Your SlideShare is downloading. ×
Quality risk management : Basic Content
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Quality risk management : Basic Content


Published on

Presentation complied by Drug Regulations – a not for profit organization from publicly available material form FDA , EMA, EDQM . WHO and similar organizations. …

Presentation complied by Drug Regulations – a not for profit organization from publicly available material form FDA , EMA, EDQM . WHO and similar organizations.
Visit for the latest in Pharmaceutic

1 Comment
  • Could you send me the PPT?
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Presentation complied by Drug Regulations– a not for profit organization from publicly available material form FDA , EMA, EDQM . WHO and similar organizations.Visit for the latest in Pharmaceuticals 1
  • 2. 1. Introduction2. Scope3. Principles of Quality Risk Management4. General Quality Risk Management Process5. Risk Management Methodology Annex I: Risk Management Methods and Tools6. Integration of QRM process into Industry and Regulatory operations Annex II: Potential Applications for QRM7. Definitions8. References 2
  • 3. Risk ManagementQuality Risk Management Quality Systems Harm Severity Stakeholder Product Life Cycle GMP Compliance 3
  • 4. This guideline provides principles & examples of tools of quality risk management that can be applied to different aspects of pharmaceutical quality.These aspects include development, manufacturing, distribution, and the inspection andsubmission/review processes throughout the lifecycle of drug substances, drug (medicinal) products, biological and biotechnological products ICH Q9 4
  • 5.  Drug substances, Drug (medicinal) products, Biological and biotechnological products Including the selection and use of ◦ Raw materials ◦ Solvents ◦ Excipients ◦ Packaging and labelling materials ◦ Components 5
  • 6. Two primary principles:The evaluation of The level of effort,the risk to quality formality andshould be based on documentationscientific knowledge of the quality riskand ultimately link management processto the protection should beof the patient commensurate with the level of risk ICH Q9 6
  • 7. Systematic processes designed tocoordinate, facilitate and improve science-based decision making with respect to risk to quality ICH Q9 7
  • 8. Initiate Quality Risk Management Process Risk Assessment Risk Identification Risk Analysis Risk Evaluation unacceptable Risk Management tools Risk Communication Risk Control Risk Reduction Risk Acceptance Team Output / Result of theapproach Quality Risk Management Process Risk Review Review Events ICH Q9 8
  • 9. Decision makers: Person(s) with competence and authority to make a decision  Ensuring that ongoing Quality Risk Management processes operate Coordinating Management responsibility  quality risk management process across various functions and departments  Supporting the team approachICH Q9 9
  • 10. Team approach Usually, but not always, undertaken by interdisciplinary teams from areas appropriate to the risk being considered e.g. ◦ Quality unit ◦ Development ◦ Engineering / Statistics ◦ Regulatory affairs ◦ Production operations ◦ Business, Sales and Marketing ◦ Legal ◦ Medical / Clinical ◦ &… Individuals knowledgeable of the QRM processes 10
  • 11. When to initiate and plan a QRM Process First define the question which should be answered (e.g. a problem and/or risk question) ◦ including pertinent assumptions identifying the potential for risk Then assemble background information and/ or data on the potential hazard, harm or human health impact relevant to the risk ◦ Identify a leader and necessary resources ◦ Specify a timeline, deliverables and appropriate level of decision making for the QRM process ICH Q9 11
  • 12. Should risks be assessed? 1. What might go wrong? 2. What is the likelihood (probability) Are there clear rules it will go wrong? No or 3. What are the consequences (severity)? for decision making? justification needed e.g. regulations Can you answer the risk assessment questions? No “formal RM“ Yes Agree on a team Yes (small project) “informal RM“ “no RM“Risk assessment not required Initiate Risk assessment Select a Risk Management tool (No flexibility) (risk identification, analysis & evaluation) (if appropriate e.g. see ICH Q9 Annex I) Follow procedures Run risk control Carry out the(e.g. Standard Operating Procedures) (select appropriate measures) quality risk management process Document results, decisions and actions Document the steps 12
  • 13. Risk Assessment 3 fundamental Risk Identification What might go wrong? questions Risk Analysis What is the likelihood (probability) it will go wrong? Risk Evaluation What are the consequences (severity)?Note: People often use terms “Risk analysis”, “Risk assessment” and “Risk management” interchangeably which is incorrect! ICH Q9 13
  • 14. Risk Assessment: Risk Identification“What might go wrong?” A systematic use of information to identify hazards referring to the risk question or problem ◦ historical data ◦ theoretical analysis ◦ informed opinions ◦ concerns of stakeholders ICH Q9 14
  • 15. Risk Assessment: Risk Analysis“What is the likelihood it will go wrong?” The estimation of the risk associated with the identified hazards. A qualitative or quantitative process of linking the likelihood of occurrence and severity of harm Consider detectability if applicable (used in some tools) ICH Q9 15
  • 16. Risk Assessment: Risk AnalysisOften data driven Keep in mind: Statistical approach may or may not be used Maintain a robust data set! Start with the more extensive data set and reduce it Trend and use statistics (e.g. extrapolation) Comparing between different sets requires compatible data Data must be reliable Data must be accessible 16
  • 17. Risk Assessment: Risk Evaluation“What is the risk?” Compare the identified and analysed risk against given risk criteria Consider the strength of evidence for all three of the fundamental questions ◦ What might go wrong? ◦ What is the likelihood (probability) it will go wrong? ◦ What are the consequences (severity)? 17
  • 18. Risk Assessment: Risk Evaluation A picture of the life cycle = Risk Priority Number Probability x Detectability x Severity Can you find it? Data refers to„ Frequencyof Impact“occurences” driven by the number of trials„ Degree of belief past today future time 18
  • 19. Risk Control: Decision-making activity Is the risk above an acceptable level? What can be done to reduce or eliminate risks? What is the appropriate balance between benefits, risks and resources? Are new risks introduced as a result of the identified risks being controlled? ICH Q9 19
  • 20. Risk Control: Residual Risk The residual risk consists of e.g. ◦ Hazards that have been assessed and risks that have been accepted ◦ Hazards which have been identified but the risks have not been correctly assessed ◦ Hazards that have not yet been identified ◦ Hazards which are not yet linked to the patient risk Is the risk reduced to an acceptable level? ◦ Fulfil all legal and internal obligations ◦ Consider current scientific knowledge & techniques 20
  • 21. Risk Control: Risk Reduction Mitigation or avoidance of quality risk Elimination of risks, where appropriate Focus actions on severity and/or probability of harm; don’t forget detectability It might be appropriate to revisit the risk assessment during the life cycle for new risks or increased significance of existing risks ICH Q9 21
  • 22. Risk Control: Risk Acceptance Decision to > Accept the residual risk > Passively accept non specified residual risks May require support by (senior) management > Applies to both industry and competent authorities Will always be made on a case-by-case basis 22
  • 23. Risk Control: Risk Acceptance Discuss the appropriate balance between benefits, risks, and resources Focus on the patients’ interests and good science/data Risk acceptance is not ◦ Inappropriately interpreting data and information ◦ Hiding risks from management / competent authorities 23
  • 24. Risk Control: Risk Acceptance Who has to accept risk? Decision Maker(s) ◦ Person(s) with the competence and authority to make appropriate and timely quality risk management decisions Stakeholder ◦ Any individual, group or organization that can …be affected by a risk ◦ Decision makers might also be stakeholders ◦ The primary stakeholders are the patient, healthcare professional, regulatory authority, and industry ◦ The secondary stakeholders are patient associations, public opinions, politicians (ICH Q9, definition) 24
  • 25. A Risk Risk reduction stepAcceptance process finished1/3 Finish baseline for risk acceptance decision risk identification, risk analysis, risks evaluation, risks reduction Stakeholders No involved as appropiate? Yes Revisit All identified No risk assessment step risks assessed? Yes 25
  • 26. Measures/ actions needed? Yes Evaluate measures on severity, probability, detectability Check needed resources e.g. employee, moneyA RiskAcceptance No Measures / Actions appropriate? No Revisit risk reduction stepprocess2/3 Yes Other hazards Yes caused? No Is a risk reducible? 26
  • 27. A Risk Acceptance process 3/3 Is a risk No reducible? Yes Revisit Accept the Advantage No Yesrisk assessment step residual risk? outweighs risk? Yes No Accept risk Risk not acceptable Sign off documentation Sign off documentation Ready for communication 27
  • 28. Risk Communication Bi-directional sharing of information about risk and risk management between the decision makers and others Communicate at any stage of the QRM process Communicate and document the output/result of the QRM process appropriately Communication need not be carried out for each and every individual risk acceptance Use existing channels as specified in regulations, guidance and SOP’s According to ICH Q9 28
  • 29. Risk Communication Exchange or sharing of information, as appropriate Sometimes formal sometimes informal ◦ Improve ways of thinking and communicating Increase transparency 29
  • 30. Communication facilitates trust and understandingRegulators Industryoperation operation - Reviews - Submissions - Inspections - Manufacturing 30
  • 31. Risk review: Review Events Review the output / results of the QRM process Take into account new knowledge and experience Utilise for planned or unplanned events Implement a mechanism to review or monitor events Reconsideration of risk acceptance decisions, as appropriate ICH Q9 31
  • 32. One method “all inclusive”? 32
  • 33.  Supports science-based decisions A great variety are listed but other existing or new ones might also be used No single tool is appropriate for all cases Specific risks do not always require the same tool Using a tool the level of detail of an investigation will vary according to the risk from case to case Different companies, consultancies and competent authorities may promote use of different tools based on their culture and experiences 33
  • 34.  System Risk (facility & people) ◦ e.g. interfaces, operators risk, environment, components such as equipment, IT, design elements System Risk (organisation) ◦ e.g. Quality systems, controls, measurements, documentation, regulatory compliance Process Risk ◦ e.g. process operations and quality parameters Product Risk (safety & efficacy) ◦ e.g. quality attributes: measured data according to specifications 34
  • 35.  Supports a scientific and practical approach to decision-making Accomplishing steps of the QRM process ◦ Provides documented, transparent and reproducible methods ◦ Assessing current knowledge ◦ Assessing probability, severity and sometimes detectability ICH Q9 35
  • 36.  Adapt the tools for use in specific areas Combined use of tools may provide flexibility The degree of rigor and formality of QRM ◦ Should be commensurate with the complexity and / or criticality of the issue to be addressed and reflect available knowledge Informal ways ◦ empirical methods and / or internal procedures ICH Q9 36
  • 37.  Provides a general overview of and references for some of the primary tools Might be used in QRM by industry and regulators This is not an exhaustive list No one tool or set of tools is applicable to every situation in which a QRM procedure is used For each of the tools ◦ Short description & reference ◦ Strength and weaknesses ◦ Purely illustrative examples ICH Q9 37
  • 38.  Failure Mode Effects Analysis (FMEA) ◦ Break down large complex processes into manageable steps Failure Mode, Effects and Criticality Analysis (FMECA) ◦ FMEA & links severity, probability & detectability to criticality Fault Tree Analysis (FTA) ◦ Tree of failure modes combinations with logical operators Hazard Analysis and Critical Control Points (HACCP) ◦ Systematic, proactive, and preventive method on criticality Hazard Operability Analysis (HAZOP) ◦ Brainstorming technique Preliminary Hazard Analysis (PHA) ◦ Possibilities that the risk event happens Risk ranking and filtering ◦ Compare and prioritize risks with factors for each risk 38
  • 39.  Supporting statistical tools ◦ Acceptance Control Charts (see ISO 7966) ◦ Control Charts (for example)  Control Charts with Arithmetic Average and Warning Limits (see ISO 7873)  Cumulative Sum Charts; “CuSum” (see ISO 7871)  Shewhart Control Charts (see ISO 8258)  Weighted Moving Average ◦ Design of Experiments (DOE)  Pareto Charts ◦ Process Capability Analysis ◦ Histograms ◦ Use others that you are familiar with…. ICH Q9 39
  • 40.  Foundation for “science-based” decisions Does not obviate industry’s obligation to comply with regulatory requirements May affect the extent and level of direct regulatory oversight Degree of rigor and formality commensurate with the complexity and/or criticality of the issue Implement QRM principles when updating existing guidelines ICH Q9 40
  • 41. This Annex is intended to identify potential uses of qualityrisk management principles and tools byindustry and regulators.However, the selection of particular risk management toolsis completely dependent upon specific facts andcircumstances.These examples are provided for illustrative purposes andonly suggest potential uses of quality risk management.This Annex is not intended to create any new expectationsbeyond the current regulatory requirements. ICH Q9 Introduction to Annex II 41
  • 42. Quality risk management as part of Integrated quality management ◦ Documentation Competent ◦ Training and education authorities ◦ Quality defects Industry ◦ Auditing / Inspection ◦ Periodic review ◦ Change management / change control ◦ Continual improvement 42
  • 43. Quality risk management as part of Regulatory operations Competent authorities > Inspection and assessment activities Industry operations ◦ Development ◦ Facilities, equipment and utilities Industry ◦ Materials management ◦ Production Competent authorities ◦ Laboratory control and stability testing ◦ Packaging and labelling 43
  • 44. COMMUNICATION Preliminary Hazard Analysis Fault Tree Analysis FTAFailure Mode, Effects & Criticality Analysis FMECA Failure Mode Effect Analysis FMEA ICH Q9 TOOLS PRODUCTION Hazard Operatibility Analysis Quality Risk Hazard Analysis & Critical Control Points Management MATERIALS QUALITY SYSTEM 44