This phase is used to categorize and prioritize the risk from a business and compliance, or health risk standpoint.
For a "high-risk" classification, the probability of detecting the problem would be low or zero. An example is an analysis system used in quality control where analysis results are used as criteria for the release of product.
Impact on human health and safety. Includes consumer safety and environmental hazards. An example of high severity would include circumstances whereby poor product quality could cause adverse effect to the health of patients or users.
Note: Because an impact on health and safety can only occur when there is also an impact on product quality, we combine both factors.
Impact on compliance. This is related to the risk of failing regulatory inspections and receiving single or multiple WLs or inspectional observation reports. A typical compliance issue is the insufficient integrity of regulated data.
There are other indirect affects wherein the health of a patient or a worker is affected, such as claims against the company, product recalls, a negative reputation for the company, etc.
(Business Impact + Safety + Compliance Impact) × Probability of Occurrence = Risk Factor
Factors contributing to risk
High-risk factors. Examples of factors contributing to high-risk levels include those related to product quality and health and safety, business continuity, and regulatory compliance.
Product quality and health and safety.
- Systems used to monitor, control, or supervise a drug manufacturing or packaging process.
- Systems used in a production environment for testing, release, labeling, or distribution of products;
- Users interact manually with the system and data having the ability to manipulate data.
- System failure can have direct impact on product quality.
- No or low probability that the problem will be detected or can be corrected;
- Product quality problems may lead to death or serious and permanent injury.