I would like to hear how people evaluate their risk based approach when it comes to software validation.
Does everyone use the GAMP guidelines ?
It´s important have some filters for exclude functions in software validation.
I used GAMP as first filter for only validate GAMP > = than level 4, then a risk assesment evaluation give us the funcionalities to validate for each individual software.
One way is by using the ISPE Baseline Guide Commissioning and Qualification System Impact Assessment Process. But the GAMP methodology is more detailed. GAMP 5, which is soon to be published, is supposed to fully integrate risk management throughout the life cycle. GAMP 5 is to be consistent with ICH Q9 and ISO 14971.
According to ICH Q9 at the moment FMEA.
I am using bracketing concept in maximum case and in some case with FMECA method.
Prawan Dahal
If you are going to validate any software then it have major level of risk like project base risk,budget level risk and negligible risk.
In project level risk we have to give vender’s software with minimal defect with in time.
In budget level risk you have to test software according to your budget.
in negligible risk means the defect which is not create any problem.
Hi Friend u can evaluate Risk :
Risk evaluation allows you to determine the significance of risks to the business and decide to accept the specific risk or take action to prevent or minimise it.
To evaluate risks, it is worthwhile ranking these risks once you have identified them.
This can be done by considering the consequence and probability of each risk. Many businesses find that assessing consequence and probability as high, medium or low is adequate for their needs.
These can then be compared with your business plan - to determine which risks may affect your objectives - and evaluated in the light of legal requirements, costs and investor concerns. In some cases, the cost of mitigating a potential risk may be so high that doing nothing makes more business sense.
There are some tools you can use to help evaluate risks. You can plot on a risk map the significance and likelihood of the risk occurring. Each risk is rated on a scale of one to ten. If a risk is rated ten this means it is of major importance to the company. One is the least significant. The map allows you to visualise risks in relation to each other, gauge their extent and plan what type of controls should be implemented to mitigate the risks.
Prioritising risks, however you do this, allows you to direct time and money toward the most important risks. You can put systems and controls in place to deal with the consequences of an event. This could involve defining a decision process and escalation procedures that your company would follow if an event occurred.
Risk evaluation allows you to determine the significance of risks to the business and decide to accept the specific risk or take action to prevent or minimise it.
To evaluate risks, it is worthwhile ranking these risks once you have identified them.
This can be done by considering the consequence and probability of each risk. Many businesses find that assessing consequence and probability as high, medium or low is adequate for their needs.
These can then be compared with your business plan - to determine which risks may affect your objectives - and evaluated in the light of legal requirements, costs and investor concerns. In some cases, the cost of mitigating a potential risk may be so high that doing nothing makes more business sense.
There are some tools you can use to help evaluate risks. You can plot on a risk map the significance and likelihood of the risk occurring. Each risk is rated on a scale of one to ten. If a risk is rated ten this means it is of major importance to the company. One is the least significant. The map allows you to visualise risks in relation to each other, gauge their extent and plan what type of controls should be implemented to mitigate the risks.
Prioritising risks, however you do this, allows you to direct time and money toward the most important risks. You can put systems and controls in place to deal with the consequences of an event. This could involve defining a decision process and escalation procedures that your company would follow if an event occurred