For a GxP system, How to conduct Risk impact determination? Who will drive this exercise? Who are all to be consulted? Is there anything like Risk level VsTest level Matrix?

« Back to Previous Page
7
0

Please to read the entire article.

Marked as spam
Posted by kasirajan hariraman (Discussions: 1, Comments: 1)
Replied on June 7, 2018 12:00 am
13 views
0
Private comment
There are several components to risk assessment for GXP:
See GAMP 5, ISO 14971 (Med Devices), ICH Q9, Quality Risk Management
1-High level assessment of regulatory applicability; i.e., is the system GxP, HIPPA, SOX, etc., and what is the level of criticality for the system as a whole.
2-Requirements level risk: There are a number of methodologies which might be used here (see GAMP 5) - FMEA, Hazard Analysis, Fault Trees, Impact Analysis. Depending on the type of system (e.g. SW application vs. Medical Device vs. Mfg Eqpt) and development phase (design, validation, production) one or another of these methods may be preferable. FMEA seems generally to be the most popular, at least in my experience (although not necessarily the best in all circumstances).
Marked as spam
Posted by Lou Ragni, CQE, CQA (Discussions: 0, Comments: 4)
Replied on June 7, 2018 8:00 pm
0
Private comment
3-Risk assessment is a team-based effort involving the business, quality and technical SMEs. The output of the risk assessment can be used to determine the required degree of rigor to apply in the verification of a particular requirement, based on established procedure.
Marked as spam
Posted by Lou Ragni, CQE, CQA (Discussions: 0, Comments: 4)
Replied on June 7, 2018 8:00 pm
0
Private comment
Risk assessment should be done and applied throughout the lifecycle to ensure the validation is fit for intended use. Depending on which stage and what is the purpose of risk assessment, you can any number of methodologies which are highlighted in ICH Q9, ISO 14971. Obviously FMEA is most popular but it may not be the right tool all the time.

For risk assessment, you can involve all the SMEs necessary from different functions to ensure it is thorough. However, the discussion for risk assessment should be moderated well otherwise everything will come out to be high risk which will kinda defeat the purpose of it. A good moderator is very important in my opinion.
Marked as spam
Posted by Ravindra Kumar (Discussions: 0, Comments: 2)
Replied on June 9, 2018 8:00 pm
0
Private comment
I recommend having GxP compliance drive the RA. Include the business owner, SMEs, validation lead, and implementation consultants. Start with the URS and traceability from URS to system/functional spec in a matrix. Then classify each URS as either GxP relevant our business critical. These are the higher risk requirements. All others can be informally verified, as needed. Then, using a 14971-style risk assessment, identify potential failures for each Go/business critical requirement. Include relevant hazards and outcomes. Determine severity, likelihood, and detectability for each. Establish a risk exposure level for each, then apply risk controls of design, testing, procedure controls, and contractual controls as appropriate to mitigate risk to acceptable levels. Make sure someone verifies the risk controls are implemented and they are formally tested to prove they work.
Marked as spam
Posted by Mohan V (Discussions: 0, Comments: 4)
Replied on June 10, 2018 8:00 pm
0
Private comment
Risk Impact assessment is done on various factor depends upon CSV categorization whether its regulatory or non regulatory or finance system.
Product manager,compliance office,business, Internal teams will be consulted depending upon product or project. As a basic step impact assessment for product quality,data impact, probability of failure , detectability will be calculated
Marked as spam
Posted by Mohan V (Discussions: 0, Comments: 4)
Replied on June 10, 2018 8:00 pm
0
Private comment
What are the common pitfalls that can happen in the high level risk assessment and Requirement level risk assessment?
Marked as spam
Posted by kasirajan hariraman (Discussions: 1, Comments: 1)
Replied on June 10, 2018 8:00 pm
0
Private comment
Marked as spam
Posted by kasirajan hariraman (Discussions: 1, Comments: 1)
Replied on June 10, 2018 8:00 pm
« Back to Previous Page