RA-001: GxP Risk Assessment¶

1. Risk Classification Method¶

Impact on patient safety, product quality, or data integrity.

Level	Description	Examples
Critical	Direct patient safety impact or irreversible data integrity loss	CRC corruption undetected, UID collision
High	Product quality impact, significant data integrity risk	Wrong parameter mapping, transaction partial commit
Medium	Operational efficiency impact, traceability gap	Process state error, incorrect statistics
Low	Convenience impact, non-critical functionality	Search not returning results, UI display issue

Likelihood of occurrence based on design complexity and external dependencies.

Level	Description
High	Likely to occur without mitigation (complex logic, external dependencies)
Medium	Could occur under certain conditions (concurrent access, edge cases)
Low	Unlikely due to design safeguards (validated patterns, automated checks)

Ability to detect the issue through testing, monitoring, or audit trails.

Level	Description
High	Easily detected by automated tests, monitoring, or CRC verification
Medium	Detectable through manual review or specific test scenarios
Low	Difficult to detect; may require specialized analysis

Risk Class	Criteria	Testing Approach (FDA CSA)
Critical	Severity=Critical, any Probability	Scripted tests, full traceability, formal review
High	Severity=High + Probability>=Medium, or Detectability=Low	Scripted tests with traceability
Medium	Severity=Medium or Severity=High+Probability=Low	Documented automated tests
Low	Severity=Low, Detectability=High	Automated test suite as evidence

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-DAT-001.1	ALCOA+ record structure	Critical	Low	High	Critical	Schema enforcement, EF Core configuration, column pattern CC-05
URS-DAT-001.2	CRC integrity verification	Critical	Low	High	Critical	Two-phase insert pattern (ADR-003), CrcService unit tests
URS-DAT-001.3	Changelog audit trail	High	Low	High	Medium	Separate changelogs database, 44 tables, append-only pattern
URS-DAT-001.4	Transaction atomicity	High	Medium	High	High	Unit of Work pattern, cross-database transaction coordination

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-MFG-001.1	Create manufacturing process	Medium	Low	High	Low	AUTO_INCREMENT UID, domain validation
URS-MFG-001.2	Process state transitions	High	Low	High	Medium	Domain entity state machine, domain events
URS-MFG-001.3	Query manufacturing processes	Low	Low	High	Low	Standard LINQ queries, integration tests
URS-MFG-001.4	Delete manufacturing process	Medium	Low	High	Low	Simple delete operation, existence check

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-PRD-001.1	Product CRUD	Medium	Low	High	Low	Standard repository pattern, CRC
URS-PRD-001.2	Version management	High	Low	High	Medium	Domain validation, release flag integrity
URS-PRD-001.3	Product/version search	Low	Low	High	Low	LINQ queries, integration tests
URS-PRD-001.4	Bulk operations	Medium	Medium	High	Medium	Transaction wrapping, atomic operations
URS-PRD-001.5	Cascading delete	High	Medium	Medium	High	Unit of Work, multi-repository coordination, integration tests

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-QUA-001.1	Record measurements	High	Low	High	Medium	Type-safe measurement records, domain validation
URS-QUA-001.2	Current message management	Low	Low	High	Low	Simple queue operations
URS-QUA-001.3	Message archiving	Medium	Low	High	Low	Append-only archive pattern
URS-QUA-001.4	Process statistics	Low	Low	High	Low	Calculated from source data, verifiable
URS-QUA-001.5	Real-time notifications	Low	Medium	Medium	Low	System.Reactive pub/sub, non-critical

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-ROB-001.1	Store master data	Medium	Low	High	Low	Standard repository, CRC
URS-ROB-001.2	Store position data	Medium	Low	High	Low	Standard repository, CRC
URS-ROB-001.3	Calculate positions	High	Medium	Medium	High	Unit tests for coordinate math, deterministic calculation
URS-ROB-001.4	Master teach	High	Medium	Medium	High	16-parameter validation, CRC on result

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-WPC-001.1	Create WPC	Medium	Low	High	Low	AUTO_INCREMENT, CRC, RFID storage
URS-WPC-001.2	Query WPCs	Low	Low	High	Low	Standard queries
URS-WPC-001.3	Update/delete WPCs	Low	Low	High	Low	Simple operations

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-PAR-001.1	Setup CRUD	Medium	Low	High	Low	Generic repository pattern (ADR-007)
URS-PAR-001.2	Mapping CRUD	Medium	Low	High	Low	Generic repository pattern
URS-PAR-001.3	15+ parameter types	Medium	Low	High	Medium	Generic base class, per-type tests
URS-PAR-001.4	Cascading delete	High	Medium	Medium	High	Unit of Work, integration tests
URS-PAR-001.5	Retrieve all mappings	Low	Low	High	Low	Parallel queries, performance benchmark

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-SYS-001.1	System variables	Low	Low	High	Low	Simple key-value store
URS-SYS-001.2	Version history	Low	Low	High	Low	Append-only records
URS-SYS-001.3	Health check	Low	Low	High	Low	Connectivity tests per database
URS-SYS-001.4	Automated CI pipeline	Low	Low	High	Low	Infrastructure-only (GitHub Actions workflows); no application code modified. Build/test failures are immediately visible. Published artifacts are identical to manual publish.

URS ID	Requirement	Severity	Probability	Detectability	Risk Class	Mitigation
URS-INT-001.1	REST API	Medium	Low	High	Low	OpenAPI docs, 273 integration tests
URS-INT-001.2	OPC UA protocol	High	Medium	Medium	High	Security configuration, 59 integration tests
URS-INT-001.3	GraphQL API	Medium	Low	High	Low	HotChocolate framework, integration tests
URS-INT-001.4	Cross-protocol consistency	High	Low	High	Medium	Hexagonal architecture (all protocols share handlers)
URS-INT-001.5	Container-based deployment	Low	Low	High	Low	Infrastructure-only change; no application code modified. Health checks verify connectivity. Docker Compose dependency ordering ensures DB available before APIs.
URS-INT-001.6	Native Windows Service deployment	Low	Low	High	Low	Infrastructure-only change; no application code modified. Unified host shares same Application layer handlers. Self-contained publish eliminates runtime dependency. Windows Service auto-restart on failure. Health check verifies all APIs after start.

Risk Class	Count	URS IDs
Critical	2	URS-DAT-001.1, URS-DAT-001.2
High	6	URS-DAT-001.4, URS-PRD-001.5, URS-ROB-001.3, URS-ROB-001.4, URS-PAR-001.4, URS-INT-001.2
Medium	8	URS-DAT-001.3, URS-MFG-001.2, URS-PRD-001.2, URS-PRD-001.4, URS-QUA-001.1, URS-PAR-001.3, URS-INT-001.4
Low	23	All remaining requirements

Critical (2 items): Full scripted test protocols with formal review. CRC and ALCOA+ compliance must be verified with documented evidence.
High (6 items): Scripted test cases with traceability. Each requires specific integration tests demonstrating correct behavior.
Medium (8 items): Covered by automated test suite. Test names should be traceable to URS via RTM.
Low (23 items): Automated test suite execution as qualification evidence. No additional scripted tests needed.

arc42 Risk	Related URS	GAMP5 Risk Class
R1: Cross-database transaction failure	URS-DAT-001.4	High
R2: OPC UA security vulnerabilities	URS-INT-001.2	High
R3: Database performance degradation	URS-QUA-001.4, PQ-001	Medium
R4: EF Core N+1 query issues	URS-PAR-001.5	Low
R5: Single point of failure	URS-SYS-001.3	Low