Home | Contact Us | Newsletter | Usersclub | Books | Audio Seminars

Best Practices: Effective Risk Assessment and Management

The Most Important Documents: Master Plan and SOP



Risk Management

  • Saves time and increases confidence for inspections
  • Useful for FDA's new 21st Century CGMP initiative
  • Framework and starting point for individual risk management project plans
  • With example SOP: Risk assessment for 21 CFR Part 11
  • Includes forms and checklists for quick start and implementation
  • Includes extensive examples for possible hazards, potential harms and control activities for computer systems, network infrastructure, legacy systems and macro&spreadsheet applications


Justified and Documented Risk Assessment is a Prerequisite for Successful GxP Inspections


Regulatory agencies (e.g. US FDA) focus during inspections on high risk systems. Inspectors want to know your approach towards risk assessment and control. For example, extent of validation and implementation of part 11 requirements should be based on 'justified and documented' risk assessments. Risk management is relatively new to most professionals. Guidance is needed to make this most efficient. A risk management master plan is the ideal tool that makes risk management and assessment for individual projects most effective. It is the single most important risk document to improve

  • consistency of risk management throughout your organization
  • optimization of risks vs. costs
  • efficiency in your organization through reuse of templates
  • confidence for inspections of computer based systems

A risk management master plan is also the basis for individual risk management project plans.

This model master plan written by Dr. Ludwig Huber is both concise and comprehensive. Whether you use it as it is or as a template for customization: it saves time and increases confidence for inspections.


1. Scope

2. Introduction

3. Responsibilities

  • Lab/production operations
  • Plant safety/maintenance/engineering
  • Information Services (IS)
  • Quality Assurance (QA)
  • Laboratory management
  • Validation team
  • Consultants
  • Vendors
  • System owner

4. Related documents

5. Products/processes to be validated and/or qualified

6. Risk management approach

7. Definition and examples for severity and probability for health/safety and business risks

8. High level risk assessment for part 11

9. Detailed steps for risk management

  • Risk management plan
  • Risk analysis
  • Risk evaluation and assessment
  • Risk mitigation
  • Ongoing monitoring and re-evaluation
  • Documentation

10. Risk Management for Computer Systems

  • Risk management plan
  • Risk analysis
  • Risk evaluation and assessment
  • Risk mitigation
  • Ongoing monitoring and re-evaluation
  • Documentation

11. Risk Management for Networked Systems

12. Risk Management for Existing/Legacy Systems

13. Risk Management for Macros& Spreadsheets

  • Risk management plan
  • Risk analysis
  • Risk evaluation and assessment
  • Risk mitigation
  • Ongoing monitoring and re-evaluation
  • Documentation

14. Documentation maintenance

15. Glossary

Appendix A.

  • Forms
  • Checklists
  • Examples for hazards/harms and control activities for
    - computer systems (home made + COTS)
    - network infrastructure
    - macro&spreadsheet applications
    - legacy systems

Also included

SOP: Risk Assessment for Systems Used in GxP Environments

  • Purpose/Scope
  • Responsibilities
  • Procedure
  • Initial assessment
  • Risk categories
  • On-going review/update
  • Records
  • Related documents
  • Glossary
  • Templates
  • Examples

Target Audience

  • Operational/Lab managers and personnel
  • IT managers and personnel
  • QA managers and personnel
  • Analytical scientists
  • Validation specialists
  • Consultants
  • Vendors
  • Teachers


  • Format: Electronic PDF, MS Word also available on request
  • Size: 54 Pages master plan, 8 pages SOP
  • Price: US$ 129.-
  • VAT will be added for EU countries.
  • Availability: Worldwide, shipment within one working day
  • Ordering: (SSL secured, recommended for payment by credit card)
    - Electronically from this this web site (SSL secured)
    - Regular mail or fax using the form in PDF or MS Word format

The author

Picture - Ludwig Huber

The author, Dr. Ludwig Huber, is an international expert on validation and compliance in regulated industries and laboratories. He has been responsible for the compliance program at Hewlett Packard and Agilent Technologies for more than fifteen years. He serves as a consultant for the industry and regulatory agencies on local and international compliance issues. He has been a member of the US PDA task force on 21 CFR Part11 and of the GAMP Special Interest Group for Laboratory Computer Systems. He is also on the advisory board for the European Compliance Academy and is a member of IVT task force on network qualification. Several of his previous books have been bestsellers and several times he has been ranked as number one presenter at various international conferences. For publications, presentations and other achievements, click here