Pharmabeginers Com Quality Risk Management

Blog
SOP for Quality Risk Management

(Guideline ICH Q9)
 pharmabeginers -  January 16, 2020 -  cGMP / Checklist / Formats / QA Sop / SOPs -
 7 Comments
Quality Risk Management: An overall and continuing systematic process for the assessment,
control, communication and review of risks to the quality of a pharmaceutical product or medical
device across the product lifecycle in order to optimize its bene t-risk balance.
SOP for Quality Risk Management
1.0 PURPOSE:
This Standard Operating Procedure (SOP)

establishes uniform requirements for quality
risk management (QRM) utilizing a risk-based
systems approach for implementation into a
quality system.
The Quality Risk Management process shall

be based on scienti c methodologies and
practical decisions.
This approach shall be used on all phases of the product lifecycle from the initial
development through marketing until the product’s discontinuation and nal disposition.
2.0 SCOPE:
This SOP applies to Quality Risk Management records for biological products, drug
substances, drug products, bulk products, intermediates manufactured by the
pharmaceutical company.
Visit to copy this SOP
Convert web pages and HTML files to PDF in your applications with the Pdfcrowd HTML to PDF API Printed with Pdfcrowd.com
This SOP is applicable to the management of all types of risk events that have a potential
threat to product quality, facility, organization, etc.
3.0 REFERENCES:
In House
ICH Q9 – Quality Risk Management
4.0 RESPONSIBILITY – RISK MANAGEMENT:
Manufacturing head/designee shall be responsible to demonstrate a commitment

to the risk management process by:
Providing leadership for the risk management process to ensure that ongoing Quality
Risk Management processes operate effectively.
Ensuring adequate resources for execution.
Create a cross-functional team across various functions and departments and appoint a
Team Leader appropriate to the risk being considered.
Manufacturing head/designee shall be responsible to ensure the following

principles of Quality Risk Management are applied:
The evaluation of the risk to quality is based on scienti c knowledge and ultimately
linked to the protection of the patient.
The level of effort, formality, and documentation of the quality risk management process
should be aligned with the level of risk.
To assure coordination of quality risk management across the various functions and
departments.
To facilitate continuous improvement in manufacturing resulting from knowledge

gained through periodic Quality Risk Management system reviews.
Also read: SOP for Audit Trail Review and Privilege Policy
Quality head/designee shall be responsible for
Authorization and oversee the creation of Quality Risk Management procedures that
include the requirements established in this SOP.
Ensure appropriate training of personnel involved in Quality Risk Management activities
and provide for traceable record keeping of such training.
Maintain a GMP compliant document control system for the review, approval, issuance,
maintenance and archiving of Quality Risk Management Records throughout the product
or device lifecycle.
Ensure all paper-based or electronic Quality Risk Management documents are prepared,
securely stored, executed, reviewed, approved, signed and dated by appropriately trained,
responsible persons and distributed according to written procedures.
Serve as the gatekeeper for initiation of and as a nal approver for Quality Risk
Management activities and reports.
Ensure personnel alerts the Quality Unit in accordance with the current version of the
SOP for Deviations/Incidents if they observe a possible product quality risk so it can be
evaluated to determine if initiation of a Quality Risk Management process is warranted.
Quality Risk Management cross-functional team (CFT) leader or relevant

stakeholder/designee shall be responsible for:
Serve as: The initiator of QRM change control activities.
The preparer of the quality risk management control strategy and a risk assessment.
Prepare related reports and records or delegates these duties to quali ed team members
for speci c aspects of the Quality Risk Management process.
Ensure assigned Quality Risk Management design and implementation teams are
quali ed to perform assigned tasks and include subject matter experts (SMEs) from the
affected areas (e.g., quality unit, business development, engineering, regulatory affairs,
production operations, sales and marketing, legal, statistics and clinical, as appropriate),
as well as SMEs in the QRM process.
Oversee that all documentation related to speci c product/process Quality

Risk Management activities is:
Completed per established schedule.
Securely maintained in the quality risk management record.
File in accordance with site document control procedures.
Accessible to relevant staff, reviewers or inspectors.
Traceable at the time of inspection.
Assure Quality Risk Management documentation is satisfactory and approved by QA prior to

the implementation of any new method/process or proposed change to an existing method
or process in accordance with the current version of the SOP for Change Control
Management.
5.0 ABBREVIATIONS USED IN SOP FOR RISK MANAGEMENT:
A/E: Adverse Event
APR: Annual Product Review
CAPA: Corrective and Preventive Action
CQ: Corporate Quality
FMECA: Failure Mode Effects and Criticality Analysis
HACCP: Hazard Analysis and Critical Control Points
PQR: Product Quality Review
QRM: Quality Risk Management
SME: Subject Matter Expert
6.0 DEFINITION- Quality Risk Management:
A/E Adverse Event:
Any unfavorable or unintended sign, symptoms or disease, or laboratory or physiological

observations associated with the use of a drug product, whether or not considered related to
the drug product.
An A/E may occur in association with the use of drug product in professional practice, from
a drug overdose (accidental or intentional), from drug abuse, from drug withdrawal, and from
any failure of expected pharmacological action.
Annual Product Review:
The Annual Product Review is developed for products marketed in the U.S. and countries
other than the EU. The report is an annual assessment of each product produced at a given
site, compiling a broad range of Quality product/process indicators.
Corrective Action/Preventive Action:
A concept with current Good Manufacturing Practice (cGMP) that focuses on the systematic
investigation of root causes of unexpected incidences to prevent their recurrence (corrective
action) or to prevent their occurrence (preventive action).
Corrective Action:
Action is taken to eliminate the causes of an existing nonconformity, defect or other

undesirable situation, in order to prevent a recurrence.
Preventative Action:
Action is taken to eliminate the cause of a potential nonconformity, defect or other

undesirable situation, in order to prevent occurrence.
Cross-Functional Team:
A group of people with different functional expertise working toward a common goal.
The team may be responsible for the development, review, and implementation of the Risk
Assessment.
Contract Manufacturing Organization (CMO)/In-License Third-Party

Manufacturer:
An organization that supports any part of, or completes the process of manufacturing,
labeling, packing, testing, and distribution of product on behalf of another organization.
Contract manufacturing involves the production of goods by an organization, under the label
or brand of another organization.
Control Strategy:
A planned set of controls, derived from current product and process understanding that
assures process performance and product quality.
The controls can include parameters and attributes related to drug substance and
pharmaceutical product materials and components, facility and equipment operating
conditions, in-process controls, nished product speci cations, and the associated methods
and frequency of monitoring and control.
Decision Maker(s):
Person(s) with the competence and authority to make appropriate and timely quality risk
management decisions.
Failure The condition or fact of not achieving an expected result; a cessation of proper
functioning or performance.
FMEA Failure Mode and Effects Analysis: Bottom-up analysis of each potential failure mode
in every subsystem to determine its effect on other subsystems and on the function of the
system.
FMECA Failure Mode Effects and Criticality Analysis: Follow-up to FMEA which classi es
each effect according to its severity and probability of occurrence.
Hazard Analysis and Critical Control Points: A structured seven-step process to analyze,
evaluate, prevent and control risk and adverse events based on technical/scienti c
principles.
Harm: Physical injury or damage to the health of people including the damage that can occur
from loss of product quality or availability, or to property or the environment.
Hazardous Situation: Circumstance where people, property, or the environment potentially

are exposed to one or more hazards resulting in harm.
Lifecycle: All phases in the life of a product from the initial development through marketing
until the product’s discontinuation.
Objective Evidence: Data supporting the existence of information based on facts that can be
proven through analysis, observation, measurement, testing, and other such means.
Out-of-Speci cation (OOS) Results:
Test results that fall outside the speci cation or acceptance criteria established in drug
application, drug master le, and of cial compendia or pre-determined by the manufacturer.
Out-of-Trend (OOT) Results: Test results that do not follow the expected trend in comparison
with the previous test results.
Product Quality Review: An annual assessment, as required by the EU completed for each
drug product and starting material produced at a given site compiling a broad range of
Quality product/process indicators and distributed in the EU following requirements
provided in this standard.
Prospective Analysis: Assesses the probable occurrence of future events.
Record: Document stating results achieved or providing evidence of activities performed.
Retrospective Analysis: Assesses the causes of past events. It is (Risk) the Combination of
the probability of the occurrence of harm and the severity of harm.
Risk Acceptance: The decision to accept the risk.
Risk Analysis: The estimation of the risk associated with the identi ed hazards.
Risk Assessment:
A systematic process of organizing information to support a risk decision to be made within

a risk management process.
It consists of the identi cation of hazards and the analysis and evaluation of risks associated
with exposure to those hazards.
Risk Communication:
The sharing of information about risk and risk management between the decision-maker
and other stakeholders.
Risk Control: Actions of implementing risk management decisions.
Risk Estimation: Process used to assign values to the probability of incurring harm, the
detectability of failures and the severity of harm.
The comparison of the estimated risk of given risk criteria using a quantitative or qualitative
scale to determine the signi cance of the risk (Risk Evaluation).
Risk Identi cation:
The systematic use of information to identify potential sources of harm (hazards) referring to
risk question or problem description. Information can use historical data, theoretical
analysis, informed opinions and concerns of stakeholders.
Risk Management:
The systematic application of quality management policies, procedures, and practices to the
tasks of assessing, controlling, communicating and reviewing risk.
Risk Reduction: Actions taken to lessen the probability of occurrence of harm and the
severity of that harm.
Risk review: Review or monitoring of output/results of the risk management process

considering (if appropriate) new knowledge and experience about the risk.
Subject Matter Expert: An individual, who is educated, trained, experienced and recognized
in a particular eld or subject matter.
Veri cation: Con rmation, through the provision of objective evidence, that speci ed
requirements have been ful lled.
7.0 PROCEDURE FOR QUALITY RISK MANAGEMENT:
Perform Risk Management by using a systematic process, designed to coordinate, facilitate

and improve science-based decision making with respect to risk.
Occurrence based events like OOS, market complaints, unplanned deviations, etc. as well as
system-based events like change controls, planned deviations, etc. shall undergo risk
management process.
Implementation of the quality risk management process includes the following major steps:
Risk assessment (identi cation / analysis /evaluation).
Risk control (reduction, acceptance) conducted commensurate with the level of risk.
Review of Risk -evaluating and communicating the results of the risk management efforts.
Note: Since risk management is an iterative process, it should be repeated if new

information is developed that changes the need for, or nature of, risk management.
Initiating and planning the Quality Risk Management process:
Identify a quali ed and quality risk management team leader and cross-functional team
(CFT) with experience from the affected areas and trained in the Quality Risk Management
process.
Answer the de ne the question or problem statement that (e.g. a problem and/or risk
question).
Include pertinent assumptions identifying the potential for risk.
Assemble background information and/or data on the potential hazard, harm or impact
relevant to the risk and gather appropriate information for consideration and inclusion in
the Quality Risk Management Process including but not limited to:
Master formulae
GMP requirements
Regulatory commitments
Validation documents, as applicable
Technical information/reports
Pilot plant data
Development Protocols and Reports
Product speci cations/packaging speci cations
Bill of materials
Change control documents
Investigation report commitments
Audit commitments
Regulatory inspection ndings / commitments
Related subject SOPs
Annual / Product Quality Reviews (APR/PQR)
Rework or reprocess documentation
Product-speci c equipment or tools used in manufacturing
License documents, license applications or equivalent documents.
Formal, approved drawings showing the movement of materials, personnel, and

equipment through all production areas.
Specify a timeline, deliverables and appropriate level of decision making for the Quality Risk
Management process.
Complete the risk assessment (refer to the section below on process for
completing a risk assessment to classify risk):
Risk identi cation: A systematic use of objective evidence to identify hazards through
processes like collection and organizing information, reviewing appropriate references and
identifying assumptions. The information required to risk identi cation shall be gathered
from questions like:
What
Might go wrong?
Is the likelihood it will go wrong?
Are the consequences?
Risk analysis: Identify the likelihood (probability) that the risk will occur.
The estimation of the risk associated with the identi ed hazards. Include in the risk analysis
process a linking the likelihood of occurrences and severity of harm.
For each risk event (i.e. identi ed potential hazards), severity, probability of occurrence and
detection shall be assessed separately.
Risk evaluation: Identify the consequences (severity) of the risk. Compare the identi ed and
analyzed risk against given risk criteria considering the probability, detectability, and
severity.
Risk Control (Quality Risk Management):
Risk reduction: The mitigation, avoidance or elimination of the quality risk with a focus on
the severity and/or probability of the harm.
A decision-making activity to determine if the risk is above an acceptable level.
Identify corrective and preventative actions (CAPA) to reduce, manage or eliminate the risk
considering the appropriate balance between bene ts, risks, and resources.
Risk acceptance: The decision to accept the risk which may require support by the
sponsoring leader and stakeholders being affected by the risk.
Risk Review:
Review events: Such as the Annual Product Review/Product Quality Review reports that
serve as a mechanism to review the output and results of the Quality Risk Management
process.
Risk Communication (Quality Risk Management):
Ensure bi-directional sharing of information between departments and within the

organization about any identi ed risk and risk management strategies employed by the
Quality Risk Management team leader / CFT members.
Escalation of signi cant quality concerns shall be initiated in accordance with the SOP of
Management Noti cation.
The sharing of information can be formal and/or informal. The Quality Risk Management
CFT leader will coordinate noti cations to external stakeholders, Agency lings or
submissions with an appropriate site or quality unit representative.
Communication can occur at any stage of the Quality Risk Management process.
Document and communicate the output/result of the Quality Risk Management process.
Process for completing a risk assessment to classify risk:
Refer to Annexure 1 – Determination of risk category (Risk Assessment Matrix) (Example

Template).
Risk assessment of quality-related events shall be performed to classify the risk category.
The level of risk shall, in turn, help in prioritization of investigation, and nalization of
strategy and CAPA used to resolve the incident/event.
The following three factors shall be considered when assessing the level of risk:
Severity/impact of risk
Probability of occurrence
Probability of detection (State of controls)
Assessment of Severity (S) / impact of event/incident on product quality and patient

safety:
Having determined that the event/incident may have a risk(s) on the safety, identity,
strength, purity, and quality of the product, the Quality Risk Management team leader / CFT
shall assign a risk rating as per table A below:
Table A: Severity / Impact – Rating and Criteria
Quantitative Qualitative Criteria
Rating Risk Rating
1-2 (Low) Low
No impact on product identity, strength, purity, and
quality·
Minor GMP non-compliance·
No impact on patient safety (defects which may not
pose any signi cant hazard to health)
3-4 (Medium) Medium

Likely impact on product identity, strength, purity, and
quality·
Major GMP non-compliance·
The potential impact on patient safety (defects which
could cause illness or mistreatment but are not life-
threatening or serious ones or are medically reversible)
5-6 (High) High

Direct impact on product identity, strength, purity, and
quality·
Critical GMP non-compliance·
Critical impact on patient safety (defects which are
potentially life-threatening or could cause serious risk
to health)
Examples of ‘Low Severity’ defects include (but are not limited to):
Missing or wrong text/ gures on the packaging which will, however, not affect the
product/batch identity or usage instructions.
Faulty closure, which will not cause any medical consequences.
Insigni cant
Faulty secondary or tertiary packaging, which will not, however, affect product quality.
Poor / improper presentation of product containers.
Quality defects which are likely to cause ef cacy issues, but will not cause any signi cant
hazard to health.
Examples of ‘Medium Severity’ defects include (but are not limited to):
Quality defects are likely to cause AE/ef cacy issues which are, however not life-
threatening, or serious ones, or are medically reversible.
Failure to meet speci cations (such as for Assay, Stability, Fill Weight, etc.)
Wrong/missing text or gures which may affect the product identity/usage instructions (e.g.
missing or incorrect manufacturing/expiry date, missing patient information lea ets or
lea ets with incorrect information), signi cant shortages
Extraneous matter in non-injectable / non-ophthalmic products that may not have life-
threatening consequences.
Insecure closure with medical consequences (e.g. potent products such as cytotoxic, etc.)
Examples of ‘High Severity’ defects include (but are not limited to):
Quality defects which are likely to cause AE/ ef cacy issues with life-threatening
consequences.
Any extraneous matter in injectable and ophthalmic products.
Extraneous matter in non-injectable / non-ophthalmic product with life-threatening

consequences (like metal, glass, etc.)
Wrong product (label and contents are different).
Correct product but wrong strength, with serious medical consequences.
Microbial contamination of sterile injectable or ophthalmic products.
Chemical contamination (abnormal impurities, cross-contamination, etc.) with serious

medical consequences.
Mix-up of some products (rogues).
The wrong active ingredient in a multi-component product, with serious medical

consequences.
Note: Categorization examples quoted in this section are provided for illustration only and are not
meant to be exhaustive.
Assessment of Probability of Occurrence (O) of the Cause:
The review of the cause of the incident/event to determine the ‘probability of occurrence’ in
the future.
The Quality Risk Management team leader / CFT shall assign a rating as per table B below:
Table B: Probability of Occurrence – Rating and Criteria
Rating Risk Rating
1-2 (Low) Low

The quality-related event is unlikely to occur
(i.e. it has not occurred in the past and is not
expected to occur or recur)
3-4 (Medium) Medium

The quality-related event may occur (i.e. it
has occurred infrequently in the past and is
expected to recur)
5-6 (High) High

The quality-related event is likely to occur(i.e.
it has occurred in the past on a frequent basis
and is de nitely expected to occur again).
Note: De nitions of ‘past’ and ‘frequent’ for calculation of the probability of occurrence of product
quality complaints (PQCs) shall be customized by considering at a minimum, the actual
frequency of occurrence of such events. These de nitions shall be captured in speci c
site/regional procedures.
Example: If a site has an average of 5 recalls in a year, ‘past’ may be de ned as: ‘2 years’ and
‘frequent’ may be de ned as ‘more than 2’. However, if the same site receives an average of 30
recalls in a year, it is more logical to de ne ‘past’ as ‘6 months’ and ‘frequent’ as – ‘more than 5’.
(Please note: this example is only for the purpose of illustrating the logic to be used to frame the
de nition of ‘past’ and frequent’– this should not be considered as a benchmark for the
de nitions).
Assigning Level of Risk-Based on ‘Severity of Impact’ (S) and ‘Probability of

Occurrence’ (O):
After assessing the ‘Severity of impact’ and ‘probability of occurrence’ the Quality Risk
Management team leader / CFT shall assign a risk level as shown in table C.
It should be noted that severity (i.e. the impact on the patient) carries a heavier weighting
than the probability of occurrence:
Table C: Risk Level based on Severity & Probability of Occurrence (Qualitative Analysis)
Table D: Probability of Detection (State of Controls) – Rating and CriteriaAssessment of

the ‘Probability of Detection (D) (or ‘State of Control’):
The purpose of this stage in the risk assessment process is to determine if there are
suf cient controls to ensure that the cause for the incident/event can be recognized or
detected and prevented from recurrence.
The incident/event may have occurred due to a lapse in the application of existing controls
or may be due to the absence of suf cient controls.
The Quality Risk Management team leader / CFT shall assess the state of
controls surround the incident/event and assign a rating as per table D below:
Rating Rating
5-6(Weak) Weak The Quality System has either ‘weak’ or ‘no’ controls to
detect the quality-related event after its occurrence and
prevent it from recurring, e.g. systems are nonvalidated or
with perception-based evaluation techniques, process
controls are dependent on human ef ciency, etc.
There is a low chance the current controls will detect the

quality event after its occurrence.
Explanation:· There is little to no chance that the patient

will detect the quality issue after its occurrence.
Passes the faults (to the patient) undetected.
Quality System has weak controls to detect the quality-

related event after its occurrence and prevent it from
recurring (e.g., systems are not validated).
3-4(Medium) Medium The system has controls and will possibly detect the
quality-related event after its occurrence.
Explanation:· Patient will possibly detect the quality issue

after its occurrence.·
Some faults may be detected; several coincident faults may

go undetected.
The quality system has controls and will possibly detect the
quality-related event after its occurrence and avoid it from
recurring (e.g., Statistical Process Control is used in the
process, but the product undergoes nal inspection off-line).
1-2(Strong) Strong The system has multiple controls and is very likely to
detect the quality-related event after its occurrence
Explanation:· Patient is very likely to detect the quality

issue after its occurrence.·
The fault will be caught certainly or most certainly.
The quality system has multiple controls and is very likely

to detect the event after its occurrence and prevent it from
recurring (e.g., 100% automatic inspection with regular
calibration and preventive maintenance of the inspection
equipment, validated systems having multi-level checks,
alarm systems/ direct measurement techniques to monitor
faults).
Final Risk Classi cation:
Using the results of the risk assessment process as described in the earlier sections to
identify the level of risk based on the ‘severity’ and ‘probability of occurrence’ of the quality
issue and corresponding ‘probability of detection’ (state of controls), the team leader / CFT
shall assess the risk and classify the same as ‘critical’ / ‘major’ / ‘minor’ as also de ned in
table E:
Table E: Final Risk Classi cation
Notes:
1. Upgrade the risks level determined through this matrix to a higher level, if needed, based on a
case-by-case evaluation by QA.
2. If severity, probability of occurrence, and the probability of detection are determined to be ‘not
applicable’ (example: alleged lack of effect (LOE), PQC received for non-company products, etc.),
the risk category shall be concluded as ‘unclassi ed.’
3. In case of quantitative analysis, risk priority number (RPN) shall be calculated using the rating
values of Severity (S), Probability of Occurrence (O) and Detection (D):
Risk priority number (RPN) = S x O x D
Risk Evaluation:
Determine the risk category / calculate the RPN values.
Annexure 1 (Risk Assessment Form – Qualitative Risk Assessment) and 3 (Risk Assessment
Form – Quantitative Risk Assessment) may be used for evaluating the risks.
Risk Evaluation (Qualitative Analysis)
Risk Category Action item
Minor Acceptable
Major Acceptable with control/explanation of control
Critical Requires control measure before acceptance
The Risk Evaluation is given as below quantitative assessment:
Risk Evaluation (Quantitative Analysis)
Events Risk Ratings and Classi cation
Minor Major Critical
Risk on product/patient < 20 < 60 ≥ 60
Risk on < 25 < 75 ≥ 75

people/facility/organization
Risk Control/Mitigation:
The output of the risk assessment exercise shall be considered by the CFT nominated to
perform the Risk Control/Mitigation exercise to identify the action plans for
control/mitigation of risk as immediate action based on risk evaluation.
This may lead to the correction of process, procedures, and practices to avoid the
aggravation of the impact of the risk.
Risk control/mitigation shall focus on the following questions:
Is the risk above an acceptable level?
What can be done to reduce or eliminate risks?
What is the appropriate balance among bene ts, risks, and resources?
Are new risks introduced as a result of the identi ed risks being controlled?
Control measures/CAPA shall be considered for risk control/mitigation and shall be

implemented using applicable procedures for the same.
Such actions shall be prioritized to control/mitigate the risk or reduce it to an acceptable

level.
Risk Reduction (Quality Risk Management):
Risk reduction shall focus on processes for control/mitigation or avoidance of quality risk
when it exceeds an acceptable level. It might include actions taken to mitigate the
probability of harm.
It may achieve by (but not limited to):
Improvement in the quality of the product by design – this may include improvement in
the process, procedures, control measures, monitoring.
Change of process and/or procedures.
Revision of speci cation to stringent limits.
Improvement of the periodicity of the measurement of parameters.
Change in the frequency of calibration, quali cation, validation, quality system internal
audits in order to proactively identify the chances of the risk.
Risk Acceptance (Quality Risk Management) :
Risk acceptance is a decision to accept the identi ed & evaluated risk. It is a formal decision
to accept the residual risk. For some types of harms, even the best quality risk management
practices might not entirely eliminate risk.
In these circumstances, it might be agreed that the optimal quality risk management
strategy has been applied and that quality risk is reduced to an acceptable level.
This acceptable level will depend on many parameters and shall be decided on a case-by-
case basis as explained in Table F:
Table F: Action items based on Risk Classi cation
Overall Action item

RiskClassi cation
Minor Acceptable
Major Acceptable as an isolated exception, if states of control can be

improved. States of control have to be improved, where visible
Critical Not Acceptable. Improve the States of control
Risk Communication and Reporting:
Risks identi ed by the risk analysis/evaluation steps shall be communicated to relevant

stakeholders.
The table given below shows risk categories and their level of communication and reporting
in the organization.
Table G: Communication and Reporting
Risk Type Communication and Reporting
Minor Functional Head / Quality-Head (Manufacturing Site/Location)
Major Functional Head / Quality-Head (Manufacturing Site/Location), Head-

Regional Quality
Critical Functional Head / Quality-Head (Manufacturing Site/Location), Head-

Regional Quality, Head-Global Quality and Compliance, Head-Global
Manufacturing, ManagingDirector
In any case, risk on patient safety and risk on quality which is classi ed as ‘major’ or ‘critical’
should be formally reported on a monthly basis.
Risk Review (Quality Risk Management):
Effectiveness of control measures / CAPA implemented to reduce the risk level shall be
reviewed. The CFT shall decide the effectiveness review criteria with respect to:
What and Why to review?
How to review?
When to review?
Who will review?
Handle the risk review action plan through action item/actionable, tasks, or CAPA for
effectiveness veri cation.
Review/closure the risk assessment as per site-speci c procedures.
Risk Management Tools:
Numerous risk management tools are available to support objective, science-based

decisions, used either alone or in combination.
No one tool or set of tools is applicable to every situation in which a quality risk
management procedure is used, the selection of a tool should be commensurate with the
level of risk.
Listed below are examples of tools successfully used in Quality Risk Management by
industry and regulators (also reference annexure IV – Examples of common risk
management tools), but it is not an exhaustive list:
Flow Charting – well suited as a rst step
Brainstorming – free form collaborative discussion among key stakeholders of possible

solutions to an identi ed problem or question
Process mapping – the visual representation of work ow inputs and outputs
Statistical tools
Risk ranking & ltering
Preliminary hazard analysis (PHA) – focuses on hazardous situations
Root cause analysis – suited for retrospective analysis
Ishikawa or Fish Bone Diagrams (also called Cause and Effect Diagrams) – suited for
de ning process variables and process elements
FMEA (failure mode and effects analysis)/FMECA (failure mode effects and criticality
analysis) – suited for prospective analysis to predict multiple effects;
HACCP (hazard analysis and critical control points) – supports the identi cation of critical
control points in a process
Variation risk management
Probabilistic risk analysis
Decision trees
Event tree analysis
FTA (Fault tree analysis) – suited for retrospective analysis
Numbering System:
Follow the following procedure for FMEA document numbering,
Give the number to PDR based FMEA in the format of FMEA/XXXX/YY/ZZZ
Where XXXX: PDR no. , YY: Year such as 12,13,14, ZZZ: Serial no such as 001,002…
Give the number to BMR based FMEA in the format of FMEA/XXXX/YY/ZZZ
Where, XXXX: MBR no. and YY: Year such as 12,13,14, ZZZ: Serial no such as 001,002…
Give the number to Department/ Section based FMEA in the format of FMEA/XXX/YY/ZZZ
Where XXX: Department code or equipment Code. in case of equipment / instrument/

utility. Year such as 12, 13,14, ZZZ: Serial no such as 001,002….. department codes are the
following :
Sr. No. Department Code Department
1 QAD Quality Assurance
2 QCD Quality Control
3 COM Compression
4 GRN Granulation
5 WHD Warehouse
6 MND Engineering
7 ITD Information Technology
8 PAD Personnel and Administration
9 CAP Capsule
10 PAC Packing
11 COT Coating
12 EHS Environmental, Health and Safety
Requirements (Quality Risk Management):
Occurrence based events including (but not limited to): OOS, product quality complaints,
unplanned deviations, etc., as well as system-based events like change controls, planned
deviations, etc., shall be submitted to the quality unit for Quality Risk Management process
initiation.
Any deviation from the written procedures or processes shall be recorded, justi ed and, if
warranted, identi ed as an event and investigated, then assessed or reexamined in
accordance with the quality risk management process.
Processes using Quality Risk Management methodologies should be dynamic, iterative and
responsive to change.
Enable the capability for continual improvement in the Quality Risk Management process.
Do not reduce an acceptable level of risk to a simple constant value:
This is due to the wide range of possible risk acceptance levels that a variety of real-world
circumstances will present.
How the values were determined shall be documented since they will depend on parameters
used by the Quality Risk Management team leader / CFT on a case-by-case basis.
Control measures/CAPA shall be considered for risk control/mitigation and shall be

implemented in accordance with SOP corrective and preventive action. Such actions shall be
prioritized to control/mitigate the risk or reduce it to an acceptable level.
8.0 ANNEXURES:
Schematic Representation of the Quality Risk Management Process (Annexure 1).
Risk Assessment Form – Qualitative Risk Assessment “Example Template” (Annexure 3)
Risk Assessment Form – Quantitative Risk Assessment “Example Template” (Annexure 4)
Examples of Common Risk Management Tools (Annexure 5)
Risk Management Tool Description, Attributes Potential Applications
Diagram Analysis, Simple techniques that are commonly Compilation of

Flowcharts, Check used to gather and organize data, observations, trends or
sheets, Process structure risk management processes other empirical
mapping, Cause/effect and facilitate decision-making. information to support a
diagrams variety of less complex
deviations, complaints,
defaults or other
circumstances.
Risk Ranking and Method to compare and rank risks. Prioritizing operating
Filtering Typically involves evaluation of multiple Areas. Useful for
diverse quantitative and qualitative situations when the
factors for each risk, and weighting risks and underlying
factors and risk score. consequences are
diverse and dif cult to
compare using a single
tool.
Fault-Tree Analysis The method used to identify all root Investigate product
causes of an assumed failure or problem. complaints. Evaluate
Used to evaluate system or subsystem deviations.
failures one at a time, but can combine
multiple causes of failure by identifying
causal chains. Relies heavily on full
process understanding to identify causal
factors.
Hazard Operability The tool assumes that risk events are Assess manufacturing
Analysis caused by deviations from the design and processes, suppliers,
operating intentions. Uses a systematic facilities and equipment
(HAZOP) technique to help identify potential
deviations from normal use or design Commonly used to
intentions. evaluate process safety

hazards.
Hazard Analysis and Identify and implement process controls Better for preventive
that consistently and effectively applications than
Critical Control Point reactive Valuable
prevent hazard conditions from precursor or
(HACCP) occurring complement to the
process
The bottom-up approach that considers
how to prevent hazards from occurring validation Assessment
of the ef cacy of critical
and/or propagating Emphasizes the
control points and the
strength of preventive controls rather
ability to consistently
than the ability to detect.
execute them for any
process
Risk Management Description, Attributes Potential

Tool Applications
Failure Modes Effects Assumes comprehensive understanding Evaluate equipment and

of the process and that CPPs have been
Analysis (FMEA) facilities; analyze a
de ned prior to initiating the assessment.
manufacturing process
The tool ensures that CPPs will be met.
to identify high-risk
Assesses potential failure modes for steps and/or critical
processes, and the probable effect on parameters
outcomes and/or product performance
Note: A quantitative
Once failure modes are known, risk
reduction actions can be applied to the version of FMEA is
known as Failure
eliminate, reduce or control potential Modes, Effects, and
failures Highly dependent upon a strong Criticality Analysis
understanding of the product, process
and/or (FMECA).
the facility under evaluation Output is a

relative “risk score” for each failure
mode.
Risk Assessment Register (Annexure 6)
Sr. Product FMEA No. Department Done by Reviewed Remarks
No. by
TAGS: RISK ASSESSMENT, RISK EVALUATION, RPN CALCULATION, SOP FOR RISK MANAGEMENT
Pharmabeginers
Janki Singh is experienced in Pharmaceuticals, author and founder of Pharma
Beginners, an ultimate pharmaceutical blogging platform. Email:
pharmabeginers@gmail.com
 THIS POST HAS 7 COMMENTS
Pingback: Self Inspection Checklist & Internal Audit Formats - Guidelines - SOPs
Pingback: Out of Speci cation Result in Microbiology - Guideline - Pharma Beginners
Pingback: Validation Master Plan (VMP) Preparation Guideline - Pharma Beginners
Pingback: New Product Introduction - SOP and Risk Evaluation - Pharma Beginners
Pingback: SOP for Incident / Deviation Management - Pharma Beginners
Pingback: Environmental Monitoring Guide - Non Sterile Facility - Pharma Beginners
Pingback: Cross Contamination, Mix-Ups & Microbial Contamination - SOP in Pharma

Pharmabeginers Com Quality Risk Management

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pharmabeginers Com Quality Risk Management

Uploaded by

Copyright:

Available Formats

Blog

SOP for Quality Risk Management

SOP for Quality Risk Management

This Standard Operating Procedure (SOP)

The Quality Risk Management process shall

Visit to copy this SOP

4.0 RESPONSIBILITY – RISK MANAGEMENT:

Manufacturing head/designee shall be responsible to demonstrate a commitment

Ensuring adequate resources for execution.

Manufacturing head/designee shall be responsible to ensure the following

To facilitate continuous improvement in manufacturing resulting from knowledge

Quality head/designee shall be responsible for

Quality Risk Management cross-functional team (CFT) leader or relevant

Serve as: The initiator of QRM change control activities.

Oversee that all documentation related to speci c product/process Quality

Completed per established schedule.

Securely maintained in the quality risk management record.

File in accordance with site document control procedures.

Traceable at the time of inspection.

Assure Quality Risk Management documentation is satisfactory and approved by QA prior to

5.0 ABBREVIATIONS USED IN SOP FOR RISK MANAGEMENT:

A/E: Adverse Event

APR: Annual Product Review

CAPA: Corrective and Preventive Action

CQ: Corporate Quality

FMECA: Failure Mode Effects and Criticality Analysis

HACCP: Hazard Analysis and Critical Control Points

PQR: Product Quality Review

QRM: Quality Risk Management

SME: Subject Matter Expert

6.0 DEFINITION- Quality Risk Management:

A/E Adverse Event:

Any unfavorable or unintended sign, symptoms or disease, or laboratory or physiological

Annual Product Review:

Corrective Action/Preventive Action:

Action is taken to eliminate the causes of an existing nonconformity, defect or other

Action is taken to eliminate the cause of a potential nonconformity, defect or other

Contract Manufacturing Organization (CMO)/In-License Third-Party

Hazardous Situation: Circumstance where people, property, or the environment potentially

Out-of-Speci cation (OOS) Results:

Risk Acceptance: The decision to accept the risk.

A systematic process of organizing information to support a risk decision to be made within

Risk Control: Actions of implementing risk management decisions.

Risk Identi cation:

Risk review: Review or monitoring of output/results of the risk management process

7.0 PROCEDURE FOR QUALITY RISK MANAGEMENT:

Perform Risk Management by using a systematic process, designed to coordinate, facilitate

Risk assessment (identi cation / analysis /evaluation).

Note: Since risk management is an iterative process, it should be repeated if new

Initiating and planning the Quality Risk Management process:

Include pertinent assumptions identifying the potential for risk.

Validation documents, as applicable

Pilot plant data

Development Protocols and Reports

Product speci cations/packaging speci cations

Change control documents

Investigation report commitments

Regulatory inspection ndings / commitments

Related subject SOPs

Annual / Product Quality Reviews (APR/PQR)

Rework or reprocess documentation

Product-speci c equipment or tools used in manufacturing

License documents, license applications or equivalent documents.