Risk Assessment and Risk Management

Regulated companies are subjected to various regulations, guidelines and quality standards. The GxP guidelines (established by the United States Food and Drug Administration (FDA) and used around the world) are designed to ensure that products are safe, meet their intended use and adhere to quality processes during development, manufacturing, control, storage and distribution.

The GAMP (Good Automated Manufacturing Practice) guidance document is a risk-based approach to compliant GxP computerized systems and offers guidance to align with regulatory requirements.

The GAMP©5 guidelines state that “quality risk management is a systematic process for the assessment, control, communication, and review of risks to patient safety, product quality, and data integrity” (GAMP 5, A Risk-Based Approach to Compliant GxP Computerized Systems. Page 105, Appendix M3.)

During all phases of a system life cycle an initial risk assessment is the first step in quality risk management to identify Critical Quality Attributes (CQA’s) and Critical Process Parameters (CPP’s).

Critical Quality Attributes (CQA) can be chemical, physical, biological and microbiological attributes that can be defined, measured, and continually monitored to ensure final product outputs remain within acceptable quality limits.

Critical Process Parameters (CPP) are key variables affecting production processes. CPPs are attributes that are monitored to detect deviations in standardized production operations and product output quality or changes in Critical Quality Attributes.

Environmental Monitoring Systems are put in place to monitor critical environmental parameters (but not limited to only critical parameters).


1) Stand-alone data logger:
A data logger such as the TL-1D, can help meet the various requirements. However, a stand-alone data logger can potentially generate higher risks than a continuous monitoring system for several reasons including;

  • Human interaction required (data extraction).
  • Device settings are not directly visible.
  • Low data security (eg. loss or damage to the logger)
  • No real time alarming, alarms are shown only after they have occurred.
  • No real time battery level monitoring.

2) Building Management System (BMS):
A building management system or building automation system is a computer-based system that controls and monitors the buildings mechanical and electrical equipment such as ventilation, lighting, HVAC, power systems, and fire and security systems. It is possible to use the same hardware used within the BMS for the EMS requirements. Some BMS systems are also FDA CFR 21 Part 11/EU Annex 11 compliant and can be used as an environmental monitoring system for regulated industries.

Using a BMS system may help reduce the costs (only one measurement device, one software), however validating a BMS is more complicated and time consuming than validating an EMS and certain risks still exist:

  • The measurement device is at the same time controlling and monitoring
  • Using only one measurement device:
  • No redundancy (if the device fails there is no backup).
  • No assurance on the accuracy (with two devices, it is always possible to cross check).
  • BMS software systems are designed for control and not monitoring.
  • BMS interface is designed for control engineers not quality personnel.

3) Environmental Monitoring System (EMS):
An Environmental Monitoring System, as its name says, is a tool for monitoring the environmental parameters. The Rotronic Monitoring System is a GAMP©5 category 4 software (configurable software package) combined with category 1 hardware (standard hardware components) designed ground up for GxP applications. RMS helps users monitor their GxP compliant applications, looking into the critical quality attributes and monitoring critical process parameters, helping focus on patient safety, product quality and data integrity and compliant to EudraLex Annex 11 and FDA 21 CFR Part 11.

In order to carry out the best initial risk management, Rotronic deliver within the GxP documentation package, not only all of the IQ/OQ and PQ documentation, but also the Rotronic Monitoring System Risk Assessment carried out based upon the Rotronic knowledge of the Rotronic Monitoring System.