Scoring Model
Risks are scored using a 1–5 scale for Probability (P) and Impact (I). Inherent risk reflects the pre-mitigation exposure. Residual risk reflects expected exposure after mitigation and controls. Scores are reviewed on cadence and escalated through Steering if residual exposure remains high.
| Measure | Scale | Examples (Context) |
|---|---|---|
| Probability (P) | 1–5 | Rare (1) → Almost Certain (5) |
| Impact (I) | 1–5 | Minimal (1) → Critical (5) across compliance, schedule, cost, supply continuity |
| Score | P × I (1–25) | Used for prioritisation and governance intensity |
| RAG | Thresholds | Green 1–6 · Amber 7–12 · Red 13–25 |
Risk Register
Tip: On mobile, scroll the table horizontally. The header is sticky (if you added the CSS enhancement), and the first columns are sticky on desktop for faster review.
| ID | Risk Statement | Category | Owner | P | I | Inherent | Mitigation / Controls | Trigger / Early Warning | Contingency | Residual | Residual RAG | Due / Review | Status |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| R1 | Vendor bioreactor FAT failure (weld integrity / surface finish) delays delivery and compresses installation & validation windows. | Supply Chain / Technical | Engineering Lead | 4 | 5 | 20 | Enhanced vendor quality plan, QA witness points, early doc review, contractual escalation and rework thresholds. | NCR trend, delayed FAT pack, repeated rework cycles, weld map deviations beyond tolerance. | Parallel rework approval route; resequence HVAC/automation work; preserve CQV critical path; alternate fabrication slot (pre-agreed). | 12 | Amber | Monthly until FAT complete | Active |
| R2 | Utilities load overcapacity (WFI / clean steam / HVAC) causes revalidation failure or unplanned scope increase. | Operational / Technical | Utilities Lead | 3 | 5 | 15 | Early load modelling (±5% margin), staged commissioning, validated boundary isolation plan, QA review of test acceptance criteria. | Capacity excursions, unstable pressure cascades, repeated alarms during SAT, HVAC balancing drift. | Temporary capacity solutions; controlled downtime windows; modular utility add-ons; scope switch approvals via CCB. | 9 | Amber | Biweekly during commissioning | Active |
| R3 | Cleanroom ISO classification fails at handover due to airflow patterns, leakage paths, particle counts or differential pressure instability. | Quality / Operational | Construction PM | 3 | 5 | 15 | Progressive room readiness checks, strict penetration control, smoke studies early, staged certification, contractor quality gates. | Rework on seals/penetrations, particle count excursions, airflow imbalance, cascade not holding during trials. | Extended balancing window, specialist commissioning support, temporary operating restrictions, controlled rework sprints. | 10 | Amber | Weekly during cleanroom completion | Active |
| R4 | EU GMP Annex 1 interpretation changes introduce additional contamination control requirements after design freeze. | Regulatory / Quality | QA Lead | 3 | 4 | 12 | Quality-led design checkpoints, CCS alignment workshops, maintain inspection file with rationale & traceability. | Emerging industry findings, HPRA feedback themes, CCS narrative gaps, audit observation trends. | Rapid gap remediation plan; targeted retrofit scope; pre-approved minor layout adjustments and SOP updates. | 6 | Green | Monthly until inspection | Active |
| R5 | CSV gaps (audit trails, access controls, Part 11 evidence) delay validation release for automation and batch records. | Quality / Digital | Automation Lead | 4 | 4 | 16 | Approved validation plan, supplier assessment, scripted OQ aligned to URS, security matrix and DI review gates. | Late requirements changes, missing vendor test packs, unresolved deviations, incomplete security roles. | Specialist CSV contractors; phased system release; temporary manual controls with QA; expedited deviation review. | 9 | Amber | Weekly during OQ/PQ | Active |
| R6 | Vendor documentation incomplete (MTRs, calibration certs, manuals) blocks IQ approval and delays CQV closeout. | Supply Chain / Quality | CQV Lead | 4 | 3 | 12 | Doc readiness tracker with due dates, enforce contractual deliverables, document review sprints with vendors. | Late doc pack, repeated review cycles, missing traceability to tags, incomplete as-built drawings. | Conditional IQ acceptance with defined closures; substitute evidence pathway; procurement escalation for leverage. | 8 | Amber | Weekly until IQ closeout | Active |
| R7 | Brownfield tie-in works impact live production (planned downtime overruns or contamination risk at interface points). | Operational | Site Ops Lead | 3 | 5 | 15 | Permit-to-work, isolation plans, QA oversight at interfaces, rehearsed cutover steps, shift-based execution windows. | Isolation gaps, access constraints, abnormal alarms in live utilities, near-miss incident reports. | Rollback plan with predefined stop points; buffer inventory; move tie-in to next approved window. | 6 | Green | Per tie-in window | Active |
| R8 | Environmental monitoring baseline shifts post-build drive OOS/OOT trends during PQ and ramp-up. | Quality | Microbiology Lead | 3 | 4 | 12 | Progressive EM mapping, cleaning validation tightening, routine trend reviews during PQ, targeted intervention minimisation. | Recurring excursion points, rising particle counts, increased interventions during media fills/simulations. | Targeted remediation (airflow, cleaning SOPs), extended EM studies, adjust operational controls with QA approval. | 8 | Amber | Weekly during PQ | Active |
| R9 | Data integrity gaps in controlled documents (versioning, sign-off traceability) weaken inspection readiness and governance confidence. | Quality / Compliance | Quality Systems Lead | 3 | 5 | 15 | Single source of truth repository, document readiness index, periodic internal audits, inspection file ownership. | Uncontrolled copies, missing approvals, conflicting versions, delayed doc reconciliation. | Remediation sprint; temporary freeze on issuing new docs until reconciled; structured back-capture and audit trail review. | 6 | Green | Biweekly until inspection | Active |
| R10 | Inspection booking changes or unexpected inspection scope expansion reduces available closure window before go-live. | Regulatory | Regulatory Liaison | 2 | 5 | 10 | Pre-inspection engagement cadence, readiness evidence packs, SME roster and audit room protocols confirmed early. | Changed inspector availability, additional requested evidence sets, increased pre-reads, new focus areas. | Rapid response documentation sprint; extend SME coverage; prioritise closure of critical systems first. | 6 | Green | Monthly until inspection | Active |
| R11 | Validation deviation volume increases during late-stage execution, creating approval bottlenecks and CQV rework. | Quality / Delivery | CQV Lead | 4 | 3 | 12 | Deviation triage, standard impact templates, weekly review cadence, clear closure ownership and due dates. | Backlog trend rising, repeated re-submissions, unclear impact ratings, late evidence uploads. | Increase review frequency; dedicate reviewers; “fast-track” low-risk deviations; temporary weekend review cadence. | 8 | Amber | Weekly during peak CQV | Active |
| R12 | CCB volume spikes during execution cause late design changes and schedule churn, impacting readiness gates. | Governance | PMO Lead | 4 | 3 | 12 | Change freeze windows, triage board, delegated approval tiers, standardised impact assessment for GMP/schedule/cost. | CCB backlog, unclear GMP impacts, repeated resubmissions, late change requests after design freeze. | Increase CCB cadence; temporary approval delegation; “fast lane” for low-risk changes; re-baseline with exec sign-off. | 6 | Green | Weekly during peak changes | Active |
| R13 | Commissioning completion slips due to contractor sequencing conflicts (HVAC / electrical / instrumentation) delaying IQ start. | Schedule / Delivery | Construction PM | 3 | 4 | 12 | Daily look-ahead planning, interface matrix, locked handover checklists, readiness gates per system. | High rework rates, missed handover criteria, incomplete punch lists, repeated access conflicts. | Deploy additional supervisors; restructure sequencing; weekend shifts; re-baseline handover dates with CQV priorities. | 8 | Amber | Weekly during commissioning | Active |
| R14 | Supply continuity buffer becomes insufficient if ramp-up is delayed, increasing customer allocation and service risk. | Commercial / Operational | Supply Chain Lead | 3 | 4 | 12 | Ramp-up plan with staged capacity release; inventory policy review; coordination with network sites and QP planning. | PQ closure delays, constrained batch release, forecast variance increase, rise in expedite requests. | Activate alternate site support; prioritise markets; extend safety stock through controlled overtime and scheduling. | 8 | Amber | Monthly during ramp-up | Active |
| R15 | Qualified Person (QP) release readiness lag (documentation completeness, closure evidence) delays commercial release decision. | Quality / Release | QA Lead | 3 | 5 | 15 | QP readiness checklist, weekly closure reviews, doc readiness index linked to release gate, pre-review of key evidence sets. | Missing approvals, incomplete deviation closures, delayed EM trend reports, unresolved open actions. | Release readiness sprint; dedicated reviewers; prioritised evidence closures; escalate for targeted decision support. | 9 | Amber | Weekly during PQ closeout | Active |
Residual Risk Escalation Rule
- Residual score ≤ 6: Managed within workstream governance.
- Residual score 7–12: Weekly review until stable.
- Residual score ≥ 13: Steering escalation + formal decision record (risk acceptance or additional controls).