USV LIMITED

High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 1 of 10

Draft Copy

High Level Risk Assessment (HLRA)

For XXXX System
Document No.: HLRA-XXXX-00-R0

CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 2 of 10

Approval Page
Name

Designation

Department

Sign and Date

Prepared By

Reviewed By

Approved By

CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 3 of 10

Table of Contents
Purpose.......................................................................................................................................................4
Scope..........................................................................................................................................................4
References..................................................................................................................................................4
System Overview.......................................................................................................................................4
GxP Relevance...........................................................................................................................................5
References..................................................................................................................................................6
Level of Risk..............................................................................................................................................7
GAMP Categorization................................................................................................................................8
Summary....................................................................................................................................................9
Comments:.................................................................................................................................................9
Revision History........................................................................................................................................9

CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 4 of 10

Purpose
This document is prepared to assess the GxP impact, GAMP categorization and risk level of the
system.

Scope
This document is applicable to XXXX system installed at XXXX location in USV Ltd.

References
a.

GAMP-5: A Risk-Based Approach to Compliant GxP Computerized Systems

b.

Standard Operating Procedure for Validation of Computerized System:

System Overview
(Write system description, current procedure which shall be replaced by system, whether
application is customized or standard software, use of the system, process flow, etc..)

CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 5 of 10

GxP Relevance
Questions

Yes/ No

5.1

Is the system involved in the environmental control processes of

facilities used for animals in GLP studies or for the manufacture,
processing, packaging, holding or distribution of products?

5.2

Is the system used in the collection, analysis or storage of data from perclinical studies or clinical trials?

5.3

Is the system used to produce or process data that will be used in (drug)
regulatory submissions?

5.4

Is the system used for distribution or collection of information in the

event of a commercial product recall, or in patient follow-up of preclinical or clinical trials?

5.5

Does the system provide information that is used as evidence of

compliance with a process liable to external audit or inspection by
health authority such as FDA, EMEA, WHO, MHRA, or any other
health authority?

5.6

Is the system used in the collection, processing, analysis or storage of

data related to product quality and patient safety?

5.7

Is the system officially available for the audit?

5.8

Is the system used in the manufacture or control of products?

5.9

Is the system used to control Packaging or Labeling activities?

5.10 Is the system used to maintain purchasing, inventory or distribution data

for the product?
If one of the questions is answered with Yes, the System is classified as GxP relevant and
Computer System Validation is required.

CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 6 of 10

ERES
Applicable if the system is classified as GxP Relevant
Question
6.1

Yes/ No/
NA

Does the system support business processes that are part of the product
development, registration, manufacturing or the distribution of products
that are to be delivered to the US and/or European market and/or to any
other market that is regulated regarding ERES?

If 6.1 question is answered as Yes, then go to the next questions.

Question

Yes/ No/
NA

6.2

Does the system create, modify, maintain, archive, retrieve or transmit

electronic records specifically required by any GxP regulation?

6.3

If the system processes electronic records as noted above, are these

records used in their electronic form to support GxP decisions?

6.4

Does the system support application of electronic signatures to records

that are required to be signed?

If 6.2 and/or 6.3 is answered with Yes, Electronic records are applied to the system.

If 6.4 is answered with Yes, Electronic signatures is applied to the system.

CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 7 of 10

Level of Risk
For GxP relevant system, determine the Level of Risk (Severity of harm) based on system
impact on GxP relevance, Business relevance and failure consequence. Use below table for this
purpose.
Assessment Step:
Assessment regarding GxP relevance (Yes/No)
Assessment regarding Business relevance (Yes/No)
Assessment regarding Failure Consequence (High/ Moderate/ Low/ No)
If system is classified as GxP relevance, system must be automatically classified as business
relevance and at least moderate for the failure consequence.
If system is impacting on business, which means on activities like quality control, production,
sales, etc. then system should be classified as Business Relevance.
If system is classified as neither GxP nor business relevant, the classification of the failure
consequence could not exceed low.
If failure of system functionality causes a violation of GxP regulation, with direct impact on,
Product quality, Patient Safety and Data Integrity, then the system failure consequences shall
be High.
If failure of system functionality causes violation of GxP regulation, with No direct impact on,
Product quality, Patient Safety and Data Integrity, then the system failure consequences shall
be Moderate.
If failure of system functionality causes an indirect violation of GxP regulation, with No direct
impact on, Product quality, Patient Safety and Data Integrity then system failure consequences
shall be Low.
If failure of system functionality causes no impact on GxP regulation with no direct/ indirect
impact on, Product quality, Patient Safety and Data Integrity then system failure consequences
shall be No.
Yes- 10, No- 00, High- 20, Moderate- 08, Low- 02

CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 8 of 10

GxP Relevance

Business
Relevance

Failure
Consequence

Caluculated
Risk

Yes

Yes

High

40

No

Yes

High

30

Yes
No
No
No
No
No

Yes
Yes
Yes
Yes
No
No

Moderate
Moderate
Low
No
Low
No

28
18
12
10
02
00

Level of Risk

High

Moderate

Low

Question

Response

7.1

Is system GxP relevant? (Yes/ No)

7.2

Is system Business relevant? (Yes/ No)

7.3

What is the failure consequences? (High/ Moderate/ Low/ No)

7.4

Calculated Risk

7.5

Level of Risk

GAMP Categorization
Category

Question

Yes/ No/
NA

Is it commercially available operating system?

(If No go for the next question)

Is this commercially available standard software package providing

an off the shelf solution to a business or manufacturing process?
(If No go for the next question)

Is system commercially available package that involve configuring

predefine software modules and possible developing customize
CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 9 of 10

modules? (If No go for the next question)

5

Is system custom built software or a custom extension to an existing

system?

Summary
Respond to the questions according to section 5 to 8 of this document.
Questions

Response

Is system classified as GxP impacting and computer system validation

required?
Is Electronic Records applies to the system?
Is Electronic Signature applies to the system?
What is the Level of Risk?
What is the GAMP category?

10

Comments:

11

Revision History
CONFIDENTIAL-USV

USV LIMITED
High Level Risk Assessment (HLRA) for XXX system

Document No: HLRA-XXXX-00-R0

Page No.: 10 of 10

Revision No. Date of Revision

R0

Reason for Revision

New Document

CONFIDENTIAL-USV