This article explains the GAMP Hardware Risk Categories: Standard and Custom Built.
It is based on the risk analysis criteria of errors or faults applicable in a particular category of hardware functionality.
Hardware Risk Category 1 – Standard Hardware Components- low risk
The majority of the hardware used by regulated companies will fall into this category.
Standard hardware components should be documented including manufacturer or supplier details, and version numbers to establish the GAMP Hardware Risk Category. Configuration Management and Change Control apply.
Hardware Risk Category 2 – Custom Built Hardware Components – high risk
Custom items of hardware should have a Design Specification (DS) and be subjected to acceptance testing to establish the GAMP Hardware Risk Category.
Assembled systems using custom hardware from different sources require verification confirming the compatibility of interconnected hardware components. Any hardware configuration should be defined in the design documentation and verified. Configuration Management and Change Control apply.
SUBSCRIBE AND FOLLOW US TO LEARN MORE
For more details on specific FDA expectations and how to determine the GAMP Hardware Risk Category, follow us.

Three (3) Options to Create a Computer System Validation Protocol:
Option 1. You Can Create a CSV Protocol, using a Template.
You can download samples of the validation templates in .pdf format.
To see the complete list of the most popular validation templates, click here.
In addition, you can request a quotation to buy online a full validation template document in MS Word format that is completely editable, ready to fill, and adapt to your needs to determine the GAMP Software Risk Category.
Option 2. We Can Bring You a Formal Training on How to Perform Computer System Validation Using Our Template(s).
This option is recommended if you want to learn more about how to build a robust validation protocol. One of our expert(s) will provide online step-by-step training to your team (unlimited assistance) on how to build a reliable validation protocol using a template. You can improve your corporate validation procedures and policies incorporating our template sections. It includes the template, an exam, and a training certificate for each assistant. Request a quote now.
Option 3. We Can Create a Customized Computer System Validation Protocol.
One of our expert(s) will create and prepare for you a customized validation protocol with the inputs and specific information of your company. It may include, online support in document creation, execution, or final reporting, Request a quote online.
References: GAMP Hardware Risk Category
https://www.fda.gov/media/73141/download
Food and Drug Administration References
- Glossary of Computerized System and Software Development Terminology (Division of Field Investigations, Office of Regional Operations, Office of Regulatory Affairs, FDA 1995)
- General Principles of Software Validation; Final Guidance for Industry and FDA Staff (FDA, Center for Devices and Radiological Health, Center for Biologics Evaluation and Research, 2002)
- Guidance for Industry, FDA Reviewers, and Compliance on Off-The-Shelf Software Use in Medical Devices (FDA, Center for Devices and Radiological Health, 1999)
- Pharmaceutical CGMPs for the 21st Century: A Risk-Based Approach; A Science and Risk-Based Approach to Product Quality Regulation Incorporating an Integrated Quality Systems ApproachExternal Link Disclaimer (FDA 2002)
- https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application
- https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1
Industry References
- The Good Automated Manufacturing Practice (GAMP) Guide for Validation of Automated Systems, GAMP 4 (ISPE/GAMP Forum, 2001) (http://www.ispe.org/gamp/)
- ISO/IEC 17799:2000 (BS 7799:2000) Information technology – Code of practice for information security management (ISO/IEC, 2000)
- ISO 14971:2002 Medical Devices- Application of risk management to medical devices (ISO, 2001)
|