1. Executive Summary GAMP 5 (Good Automated Manufacturing Practice) provides a risk-based approach to validating computerized systems in the pharmaceutical, biotech, and medical device industries. Central to GAMP 5 is the software categorization framework , which classifies software based on its complexity, criticality, and intended use. This feature explores each category in depth, offering practical guidance on validation rigor, documentation, and common pitfalls. Core principle: More inherent risk and complexity → More stringent validation evidence required. 2. The Four GAMP 5 Software Categories | Category | Type | Description | Examples | |----------|------|-------------|----------| | 1 | Infrastructure Software & Tools | Operating systems, database engines, middleware, network monitoring tools | Windows Server, SQL Server, VMware, antivirus | | 3 | Non-Configured Products | Off-the-shelf software used with standard settings; no configuration to meet business process | Off-the-shelf lab balance software, firmware, simple instrument drivers | | 4 | Configured Products | Software that requires configuration (but no code modification) to support specific business processes | ERP (SAP), LIMS, MES, electronic batch recording systems | | 5 | Custom / Bespoke Applications | Software designed and coded specifically for the organization | In-house Python scripts, custom C# applications, Excel macros with VBA (depending on complexity) | Note: GAMP 5 2nd Edition (2022) introduces “ Category 2 ” as obsolete (previously firmware), merging its concepts into Categories 1 & 3. 3. Category-by-Category Deep Dive Category 1 – Infrastructure Software & Tools Risk level: Low (when used as intended) Validation approach: Not validated individually – qualified as part of infrastructure qualification.