How to conduct Functional Risk Assessment during

computer system validation

28/04/2015

BoehringerIngelheim
Abhishek Goel (865008)
Life Sciences/ Computer System validation
abhishek23.g@tcs.com

Confidentiality Statement
Include the confidentiality statement within the box provided. This has to be legally
approved
Confidentiality and Non-Disclosure Notice
The information contained in this document is confidential and proprietary to TATA
Consultancy Services. This information may not be disclosed, duplicated or used for any
other purposes. The information contained in this document may not be released in
whole or in part outside TCS for any purpose without the express written permission of
TATA Consultancy Services.

Tata Code of Conduct

We, in our dealings, are self-regulated by a Code of Conduct as enshrined in the Tata
Code of Conduct. We request your support in helping us adhere to the Code in letter and
spirit. We request that any violation or potential violation of the Code by any person be
promptly brought to the notice of the Local Ethics Counselor or the Principal Ethics
Counselor or the CEO of TCS. All communication received in this regard will be treated
and kept as confidential.

Table of Content
1.

Introduction .............................................................................................................................................................. 4
1.1

2.

Critical Quality Attributes for Risk Assessment................................................................................................. 4

Conducting Functional Risk Assessment ................................................................................................................... 4

Step 1 - Identification of Risk Class ............................................................................................................................... 4
Step 2 - Identification of Risk Priority ........................................................................................................................... 5

1. Introduction
The principle of testing every requirement became erstwhile after the introduction of Risk Based Approach which
specifies that every requirement shall be tested depending upon the risk priority i.e. High, Medium or Low.

Risk Priority
High

Level of Testing
Extensive testing with all positive and negative scenarios including boundary
testing
Only positive scenarios may be tested
No Formal Testing is required

Medium
Low

1.1 Critical Quality Attributes for Risk Assessment

Risk assessment entails measurement of risks of every requirement against various Critical quality Attributes
(CQAs) that could impact patient safety. The CQAs are:
Impact on patient safety, product quality and data integrity
Impact on Business processes and regulatory requirements
Computer System Classification as per GAMP 5
Supplier Assessment (if required)

2. Conducting Functional Risk Assessment

Based on functional requirement specifications, Validation Manager along with Business and IT SMEs will analyse
individual requirement based on CQAs and will identify risk priority.

Step 1 - Identification of Risk Class

Risk Class is measured between Business Impact and Likelihoodof Risk Occurrenceusing below mentioned matrix.
The resultant values of Risk Class come out to be as 1/2/3.

Business
Impact

Low

Medium

High

High

Medium

Low

Risk Likelihood

Example:- If Business Impact of a requirement is High and Likelihood of Risk Occurrence is Medium, then Risk Class
for this requirement will be 1.

Step 2 - Identification of Risk Priority

After identifying Risk Class, Risk Priority is measured between Risk Class and Risk Detectability using below
mentioned matrix. The resultant values of Risk Priority come out to be as High/Medium/Low.

Risk Class

High

Medium

Low

Medium

High

High

Low

Medium

High

Low

Low

Medium

Risk Detectability

Example:- If Risk Class for a requirement has been identified as 1 (using matrix in step 1) and Risk Detectability for
the same requirement is High, then Risk Priority for this requirement will be Medium.

Thank You

About Tata Consultancy Services (TCS)

Tata Consultancy Services is an IT services, consulting and business solutions
organization that delivers real results to global business, ensuring a level of certainty no
other firm can match. TCS offers a consulting-led, integrated portfolio of IT and ITenabled infrastructure, engineering and assurance services. This is delivered through its
TM
unique Global Network Delivery Model , recognized as the benchmark of excellence in
software development. A part of the Tata Group, Indias largest industrial conglomerate,
TCS has a global footprint and is listed on the National Stock Exchange and Bombay
Stock Exchange in India.
For more information, visit us at www.tcs.com.

IT Services
Business Solutions
Consulting
All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content /
information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced,
republished, uploaded, transmitted, posted or distributed in any form without prior written permission from TCS.
Unauthorized use of the content / information appearing here may violate copyright, trademark and other applicable laws,
and could result in criminal or civil penalties. Copyright 2011 Tata Consultancy Services Limited