Integrated Risk Management with GAMP 5 â manage ... - we.CONECT

More documents

Recommendations

Info

Integrated Risk Management / July 2012 Instead of specifying and monitoring controls for each individual compliance requirement, the controls are summarised in a unified system. The challenges of an integrated risk management system such as this are that the context and timing of the requirements are not uniform, e.g. the SOX controls are reviewed at a different time and possibly by other organisational units to the GxP requirements. The integrated approach requires a certain degree of abstraction of the controls to make them applicable to all compliance frameworks. These necessary abstractions can lead to various interpretations by the different organisational units within the business. On the other hand, the integrated approach allows for a unified business-wide basis for the controls, and thus a significant reduction in costs. Concurrently, this enables the comparability of results across organisational and system boundaries and achieves the necessary transparency. In practice, we first specify the controls for the various frameworks and unify those controls that occur in several frameworks. The specification and application of a change process, for example, can be expected in all frameworks (GxP, SOX etc.). Tool Support In order to manage the controls efficiently, Microsoft Excel is available as a tool for the simplest cases. Excel is ideal for organisations that only need to assess a few applications for compliance. As soon as one has to manage a larger number of applications, or wants to consolidate multi-organisational results, using Excel becomes extremely time-consuming and/or no longer feasible. Database applications specialising in risk & compliance management represent an alternative to Excel. These provide an advantage over Excel, in that the entire risk management work flow is displayed in an integrated tool: • specification of the assessments and controls • implementation of the assessments and evaluation of the controls • identification of compliance deviations • assessment of the risks • management and monitoring of risk mitigation measures www.hgp.ag © 2012 HGP AG, CH-Basel, All rights reserved Page 4 of 6
Integrated Risk Management / July 2012 Another advantage is that the relevant reports and management dashboards are integrated and do not have to be painstakingly pulled together from numerous Excel spreadsheets: Figure 4: Risk management tool dashboard (RicoLution) If one carries out the assessments on an annual basis (keyword Periodic Review, GAMP 5 Appendix 08), a tool allows access to the history of all previous assessments. This means that trends can be quickly recognised and potential for improvement easily identified. This would not be possible in this way with Excel. The applied compliance framework generally has a wide range of uses combined with these tools, meaning they are not limited to the compliance and risk management system for IT systems and can, for example, also be used for managing GMP compliance and risks. Conclusion When it comes to numerous processes and IT applications, the ‘classic’ approach to managing risks and compliance becomes extremely expensive or even impossible. Integrated risk management is a solution for meeting the compliance requirements of businesses with complex organisational structures and numerous IT applications. The use of suitable tools provides the view from above and the necessary transparency, as well as efficient management of the controls and compliance assessments – even in a multi-organisational context. www.hgp.ag © 2012 HGP AG, CH-Basel, All rights reserved Page 5 of 6
Page 1 and 2: Integrated Risk Management / July 2
Page 3: Integrated Risk Management / July 2

Integrated Risk Management with GAMP 5 â manage ... - we.CONECT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

Integrated Risk Management with GAMP 5 â manage ... - we.CONECT