Professional Documents
Culture Documents
Quality Risk Management - P1 General
Quality Risk Management - P1 General
02/02/2021
QUALITY RISK MANAGEMENT
Part 1: General principle
02/02/2021
1. Objectives
2. Target group
3. Regulatory background
4. Methodology
1. Objectives 3
02/02/2021
Understanding the principle of Quality Risk Management
2. Target groups 4
02/02/2021
Technical Department
Regulatory Affairs Department
3. Regulatory background 5
02/02/2021
3. Regulatory background 6
02/02/2021
EudraLex – Volume 4 – Chapter 1
To achieve this quality objective reliably there must be a comprehensively designed
and correctly implemented Pharmaceutical Quality System incorporating Good
Manufacturing Practice and Quality Risk Management
ICH Q9
Principles and examples of tools for quality risk management
7
02/02/2021
4. METHODOLOGY
Definition 8
02/02/2021
Risk = severity x probability (x detectability)
22/05/2021
Fundamental risk concepts 10
22/05/2021
Stakeholders 11
02/02/2021
Patient safety
Regulatory conformity
Staff safety
Business
Benefits 12
Risks
managed
02/02/2021
from early
in the
lifecycle
Increased
compliance
QRM
Fewer Higher
surprises efficiency
Knowledge
management
QRM should never be used to deviate from regulations, justify bad practices, defend practices
that need to be corrected, or as a substitute for sound science.
Lợi ích 13
02/02/2021
Tiền cứu
Earlier risk
Identification
More effective
management
Hồi cứu
Not all risks can be
identified prospectively
Principle 14
02/02/2021
We can’t totally avoid risks
Principle 15
02/02/2021
The evaluation of the risk to quality should be based on scientific knowledge and
ultimately link to the protection of the patient
The level of effort, formality and documentation of the quality risk management
process should be commensurate with the level of risk.
Principle 16
02/02/2021
Effort
Cost
Time
Labor
Formality
Technical/Scientific Rationale
Simple risk assessment (Risk ranking, checklist, decision tree...)
Detailed risk assessment (FMEA, HACCP, PHA…)
Documentation
Stand-alone report, or linked to other controlled GMP documents
May integrate into existing controlled GMP documents
General process 17
02/02/2021
Initiate QMS Process 18
02/02/2021
Planning activities should include (depending on formality of assessment):
Clearly describing the specific problem/ risk question
Identify a risk management team and resources required
Determine the best approach and/or tool to use to complete the risk assessment
Determine how the QRM activities will be documented
Collecting background information and available data
Specify a timeline, deliverables and appropriate level of decision making
Defining a reporting and communication plan
Initiate QMS Process 19
02/02/2021
Examples of risk question:
How often should a manufacturing site be audited to assure GMP compliance?
What root causes of non-conformances should we prioritize for remediation?
What are the potential risks associated with changing the frequency of weighing device
performance verification testing from the current schedule (e.g. daily) to an alternate,
longer period
Risk Assessment 20
02/02/2021
Three fundamental questions:
1. What might go wrong?
2. What is the likelihood (probability) it will go wrong?
3. What are the consequences (severity)?
02/02/2021
Identify:
Hazards and the possible consequences
Failure modes and the possible effect What might go
wrong?
….
Based on:
historical data,
theoretical analysis,
technical analysis,
advice from technical experts,
concerns of stakeholders
Risk Identification 22
02/02/2021
Possible tools:
process mapping
fault tree analysis
and fishbone analysis.
5M 1E rule:
Environment
Machine
Materials
Man
Fault Tree Analysis (FTA)
Methods
Measurements
Risk Analysis What is the likelihood (probability) it 23
will go wrong?
What are the consequences (severity)?
02/02/2021
Risk = severity x probability (x detectability)
02/02/2021
Risk Evaluation 25
02/02/2021
Output of a risk assessment:
Quantitative: numerical probability (RPN, risk score…)
Qualitative: qualitative descriptors (high, medium, low)
Compare the identified and analyzed risk against given risk criteria
Risk Evaluation 26
02/02/2021
The quality of the outputs of a risk assessment exercise usually depend on:
the robustness of the data
the assumptions
sources of uncertainty related to the exercise, such as gaps in the level of knowledge
about the sources of harm and in product and process understanding.
Risk Control 27
02/02/2021
Risk control might focus on the following questions:
Is the risk above an acceptable level?
What can be done to reduce or eliminate risks?
What is the appropriate balance among benefits, risks and resources?
Are new risks introduced as a result of the identified risks being controlled?
The amount of effort used for risk control should be proportional to the
significance of the risk:
Risk Control 28
02/02/2021
Benefit-cost analysis:
Involves weighing total expected costs against total expected benefit in order to choose
the most profitable option.
Risk Reduction 29
02/02/2021
Risk = severity x probability (x detectability)
Strategies:
First focus on reducing harm to reduce harm
Reducing the probability of occurrence by adding preventive controls (focusing on
causes)
increasing the detectability of hazard(s) by adding detection controls (focusing on
controls)
Prevention vs Detection
Risk Reduction 30
02/02/2021
Output are CAPA plans
Verify whether the new controls are (or will be) effective
Ensure proposed risk controls have been examined for new risks
Risk Acceptance 31
02/02/2021
Risk acceptance is a formal process in which decision makers review the risks
associated with a specific activity and determine whether the risks are acceptable or
need to be reduced further.
Review both residual risks and new risks resulted from the implementation of a
reduction strategy.
It is widely acknowledged that risk is rarely completely eliminated.
Risk acceptance levels are determined by an organization's policy on QRM, and
may be influenced by many factors (e.g., societal, regulatory, scientific) typically
unique to the organization and situation.
Risk acceptance decisions affecting patient safety and product quality must be made
by appropriate decision makers and associated justification must be documented.
Risk Review 32
02/02/2021
Risk management should be an ongoing part of the quality management process
Triggers for initiating a risk review:
Frequency as defined
Deviations, non-conformities, complaints, observations,…
Change control
New knowledge or experience
Regulation change
…..
The frequency of any review should be based upon the level of risk.
Risk review might include reconsideration of risk acceptance decisions.
Risk Communication 33
02/02/2021
Risk communication is the sharing of information about risk and risk management
between the decision makers and others.
“Others” may be departments, senior management, personnel, authority, suppliers,
equipment manufacturers, patients…
Parties can communicate at any stage of the risk management process
Communicating Information:
Initiating risk assessment: scope, team, roles, responsibility, planning….
Risk Identification, Analysis, Evaluation, Reduction, Acceptance
The output/result of the quality risk management process should be appropriately
communicated and documented
Basic risk management facilitation 34
methods
02/02/2021
Flowcharts;
Check Sheets;
Process Mapping;
Cause and Effect Diagrams (also called an Ishikawa diagram or fish bone
diagram)
Risk Assessment tools 35
02/02/2021
Basic risk management facilitation methods (flowcharts, check sheets etc.)
Failure Mode Effects Analysis (FMEA)
Failure Mode, Effects and Criticality Analysis (FMECA)
Fault Tree Analysis (FTA)
Hazard Analysis and Critical Control Points (HACCP)
Hazard Operability Analysis (HAZOP);
Preliminary Hazard Analysis (PHA);
Risk ranking and filtering;
Supporting statistical tools.
Maturity Model 36
02/02/2021
Realization of QRM is an evolutionary process. It requires a paradigm shift in
mindset, behaviors and in the way people work.
The earlier risks are identified, the more effective their management can be.
Reference 37
02/02/2021
Quality Risk Management – Q9, International Conference on Harmonisation of Technical
Requirements for Registration of Pharmaceuticals for Human Use (ICH), www.ich.org.
Pharmaceutical Quality System – Q10, International Conference on Harmonisation of
Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH),
www.ich.org.
Technical Report No. 54: Implementation of Quality Risk Management For Pharmaceutical
and Biotechnology Manufacturing Operations, Parenteral Drug Association(PDA), First
Edition, 2012, www.pda.org.
38
02/02/2021
THANK YOU