好,你说审核就审核!
7. No meaningful risk reviews, or “once and we’re done”
Many QRM models include a recurring loop for review and monitoring; often, however, this step is disregarded.16 When reviewing a risk assessment, the assumptions, decisions, and actions made in the original risk assessment can be compared to the current situation. Ongoing monitoring activities are also important, as they can identify situations or changes that could affect the original risk assessment and the decisions made. Companies often ask “How frequently should risk-review exercises be performed?” The answer depends on various factors, including, as Q9 (1, p. 5) states, “the level of risk that was originally determined in the risk assessment.” Other useful factors to consider are: - How much new knowledge and experience has been gained with the process of concern?
- How much uncertainty was associated with the probability estimates and with the identification of failure modes last time?
- How much has the process changed since the original risk assessment was performed?
Some risk reviews may be coupled with annual product reviews (APRs). We think this is a useful strategy and one that can make best use of the extensive data compiled for APRs. It can also be useful if clear risk-review instructions are prescribed in the risk team report (e.g., “Please review the effectiveness of the detection control for Failure Mode 5, as we relied on that control a lot when assigning the low risk rating there”). Doing this recognizes that the risk team members will usually have good insight into any problems and assumptions that arose, and they should be familiar with how dynamic (or static) the situation was, and is. Regardless of when the risk reviews are performed, it is important that reviewers have access to the original risk team’s key recommendations; these should be documented, together with information on the rationales behind key risk ratings. If there were significant uncertainty in a likelihood-of-occurrence estimate during the original risk-assessment exercise, for example, the team should document the need to reexamine this more carefully during the review exercise, taking into account certain types of information that should, by then, be available to better inform that estimate. | 
|手机版|蒲公英|ouryao|蒲公英
( 京ICP备14042168号-1 ) 增值电信业务经营许可证编号:京B2-20243455 互联网药品信息服务资格证书编号:(京)-非经营性-2024-0033
发表于 2016-12-26 21:04:50
置顶卡
变色卡
楼主
