cGMP Risk Assessment – Enterprise Systems

Whether you’re a medical device or pharmaceutical manufacturer, a Risk Assessment is a key tool to assure that all regulatory risks are assessed and mitigated. Our staff of senior industry professionals have extensive computer systems implementation and validation experience with ERP and Quality Management Systems. 

The purpose of a risk assessment is to provide a standard approach to the identification, assessment and management of risk. Guidance from the FDA on computer systems validation (CSV) in recent years encourages the industry to adopt a risk- based approach to computer systems validation. As a result, a well crafted risk assessment document becomes the foundation for all subsequent validation activities or a proof document supporting a decision not to conduct a CSV.

The risk assessment document captures all risks without initially attempting to qualify them. After the risks have been captured, they are assessed, prioritized, and appropriate actions taken or planned. The risk assessment document should be viewed as a living document which will be continually updated as new risks are identified and as previously documented risks are mitigated.

Objectives and Scope

The primary objective of the Risk Assessment is to provide the client with a risk assessment report which will document cGMP compliance risks associated with the use of its enterprise systems. 

Typical objectives of these engagements include:

  • Preparation of a risk assessment SOP and a risk assessment template customized for use.
  • On-site discovery meetings focusing on cGMP processes and the uses of the client’s enterprise systems.
  • Development of a risk assessment report which will document cGMP compliance risks surrounding the uses of the client’s enterprise systems.

Typically, these are the functional areas that are included in the risk assessment:

  • Procurement
  • Inventory and Warehouse Management
  • Production
  • Quality
  • Sales Orders and Shipments
  • 21-CFR-Part-11 Requirements
  • Security and User Access

Approach and Deliverables

The engagement will generally involve on-site discovery sessions that includes a detailed review of the uses of the client’s enterprise systems in cGMP relevant areas of the business.

We will summarize our findings and recommendations in a Risk Assessment Template which will be customized for the client. In addition, we will prepare a risk assessment SOP to govern our work on the risk assessment or we will adapt our approach to accommodate the client’s risk assessment SOP.