During the Planning step Risk Assessments are used to determine the validation approach. The Initial Risk Assessment should indicate the Risk Class of the system: High, Medium or Low. Together with the type of system (standard, configurable, custom made) the validation approach can be defined. The ISPE GAMP Good Practice Guide "Validation of Process Control Systems" shows the required actions in detail.
In the Planning step, based on the System Risk, decisions can be made about:
- Validation approach
- Documents that can be combined
- Governance
- Leveraging of existing documents
- Leveraging of supplier inputs
- Audits and assessments
- Testing approach
Regulators expect that Risk assessment is done in relation to Patient Risk, Product Quality and Data Integrity, but the same technique may be used to manage risks on project, business, health, safety and environment requirements.