Hi all. I am new here and wanted to ask a question in regards to risk assessment.
I am currently working for a software developer, and need to assess the risk of all tools used when developing the product. Of course we are planning to fully validate the product (software used in analytical laboratories, used in diagnostic and data management), but I am questionning whether I should validate all tools used when developing.
I have prepared a risk assessment template, trying to give numeric values to answers and grade each entity assessed (i.e.: 0 @ 25 - No risk, 26@45 - low risk, etc…). What should be considered for risk assessment?
- Coding tools (i.e.: source safe, etc)?
- Client request/bug report tool?
- Electronic document management system (used to manage SOP and such docs.)…this one containes e-sign.
- Any Microsoft apps used (i.e.: Excel for calculations maybe?).
I know how to assess risk, I just need a better idea of the bigger picture. Our product is a medical device, and we are located in Canada (Health-Canada medical device requirement) but also sell to the US (therefore part 820).
Can anybody please shed some light on my questionning? Thanks!
Edit: one more question…as per the FDA, would a software automatically need full validation when it uses e-signatures, even though the risk is very low?