The focus of the Risk Assessment process is to assess those risks associated with the post-validation operation of the System within CUSTOMER. Functions of the System will be evaluated against several characteristics that impact the risk of using that function.
Overall risk of a function will be determined by combining the evaluation results of multiple risk factors. By combining the likelihood that an adverse event would occur during the function, with the severity of that adverse event, a risk classification number will be applied to the process. This risk classification number is then compared to the probability of detection of that event to give an overall risk priority to the function. This overall prioritization level of high, medium or low will then be utilized by the validation team to focus the validation effort to those areas and functions that most require it.
This step determines if the System function or sub-function represents a risk when assessed against a series of GxP and/or business criteria. On the Risk Assessment form the identified function or sub-function will be identified within the relevant business section as GxP, business or both.
Following the evaluation of the risk relevance, events associated with the use of the System that identify the risk, will be determined. On the Risk Assessment form an adverse event description will be provided to identify the event scenario.
This step will determine the likelihood, or probability, that the adverse event would occur during use of the System. Likelihood of adverse event occurrence will be represented on the Risk Assessment form as follows:
Severity of Impact
This step will assess the effects of an adverse event in terms of short and long term impact on the business and regulatory compliance. Impact of an adverse event will be represented on the Risk Assessment form as follows:
Having assigned the likelihood of the risk occurring and the level of impact that each event may have, the risk will be classified through the use of the matrix shown below.
Probability of Detection
The purpose of this step in the assessment process is to identify if the risk event can be recognized or detected by other means in the system. The probability of a risk being detected will be estimated and recorded on the Risk Assessment form as follows:
By combining the Risk Classification with the Probability of Detection, the associated function which poses the adverse event can be assessed a priority level in order to focus the validation efforts to mitigate the risk.