Quality Risk Management

Tony Gould

Introduction

Risk management is not new we do it informally all the time Military Standard 1629 dated 1974 regarding formal risk management Risk management has been used in the medical device, telecommunications, aerospace and car industries for many years

2 |

PQ Workshop, Abu Dhabi | October 2010

Introduction

Risk management has also been part of the pharma industry for many years:
GMP requirements are designed to address risk. For example, the specific GMP requirements for sterile products are designed to mitigate the risk of sterility failure In some cases, GMP specifies a risk based approach. For example, "a risk assessment approach should be used to determine the scope and extent of validation required" (WHO Annex 4, 5.2.10) Specifications in pharmacopoeial monographs include tests for known potential contaminants

3 |

PQ Workshop, Abu Dhabi | October 2010

Introduction

Greater use of risk management tools in the future We must accept this and prepare From a GMP point of view, we are only concerned with risks associated with quality, safety and efficacy quality risk management Organisations use risk approaches in other areas, e.g. to ensure resources are utilised in the most effective way. Also applicable to inspectorates

4 |

PQ Workshop, Abu Dhabi | October 2010

GMP requirement

A system for quality risk management should be included in the quality assurance system Quality risk management is a systematic process for the assessment, control, communication and review of risks to the quality of the medicinal product. It can be applied both proactively and retrospectively. The quality risk management system should ensure that:
the evaluation of the risk to quality is based on scientific knowledge, experience with the process and ultimately links to the protection of the patient; and the level of effort, formality and documentation of the quality isk management process is commensurate with the level of risk.
1.2 1.5

5 |

PQ Workshop, Abu Dhabi | October 2010

QRM - the dangers

There is a desired outcome and risk management is used to justify it Invalid assumptions suit the desired outcome Cost reduction (increased profits) is often the real reason that many risk assessments are done
Cost reduction may be a secondary outcome

Variable tolerance of risk

6 |

PQ Workshop, Abu Dhabi | October 2010

QRM from an inspectors point of view

Be prepared so that the process is understood Have sufficient knowledge to understand what has been done and challenge assumptions, omissions etc Be clear about when QRM is not appropriate Be flexible and accept the outcome of a scientifically sound QRM exercise If done properly there should be increased assurance of quality (and possibly cost savings)
PQ Workshop, Abu Dhabi | October 2010

7 |

What is QRM

"Quality Risk Management is a systematic process for the assessment, control, communication and review of risks to the quality of the medicinal product across the product lifecycle." (ICH Q9)

8 |

PQ Workshop, Abu Dhabi | October 2010

Typical QRM process

Initiate Quality Risk Management Process

Risk Assessment
Risk Identification

Risk Analysis

Risk Evaluation
unacceptable

Risk Control Risk Reduction

Risk Acceptance

Output / Result of the Quality Risk Management Process Risk Review Review Events

What might go wrong or has gone wrong? What is likelihood or probability? What are the consequences (severity)? What is the level of risk? Any mitigating factors?

R isk Ma nage m ent t ools

9 |

Ri s k Co m mun ic at ion

PQ Workshop, Abu Dhabi | October 2010

Risk assessment

"A systematic process of organizing information to support a risk decision to be made within a risk management process. It consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards." (ICH Q9)

10 |

PQ Workshop, Abu Dhabi | October 2010

Risk assessment terms

Risk identification
Use of information to identify hazards or potential risks Historical data, theoretical analysis, informed opinions

Risk analysis
Estimation of risk associated with identified hazards Qualitative or quantitative Links probability and severity In some tools, includes detectability

11 |

PQ Workshop, Abu Dhabi | October 2010

Risk analysis - probability

A simple qualitative tool:

P Probability of Occurrence
High
Medium Low Remote

Likely to occur
May occur Unlikely to occur Very unlikely to occur

12 |

PQ Workshop, Abu Dhabi | October 2010

Risk analysis - severity

A simple qualitative tool:

S severity level if event occurs
Critical Moderate Serious GMP non-compliance Patient injury possible Significant GMP non-compliance Impact on patient possible

Minor

Minor GMP non-compliance No patient impact

13 |

PQ Workshop, Abu Dhabi | October 2010

Risk assessment terms

Risk evaluation
Compares identified and analysed risk against criteria Considers probability, severity and detectability Output can be qualitative (high, medium or low) Output can be quantitative (probability x severity x detectability) Quantitative provides a relative ranking prioritises risk

14 |

PQ Workshop, Abu Dhabi | October 2010

Risk evaluation

A simple risk table with risk acceptability criteria: Risk = P x S

Severity Probability High Medium Low Remote Minor
Unacceptable risk Acceptable risk Acceptable risk Acceptable risk

Moderate
Intolerable risk Unacceptable risk Acceptable risk Acceptable risk

Critical
Intolerable risk Intolerable risk Unacceptable risk Acceptable risk

15 |

PQ Workshop, Abu Dhabi | October 2010

Risk evaluation

Modify evaluated risk according to existing detection controls Detectability:

High the control is likely to detect the negative event or its effects Medium the control may detect the negative event or its effects Low the control is not likely to detect the negative event or its effects Zero no detection control in place

16 |

PQ Workshop, Abu Dhabi | October 2010

Risk evaluation

Risk definitions:
Intolerable work to eliminate the negative event or introduce detection controls is required as a priority Unacceptable work to reduce the risk or control the risk to an acceptable level is required Acceptable the risk is acceptable and no risk reduction or detection controls are required

17 |

PQ Workshop, Abu Dhabi | October 2010

Risk control

"Actions implementing risk management decisions" (ICH Q9)

Includes risk reduction (if applicable) and risk acceptance

18 |

PQ Workshop, Abu Dhabi | October 2010

Risk control terms

Risk reduction
Actions taken to lessen the probability of occurrence of harm and the severity of that harm Typically CAPA and change control

Risk acceptance
The decision to accept risk If risk reduction action taken, follows re-analysis and evaluation

19 |

PQ Workshop, Abu Dhabi | October 2010

Risk Review

"Review or monitoring of output/results of the risk management process considering (if appropriate) new knowledge and experience about the risk." (ICH Q9)
Ensures nothing has changed to affect the QRM assumptions, output and conclusions Consider during product review

20 |

PQ Workshop, Abu Dhabi | October 2010

QRM tools some of them!

Basic risk management facilitation methods (flowcharts, check sheets etc.); Failure Mode Effects Analysis (FMEA); Failure Mode, Effects and Criticality Analysis (FMECA); Fault Tree Analysis (FTA); Hazard Analysis and Critical Control Points (HACCP); Hazard Operability Analysis (HAZOP); Preliminary Hazard Analysis (PHA); Risk ranking and filtering; Supporting statistical tools.

21 |

PQ Workshop, Abu Dhabi | October 2010

Potential applications

Quality Management (e.g. self-inspection, training, complaints, deviations, change control) Development (ICH Q8) Facilities, Equipment and Utilities (e.g. design, qualification, hygiene, calibration, computers) Materials Management (e.g. supplier assessment, storage) Production (e.g. validation, in-process sampling and testing) Laboratory Control and Stability Studies (e.g. OOS, retest periods, validation) Packaging and Labelling (e.g. package design, label control)

22 |

PQ Workshop, Abu Dhabi | October 2010