WebsiteGet StartedContact Us

Risk Assessment

Seal's Validation Risk Assessment is a systematic approach to identifying, evaluating, and mitigating potential risks that could compromise the integrity, safety, and efficacy of a process or product. The risk assessment distinguishes high-risk elements that require stringent controls from lower-risk components, for a basic, unconfigured Seal platform.

The following pages documents particular risks that Seal could present given a basic, unconfigured architecture. For each risk, a brief explanation, the inherent risk level, the treatment, and the residual risk is provided.

The risk assessment is conducted for an unconfigured Seal Platform. This does not serve as legal counsel as a risk assessment for a customised platform. Customers should risk assess their own business processes in how they utilise Seal and its features and functions, and the impact on product safety and risks.

For more information or to export this for your documentation, please reach out to our team at support@seal.run.

1

Customer Risks

Risk
Inherent Risk
Mitigating Control
Residual Risk

Customer lack of understanding Lack of support channels to help the Customer achieve its goals or report and issue

High

User guides and documentation

Low

Customer communication channel Lack of support channels to help the Customer achieve its goals or report and issue

High

User Guides & communication channels

Low

Data Integrity Not maintaining data integrity on the platform (input or output)

High

Project Quality and Product Plan

Low

2

Governance Risks

Risk
Inherent Risk
Mitigating Control
Residual Risk

Breaches and Incidents Not proper identification or evaluation of breaches and incidents

High

Data Backup and Disaster Mitigation

Low

Fraud Prevention Lack of proper controls to prevent fraudulent activities

High

Information Security Policy

Low

System changes Lack of proper controls to prevent fraudulent activities by making unauthorised changes to the system and/or infrastructure

High

Information Security Policy

Project Quality and Product Plan

Low

3

People Risks

Risk
Inherent Risk
Mitigating Control
Residual Risk

Employee Training Lack of proper training to employees

Low

Internal Customer Success Guides

Low

Information Security Awareness Employees unaware of information security

High

Information Security Policy

Low

4

Regulatory Risks

Risk
Inherent Risk
Mitigating Control
Residual Risk

Data Breach Individuals affected by a breach of their personal information

High

Information Security Policy

Data Backup and Disaster Mitigation

Low

Audit Trail Continuity Loss of data and data entries in the audit log

High

Validation process

Project Quality and Product Plan

Low

Data Privacy Personal information is collected and used not following privacy obligations

High

Project Quality and Product Plan

Data Backup and Disaster Mitigation

Low

5

Technology Risks

Risk
Inherent Risk
Mitigating Control
Residual Risk

Storage Protection Unauthorised access to the platform or the information

High

Information Security Policy

Low

Firewall Unauthorised connections due to the lack of firewall controls

Low

GCP is the cloud hosting provider, risk transferred

Low

Authorised Changes Unauthorised changes to the platform architecture

High

Information Security Policy

Internal employee platform

Low

Physical Security Unauthorised physical access to the platform

Low

Opvia is a cloud solution hosted on Google’s servers

Low

Network protection Lack of proper network protection permitting vulnerabilities or unauthorised access

Medium

Information Security Policy

Low

The risk assessment presents an overall maximum risk rating of low. Based on the assessment, an unconfigured Seal platform is considered to be a medium risk.

The Seal Platform is used for sample management and quality management; including document control and quality events. Seal's aims to replace physical records and activities related to physical records.

Last updated