In Functional Risk Assessments the FMEA method is used throughout.
The assessment starts with a list of requirements, derived from the User Requirements Specification (URS). For each requirement is defined if the requirement is Critical in relation to GMP and a risk scenario is defined. The Risk Assessment team determines the Severity, Probability and Detectability of the risk. Together with the tables below the Risk priority is calculated for each requirement.
After the assessments the risks must be managed:
- reduce High priority risks to Medium priority risks
- reduce Medium priority risks to Low priority risks when possible
- accept the remaining risks
Requirements for a lean Risk Assessment process:
- Define SMART criteria for High, Medium and Low classifications
- Limit an assessment session to 4 hours
- Use an independent session leader to monitor the process
- Define a team with experts of different aspects (quality, automation, business, operation, process)
- Define a team of 5 to 8 people
- Do not start re-engineering
- Re-use results from previous sessions