Risk assessment

The exercise of deciding what can go wrong, how badly, and how likely, so that effort lands where failure hurts.

In computerised system work, risk assessment is the planning instrument that decides test depth, review frequency and control strength. Done early, it shapes the whole validation; done after the fact, it is a template justifying decisions already made, which inspectors can usually tell.

The useful question order is impact first: what does this function do to patient safety, product quality or data integrity if it fails? Probability and detectability refine the answer, but impact decides whether the conversation matters at all.

Related terms

CSA GAMP 5 CSV

Go deeper

All CSV

CSV/Jun 2, 2026/8 min

CSA is not the end of CSV. It is CSV finally done right.

FDA's Computer Software Assurance guidance was read by half the industry as permission to stop validating. The other half read it correctly.

CSV/May 21, 2026/7 min

The GAMP 5 software categories, explained like a human

Category 3, 4 or 5 decides how much validation work you are signing up for. Here is how to call it correctly, with a tool that does the asking.