Vipsit has more than 30 years risk and facility assessment experience.

Let us be clear – Vipsit does not perform risk assessments on behalf of customers.

We can share our perspective on what methodologies that are tailored for different business segments, however it is the institution or production facility that must drive and facilitate the overall process.  All methodologies have their individual pro’s and con’s. It can be a daunting, intimidating task to select the best methodology for a risk assessment, especially if it is your first time.

We can assist with reviewing and challenging an overall risk assessment strategy, prioritization of areas and selection of methods. 

We can sit in at risk assessment brainstorming meetings, capture identified risks, catch overlooked risks, convert the identified risks into a clear risk communication picture that can be used as a decision platform for upper management for the risk evaluation step.

We do not develop corrective action plans (CAPs), but we can assist with reviews of the drafts that lists the final chosen mitigation measures distilled out of the risk evaluation step.

We assist with reviews of the final the implementation strategy, timeline, and identification of the relevant performance indicators that will confirm reduction of the risk as actually hoped.


A risk assessment looks ahead in time and identifies what lurks in the horizon

Risk assessments must be tailored to the facility, procedures and types of equipment. There are many ways of doing risk assessments, none of them are wrong unless it is an assessment that is not documented.

Vipsit assists with templates for qualitative, quantitative, semi quantitative risk assessments as needed. We use most traditional tools that can be found on the internet: HAZOP, FMES, HACCEP, SWIFT, Fishbone, Bowtie, and LOPA, just to mention a few.

After the initial assessment, the next task is to make judgments regarding the likelihood and severity of that situation.  In other words what is the risk?  The review team needs to make judgments regarding the level of risk and it’s acceptability.  

Vipsit serves with experience, and provides generic tools and templates that can be customized to the facility and process. Thereby the identified risks can be sorted and in a clear and comprehensive manner, documented and communicated to upper management.


The evaluation step is a step that cannot be outsourced to any outside A&E company or consultant. This is a subjective acceptance step that will identify what risks the facility/institution will accept, and what risks that are considered so dire that they must be mitigated. It is a subjective step that are dependent on what region in the world, local/national expectations and regulations, available budget, potential company gain and similar softer drivers. Only the institution or facility itself can draw the line between what is acceptable and what is not.

There are many drivers that can persuade individuals to ramp their risk acceptance either up or down. Pregnancy, immuno-compromised individuals undergoing chemo therapy might lower risk acceptance. Personal recognition in peer reviewed journals, monetary benefits, a feeling of urgency might ramp risk acceptance limits up.

Vipsit has a team of SME’s who can assist with a review of the risk evaluation conclusions and verify that the documents makes sense and are clearly communicating what mitigation measures that has been chosen and what guidelines that are driving the choices.


There are several strategies for mitigation measures.

For bio/chem safety there is the hierarchy of controls consisting of Elimination/Substitution – Engineering controls (fume-hoods, filters, BSC’s, autoclaves) – Administrative and Operational controls (policies and procedures) and Personnel Protective Equipment (PPE).

For bio/chem security the pillars of control is Material Control and Accountability (MC&A), Physical security, Information security, Transport security and Personnel reliability. In addition an overarching bar over the five pillars consisting of general institutional risk awareness and risk management culture is needed to have a reliable bio/chem security management system,


Vipsit can review the transfer the by leadership selected risk mitigation tasks into a formal Corrective Action Plan. Only the facility itself can prioritize and identify resources and set realistic timelines and milestones. a


Vipsit can assist with review of systems for performance checks and reviews. We can assist with challenging and verifying that chosen mitigation measures has been implemented and is performing according to the intent, and has reduced the residual risk to an acceptable level. Again, it is only the institution itself that throughout daily use of the facility can verify that the implemented mitigation measures are working and performing as expected.


Vipsit is often asked by costumers for “a fast checklist” as it is believed that this is all it would take to get a production facility into compliance. Many costumers would like to defer to these checklists instead of performing a comprehensive risk assessment. Working according to a checklist is a well defined and easily budgeted level of effort that will go into the “check the checklist” drill.

Checklists uses the rear view mirror. They compare a lab up against the past. A risk assessment looks out through the wind screen and asks: “what can go wrong?”

Checklists can to some extent be used for preparation of audits and inspections if the corresponding regulatory document is very prescriptive. In Vipsit do have our own developed checklists associated with specific guidelines and regulatory documents and we share these with our project managers in our community, but these can never replace a comprehensive risk assessment..

It is important though to recognize that most modern guidelines and regulations mentions and expects “documented risk assessments” to be accessible upon request, in other words just presenting a checked off checklist will rarely satisfy an inspector that shows up and asks for a risk assessment.

A laboratory might have followed a given check list to the letter, and totally overlooked the new fan that was brought into the lab last week during the heat wave. That fan would most likely not have been found on the standard checklist, but it surely can contribute to dangerous conditions in the laboratory if it blows right over open samples, interferes with the HVAC system or stands right in front of a fume hood or a Biosafety cabinet (BSC). A risk assessment needs the assessor to come in with an open mind and observant eyes and ask the questions: “What can go wrong? If it went wrong, what are the consequences? How can I prevent it from happening”. The glasses we wear when we ask these questions will give the perspective or product safety, environmental safety, experimental animal welfare and health, staff safety and of course theft of important IP that can be used by competitors to harm the company or steal production secrets and information about production yields and purity of product and thereby inform about revenue and price margins. Only the facility itself can create these comprehensive risk assessments, because what that goes wrong has often a lot to do with institutional culture and attitude amongst the production staff.