2. Perform Regulatory Applicability Assessment

Assess and document which regulatory requirements apply to the project/system.

Before you begin

You must be a member of the relevant Event or Task Assignment group or the Assigned to user to perform these steps.

Procedure

Open the Regulatory Applicability Assessment (RAA) Event associated with the ALM Project.

If the RAA Event is in Triage, click Review Event Plan to move it to the Planning state. Ensure each step has an Assignment group and/or Assigned to user and click Start Work to move the RAA Event to the In Progress state.
Open the Perform Regulatory Applicability Assessment task and click Start Work to move the task to the In Progress state. Note: you must enter values for CMDB System Name and Version if these fields are displayed before you can click Start Work.
Enter values for the fields in each section (tab) on the form.

General System Information – in addition to the CMDB System Name and Version, document the System Description/Intended Use, Interfaces, Controlled GxP documents, and any Additional Information.
Regulatory Applicability – responses to questions in this section will determine GxP, HIPAA, SOX, and GDPR applicability for the system.
Regulatory Impact Assessment – review the criteria and determine whether the system has Direct or Indirect impact for GxP, HIPAA, SOX, and/or GDPR, or select N/A if not applicable.
Electronic Records Applicability – responses to questions in this section will determine whether the system employs electronic records as defined in relevant regulations.
Electronic Signature Applicability – responses to questions in this section will determine whether the system employs electronic signatures as defined in relevant regulations.
GAMP Category – review the criteria and examples and select the category for the system.

Click Complete.

Approving the RAA

Once the Perform Regulatory Applicability Assessment task is completed, approval tasks for it will open. Note: If SOX does not apply for the system, the SOX approval task will be skipped. For guidance on how to approve or reject the Regulatory Applicability Assessment, see [[Approve or Reject a Task]].

RAA Closure

When the final Approval task is Closed – Complete, the Regulatory Applicability Assessment Event state changes to Closed. If the CMDB System Name and Version were entered in the Perform Regulatory Assessment task, the system will be added to the CDMB when the event closes, and these values will be set as the Asset and Asset Version (Project) for the ALM Project event.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Knowledge Base

Before you begin

Procedure

Approving the RAA

RAA Closure