While GAMP 5 is famous for its explicit risk-based approach, GAMP 4 introduced the concept of "Risk Assessment" as a tool to determine the extent of validation. It utilized a matrix to match system criticality against system complexity (Novelty/Complexity/Impact) to decide how much documentation and testing were necessary.
| Category | Description | Example | |----------|-------------|---------| | | Operating systems | Windows, Linux | | 2 | Firmware | Embedded controllers | | 3 | Standard software packages | Off-the-shelf LIMS | | 4 | Custom/bespoke applications | In-house code | gamp 4 guidelines