Risk analysis documentation

Approximately 70% of evaluated companies store a dangerous substance classified as toxic or highly toxic. In approximately 25% of evaluated companies, the toxic substances are treated in such an amoimt and in such a physical form (gas, liquefied gas and highly volatile hquid) to be considered as possible threat for human health in the vicinity of the evaluated source of risk. Figure 2 shows the percentage occurrence of the use of individual software and methods in which acute toxicity limits are used. The versions of modeling software were not distinguished in the evaluation, because they were not always stated in risk analysis documents. The most often used software include TEREX (T-Soft 2000), SAVE II, ROZEX (TLP 2001), EFFECTS (TNO 2003), ALOHA (US ERA 2007) and CEI method (AIChE 1994). 

Risk management is formally carried out in all phases of an approved project. Review of the concept definition document includes analysis of clinical risks, both derived from functionality and from technology. As soon as concept definition phase has been concluded, a risk analysis document is drafted. 

Hazard and risk analysis documentation (What Its [Table 3], HAZOP [Table 4])... 

This directory contains the USEPA Pesticide and Industrial Chemical Risk Analysis and Hazard Assessment system. Documentation for PIRANHA is contained in a MANUALS subdirectory enter PIRANHA C where C is a hard disk to receive the output files to run the sy stem. For efficient operation of PIRANHA, transfer the files from the CD-ROM to your hard disk, (it requires 28 MB). Data files are accessed from the CD-ROM when running PIRANHA. 

System description is tlie compilation of tlie process/plant information needed for tlie risk analysis. For e. ample, site locations, environs, weatlier data, process flow diagrams (PFDs), piping an instnmientation diagrams (P IDs), layout drawings, operating and maintenance procedures, technology documentation, process chemistry, and tliermophysical property data may be required. 

To those already familiar with hazard/risk analysis methods, a "PHA" designates a Preliminary Hazard Analysis. Unfortunately, the PSM Rule uses these same letters to designate Process Hazard Analysis. In this document, PrHA will designate Process Hazard Analysis to avoid confusion with Preliminary Hazard Analysis. Note that other literature may be confusing on this issue. 

Most hydrocarbon facility process areas and high volume storage areas have standardized on a minimum supply or availability of four hours of firewater for the WCCE. The performance of risk analysis may reveal the level of fire water protection may be more or less than this requirement. Once a detailed design is completed on a facility or if a verification of existing water demands is needed, a simple tabular calculation of firewater requirements can be made. This table can be used to document spray density requirements, duration levels, code requirements and other features. Table 23 provides and example of arrangement to document such information. 

Fault tree analysis (FTA) and event tree analysis (ETA) are the methods most commonly applied quantitatively. Since they only address the likelihood of undesired events, these methods are often combined with consequence severity calculations in a quantitative risk analysis, as described by CCPS (1999b). Layer of protection analysis (LOPA) uses a semiquantitative, order-of-magnitude approach. It is documented with worked examples in CCPS (2001b). 

Levels of NOx emissions in relation to Clean Air Act ambient standards and the risk-based alternative acute emissions guidance levels from Volume I of the Hazardous Waste Combustion Risk Analysis Guidance Document (EPA, 1998). This will address NOx as potentially convertible to nitric acid. 

Risk assessment starts with risk identification, a systematic use of available information to identify hazards (i.e., events or other conditions that have the potential to cause harm). Information can be from a variety of sources including stakeholders, historical data, information from the literature, and mathematical or scientific analyses. Risk analysis is then conducted to estimate the degree of risk associated with the identified hazards. This is estimated based on the likelihood of occurrence and resultant severity of harm. In some risk management tools, the ability to detect the hazard may also be considered. If the hazard is readily detectable, this may be considered a factor in the overall risk assessment. Risk evaluation determines if the risk is acceptable based on specified criteria. In a quality system environment, criteria would include impact on the overall performance of the quality system and the quality attributes of the finished product. The value of the risk assessment depends on how robust the data used in the assessment process is judged to be. The risk assessment process should take into account assumptions and reasonable sources of uncertainty. Risk assessment activities should be documented. 

Design qualification is more common in Europe than in the United States. There is no legal requirement to perform a DQ. Sometimes this phase may not be called DQ, but may instead be referred to as design review, design assessment, and so on. The intention is important in this phase. The goal is to perform something similar to a risk analysis and to check the design documents of a technical system to ensure that they fulfill the user requirements. For this reason a risk analysis—not yet commonly known in all companies—should be used. 

The results of any risk analysis should be well documented as they become the key input into the qualification and validation process. They are the basis for defining tests in the IQ, OQ, and PQ phases. It is often impossible to say prior to a risk analysis what steps of qualification need to be performed. It depends on the risks and measurements defined during the risk analysis. Equally important, this procedure increases the efficiency of the qualification process. In the past, the decision on which qualification tests to perform was outlined by writing qualification protocols. These usually prompted long and expensive discus-... 

The decision as to which system needs to be qualified should result directly from the risk analysis process and should be described in the VMP or QMP. In any case, it would be a technical system that impacts on the quality of a pharmaceutical product. Installation qualification aims to check documentation against reality. The result is as-built documentation. The other task in the IQ is to ensure that the GMP requirements are fulfilled. The generally accepted way to perform an IQ is to... 

Preparation of standard procedures Document review Validation glossary Critical parameter assessment GMP criticality and risk analysis Process validation methodology Computerized system validation Preparation of validation plans Preparation of project and quality plans Manufacturing data specification... 

Written procedures shall define how the system will be used and controlled, and periodic review of these procedures and the validation documentation status must be carried out. The periodic review procedure should define responsibilities and should include predetermined criteria for reporting that computer system validation is being satisfactorily maintained in alignment with the project validation plan. A GMP risk assessment should form part of each periodic review to reconfirm (or not) the findings of the previous risk analysis and provide information for any revalidation that is considered necessary. 

Thus, the risk analysis must be well prepared, meaning that the scope of the analysis must be clearly defined data must be available and evaluated, to define the safe process conditions and the critical limits. Then, and only then, the systematic search for process deviations from the safe conditions can be started. The identified deviations lead to the definition of scenarios, which can be assessed in terms of severity and probability of occurrence. This work can advantageously be summarized in a risk profile, enhancing the major risks that are beyond the accepted limits. For these risks, reduction measures can then be defined. The residual risk, that is, the risk remaining after implementation of the measures, can be assessed as before and documented in a residual risk profile showing the progress of the analysis and the risk improvement. These steps are reviewed in the next sections. 

Once the safety data have been collected and documented, they must be evaluated with regard to the process conditions in terms of their significance for process safety. With the interpretation of the safety data, the process conditions that provide safe operation and the limits that should not be surpassed become clear. This defines the critical limits of the process, which are at the root of the search for deviations in the next step of the risk analysis. 

Gather the requirements for the systems including functional (e.g. operational checks) requirements, nonfunctional (e.g., coding standards) requirements, users, company-wide regulatory compliance (e.g., Part 11 technical control), safety, process, and other applicable requirements Characterize information, assess its value to the organization, and incorporate information quality as part of the project plan Conduct a system (hardware, software, and process) risk analysis. New requirements may be found as the result of the risk analysis. Any new requirements must be documented in the requirements specification deliverable... 

Perform and document a traceability analysis between the requirements specification deliverable and system specification deliverable Specify Part 11 technical controls Prepare and approve system specification deliverable Revisit the risk analysis and the criticality and complexity assessments based on the system specification deliverable Review validation plan based on the system specification deliverable Approved validation plan... 

Risk is defined as the probability of an undesirable event occurring and the impact of that event if it does occur. The result of this analysis will influence the degree to which the system development, implementation, and maintenance activities are performed and documented. By evaluating the system risk analysis, the system owner may uncover potential problems, which can be avoided during the development process. The chances of a successful, if not perfect, system implementation are improved. 

The results of the risk analysis review must be documented. To adequately analyze the risks, a comprehensive requirements specification deliverable is required. The best time to perform an initial risk analysis is immediately after the project team has completed the review of the requirements specification deliverable. The review of the solutions agreed upon and implemented as a result of the risk analysis should be performed during a technical design review. 

The software test strategy and detailed test scripts (protocol) are reviewed and approved by the Project Team. This review will verify that the test cases will stress the program interfaces, challenge the data boundaries and limits, and verily that the test cases are traceable to the appropriate clauses in the requirements specification deliverable. The review also verifies that the test cases adequately cover the risks identified in the Risk Analysis. The unit/ integration test results are documented by the programmer, and reviewed, approved, signed, and dated by QA. 

The SLS or DH reviews the risk analysis to assure complete evaluation of the change and identification of potential hazards. He uses the analysis results and documentation to determine if further analysis indicates there is a need for consultation with specialists or to make a Go/No Go decision to proceed with making the change. He records whether the change is approved or denied by checking the appropriate box on fine 7, signs and dates the form. 

---