Page Last RA

Maathra Labs
Kurmannapalem, Visakhapatnam, Andhra Pradesh 530046

Computer System Validation, IT & Regulatory Compliance Services
Document Name: Risk Assessment Document for Computerized System

Protocol Number: SLPL/CSV/RA/001 Revision Number: 00 Page 1 of 73
Name of the Activity Risk Assessment for Computerized System

Client Name Sainor Laboratories Private Limited - Unit –II (Pharma Division)
Department QC Department
Protocol No: SLPL/CSV/RA/001
Supersedes: Not Applicable
Effective Date:
Type/reason for
GAP Assessment 
Validation
Risk Assessment 
Validation 
Format Number: ML/SOP/001/F02

Maathra Labs

Document Pre-Approval
Signing of this document page of Risk Assessment document indicates agreement with the document. If any
modifications to the procedure become necessary, an addendum shall be prepared and approved. This document
cannot be executed until signed and approved.
Prepared by:
S.No. Name Designation Signature Date
1. Usha Rani Mekala Team Member - CSV
Checked/Reviewed by:

Team Member -
1. Srilatha Bandla
CSV
Senior Manager - QC Sainor
2. V. Ramanjaneyulu Laboratories
PVT LTD
Executive– QA
3. U. Satish Babu Sainor Laboratories
PVT LTD
Incharge – IT
4. M.R.K. Prasad Sainor Laboratories
PVT LTD
Approved by:

Abdul Kaleem Project Lead / Director
1.
Head QA
A.V.R.Sarma Sainor Laboratories
2.
PVT LTD

Maathra Labs

Contents
1. Document revision history .........................................................................................4

2. Objective .................................................................................................................... 4
3. Scope .......................................................................................................................... 4
4. Abbreviations .............................................................................................................4
5. Instructions for performing software risk assessment ................................................5
6. Risk Management team ..............................................................................................5
7. Risk identification procedure: ....................................................................................6
8. Risk Assessment Procedure .......................................................................................6
8.1. Severity ...................................................................................................................... 6
8.2. Probability of Failure (Likelihood) ............................................................................6
8.3. Risk Class................................................................................................................... 7
8.4. Detectability ...............................................................................................................7
9. Risk Priority Evaluation .............................................................................................8
10. Risk mitigation methodology: ....................................................................................8
11. Residual Risk Review after implementation .............................................................. 8
12. Risk Management ...................................................................................................... 9
12.1. Risk Assessment Phase ..............................................................................................9
12.2. Risk Mitigation Phase .............................................................................................. 36
12.3. Residual Risk Review Phase .................................................................................... 58
13. Document Post-Approval .........................................................................................73

Maathra Labs

1. Document revision history
Issue
Date Author Title/Department Description of Change
Number
00 Usha Rani CSV team Initial Version
2. Objective
The Objective of this document is to conduct the below activities as per the Protocol for GAP
Assessment for Computerized System, Document ID: SLPL/CSV/GAP/001 at Sainor Laboratories
PVT LTD, Unit-II, Pharma Division.
 Identifcation of Gaps
 Risk Assessment and evaluation of the Gaps
 Proposing the mitigation actions
 Implementation of mitigation actions
 Verification of mitigation actions
3. Scope
This Risk assessment document is limited to the below listed computerized systems used in Quality
Control Laboratory of Sainor Laboratories PVT LTD, Unit-II, Pharma Division as per the protocol for
GAP Assessment for Computerized System, Document ID: SLPL/CSV/GAP/001.
S.No. Computer/System ID Software Name & Version Instrument Name

1. PC/QC/HPLC-3 LabSolutions6.72 SP1 HPLC
2. PC/QC/HPLC-4 LabSolutions 6.86 HPLC
5. PC/QC/UV-2 UVProbe 2.62 UV
6. PC/QC/ STB-2 ALLYSOFT INTE – GRO Stability Chamber
2.0
7. PC/QC/STB-3 ICDAS 2.1 Stability Chamber
(Newtronic Software)
8. PC/QC/GC-1 LabSolutions 6.72 SP1 Gas Chromatography
4. Abbreviations
Term Definitions
QC Quality Control
SOP Standard Operating Procedure

Maathra Labs

Term Definitions
SLPL Sainor Laboratories Private Limited

CSV Computer System Validation
HPLC High Performance/pressure Liquid Chromatography
UV Ultra Violet
STB Stability
GC Gas Chromatography
GxP Good guidelines and regulations Practices
CKL Checklist
5. Instructions for performing software risk assessment

The key elements of any risk assessment process contain the following:
 Identification of risk scenarios

 Assessing the severity of the identified risks
 Assessing the probability of Failure (Likelihood)
 Identification of risk class
 Assessing the detectability of failure occurrence
 Evaluation of overall risk priority
 Identification of Mitigations if existing/current controls not present.
6. Risk Management team
Core Team Members: Signature and Date
Usha Rani - ValSquare
Srilatha Bandla - ValSquare

Incharge – IT
Sainor Laboratories
QC - Sainor Laboratories
QA - Sainor Laboratories

Maathra Labs

7. Risk identification procedure:

Regulatory compliance gap assessment checklist, Document ID: SLPL/CSV/CKL/001 has
been executed for the below listed instruments and all possible risks associated with software
have been identified during the gap assessment.
S.No. Computer/System Software Name & Checklist Number Approved date

ID Version
1 PC/QC/HPLC-3 LabSolutions6.72 SP1 SLPL/CSV/CKL/001 16/12/2021
2 PC/QC/HPLC-4 LabSolutions 6.86 SLPL/CSV/CKL/001 07/12/2021
5 PC/QC/UV-2 UVProbe 2.62 SLPL/CSV/CKL/001 16/12/2021
6 PC/QC/STB-2 ALLYSOFT INTE -
SLPL/CSV/CKL/001 09/12/2021
GRO 2.0
7 PC/QC/STB-3 ICDAS 2.1
SLPL/CSV/CKL/001 09/12/2021
(Newtronic Software)
8 PC/QC/GC-1 LabSolutions 6.72
SLPL/CSV/CKL/001 09/12/2021
SP1
8. Risk Assessment Procedure

8.1. Severity
After the failure modes and effects identification, the next step has been the evaluation, for each risk
scenario, of the Impact (Severity) on the quality of the product/process.
Severity Criteria for Evaluation

High (H): Can cause serious adverse health consequences which can threaten the
High life of Patient or even death. Direct and significant impact on data
security/integrity/GxP requirements.
Medium (M): Temporary or reversible adverse health consequences but the life of
Medium the patient is not threatened. Indirect and significant impact on data
Low Low (L): No effect/Impact for patients. Insignificant impact on data

8.2. Probability of Failure (Likelihood)

The Probability of Failure (Likelihood) represents the frequency of the risk root cause
occurrence. The approach requires to consider the probability of the risk root cause occurring
within a given time period (day, month, year) or per a quantity of transactions, and assigning a
value to that estimate according to the criteria

Maathra Labs

Occurrence Failure Rates

High Frequent
Medium Occasional
Low Seldom (Hardly ever)
8.3. Risk Class

The Risk Class for each Risk Scenario identified has been evaluated as a combination of the
Severity and of the Likelihood, as reported in the following table:
Likelihood
Risk Class
Low Medium High
High 2 1 1
Severity
Medium 3 2 1
Low 3 3 2
Where:
1 = High
2 = Medium
3 = Low
8.4. Detectability
The purpose of this phase has been to identify if the risk event could be recognized or
detected (Detectability) by other system controls.
Detection Criteria for Evaluation

Low Low (L): The risk cannot be detected through deployed control
measure/system the detection is possible after longer period/interval.
Medium Medium (M): The risk may be detected through deployed control
measure/system and the detection is through manual method.
High High (H): The risk can be detected without fail through deployed control
measure/system and the detection system is automated.

Maathra Labs

9. Risk Priority Evaluation

By combining the Risk Class with the Detectability, it is possible to prioritize the fault
conditions associated with each risk scenario based upon those areas of greatest vulnerability.
The matrix below provides the model to evaluate the Risk Priority.
Detectability
Risk Priority
Low Medium High
1 High High Medium

Risk Class
2 High Medium Low
3 Medium Low Low
10. Risk mitigation methodology:

The risk mitigation actions will be proposed as per the table below.
Risk Priority Mitigation strategy

Low No mitigation actions are required
Medium/High Mitigations actions will be implemented and system usage will be

continued with appropriate controls.
11. Residual Risk Review after implementation

The Risk assessment will be conducted for the residual risks after the implementation of Risk
mitigation actions to understand the risk acceptance status.

Maathra Labs
12. Risk Management

12.1. Risk Assessment Phase
Refer to the Instructions above and complete the following table for each risk/hazard identified.
Risk
Risk Mitigation
Computer/ Identify Failure Severity Probability Detectability Prioritization
Risk ID Process Gap (Required/
System ID (Risk) H, M, L H, M, L H, M, L Ranking
N/A)
(RPR)
RID-1 PC/QC/HPLC-3 System is not The system may not H H L High Required
validated work as per intended
purpose and pose the
risk on product
quality, patient safety
and data integrity
RID-2 PC/QC/HPLC-3 Application People may have M M L Medium Required

privileges are not access to unauthorized
matching with the system functionality
SOP due to improper
configuration of the
system privileges and
may impact the
integrity of the data

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
and system
functionality
RID-3 PC/QC/HPLC-3 Account lockout The account lockout H H L High Required

is not configured functionality restricts
as per SOP in the unauthorized
application level access or attempts to
access the system.
Once the account Unauthorised access
is locked the to the system may
others users are impact the system
waiting till the security, data integrity
timeout. due to improper
configuration of
account lockout
Users can’t access the

application it may
leads to product
Quality and Data
integrity issues.

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
RID-4 PC/QC/HPLC-3 Session expire Session expiry H H L High Required
time not functionality ensures
configured in the system and data
application level security. Unauthorized
user may access the
system due to
improper session time
configuration and data
integrity issues may
occur
RID-5 PC/QC/HPLC-3 Password aging will H H L High Required

Password aging is help to enhance the
not configured as user and system
per SOP. security. Improper
password
configuration may
impact the system and
user security

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
in the window the unauthorized
level. access or attempts to
access the system.
Unauthorised access
to the system may
impact the system
security, data integrity
due to improper
configuration of
account lockout

time not functionality ensure
Windows level security. Unauthorized
user may access the
system due to

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
occur
RID-8 PC/QC/HPLC-3 Password policies Password policy helps

like complexity to enhance the user
and minimum and system security.
length are Improper H H L High Required
disabled in configuration of
windows level password policy
makes easier to guess
the user passwords in
the event of a breach
RID-9 PC/QC/HPLC-3 System doesn’t Malware can steal the M M L Medium Required
have licensed data and encrypt the
Anti-virus data.
risk on product

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
and data integrity

SOP due to improper
may impact the
and system
functionality

access the system.

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
timeout due to improper
configuration of
account lockout
Users cant access the

application it may
leads to product
Quality and Data
integrity issues.

user may access the
system due to

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
occur

per sop security. Improper
password
configuration may
user security

level access or attempts to
access the system.
Unauthorised access
to the system may
impact the system

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
due to improper
configuration of
account lockout

user may access the
system due to
occur
RID-17 PC/QC/HPLC-4 Password policies Password policy helps H H L High Required

length are Improper
configuration of
password policy

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
disabled in makes easier to guess
windows level the user passwords in
Anti-virus data.
risk on product
and data integrity

SOP due to improper
may impact the

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
and system
functionality

access the system.
timeout due to improper
configuration of
account lockout

application it may
leads to product

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
Quality and Data
integrity issues.

user may access the
system due to
occur

password
configuration may

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
user security

access the system.
Unauthorised access
to the system may
impact the system
due to improper
configuration of
account lockout

user may access the

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
system due to
occur

length are Improper
Anti-virus data.

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
risk on product
and data integrity

SOP due to improper
may impact the
and system
functionality

the unauthorized

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
as per SOP in access or attempts to
application level access the system.
Unauthorised access
Once the account to the system may
is locked the impact the system
others users are security, data integrity
waiting till the due to improper
timeout configuration of
account lockout

application it may
leads to product
Quality and Data
integrity issues.

user may access the
system due to

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
occur

password
configuration may
user security

access the system.
Unauthorised access
to the system may

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
impact the system
due to improper
configuration of
account lockout

user may access the
system due to
occur

length are Improper

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
Anti-virus data.
RID-37 PC/QC/UV-2 System is not The system may not H H L High Required
risk on product
and data integrity.
RID-38 PC/QC/UV-2 Application People may have M M L Medium Required

SOP. due to improper

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
may impact the
and system
functionality
RID-39 PC/QC/UV-2 Audit trail option Audit trial option is H H L High Required
not available. not available to track
the data created by
who, when & where
the data is, which
leads to data integrity
issues.
RID-40 PC/QC/UV-2 Account lockout The account lockout H H L High Required

access the system.
Unauthorised access
to the system may

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
impact the system
due to improper
configuration of
account lockout
RID-41 PC/QC/UV-2 Session expire Session expiry H H L High Required

user may access the
system due to
occur
RID-42 PC/QC/UV-2 Password policies Password policy helps H H L High Required

length are Improper

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
RID-43 PC/QC/UV-2 System doesn’t Malware can steal the M M L Medium Required
Anti-virus data.
RID-44 PC/QC/STB-2 System is not The system may not H H L High Required
risk on product
and data integrity
RID-45 PC/QC/STB-2 There is no SOP People may have H H L High Required

available for user access to unauthorized
privileges access system functionality
due to Unavailable of
user privileges SOP of

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
in application the system and may
level impact the integrity of
the data and system
functionality
RID-46 PC/QC/STB-2 Only generic People may have H H L High Required

admin access is access to unauthorized
available at system functionality
windows level due to improper
system and it may
issues.
RID-47 PC/QC/STB-2 System doesn’t Malware can steal the M M L Medium Required
Anti-virus data.
RID-48 PC/QC/STB-3 System is not The system may not H H L High Required
risk on product

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
and data integrity
RID-49 PC/QC/STB-3 Only generic People may have H H L High Required

admin access is access to unauthorized
available at system functionality
windows level due to improper
system and it may
issues.
RID-50 PC/QC/STB-3 System doesn’t Malware can steal the M M L Medium Required
Anti-virus data.
RID-51 PC/QC/GC-1 System is not The system may not H H L High Required
risk on product

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
and data integrity
RID-52 PC/QC/GC-1 Application People may have H H L High Required

SOP. due to improper
may impact the
and system
functionality.
RID-53 PC/QC/GC-1 One person The same user can H H L High Required
mapped with the review and approve
multiple roles in his/her own method it
the application. leads to data integrity.
RID-54 PC/QC/GC-1 Account lockout The account lockout H H L High Required


Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
level. access or attempts to
access the system.
Unauthorised access
to the system may
impact the system
due to improper
configuration of
account lockout
RID-55 PC/QC/GC-1 Session expire Session expiry H H L High Required

user may access the
system due to
occur

Maathra Labs
Risk
Risk Mitigation
N/A)
(RPR)
RID-56 PC/QC/GC-1 Password policies Password policy helps H H L High Required
length are Improper
RID-57 PC/QC/GC-1 System doesn’t Malware can steal the H H L High Required
Anti-virus. data.

Maathra Labs

12.2. Risk Mitigation Phase
Computer/ Identify Failure

Risk ID Process Gap Risk Mitigation Status
System ID (Risk)
RID-1 PC/QC/HPLC-3 System is not The system may not work System should be validated as per Under progress
validated as per intended purpose and intended purpose.
pose the risk on product
quality, patient safety and
data integrity
RID-2 PC/QC/HPLC-3 Application People may have access to 1. Review the system
privileges are not unauthorized system privileges in the SOP to
matching with the functionality due to ensure the appropriate
privileges and groups
SOP. improper configuration of
were assigned as per
the system privileges and usage.
may impact the integrity of 2. Update the system
the data and system privileges as per the SOP.
functionality
RID-3 PC/QC/HPLC-3 Account lockout is The account lockout 1. Review the Account
not configured as per functionality restricts the lockout policies in SOP
SOP in application unauthorized access or 2. Configure the Account
lockout settings as per
level attempts to access the
SOP
system. Unauthorised
access to the system may

Maathra Labs

System ID (Risk)
Once the account is impact the system security,

locked the others data integrity due to
users are waiting till improper configuration of
the timeout. account lockout

application it may leads to
product Quality and Data
integrity issues.
RID-4 PC/QC/HPLC-3 Session expire time Session expiry functionality 1. Review the Session
not configured in ensures the system and data account time policies in
application level security. Unauthorized user SOP
2. Configure the Session
may access the system due
account time settings as
to improper session time per SOP
integrity issues may occur
RID-5 PC/QC/HPLC-3 Password aging is not Password aging will help to 1. Review the password
configured as per enhance the user and policies in SOP
SOP. system security. Improper 2. Configure the Password
aging as per SOP
password configuration

Maathra Labs

System ID (Risk)
may impact the system and

user security
RID-6 PC/QC/HPLC-3 Account lockout is The account lockout Windows should be configured
not configured in the functionality restricts the with the account lockout
window level. unauthorized access or
attempts to access the
impact the system security,
data integrity due to
improper configuration of
account lockout
RID-7 PC/QC/HPLC-3 Session expire time Session expiry functionality Windows should be configured
not configured in ensure the system and data with the Session expire
Windows level security. Unauthorized user
to improper session time

Maathra Labs

System ID (Risk)
RID-8 PC/QC/HPLC-3 Password policies Password policy helps to Windows should be configured
like complexity and enhance the user and with the password policies
minimum length are system security. Improper
disabled in windows configuration of password
level policy makes easier to
guess the user passwords in
RID-9 PC/QC/HPLC-3 System doesn’t have Malware can steal the data Update the system with licensed
licensed Anti-virus and encrypt the data. Anti-virus.
RID-10 PC/QC/HPLC-4 System is not The system may not work System should be validated as per
validated as per intended purpose and intended purpose.
data integrity
SOP improper configuration of

Maathra Labs

System ID (Risk)

the data and system privileges as per the
functionality SOP
SOP
Once the account is access to the system may
locked the others impact the system security,
users are waiting till data integrity due to
the timeout improper configuration of
account lockout
Users cant access the

integrity issues.

Maathra Labs

System ID (Risk)
configured as per sop enhance the user and policies in SOP
system security. Improper 2. Configure the Password
aging as per SOP
user security
window level unauthorized access or

Maathra Labs

System ID (Risk)

account lockout
not configured in ensure the system and data with the Session expire.
licensed Anti-virus and encrypt the data. Anti-virus.

Maathra Labs

System ID (Risk)
validated as per intended purpose and intended purpose
data integrity
the data and system privileges as per the SOP
functionality
SOP

Maathra Labs

System ID (Risk)

account lockout

integrity issues.
aging as per SOP

Maathra Labs

System ID (Risk)

user security
account lockout
not configured in ensures the system and data with the Session expire

Maathra Labs

System ID (Risk)
licensed Anti-virus and encrypt the data. Anti-virus
data integrity

Maathra Labs

System ID (Risk)

functionality
SOP
account lockout

integrity issues.

Maathra Labs

System ID (Risk)
aging as per SOP
user security

Maathra Labs

System ID (Risk)

account lockout
RID-34 PC/QC/HPLC-6 Session expire time Session expiry functionality windows should be configured

Maathra Labs

System ID (Risk)
RID-37 PC/QC/UV-2 System is not The system may not work System should be validated as per
data integrity.
RID-38 PC/QC/UV-2 Application People may have access to 1. Review the system
functionality
RID-39 PC/QC/UV-2 Audit trail option not Audit trial option is not 1. Application vendor to be
available. available to track the data consulted to understand the
created by who, when & system audit trail
functionality.
where the data is, which
2. Users will be trained on the
leads to data integrity Audit trail functionality
issues. 3. Manual controls such as log
books will be implemented

Maathra Labs

System ID (Risk)
in absence of system audit

trail functionality.
RID-40 PC/QC/UV-2 Account lockout is The account lockout Windows should be configured
account lockout
RID-41 PC/QC/UV-2 Session expire time Session expiry functionality Windows should be configured

Maathra Labs

System ID (Risk)
RID-42 PC/QC/UV-2 Password policies Password policy helps to Windows should be configured
RID-43 PC/QC/UV-2 System doesn’t have Malware can steal the data Update the system with Licensed
RID-44 PC/QC/STB-2 System is not The system may not work System should be validate as per
data integrity
RID-45 PC/QC/STB-2 There is no SOP People may have access to 1. Review the system
available for user unauthorized system privileges in the SOP to
privileges access in functionality due to ensure the appropriate
application level Unavailable of user
privileges SOP of the usage.

Maathra Labs

System ID (Risk)
system and may impact the 2. Update the system

integrity of the data and privileges as per the SOP
system functionality
RID-46 PC/QC/STB-2 Only generic admin People may have access to 1. Windows should allow the
access is available at unauthorized system users to access with the
windows level functionality due to roles and responsibilities.
2. Application vendor to be
consulted to verify the
the system and it may leads provision of individual
to data integrity issues. logins for the system.
3. System must be upgraded
or manual controls will be
implemented in case of
generic account usage to
be continued.
RID-47 PC/QC/STB-2 System doesn’t have Malware can steal the data Update the system with Licensed
RID-48 PC/QC/STB-3 System is not The system may not work System should validate as per

Maathra Labs

System ID (Risk)

data integrity
RID-49 PC/QC/STB-3 Only generic admin People may have access to 1. Windows should allow the
access is available at unauthorized system users to access with the
windows level functionality due to roles and responsibilities.
2. Application vendor to be
consulted to verify the
the system and it may leads provision of individual
to data integrity issues. logins for the system.
3. System must be upgraded
or manual controls will be
implemented in case of
generic account usage to
be continued.
RID-50 PC/QC/STB-3 System doesn’t have Malware can steal the data Update the system with Licensed
RID-51 PC/QC/GC-1 System is not The system may not work System should validate as per

Maathra Labs

System ID (Risk)

data integrity
RID-52 PC/QC/GC-1 Application People may have access to 1. Review the system
functionality.
RID-53 PC/QC/GC-1 One person mapped The same user can review 1. System should restrict the
with the multiple and approve his/her own user to review the self-
roles in the method it leads to data actions performed in User
role if possible.
application. integrity.
2. User should be trained to
ensure that review for
self-actions should not be
performed.

Maathra Labs

System ID (Risk)
RID-54 PC/QC/GC-1 Account lockout is The account lockout Windows should be configured
window level. unauthorized access or
account lockout
RID-55 PC/QC/GC-1 Session expire time Session expiry functionality Windows should be configured
not configured in ensures the system and data with the Session expire
RID-56 PC/QC/GC-1 Password policies Password policy helps to Windows should be configured

Maathra Labs

System ID (Risk)

RID-57 PC/QC/GC-1 System doesn’t have Malware can steal the data Update the system with licensed
licensed Anti-virus. and encrypt the data. Anti-virus

Maathra Labs

12.3. Residual Risk Review Phase
Note: This section will be updated once after risk mitigation implementation
Risk
Computer/System Risk Compliance
Risk ID Risk Mitigation Severity Probability Detectability Prioritization
ID status
Ranking (RPR)
RID-1 PC/QC/HPLC-3 System should be validated
as per intended purpose.
RID-2 PC/QC/HPLC-3 1. Review the system

privileges in the SOP
to ensure the
appropriate
usage.
2. Update the system
privileges as per the
SOP.
RID-3 PC/QC/HPLC-3 1. Review the Account
lockout policies in
SOP
2. Configure the
Account lockout
settings as per SOP.

Maathra Labs
Risk
ID status
Ranking (RPR)
RID-4 PC/QC/HPLC-3 1. Review the Session
account time policies
in SOP
2. Configure the
Session account time
settings as per SOP
RID-5 PC/QC/HPLC-3 1. Review the password

policies in SOP
2. Configure the
Password aging as
per SOP
RID-6 PC/QC/HPLC-3 Windows should be

configured with the account
lockout

configured with the Session
expire

Maathra Labs
Risk
ID status
Ranking (RPR)
configured with the password
policies
RID-9 PC/QC/HPLC-3 Update the system with

licensed Anti-virus.

as per intended purpose.

to ensure the
appropriate
usage.
SOP
lockout policies in
SOP
2. Configure the
Account lockout

Maathra Labs
Risk
ID status
Ranking (RPR)
settings as per SOP

in SOP
2. Configure the
settings as per SOP

policies in SOP
2. Configure the
Password aging as
per SOP
lockout

expire.

Maathra Labs
Risk
ID status
Ranking (RPR)
policies

licensed Anti-virus.

as per intended purpose

to ensure the
appropriate
usage.
SOP
lockout policies in
SOP
2. Configure the
Account lockout

Maathra Labs
Risk
ID status
Ranking (RPR)
settings as per SOP

in SOP
2. Configure the
settings as per SOP

policies in SOP
2. Configure the
Password aging as
per SOP

lockout

expire

Maathra Labs
Risk
ID status
Ranking (RPR)
policies

licensed Anti-virus


to ensure the
appropriate
usage.
SOP
lockout policies in
SOP
2. Configure the
Account lockout

Maathra Labs
Risk
ID status
Ranking (RPR)
settings as per SOP

in SOP
2. Configure the
settings as per SOP

policies in SOP
2. Configure the
Password aging as
per SOP

lockout
RID-34 PC/QC/HPLC-6 windows should be

expire

Maathra Labs
Risk
ID status
Ranking (RPR)
policies

licensed Anti-virus
RID-37 PC/QC/UV-2 System should be validated

RID-38 PC/QC/UV-2 1. Review the system

to ensure the
appropriate
usage.
SOP
RID-39 PC/QC/UV-2 1. Application vendor
to be consulted to
understand the
system audit trail
functionality.

Maathra Labs
Risk
ID status
Ranking (RPR)
2. Users will be trained
on the Audit trail
functionality
3. Manual controls such
as log books will be
implemented in
absence of system
audit trail
functionality.
RID-40 PC/QC/UV-2 Windows should be
lockout

expire

policies
RID-43 PC/QC/UV-2 Update the system with

Licensed Anti-virus

Maathra Labs
Risk
ID status
Ranking (RPR)
RID-44 PC/QC/STB-2 System should be Validate as
per intended purpose
RID-45 PC/QC/STB-2 1. Review the system

to ensure the
appropriate
usage.
SOP
RID-46 PC/QC/STB-2 1. Windows should
allow the users to
access with the roles
and responsibilities.
2. Application vendor
to be consulted to
verify the provision
of individual logins
for the system.
3. System must be
upgraded or manual
controls will be

Maathra Labs
Risk
ID status
Ranking (RPR)
implemented in case
of generic account
usage to be
continued.
RID-47 PC/QC/STB-2 Update the system with
Licensed Anti-virus
RID-48 PC/QC/STB-3 System should validate as per

intended purpose
RID-49 PC/QC/STB-3 1. Windows should

allow the users to
access with the
roles and
responsibilities.
2. Application
vendor to be
consulted to
verify the
provision of
individual logins
for the system.
3. System must be
upgraded or
manual controls

Maathra Labs
Risk
ID status
Ranking (RPR)
will be
implemented in
case of generic
account usage to
be continued.
RID-50 PC/QC/STB-3 Update the system with
Licensed Anti-virus
RID-51 PC/QC/GC-1 System should validate as per

intended purpose
RID-52 PC/QC/GC-1 1. Review the

system privileges
in the SOP to
ensure the
appropriate
privileges and
groups were
assigned as per
usage.
2. Update the
system privileges
as per the SOP

Maathra Labs
Risk
ID status
Ranking (RPR)
RID-53 PC/QC/GC-1 1. System should
restrict the user to
review the self-
actions performed in
User role if possible.
2. User should be
trained to ensure that
review for self-
actions should not be
performed.
RID-54 PC/QC/GC-1 Windows should be
lockout

expire

policies

Maathra Labs
Risk
ID status
Ranking (RPR)
RID-57 PC/QC/GC-1 Update the system with
licensed Anti-virus

Maathra Labs

13. Document Post-Approval
Signing of this approval page of this document indicates agreement with the methodology and implementation approach.
If any modifications to the procedure become necessary, an addendum shall be prepared and approved.
Prepared by:
Checked/Reviewed by:
Approved by:

Page Last RA

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Page Last RA

Uploaded by

Copyright:

Available Formats

Maathra Labs

Kurmannapalem, Visakhapatnam, Andhra Pradesh 530046

Document Name: Risk Assessment Document for Computerized System

Name of the Activity Risk Assessment for Computerized System

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

S.No. Name Designation Signature Date

1. Usha Rani Mekala Team Member - CSV

S.No. Name Designation Signature Date

S.No. Name Designation Signature Date

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

1. Document revision history .........................................................................................4

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

1. Document revision history

00 Usha Rani CSV team Initial Version

S.No. Computer/System ID Software Name & Version Instrument Name

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

SLPL Sainor Laboratories Private Limited

5. Instructions for performing software risk assessment

 Identification of risk scenarios

6. Risk Management team

Core Team Members: Signature and Date

Usha Rani - ValSquare

Srilatha Bandla - ValSquare

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

7. Risk identification procedure:

S.No. Computer/System Software Name & Checklist Number Approved date

8. Risk Assessment Procedure

Severity Criteria for Evaluation

Low Low (L): No effect/Impact for patients. Insignificant impact on data

8.2. Probability of Failure (Likelihood)

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

Occurrence Failure Rates

8.3. Risk Class

Detection Criteria for Evaluation

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

9. Risk Priority Evaluation

1 High High Medium

2 High Medium Low

3 Medium Low Low

10. Risk mitigation methodology:

Risk Priority Mitigation strategy

Medium/High Mitigations actions will be implemented and system usage will be

11. Residual Risk Review after implementation

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

Protocol Number: SLPL/CSV/RA/001 Revision Number: 00 Page 9 of 73

12. Risk Management

RID-2 PC/QC/HPLC-3 Application People may have M M L Medium Required

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

Protocol Number: SLPL/CSV/RA/001 Revision Number: 00 Page 10 of 73

RID-3 PC/QC/HPLC-3 Account lockout The account lockout H H L High Required

Users can’t access the

Format Number: ML/SOP/001/F02

Document Name: Risk Assessment Document for Computerized System

Protocol Number: SLPL/CSV/RA/001 Revision Number: 00 Page 11 of 73