Skip to main content

Life Sciences

How To Determine The Risk Level Of A Regulated IT System

In the previous post in this series, I discussed the process you can use to determine whether a particular IT system is regulated. That post described the first part of a four-part approach to assessing and mitigating risk with regulated IT systems. Today’s post will cover the second part – what to do once you know you’re dealing with a regulated system.

Part Two: System Risk Level

Once you’ve determined that a system is regulated, the next step is to determine that system’s risk level (SRL). You will need to divide systems into types, write a standard definition for each type, and assign each type a risk level (e.g., low, medium, high). The definitions should include a rationale for why you believe that system type involves more or less risk.

A system’s SRL is only assessed once, and it determines the degree of rigor needed to ensure that the system is implemented in a validated (i.e., proven to be trustworthy) state. The SRL is assigned to the system forever and is considered in the calculation each time a change is proposed to that system.

Up next? Part three: how to assess the risk of a proposed change to a regulated system. While you’re waiting for that post, check out The Ultimate Guide to 21 CFR Part 11.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Marin Richeson

Marin joined the life sciences industry in 2001. Over the course of her tenure, she has held roles in clinical finance, IT, quality assurance, and validation. The diversity of her experience provides her with a unique perspective on the interconnectedness of this complex, multi-faceted industry. Marin Richeson is a lead business consultant in Perficient's life sciences practice.

More from this Author

Follow Us