qualiy risk management
DESCRIPTION
introduction quality risk managementTRANSCRIPT
Slide 1Introduction
Risk management is not new – we do it informally all the time
Military Standard 1629 dated 1974 regarding formal risk management
Risk management has been used in the medical device, telecommunications, aerospace and car industries for many years
* | PQ Workshop, Abu Dhabi | October 2010
Introduction
Risk management has also been part of the pharma industry for many years:
GMP requirements are designed to address risk. For example, the specific GMP requirements for sterile products are designed to mitigate the risk of sterility failure
In some cases, GMP specifies a risk based approach. For example, "a risk assessment approach should be used to determine the scope and extent of validation required" (WHO Annex 4, 5.2.10)
Specifications in pharmacopoeial monographs include tests for known potential contaminants
* | PQ Workshop, Abu Dhabi | October 2010
Introduction
We must accept this and prepare
From a GMP point of view, we are only concerned with risks associated with quality, safety and efficacy – quality risk management
Organisations use risk approaches in other areas, e.g. to ensure resources are utilised in the most effective way. Also applicable to inspectorates
* | PQ Workshop, Abu Dhabi | October 2010
GMP requirement
A system for quality risk management should be included in the quality assurance system
Quality risk management is a systematic process for the assessment, control, communication and review of risks to the quality of the medicinal product. It can be applied both proactively and retrospectively.
The quality risk management system should ensure that:
the evaluation of the risk to quality is based on scientific knowledge, experience with the process and ultimately links to the protection of the patient; and
the level of effort, formality and documentation of the quality isk management process is commensurate with the level of risk.
1.2 – 1.5
QRM - the dangers
There is a desired outcome and risk management is used to justify it
Invalid assumptions – suit the desired outcome
Cost reduction (increased profits) is often the real reason that many risk assessments are done
Cost reduction may be a secondary outcome
Variable tolerance of risk
QRM – from an inspectors point of view
Be prepared so that the process is understood
Have sufficient knowledge to understand what has been done and challenge assumptions, omissions etc
Be clear about when QRM is not appropriate
Be flexible and accept the outcome of a scientifically sound QRM exercise
If done properly there should be increased assurance of quality (and possibly cost savings)
* | PQ Workshop, Abu Dhabi | October 2010
What is QRM
"Quality Risk Management is a systematic process for the assessment, control, communication and review of risks to the quality of the medicinal product across the product lifecycle." (ICH Q9)
* | PQ Workshop, Abu Dhabi | October 2010
Typical QRM process
What is likelihood or probability?
What are the consequences (severity)?
What is the level of risk? Any mitigating factors?
Risk Review
Risk assessment
"A systematic process of organizing information to support a risk decision to be made within a risk management process. It consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards." (ICH Q9)
* | PQ Workshop, Abu Dhabi | October 2010
Risk assessment terms
Historical data, theoretical analysis, informed opinions
Risk analysis
Qualitative or quantitative
* | PQ Workshop, Abu Dhabi | October 2010
Risk analysis - probability
Risk analysis - severity
Critical
Moderate
Minor
Risk assessment terms
Considers probability, severity and detectability
Output can be qualitative (high, medium or low)
Output can be quantitative (probability x severity x detectability)
Quantitative provides a relative ranking – prioritises risk
* | PQ Workshop, Abu Dhabi | October 2010
Risk evaluation
Risk = P x S
Risk evaluation
Detectability:
High – the control is likely to detect the negative event or its effects
Medium – the control may detect the negative event or its effects
Low – the control is not likely to detect the negative event or its effects
Zero – no detection control in place
* | PQ Workshop, Abu Dhabi | October 2010
Risk evaluation
Risk definitions:
Intolerable – work to eliminate the negative event or introduce detection controls is required as a priority
Unacceptable – work to reduce the risk or control the risk to an acceptable level is required
Acceptable – the risk is acceptable and no risk reduction or detection controls are required
* | PQ Workshop, Abu Dhabi | October 2010
Risk control
Includes risk reduction (if applicable) and risk acceptance
* | PQ Workshop, Abu Dhabi | October 2010
Risk control terms
Risk reduction
Actions taken to lessen the probability of occurrence of harm and the severity of that harm
Typically CAPA and change control
Risk acceptance
If risk reduction action taken, follows re-analysis and evaluation
* | PQ Workshop, Abu Dhabi | October 2010
Risk Review
"Review or monitoring of output/results of the risk management process considering (if appropriate) new knowledge and experience about the risk." (ICH Q9)
Ensures nothing has changed to affect the QRM assumptions, output and conclusions
Consider during product review
QRM tools – some of them!
Basic risk management facilitation methods (flowcharts, check sheets etc.);
Failure Mode Effects Analysis (FMEA);
Failure Mode, Effects and Criticality Analysis (FMECA);
Fault Tree Analysis (FTA);
Hazard Operability Analysis (HAZOP);
Preliminary Hazard Analysis (PHA);
Risk ranking and filtering;
Potential applications
Development (ICH Q8)
Materials Management (e.g. supplier assessment, storage)
Production (e.g. validation, in-process sampling and testing)
Laboratory Control and Stability Studies (e.g. OOS, retest periods, validation)
Packaging and Labelling (e.g. package design, label control)
Risk management is not new – we do it informally all the time
Military Standard 1629 dated 1974 regarding formal risk management
Risk management has been used in the medical device, telecommunications, aerospace and car industries for many years
* | PQ Workshop, Abu Dhabi | October 2010
Introduction
Risk management has also been part of the pharma industry for many years:
GMP requirements are designed to address risk. For example, the specific GMP requirements for sterile products are designed to mitigate the risk of sterility failure
In some cases, GMP specifies a risk based approach. For example, "a risk assessment approach should be used to determine the scope and extent of validation required" (WHO Annex 4, 5.2.10)
Specifications in pharmacopoeial monographs include tests for known potential contaminants
* | PQ Workshop, Abu Dhabi | October 2010
Introduction
We must accept this and prepare
From a GMP point of view, we are only concerned with risks associated with quality, safety and efficacy – quality risk management
Organisations use risk approaches in other areas, e.g. to ensure resources are utilised in the most effective way. Also applicable to inspectorates
* | PQ Workshop, Abu Dhabi | October 2010
GMP requirement
A system for quality risk management should be included in the quality assurance system
Quality risk management is a systematic process for the assessment, control, communication and review of risks to the quality of the medicinal product. It can be applied both proactively and retrospectively.
The quality risk management system should ensure that:
the evaluation of the risk to quality is based on scientific knowledge, experience with the process and ultimately links to the protection of the patient; and
the level of effort, formality and documentation of the quality isk management process is commensurate with the level of risk.
1.2 – 1.5
QRM - the dangers
There is a desired outcome and risk management is used to justify it
Invalid assumptions – suit the desired outcome
Cost reduction (increased profits) is often the real reason that many risk assessments are done
Cost reduction may be a secondary outcome
Variable tolerance of risk
QRM – from an inspectors point of view
Be prepared so that the process is understood
Have sufficient knowledge to understand what has been done and challenge assumptions, omissions etc
Be clear about when QRM is not appropriate
Be flexible and accept the outcome of a scientifically sound QRM exercise
If done properly there should be increased assurance of quality (and possibly cost savings)
* | PQ Workshop, Abu Dhabi | October 2010
What is QRM
"Quality Risk Management is a systematic process for the assessment, control, communication and review of risks to the quality of the medicinal product across the product lifecycle." (ICH Q9)
* | PQ Workshop, Abu Dhabi | October 2010
Typical QRM process
What is likelihood or probability?
What are the consequences (severity)?
What is the level of risk? Any mitigating factors?
Risk Review
Risk assessment
"A systematic process of organizing information to support a risk decision to be made within a risk management process. It consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards." (ICH Q9)
* | PQ Workshop, Abu Dhabi | October 2010
Risk assessment terms
Historical data, theoretical analysis, informed opinions
Risk analysis
Qualitative or quantitative
* | PQ Workshop, Abu Dhabi | October 2010
Risk analysis - probability
Risk analysis - severity
Critical
Moderate
Minor
Risk assessment terms
Considers probability, severity and detectability
Output can be qualitative (high, medium or low)
Output can be quantitative (probability x severity x detectability)
Quantitative provides a relative ranking – prioritises risk
* | PQ Workshop, Abu Dhabi | October 2010
Risk evaluation
Risk = P x S
Risk evaluation
Detectability:
High – the control is likely to detect the negative event or its effects
Medium – the control may detect the negative event or its effects
Low – the control is not likely to detect the negative event or its effects
Zero – no detection control in place
* | PQ Workshop, Abu Dhabi | October 2010
Risk evaluation
Risk definitions:
Intolerable – work to eliminate the negative event or introduce detection controls is required as a priority
Unacceptable – work to reduce the risk or control the risk to an acceptable level is required
Acceptable – the risk is acceptable and no risk reduction or detection controls are required
* | PQ Workshop, Abu Dhabi | October 2010
Risk control
Includes risk reduction (if applicable) and risk acceptance
* | PQ Workshop, Abu Dhabi | October 2010
Risk control terms
Risk reduction
Actions taken to lessen the probability of occurrence of harm and the severity of that harm
Typically CAPA and change control
Risk acceptance
If risk reduction action taken, follows re-analysis and evaluation
* | PQ Workshop, Abu Dhabi | October 2010
Risk Review
"Review or monitoring of output/results of the risk management process considering (if appropriate) new knowledge and experience about the risk." (ICH Q9)
Ensures nothing has changed to affect the QRM assumptions, output and conclusions
Consider during product review
QRM tools – some of them!
Basic risk management facilitation methods (flowcharts, check sheets etc.);
Failure Mode Effects Analysis (FMEA);
Failure Mode, Effects and Criticality Analysis (FMECA);
Fault Tree Analysis (FTA);
Hazard Operability Analysis (HAZOP);
Preliminary Hazard Analysis (PHA);
Risk ranking and filtering;
Potential applications
Development (ICH Q8)
Materials Management (e.g. supplier assessment, storage)
Production (e.g. validation, in-process sampling and testing)
Laboratory Control and Stability Studies (e.g. OOS, retest periods, validation)
Packaging and Labelling (e.g. package design, label control)