document
6
How to conduct Functional Risk Assessment during computer system validation 28/04/2015 BoehringerIngelheim Abhishek Goel (865008) Life Sciences/ Computer System validation [email protected]
-
Upload
dairolozano -
Category
Documents
-
view
213 -
download
0
Transcript of document
How to conduct Functional Risk Assessment during computer system validation
28/04/2015
BoehringerIngelheim
Abhishek Goel (865008)
Life Sciences/ Computer System validation [email protected]
2
Confidentiality Statement Include the confidentiality statement within the box provided. This has to be legally approved Confidentiality and Non-Disclosure Notice The information contained in this document is confidential and proprietary to TATA Consultancy Services. This information may not be disclosed, duplicated or used for any other purposes. The information contained in this document may not be released in whole or in part outside TCS for any purpose without the express written permission of TATA Consultancy Services.
Tata Code of Conduct We, in our dealings, are self-regulated by a Code of Conduct as enshrined in the Tata Code of Conduct. We request your support in helping us adhere to the Code in letter and spirit. We request that any violation or potential violation of the Code by any person be promptly brought to the notice of the Local Ethics Counselor or the Principal Ethics Counselor or the CEO of TCS. All communication received in this regard will be treated and kept as confidential.
3
Table of Content
1. Introduction .............................................................................................................................................................. 4
1.1 Critical Quality Attributes for Risk Assessment ................................................................................................. 4
2. Conducting Functional Risk Assessment ................................................................................................................... 4
Step 1 - Identification of Risk Class ............................................................................................................................... 4
Step 2 - Identification of Risk Priority ........................................................................................................................... 5
4
1. Introduction The principle of testing every requirement became erstwhile after the introduction of Risk Based Approach which specifies that every requirement shall be tested depending upon the risk priority i.e. High, Medium or Low.
Risk Priority Level of Testing High Extensive testing with all positive and negative scenarios including boundary
testing Medium Only positive scenarios may be tested Low No Formal Testing is required 1.1 Critical Quality Attributes for Risk Assessment Risk assessment entails measurement of risks of every requirement against various Critical quality Attributes (CQAs) that could impact patient safety. The CQAs are: ν Impact on patient safety, product quality and data integrity ν Impact on Business processes and regulatory requirements ν Computer System Classification as per GAMP 5 ν Supplier Assessment (if required)
2. Conducting Functional Risk Assessment Based on functional requirement specifications, Validation Manager along with Business and IT SMEs will analyse individual requirement based on CQAs and will identify risk priority. Step 1 - Identification of Risk Class Risk Class is measured between Business Impact and Likelihoodof Risk Occurrenceusing below mentioned matrix. The resultant values of Risk Class come out to be as 1/2/3.
Business Impact Risk Likelihood
Low
Medium
High
High
2
1
1
Medium
3
2
1
Low
3
3
2
5
Example:- If Business Impact of a requirement is High and Likelihood of Risk Occurrence is Medium, then Risk Class for this requirement will be 1. Step 2 - Identification of Risk Priority After identifying Risk Class, Risk Priority is measured between Risk Class and Risk Detectability using below mentioned matrix. The resultant values of Risk Priority come out to be as High/Medium/Low.
Risk Class Risk Detectability
High
Medium
Low
1
Medium
High
High
2
Low
Medium
High
3
Low
Low
Medium
Example:- If Risk Class for a requirement has been identified as 1 (using matrix in step 1) and Risk Detectability for the same requirement is High, then Risk Priority for this requirement will be Medium.
About Tata Consultancy Services (TCS)
Tata Consultancy Services is an IT services, consulting and business solutions organization that delivers real results to global business, ensuring a level of certainty no other firm can match. TCS offers a consulting-led, integrated portfolio of IT and IT-enabled infrastructure, engineering and assurance services. This is delivered through its unique Global Network Delivery ModelTM, recognized as the benchmark of excellence in software development. A part of the Tata Group, India’s largest industrial conglomerate, TCS has a global footprint and is listed on the National Stock Exchange and Bombay Stock Exchange in India.
For more information, visit us at www.tcs.com.
IT Services Business Solutions Consulting All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content / information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from TCS. Unauthorized use of the content / information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties. Copyright © 2011 Tata Consultancy Services Limited
Thank You
