Quality Risk ManagementTony Gould Introduction Risk management is not new – we do it informally all the time Military Standard 1629 dated 1974 regarding formal risk management Risk management has been used in the medical device, telecommunications, aerospace and car industries for many years 2 | PQ Workshop, Abu Dhabi | October 2010 For example. For example. 5. Abu Dhabi | October 2010 . "a risk assessment approach should be used to determine the scope and extent of validation required" (WHO Annex 4.10) – Specifications in pharmacopoeial monographs include tests for known potential contaminants 3 | PQ Workshop.Introduction Risk management has also been part of the pharma industry for many years: – GMP requirements are designed to address risk. GMP specifies a risk based approach. the specific GMP requirements for sterile products are designed to mitigate the risk of sterility failure – In some cases.2. g. safety and efficacy – quality risk management Organisations use risk approaches in other areas. we are only concerned with risks associated with quality. Abu Dhabi | October 2010 . to ensure resources are utilised in the most effective way. Also applicable to inspectorates 4 | PQ Workshop. e.Introduction Greater use of risk management tools in the future We must accept this and prepare From a GMP point of view. 2 – 1. The quality risk management system should ensure that: – the evaluation of the risk to quality is based on scientific knowledge. Abu Dhabi | October 2010 . experience with the process and ultimately links to the protection of the patient. 1.GMP requirement A system for quality risk management should be included in the quality assurance system Quality risk management is a systematic process for the assessment. It can be applied both proactively and retrospectively. and – the level of effort. communication and review of risks to the quality of the medicinal product. control.5 5 | PQ Workshop. formality and documentation of the quality isk management process is commensurate with the level of risk. the dangers There is a desired outcome and risk management is used to justify it Invalid assumptions – suit the desired outcome Cost reduction (increased profits) is often the real reason that many risk assessments are done – Cost reduction may be a secondary outcome Variable tolerance of risk 6 | PQ Workshop.QRM . Abu Dhabi | October 2010 . QRM – from an inspectors point of view Be prepared so that the process is understood Have sufficient knowledge to understand what has been done and challenge assumptions. omissions etc Be clear about when QRM is not appropriate Be flexible and accept the outcome of a scientifically sound QRM exercise If done properly there should be increased assurance of quality (and possibly cost savings) PQ Workshop. Abu Dhabi | October 2010 7 | . control." (ICH Q9) 8 | PQ Workshop. communication and review of risks to the quality of the medicinal product across the product lifecycle. Abu Dhabi | October 2010 .What is QRM "Quality Risk Management is a systematic process for the assessment. Typical QRM process Initiate Quality Risk Management Process Risk Assessment Risk Identification Risk Analysis Risk Evaluation unacceptable Risk Control Risk Reduction Risk Acceptance Output / Result of the Quality Risk Management Process Risk Review Review Events What might go wrong or has gone wrong? What is likelihood or probability? What are the consequences (severity)? What is the level of risk? Any mitigating factors? R isk Ma nage m ent t ools 9 | Ri s k Co m mun ic at ion PQ Workshop. Abu Dhabi | October 2010 . Risk assessment "A systematic process of organizing information to support a risk decision to be made within a risk management process. Abu Dhabi | October 2010 ." (ICH Q9) 10 | PQ Workshop. It consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards. Abu Dhabi | October 2010 . includes detectability 11 | PQ Workshop.Risk assessment terms Risk identification – Use of information to identify hazards or potential risks – Historical data. informed opinions Risk analysis – – – – Estimation of risk associated with identified hazards Qualitative or quantitative Links probability and severity In some tools. theoretical analysis. Risk analysis . Abu Dhabi | October 2010 .probability A simple qualitative tool: P – Probability of Occurrence High Medium Low Remote Likely to occur May occur Unlikely to occur Very unlikely to occur 12 | PQ Workshop. Abu Dhabi | October 2010 .Risk analysis .severity A simple qualitative tool: S – severity level if event occurs Critical Moderate Serious GMP non-compliance Patient injury possible Significant GMP non-compliance Impact on patient possible Minor Minor GMP non-compliance No patient impact 13 | PQ Workshop. medium or low) Output can be quantitative (probability x severity x detectability) – Quantitative provides a relative ranking – prioritises risk 14 | PQ Workshop.Risk assessment terms Risk evaluation – – – – Compares identified and analysed risk against criteria Considers probability. Abu Dhabi | October 2010 . severity and detectability Output can be qualitative (high. Risk evaluation A simple risk table with risk acceptability criteria: Risk = P x S Severity Probability High Medium Low Remote Minor Unacceptable risk Acceptable risk Acceptable risk Acceptable risk Moderate Intolerable risk Unacceptable risk Acceptable risk Acceptable risk Critical Intolerable risk Intolerable risk Unacceptable risk Acceptable risk 15 | PQ Workshop. Abu Dhabi | October 2010 . Abu Dhabi | October 2010 .Risk evaluation Modify evaluated risk according to existing detection controls Detectability: – High – the control is likely to detect the negative event or its effects – Medium – the control may detect the negative event or its effects – Low – the control is not likely to detect the negative event or its effects – Zero – no detection control in place 16 | PQ Workshop. Risk evaluation Risk definitions: Intolerable – work to eliminate the negative event or introduce detection controls is required as a priority Unacceptable – work to reduce the risk or control the risk to an acceptable level is required Acceptable – the risk is acceptable and no risk reduction or detection controls are required 17 | PQ Workshop. Abu Dhabi | October 2010 . Risk control "Actions implementing risk management decisions" (ICH Q9) – Includes risk reduction (if applicable) and risk acceptance 18 | PQ Workshop. Abu Dhabi | October 2010 . follows re-analysis and evaluation 19 | PQ Workshop. Abu Dhabi | October 2010 .Risk control terms Risk reduction – Actions taken to lessen the probability of occurrence of harm and the severity of that harm – Typically CAPA and change control Risk acceptance – The decision to accept risk – If risk reduction action taken. output and conclusions – Consider during product review 20 | PQ Workshop. Abu Dhabi | October 2010 ." (ICH Q9) – Ensures nothing has changed to affect the QRM assumptions.Risk Review "Review or monitoring of output/results of the risk management process considering (if appropriate) new knowledge and experience about the risk. Abu Dhabi | October 2010 .). Risk ranking and filtering. check sheets etc. Hazard Analysis and Critical Control Points (HACCP). Preliminary Hazard Analysis (PHA). Failure Mode Effects Analysis (FMEA).QRM tools – some of them! Basic risk management facilitation methods (flowcharts. Hazard Operability Analysis (HAZOP). 21 | PQ Workshop. Fault Tree Analysis (FTA). Failure Mode. Supporting statistical tools. Effects and Criticality Analysis (FMECA). retest periods. validation) Packaging and Labelling (e.g.g. training. hygiene.g. design. OOS. package design.Potential applications Quality Management (e.g. computers) Materials Management (e. deviations. label control) 22 | PQ Workshop. Equipment and Utilities (e. supplier assessment. change control) Development (ICH Q8) Facilities. in-process sampling and testing) Laboratory Control and Stability Studies (e. qualification.g. Abu Dhabi | October 2010 . self-inspection.g. validation. calibration. storage) Production (e. complaints.