Transcript Risk Assessments – A Risk Based Approach Benchmark Your

Risk Assessments – A Risk Based Approach
Benchmark Your Company’s Success in
Implementing QRM
Presented by: Karen Ginsbury
For IFF, Denmark
October 2013
Six Quick Questions
• Do you have a risk management master plan and is it
updated annually?
• Who is responsible for risk management in your
company?
• Are risk management / assessment and outcomes part
of the annual training program?
• Do you have a risk register? Who updates it?
• Are risk assessment / mitigation measures formally
reviewed for effectiveness and ongoing
implementation?
• Are RM and outcomes part of management review?
Does an Inspector have the authority
to ask about risk management?
• YES
• Where is that authority found in the GMPs?
• The authority for inspecting the quality risk
management program comes from Part1
chapter 1 of the EU GMPs which require the
use of QRM as in Part 2 there is also a
requirement for API / Active substance / drug
substance manufacturers to use QRM
Left side
• What should be
addressed in your
Quality risk
management policy
Right side
• Start preparing a
checklist of items which
need to be addressed in
your QRM Master Plan
• YOU can do it by
product / process or
quality system activity
Quality Risk Management Policy
• Who is to approve the policy: QA Manager (VP QA) –
CEO (noone else at present)
• The CEO needs to provide resources and should be
amenable to allowing the company a certain level of
residual risk and should NOT be willing to allow the
company to function at any HIGHER level of risk than
that agreed upon under the policy
• Who needs to UNDERSTAND this policy and therefore
we will need to communicate the policy to them? All
VPs, probably managers, supervisors and a little bit to
workers / employees
Quality Risk Management Policy
• Which tools to be used
• What scale of measurement to be used for the
risk assessment
• Who is responsible for performing risk
assessment, for documentation,
communication and follow up
• Who is responsible for compiling a master
plan and triaging / prioritizing the risk
assessments that need to be done?
What is Risk Management?
• Ask – “what could go wrong”
• Think about “what would be the reason” or
“how could it go wrong” – the mechanism of
failure
• In order to do this we must brainstorm
• How bad is it if this risk happens (severity)
What is Risk Management?
• How likely is this event to happen
(occurrence) - have we encountered this
event and if yes – often, sometimes, never
• If the event occurs are we likely to detect it or
will it happen and we won’t know about it and
the product will be damaged and the patient
will be harmed (maybe)
• That gives us a Risk Prioritization Number
What is Risk Management?
• And then we have to decide do we accept this level of risk or not
(Y/N)
• If yes – document that and no further action needed except risk
communication
• unless some new event occurs or a change takes place in which
case we need to reassess
• If no – risk mitigation / reduction measures
• Do a new RPN number and then do we accept this new level of risk
Y/N
• If yes Communicate – add to RISK REGISTER for formal follow up
• If no – redesign the process
• FOLLOW up on implementation / continued implementation of the
risk mitigation measures and revise risk assessment based on
events – periodic review
Gowning is a risk mitigation measure
• The idea is to contain contaminants from the
person – thus protecting the product and the
patient from contamination
BUT
• If we are working with hazardous materials what
is the purpose of gowning?
To reduce the risk of the person (operator)
becoming contaminated.
• Therefore – the SAME gown and gowning
procedure may participate in TWO different risk
assessments and serve TWO different purposes.
Existing Controls or added reduction
measures (controls) are CCPs
• A CCP – is a Critical Control Point – which means
it is a measure designed specially to reduce an
identified risk (something that is fairly likely to
happen if the control fails) and it needs to be
monitored i.e. we need to check periodically that
it is still working or being implemented as
intended and new personnel are routinely told
about its importance, QA check to make sure
people are still gowning properly etc.
Formulating a precise risk question for
the assessment is critical
• For a contract acceptor (contractor they do the
outsourced work) the question is:
What are the risks associated with this work
which may adversely impact OTHER work already
being performed in my facility
• For the contract giver (the owner / sponsor of the
product) the question is:
What are the risks posed to MY PRODUCT by
OTHER products currently manufactured (or that
might be introduced in the future) in that
outsourced facility
Once you have prioritized the risk and
accepted it
• Put it in the risk register for follow up and
monitoring of effectiveness of the control
What is better
• Should we reduce the likelihood that an event
will occur
• Or should we increase the likelihood of detection
(after the event has occurred)
• Or should we reduce the severity of the effect if
the event actually happens
• IT WILL ALWAYS BE MORE COST EFFECTIVE, SAFER
AND BETTER FOR YOUR COMPANY AND FOR THE
PATIENT IF YOU ELIMINATE THE HAZARD (REDUCE
THE LIKELIHOOD THAT THE EVENT WILL OCCUR)
Or should we reduce the severity of
the effect if the event actually happens
• Usually we cannot impact in any way the severity of a risk –
it is what it is
• When looking for risk reduction measures we want to focus
on reducing the likelihood of an event happening at all.
• After we have exhausted possibilities for reducing the
likelihood of occurrence (OCC) then we may have to think
about ways of increasing the likelihood of detection (DET)
that the event has occurred – but this is always less reliable
than preventing or reducing the likelihood of the event
occurring
Topics for risk assessment
• CPV –continued process verification (PQR)
• Batch release
• Audit scheduling
QRM Master Plan use a list of
products, departments, processes
•
•
Scope – what needs to be assessed
LIST
– Facilities, equipment utilities
– Development
– Materials management / supply chain
– Production
–
–
–
–
–
–
–
–
–
–
•
Laboratory controls
Packaging labelling
RA of the quality system – what could go wrong
Regulatory operations
Stability
Audit scheduling
Batch release
Process validation and CPV specifically
Transportation
distribution
Frequency of review of risk assessments
How do we master plan methodically
• Take a list of all products currently manufactured and any in
development
• Take a list of all product types / processes / unit operations
• Prioritize unit operations / products based on perceived risk
e.g. aseptic processing will always be highest risk so master
plan starts with aseptically manufactured product and then
moves on to terminally sterilized
• Direct compression is a more straightforward process and so
start with products which need granulation
• Can also use volume of production – so focus on high
volume because more batches and people affected – BUT
don’t forget the inherent risks associated with small volume
less well understood processes – use CAPA events to help
identify likelihood of occurrence
PIC/s aide memoire – QRM policy
needs to show that
• Senior management is committed to QRM –
will provide resources
• Commitment can be shown in the policy by
APPOINTING / designating an individual as
responsible for the QRM program within the
company
Is QRM a waste of time
• NO – it should have very distinct benefits and
should result in getting things done right the first
time and high quality product meeting ALL
defined requirements time after time
• BUT it can also become a time-wasting, valueless
activity if done just for the sake of the regulator
or
• If done to justify bad behavior e.g. rejected batch
– risk assessment shows its just fine and needs to
be sold
Who approves a RA
• Relevant department personnel – people who
participated, supervisors / managers – you
decide and put in an SOP
• Always approved by VP Quality
Risk Management Policy
• How do you prioritize RISK ASSESSMENTS –
make a Risk Management Master Plan
Process Maps
• Allow systematic review so that we identify
unit operations
• Then drill down systematically to identify
“what can go wrong” using the batch
manufacturing instructions”
Identifying inputs and outputs
(Risk Assessment for control strategy)
• How can we reduce risk by controlling critical
process parameters so that we are certain of
achieving critical quality attributes
Product development CCPs
• Identifying and assigning risk criteria to Critical
Quality Attributes (CQA)
• Sampling/ Test / Data Collection plan for:
– Technology Transfer
– Process validation (PPQ)
Preliminary Hazard Analysis
PHA for:
• clinical trial material
• product control strategy
HACCP
• Hazard Analysis at Critical Control Points
• A tool for microbiological risk assessment
Safeguards
• Does your risk assessment tool, have
safeguards to prevent making unjustified
assumptions?
• Minimizing bias?
Communication
• Formal methods?
• Is QRM integrated into your annual training
program?
CAPA and Continual Improvement
• Monitoring the effectiveness of your QRM
program
– Do you discuss risks at management review
meetings?
– KPIs for risk?
Thank You for Your Attention