GAMP 4 classifies standard software as category 3 and requires for it: recording of the version (and of the environment configuration) and verification of the performance against the user requirements. Here, it has to be determined whether the requirements laid down by the software provider coincide with the customer’s own requirements. In the end, a risk assessment has to decide about the question which scope of validation is necessary (certainly the scope will be narrower than for category 4 software).
