“What would be an example of a risk control at an organizational level? You stated risk control can be at a study, site, organization level?”
IGH GCP Ref: 5.0.4
This is typically a change at a procedural level, similar to CAPA, putting preventative measures in place to avoid risk may be as a result of persistent breach of QTLs or the same risk emerging in many trials.
It may also be related to vendors, if root cause has pin pointed risk with a particular vendor, they may be removed from the ‘approved vendor’ list.