Computerised System Risk Profile Form

1 SECTION A

SOFTWARE / SYSTEM DETAILS

Software/System Version : (N/A if Not

Name : Applicable)

Business Owner : URS ID no :

Software / System
Description

2 SECTION B

GxP STATUS

Record a 'YES' if the system is GxP and continue filling out the form, and a 'NO' if it is NON-GxP and simply sign in the Approval section
GxP: (Yes/No)

3 SECTION C
Assign a "Weight" as appropriate for the system
INHERENT RISK
Category Assessor Risk Definition Weight Score Weighted
Level Score
GAMP category IT N/A GAMP Category 1 (or equipment) ? 0*

M GAMP Category 3 4
High GAMP Category 4 10
V High GAMP Category 5 10 0
Size IT H DB>1,000 records ? 10
M DB 300 - 1000 records 4
L DB < 300 records 1 0
Complexity IT / H Spreadsheets > 60 calculations ? 10
Engineering and/or logic decisions
Or IT systems with more than 20
screens
Or PLC systems with more than 20
functional blocks
M Spreadsheets 20 - 60 calculations 4
and/or logic decisions
Or IT systems with 5 - 20 screens

Or PLC systems with more than 5 -

20 functional blocks
L Spreadsheets < 20 calculations 1
and/or logic decisions
OR IT systems with less than 5
screens
Or PLC systems with less than 5
functional blocks 0
Locality / Functional Operations H More than 1 location ? 10
Groups M More than 1 functional group in 1 4
location
L Used within 1 functional group 1 0

https://seerpharma.com Template F002 Ver 01 1 of 7

 Computerised System Risk Profile Form
INHERENT RISK (Cont…)
Category Assessor Risk Definition Weight Score Weighted
Level Score
Interfaces IT H System has more than one ? 10
interface or a two way interface or a
real time interface with other
systems
M System has an interface with 4
another system

L System has no interfaces with other 1

systems 0

* For Category 1 and Equipment (Lab or Manufacturing/Packaging) do not continue the

assessment process and follow ad EQ procedure

Total : 0

4 SECTION D

EXPOSURE TO RISK = LIKELIHOOD OF FAILURE (GENERAL)

Category Assessor Risk Definition Weight Score Weighted
Level Score
System Capacity IT H Greater than 50 users ? 10 0
M 10 - 50 users 4
L Less than 10 users 1
Frequency of Use Operations H Average use over year - daily ? 10 0
M Average use over year - weekly 4
L Average use over year - monthly or 1
less
Training risk Operations H No training conducted ? 10 0
M Undocumented training OR no 4
recent training OR no training plan
L Documented training plan OR self- 1
explanatory

https://seerpharma.com Template F002 Ver 01 2 of 7

 Computerised System Risk Profile Form
EXPOSURE TO RISK = LIKELIHOOD OF FAILURE (GENERAL Cont…)
Category Assessor Risk Definition Weight Score Weighted
Level Score
Contingency Provision Operations + H No back-up or disaster plan 2 10 0
IT M Manual or informal back-up 4
L Automatic/routine/procedural 1
Security Controls IT H No significant protection 3 10 0
M Single security procedure 4
L Multiple levels of security 1
procedures
System Modifications Operations + H No change control and system user 3 10 0
IT modifiable
M No change control but system 4
administered
L Change control SOP in place 1

*** LEGACY SYSTEMS - Only complete the following section if the system is a legacy system

EXPOSURE TO RISK = LIKELIHOOD OF FAILURE (LEGACY SYSTEMS)

Category Assessor Risk Definition Weight Score Weighted
Level Score
Ease of Use Operations H Difficult to use and many menu ? 10 0
items
M Difficult to use OR many menu 4
items
L Easy to use, few menu items 1
Performance History Operations + H Frequent or critical problems ? 10 0
IT M Occasional or non-critical problems 4

L Rare non-critical problems 1

Frequency of Change IT/ H Emergency changes made ? 10 0
to System Operations regularly to either data or software
code
M More than 10 Software Changes 4
per annum
L 1 - 10 Software Changes per 1
annum
System Support Operations + H No back-up or primary support ? 10 0
IT person, or dependant on user
knowledge, no support
documentation
M No service contract, but back-up for 4
primary support person exists
L Vendor service contract in place, or 1
original developer employed by
XXXX

*** NEW SYSTEMS - Only complete the following section if the system is a prospective system

EXPOSURE TO RISK = LIKELIHOOD OF FAILURE (PROSPECTIVE SYSTEMS)

Category Assessor Risk Definition Weight Score Weighted
Level Score
New Technology Operations H Technology is new and not ? 10 0
suppported in the company
M New upgrade of technology 4

https://seerpharma.com Template F002 Ver 01 3 of 7

New Technology Operations ? 0

Computerised System Risk Profile Form

L Mature technology in the company 1
Experience of staff Operations + H New roles and/or unfamiliar ? 10 0
IT technology
M Limited experience 4

L Strong experience in role and 1

technology
Data Migration IT/ H Complex data migration ? 10 0
Operations M Simple data migration 4
L Little to no data migration 1
Cost / time constraints Operations + H No project timeline or strict cost / ? 10 0
IT time constraints
M Limited cost/time constraints 4
L Comfortable with project timeline 1

Total : 0

5 SECTION E

PROBABILITY OF DETECTING FAILURES

Category Assessor Risk Definition Example
Level Weight
N/A N/A L Detection of a fault is perceived to 1
be highly likely
N/A N/A M Detection of a fault is perceived to 2
be reasonably likely
N/A N/A H Detection of a fault is perceived to 3
be unlikely

Weight : 0

https://seerpharma.com Template F002 Ver 01 4 of 7

 Computerised System Risk Profile Form
6 SECTION F

CONSEQUENCES OF FAILURE
Category Assessor Risk Definition Weight Score Weighted
Level Score
Financial impact Operations H System failure would cost > 0 10 0
AUS$100K
M System failure would cost 4
AUS$10K - AUS$100K
L System failure would cost < 1
AUS$10K
Product Supply IT + H Supply seriously affected 0 10 0
Operations M Supply delayed 4
L No delay 0
Effect on brand loyalty Operations H Customer confidence and loyalty 0 10 0
likely to be affected in long term (>
1 year)
M Customer confidence and loyalty 4
likely to be affected in medium term
(> 6 months)
L Customer confidence not affected 0

Safety/Efficacy QA High Class 1 4 15 0

M Class 2 8
L Class 3 1
N/A (Non Non-GxP 0
GxP

Total : 0

https://seerpharma.com Template F002 Ver 01 5 of 7

 Computerised System Risk Profile Form
7 SECTION G

Risk Profile Score = Section C (Total Weighted Score) + Section D (Total Weighted Score) +
Section F (Total Weighted Score)

Risk Profile Score = 0 + 0 + 0

Risk Profile Score = 0

RISK PROFILE RATING

Place a cross (X) against the evaluated Risk Profile

Very High: q High: q Medium: q
Low: q Very Low: q

COMMENTS ON REDUCING RISK PROFILE RATING

Review the Risk Scores and look for obvious ways of reducing and write this in this section. (eg implementing Security
Control, Procedural Control, System Contingency or Change Control) may decrease the risk profile rating greatly

COMPLETED BY

Name Signature

Position Date

https://seerpharma.com Template F002 Ver 01 6 of 7

 Computerised System Risk Profile Form
8 APPROVAL

BUSINESS OWNER

Approved / Rejected Reason (if rejected)

Name Signature

Position Date

SYSTEM OWNER

Approved / Rejected Reason (if rejected)

Name Signature

Position Date

QUALITY ASSURANCE

Approved / Rejected Reason (if rejected)

Name Signature

Position Date

https://seerpharma.com Template F002 Ver 01 7 of 7