| Field | Value |
|---|---|
| Effective Date | 3/1/2026 |
| Status | Implemented |
| Document ID | QC-CHG-002 |
| Version | v1.0 |
| Owner | Quality Unit (QU) |
| Approver | Quality Unit Director |
| Controlled System of Record | GitHub |
| Change Control | QMS-1343 |
| Last Review Due | 03/01/2026 |
| Next Review Due | 03/01/2027 |
This specification defines the standardized acceptance criteria, methodology expectations, and authorization requirements for conducting Impact and Risk Assessments within QMS process families, including Deviation Management, Quality Events, CAPA Management, and Change Management.
This document does not establish a standalone workflow. Workflow initiation, process execution, escalation, and record control remain governed by the applicable QMS procedures. This specification defines objective assessment criteria and control boundaries only.
This specification mitigates the risk of unassessed, inadequately assessed, improperly classified, or unauthorized changes resulting in regulatory noncompliance under 21 CFR Part 111.
This specification operates within the Quality Management System (QMS) governance framework and supports the following process families administered under Quality Unit oversight:
Independent Quality Unit authorization authority is exercised through the applicable QMS workflow. This specification defines assessment acceptability and authorization expectations but does not replace governing SOP authority.
Applies to Impact and Risk Assessments conducted within QMS process records where GMP impact evaluation is required, including but not limited to materials, suppliers, processes, analytical methods, specifications, equipment, facilities, utilities, computerized systems, labeling, quality systems, and outsourced service providers.
Excludes purely administrative changes that demonstrably have no GMP impact.
| Attribute | Compliant State | Assessment Deficiency | Escalation Requirement | QMS Process Reference | QU Authorization Required? |
|---|---|---|---|---|---|
| Impact Identification | All applicable GMP domains evaluated with documented rationale | Required domains omitted or rationale unsupported | Escalate per governing SOP | Deviation / CAPA / Change Management | Yes |
| Risk Classification | Risk level documented and objectively justified | Unsupported or contradictory rationale | Escalate per governing SOP | Deviation / CAPA / Change Management | Yes |
| Mitigation (Medium/High Risk) | Mitigation defined and linked to control evidence prior to approval | Mitigation incomplete or not documented | Implementation prohibited until resolved | Change Management / CAPA | Yes |
| Assessment Completeness | All required elements completed and verified | Incomplete or ambiguous evaluation | Escalate per governing SOP | Deviation | Yes |
| Authorization | Required QU approval documented within governing workflow | Implementation prior to approval | Enter Deviation + Evaluate CAPA | Deviation / CAPA | Mandatory |
| Assessment Outcome | Required Action | Governing SOP | Record Location | QU Authorization |
|---|---|---|---|---|
| Low Risk; Complete Assessment | Proceed per Change Management SOP | Change Control SOP | Change Record | Yes |
| Medium/High Risk | Mitigation required prior to approval | Change Control / CAPA SOP | Process Record + Mitigation Evidence | Yes |
| Assessment Deficiency | Escalate per Deviation SOP prior to continuation | Deviation SOP | Deviation Record | Yes |
| Unauthorized Implementation | Enter Deviation and evaluate systemic failure | Deviation + CAPA SOP | Deviation + CAPA Record | Yes |
Changes to this specification require formal Change Control entry per the governing Change Control SOP and independent Quality Unit approval.