Many of the software systems used in the life sciences industry must comply with federal regulations. The purpose of these regulations, such as U.S. FDA 21 CFR Part 11, is to ensure that the data being housed and produced by these systems is accurate and trustworthy. 

In this guide, we discuss a four-part approach to assessing and mitigating risk with regulated software systems:

• Assess a system for its regulated status
• Assign a risk level to the system
• Assess the risk of a proposed change to a system
• Mitigate the risk involved in implementing a system change