes. 

Key questions for businesses to ask themselves include:


  • Is cyber security integrated into our CSV practices?
  • Are our security requirements baked into our user requirements?
  • When we are hacked, what steps will we take to guarantee the continued integrity of our product and of patient safety?


If you haven't considered these questions, begin your cyber security risk assessments now.


See how we approach computer system validation


Next steps


Download our GAMP validation booklet:

Validation for ISO 13485 software

Topics: FDA, GxP Pharmaceutical Regulation, GAMP, Data integrity, Computer systems validation, ISPE

Share your thoughts on this article