German
€0.00*
Feature
German

Alternative Approach to Risk Assessment of Computerised Systems

  • LOGFILE Feature

Excerpt form the GMP Compliance Adviser, Chapter 9.D.2.2

9 min. reading time | by Dennis Sandkühler
Published in LOGFILE 26/2021

On the basis of the process-related requirements set out in the specifications, ISPE GAMP® 5 provides for a process risk analysis to identify risks relating to patient safety, product quality, data integrity and compliance requirements.

The aim is to obtain an indication of the risk that a requirement entails and whether further risk-minimising measures are required.The application of the Golden Circle method produces the following tasks required to achieve the goal of risk assessment of computerised systems:

  1. Create a user requirements specification (URS) with all regulatory and process requirements
  2. Identify unwanted effects and add the necessary risk-minimising measures as requirements in the URS
  3. Assign software and hardware category as per ISPE GAMP® 5 definition to the requirements set out in the URS
  4. Determine the GxP relevance for each requirement
  5. Determine the risk priority number
  6. Evaluate the risk priority number

Steps 1–3 are already described in 9.D.1 System classification as per ISPE GAMP® 5 and 9.E Validation of computerised systems and are therefore only briefly summarised here. Determination of GxP relevance, calculation of the risk priority number and its possible evaluation (steps 4–6) are explained below.

As a rule, computerised systems are made up of modules, components and functions that can be assigned to different software categories as per ISPE GAMP® 5 for fulfilment of a requirement . For example, an individually programmed interface is assigned to software category 5, while a standard monitoring system without configuration correlates to software category 3. For the risk assessment, each requirement can therefore be considered and evaluated separately.

Risk analysis methods can be used to identify potentially unwanted effects or missing requirements. The results should be added iteratively as a requirement in the URS and also subjected to a risk assessment.

 

Step 4: Determination of GxP relevance

ISPE GAMP® 5 provides a number of examples of risk assessment, but is not specific in terms of information concerning risk priority or the impact of unwanted effects on patient safety, product quality and data integrity of a computerised system. ISPE GAMP® 5 thus ultimately only follows the formulation of ICH Q9, to define qualitative descriptions such as “high”, “medium” or “low” in as much detail as possible. Quotations to this effect can be found in Figure 9.D-4.

 

Figure 9.D-4 Statements of ICH Q9 and ISPE GAMP® 5 on the classification of risks

 

As part of computer system validation, it is important to determine whether a function of the system can have an impact on patient safety, product quality and data integrity and is therefore GxP relevant. Another important aspect is whether a malfunction can have an indirect or direct influence. Where the risk of malfunction cannot be eliminated by technical measures, monitoring should be implemented and correction should be possible.

With the introduction of GxP relevance as an example of a risk-describing variable, the aspects that have been set out can be differentiated into five levels (Figure 9.D-5). These levels should be specified in greater detail by each user for their own particular risk management process.

 

Figure 9.D-5 Definition of GxP relevance

 

Step 5: Calculation of the risk priority number

The risk priority number for a requirement from the specifications for a computerised system is calculated from the ISPE GAMP® 5 category of the system and the GxP relevance as follows:

Risk priority number (RPN) = (ISPE GAMP® 5 category) x (GxP relevance)

 

Figure 9.D-6 Risk priority numbers from ISPE GAMP® 5 category and GxP relevance

 

Step 6: Evaluation of the risk priority number

The need for technical or organisational measures for the minimisation of risk is determined on the basis of the risk priority number for the requirement in question.

An example of a scheme for determination of the need for measures is shown in Figure 9.D-7.

 

Figure 9.D-7 Acceptance criteria and need for measures

 

This means that for requirements that have a risk priority number < 5, no technical or organisational measures are required and a simple functional test is sufficient. By contrast, measures are necessary for requirements with a risk priority number ≥ 15. For requirements with risk priority numbers between > 5 and < 15, measures are recommended.


Do you have any questions or suggestions? Please contact us at: redaktion@gmp-verlag.de

Dr. Dennis Sandkühler
Dr. Dennis Sandkühler Written on 28 June 2021

You may also be interested in the following articles:

How is a QRM process initiated?
Question of the Week

How is a QRM process initiated?

You can view the answer here:
Read more
FDA: Updated Pre-RFD Guidance for Combination Products
News

FDA: Updated Pre-RFD Guidance for Combination Products

The U.S. FDA has released an updated final guidance on preparing a Pre-Request for Designation (Pre-RFD), replacing the previous 2018 version. The revised document provides new recommendations for interacting with the Office of Combination Products (OCP) and clarifies expectations for Pre-RFD submissions.
Read more
EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs
News

EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs

The EDQM has introduced a modular training programme covering chemically defined active substances and medicinal products. It will take place between 1 and 12 December 2025.
Read more
Previous
Next

Related Products

Skip product gallery
GMP Compliance Adviser | Named User Licence | 12M

GMP Compliance Adviser | Named User Licence | 12M

The GMP Compliance Adviser is an online publication that covers all aspects of Good Manufacturing Practice (GMP) in one source.In the GMP Compliance Adviser you’ll find: GMP in Practice This part contains 21 chapters with GMP expert knowledge to base your decisions upon. It provides practical assistance with checklists, templates and SOP examples. It is written by more than 80 authors with hands-on experience directly linked to the industry. The individual chapters describe the different aspects of GMP in clear language. Technical, organizational and procedural aspects are covered.More than 700 checklists, templates and examples of standard operation procedures taken directly out of practice help you in understanding the GMP requirements.GMP RegulationsThese chapters cover the most important GMP regulations from Europe and the United States (CFR and FDA), but also PIC/S, ICH, WHO and many more.  Sample Documents In addition, the GMP Compliance Adviser contains many sample documents and practical examples that you can use.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€1,335.00 net excl. VAT
Details
GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

Your knowledge base about GDP-compliant handling of your pharmaceutical logistics. It is important that you as a logistics service provider, but also as a client in the pharmaceutical industry, adhere precisely to the regulatory requirements. The GMP:KnowHow knowledge portal guides you through the regulatory jungle of the pharmaceutical and logistical supply chain! The knowledge portal gives you an easy-to-understand overview of all the important topics. Using graphics, you can easily navigate through all the areas covered by the EU GDP Guidelines (2013/C 343/01). You also have the relevant passages of the regulations directly at hand for each topic. This allows you to compare the requirements directly and saves you a lot of time on time-consuming searches and research!One thing is certain: the knowledge portal answers your questions about the supply chain of medicinal products, active pharmaceutical ingredients and medical devices. You don't have to be an expert. Yet.You will find answers to your questions in the GMP:KnowHow Pharma Logistics (GDP). Where does GDP begin, where does GMP end? What does GDP-compliant mean? When do I also have to take GMP requirements into account? What permits do I need for certain activities? What requirements do I have to fulfil? What is the current legal basis? How am I covered? What authorizations do I have for my work, e.g. from my employer? Who is responsible — the client or the contractor? And many more What is the difference to the GMP Compliance Adviser? The GMP:KnowHow Pharma Logistics (GDP) is your guideline for Good Distribution Practice. It is a product that is independent of the GMP Compliance Adviser and concentrates on content that is essential for carriers of medicinal products, active pharmaceutical ingredients and medical devices as well as for logistics clients. The focus is on practical knowledge and how to apply it in your daily business. If necessary, the relevant regulations can be called up immediately alongside the practical knowledge, and you can see the relevant paragraphs at a glance. In addition, sample documents are available to help you make immediate progress. AuthorSimone Ferrante – now Director Quality at Fisher Clinical Services – was previously Head of Quality Control and Responsible Person according to GDP (VP) for the entire Grieshaber Group. She is also a long-standing author and GDP expert at GMP-Verlag.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€610.00 net excl. VAT
Details
E-Learning GMP:READY | GMP for Engineers Online Course

E-Learning GMP:READY | GMP for Engineers Online Course

Why are GMP rules important for technicians and engineers? Technicians and engineers play a key role in ensuring compliance with Good Manufacturing Practice (GMP) standards. They are involved in critical activities such as: planning and construction of ventilation systems, maintenance of water treatment plants, calibration of measuring sensors. Therefore, they are jointly responsible for the quality of medicines and must ensure that their work complies with GMP standards.Your advantages: Fast familiarization with GMP topics in approx. 2 hours, time- and location-independent online training, printable personal certificate, 12-month access for initial and follow-up training, automatic updates in case of legal changes, content compliant with Article 7(4) of Directive 2003/94/EC.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€240.00 net excl. VAT
Details
GMP Fundamentals | A Step-by-Step Guide

GMP Fundamentals | A Step-by-Step Guide

This handbook is a practical and easy to read guideline, giving you a quick and comprehensive overview of the complex world of Good Manufacturing Practice (GMP) without the need of previously acquired knowledge. Some topics are: GMP: Purpose and basic pharmaceutical terms Laws, licenses and inspections Personnel: Responsibility and hygiene Standard Operating Procedures (SOP) and documentation Design of rooms and facilities Processing and packaging Quality control and market release Suppliers, storage and logistics (Good Distribution Practice = GDP) Alphabetical index and abbreviations Using practical examples and comparisons to every-day life will help to easy understand GMP regulations.GMP Fundamentals is a helpful guide which facilitates the entry into the GMP world and teaches the necessary basics.

Ready for dispatch, delivery immediately after receipt of payment
€44.90 net excl. VAT
Details
This website uses cookies to ensure the best experience possible. More information...