There are four opportunities to apply a Risk-Based Approach for Computer Systems Validation. These opportunities include utilizing risk to scale, supplier audit efforts, validation deliverables, testing and documentation levels. All functions and requirements should be treated with the same risk criteria. This risk criteria establishes the true levels of risk.
Supplier audits are a critical component to the quality of project deliverables, outcomes and lifecycle speed. Many risk-based approaches view all suppliers with the same impact. Supplier audits should follow a risk-based approach that appropriately defines their risk. Some suppliers significantly impact outcomes, while others have a minimal impact. When functional requirements and risk test classifications are established to appropriately establish the true risk, testing costs are reduced and speed is increased. Testing is an area that is often underperformed in high risk systems and overperformed in low risk systems.
The necessary documentation levels vary significantly based on compliance, the size or teams and the amount of organization integration required. Organizations without a risk-based approach bury their teams in unnecessary and time-consuming documentation efforts. Organizations that establish a risk-based approach optimize their teams and documentation levels.
Before a Risk-based Approach:
- All systems/functions requirements are treated with the same risk criteria
- Resources are not concentrated in the right areas
- Excessive resources and costs are spent on low risk systems
- High risk systems and low risk systems are factored equally
After a Risk-based Approach:
- A “true” risk-based approach strategy is integrated throughout the entire lifecycle including vendor audits for off-the-shelf enterprise systems
- Functional requirements and risk test classification are established
- Risk-based approach is established for audits
- High level risk assessments are conducted (What is the risk if it fails?)
- Resources and costs are not wasted on low risk functions of the system
Most companies utilize traditional risk-based approaches that do not consider the “true” risk of the system. Massive costs and resources are wasted on low risk function systems, while high risk functions that affect quality and cycle time are not adequately addressed. Organizations that establish and appropriately test using a scaled risk-based approach optimize their teams and documentation levels.
To learn more about the proven methods EngiLifeSciences employs to help your organization achieve faster, leaner compliance, read the other parts in our series – Strategies for CSV – Faster, Leaner Compliance.
