TABLE OF CONTENTS Risk assessment and risk management are emerging subjects within the context of computer validation. As such, this chapter covers the essence of risk management as applied to the validation of chromatography data systems.
In existence since 1992, Annex 11 Clause 227:
The extent of validation necessary will depend on a number of factors including the use to which the system is to be put, whether the validation is to be prospective or retrospective and whether or not novel elements are incorporated.
We recommend that you base your approach (to validate) on a justified and documented risk assessment.18
Section 6.129: How much validation is needed?
The extent of validation evidence needed for such software depends on the device manufacturer s documented intended use of that software.
For example, a device manufacturer who chooses not to use all the vendor-supplied capabilities of the software only needs to validate those functions that will be used and for which the device manufacturer is dependent upon the software results as part of production or the quality system.
However, high-risk applications should not be running in the same operating environment with non-validated software functions, even if those software functions are not used.
Risk-mitigation techniques such as memory partitioning or other approaches to resource protection may need to be considered when high-risk applications and lower risk applications are to be...
