Risk Management
Quality Assurance - CSV - Software Validation
This is the fifth in a series of posts on general aspects of Computerized Systems Validation (CSV) and is about risk management.
Identify
Risk management within the validation project starts already at the very beginning with the initial assessments which we discussed in the first post. Our focus here in this post will be on a more detailed level on the different functional areas of the system. By this time you should already have different sources of input to identify potential risks e.g. product & process knowledge, user requirements, vendor assessment, GxP criticality and complexity of the system.
Analyze
There are different methods and tools to analyze and quantify identified risks. The GAMP guideline which is widely used in the life science industry heavily relies on the Failure Mode Effects Analysis (FMEA) method for this purpose. While this works well for complex systems that are tailored to fit a specific purpose, it becomes very time consuming while adding little value for a large portion of systems which are commercial-off-the-shelf. Note that risk management does not necessarily mean applying complex formulas as the new Computer Software Assurance guideline from the FDA demonstrates.
Control
When you have differentiated the functional areas that are low risk from those that are higher risk, it is time to find ways to control these risks. Following are strategies to control risk
- adaptation of the system design
- adaptation of the way of working including training of personnel to new procedures
- putting in place controls which allow early detection of a potential harm
Review
At the end of the project, the implemented controls should be reassessed for their efficacity. Risk management should also not be limited to the validation project but should be monitored throughout the systems lifecycle when changes occur, when problems arise, during periodic review, etc.
Conclusion
Risk management within a validation project is often seen as an extra burden required for regulatory compliance reasons while it is meant to be a tool for you to do things more efficiently, saving on time and resources while keeping the same level of quality and compliance when done correctly. Contact us for a free first consultation session.