2. What will cover
• Objectives
• Scope
• Definitions
• Tools and methodology
3. Identification and mitigation of risks associated with each business unit / function is an important component of
proactive management.
Any threat to product quality across the supply chain needs to be considered in the risk management exercise;
this also includes risk associated with product security, security of supplies as well as compliance to policies /
statutory requirements.
Risk management includes identification of risks, evaluation of each risk, developing risk mitigation plan,
implementation of action plan and review of actions taken to verify their effectiveness.
The objective of this training is to describe the Risk Management Process, to define cases when a risk
assessment needs to be performed, and to facilitate understanding of quality risk management outputs.
OBJECTIVES
4. Applicable to functions that directly or indirectly impacts product quality or security of product & security of supply such
as Quality Assurance, R&D, Regulatory, Business Development, Supply chain, Human Resources, IT, Legal, Contract
Manufacturing and Pharmacovigilance
A quality risk management process may be performed when a decision should be taken or when actions should be
prioritized, especially in these cases
Deviations
Change control
Recalls
Abnormal restrictions
Product quality defects
Pharmacovigilance cases
Quality Management Review
New product introduction projects
All activities with potential quality and/or regulatory impacts on Marketing authorization dossier (Regulatory filing),
validated status, audits, inspection, transportation etc.
SCOPE
5. Definitions (As per ISO )
Physical injury and/or damage to the health of people or damage to
property or the environment
Harm:
Risk:
Combination of the probability of occurrence of harm and the severity of that
harm
- Use of available information to identify hazards and to estimate the risk
- It provides the basis for risk evaluation and decisions about the risk
reduction.
Risk Analysis:
6. Risk Evaluation:
Judgement, on the basis of risk analysis, of whether a risk which is acceptable
has been achieved in a given context based on the current values of society.
Risk Assessment:
Overall process of risk analysis and risk evaluation
Risk Control:
The process through which decisions are reached and implemented for
reducing risks to or maintaining risks within specified levels.
Risk Management:
Systematic application of management policies, procedures and practices to
the tasks of analysing, evaluating and controlling risk
Definitions (As per ISO )
8. RISK CONTROL
Safe design:
Build a bridge
Protection measures
Trains at night
Cars in the day
Traffic lights
Warnings
Signals/noise
RISK
ASSESSMENT
Probability that
collision happens
and degree of
severity of the
resulting damage
RISK MONITORING
Check if safety measures work
Risk Management (A practical example )
9. Some examples:
Engineering Design Reviews
Product and Process design
(computer) Validation
Change Management evaluations
Release / Reject / Recall decisions
Cross Contamination evaluations
Investigations & Corrective / preventive actions
GMP impact assessment
Most of the time we are managing risk………
(without realising this?)
Risk Management in P’ceutical Industry
12. Tools Use Scope Risk Steps Risk Controls
FTA Identify causes of an
undesired event
Micro Identification
Analysis
No
Risk Ranking and
Filtering
Rank items following on
criticality level
Macro or Narrow
system
Identification
Analysis
Evaluation
No
PHA Identify potentially
hazardous
Macro or Narrow
system
Identification
Analysis
No
FMEA Identify potential
failures and quote them
in order to rank them
Narrow system Identification
Analysis
Evaluation
Yes
HACCP Appreciate and control
risk contamination
Narrow system Identification
Analysis
Evaluation
Yes
13. Some simple techniques used to structure risk management by
organizing data and facilitating decision-makings are:
Flowcharts
Check Sheets
Process Mapping
Cause and Effect Diagrams
(Ishikawa diagram or fish bone diagram)
Basic Risk Management Facilitation
Methods
14. Failure Mode Effect Analysis (FMEA)
• Allows evaluation of:
potential failure modes [what might go wrong] for processes
the likely effect on outcomes and/or product performance
• Once failure modes are established, risk reduction can be used
to eliminate, contain, reduce or control the potential failures
• FMEA relies on product and process understanding
• FMEA methodically breaks down the analysis of complex
processes into manageable steps
• It is a powerful tool for summarizing the important modes of
failure, factors causing these failures and the likely effects of
these failures
15. • To prioritize risks and monitor the effectiveness of risk
control activities
• FMEA can be applied to equipment and facilities and
might be used to analyse a manufacturing operation
and its effect on product or process
• It identifies elements/operations within the system
that render it vulnerable
• The output/ results of FMEA can be used as a basis
for design or further analysis or to guide resource
deployment
Areas of use of FMEA
16.
17. Fault Tree Analysis (FTA)
• An approach that assumes failure of the functionality
of a product or process
• This tool evaluates system (or sub-system) failures one
at a time but can combine multiple causes of failure
by identifying causal chains
• The results are represented pictorially in the form of a
tree of fault modes
• At each level in the tree, combinations of fault modes
are described with logical operators (AND, OR, etc).
The method relies on expert process understanding to
identify causal factors
18.
19. • FTA can be used to:
establish the pathway to the root cause of the failure
investigate complaints or deviations in order to fully understand their
root cause
ensure that intended improvements will fully resolve the issue and not
solve one problem yet cause another (different) problem
• FTA is an effective tool for evaluating how multiple factors affect
a given issue
• The output of an FTA includes a visual representation of failure
modes
• It is useful both for risk assessment and in developing
monitoring programs
Areas of use of FTA
20. • A tool of analysis based on applying prior experience or knowledge of a
hazard or failure to identify future hazards, hazardous situations and
events that might cause harm, as well as to estimate their probability of
occurrence for a given activity, facility, product or system
• It involves following steps:
1.List the expected events for each process step
2.Define the dangerous situations (opposite expected events)
3.Enumerate the different causes of each dangerous situation
4. List consequences of each dangerous situation
5. List detection, prevention and control measures already in place.
6. Determine if the dangerous situation is acceptable or not.
7. If the answer is ‘No’, implement actions and /or do complementary analysis
Preliminary Hazard Analysis (PHA)
21. • Useful when analyzing existing systems or prioritizing hazards
where circumstances prevent a more extensive technique from
being used
• It can be used for product, process and facility design as well as
to evaluate the types of hazards for the general product type,
then the product class, and finally the specific product
• PHA is most commonly used early in the development of a
project when there is little information on design details or
operating procedures
• It will often be a precursor to further studies
• Hazards identified in the PHA are further assessed with other
risk management tools such as those in this section
Potential Uses of PHA
22. Hazard Analysis & Critical Control Points
(HACCP)
• HACCP is a systematic, proactive, and preventive tool for assuring product
quality, reliability, and safety
• It is a structured approach that applies technical and scientific principles to
analyze, evaluate, prevent, and control the risk or adverse consequence(s) of
hazard(s) due to the design, development, production, and use of products
• It consists of following steps:
Assemble a multidisciplinary team with a leader
Describe all the detailed steps of the process
List all potential hazards associated with each step
Determine Critical Control Points (CCPs)
Establish critical limits for each CCP
Create a monitoring of critical control points
Establish corrective actions when CCP are not under control by the monitoring system
Establish verification system to confirm that the HACCP system is effective
Establish documentation and record keeping
23.
24. Potential Uses of HACCP
• To identify and manage risks associated with physical,
chemical and biological hazards (including microbiological
contamination)
• Most useful when product and process understanding is
sufficiently comprehensive to support identification of
critical control points
• The output of a HACCP analysis is risk management
information that facilitates monitoring of critical points not
only in the manufacturing process but also in other life
cycle phases
25.
26. • A tool for comparing and ranking risks
• Risk ranking of complex systems typically requires
evaluation of multiple diverse quantitative and qualitative
factors for each risk. This tool breaks down a basic risk
question into as many components as needed to capture
factors involved in the risk
• The factors are combined into a single relative risk score
that can then be used for ranking risks
• Filters in the form of weighting factors or cut-offs for risk
scores, can be used to scale or fit the risk ranking to
management or policy objectives
Risk Ranking & Filtering
27. • To prioritize manufacturing sites for inspection/audit by
regulators or industry
• Particularly helpful in situations in which the portfolio of
risks and the underlying consequences to be managed are
diverse and difficult to compare using a single tool
• Risk ranking is useful when management needs to
evaluate both quantitatively-assessed and qualitatively-
assessed risks within the same organizational framework
Potential Uses of Risk Ranking & Filtering
28. Relative Risk Ranking System
Risk Index
Value
Level of Risk Action
1 to 8 Low Risk Broadly acceptable risk. No further investigation is needed
9 to 16 Medium Risk
Risk is acceptable. Further Investigation may be needed in order
to reduce the risk
17 to 25 High Risk
Risk is unacceptable. Further Investigation is needed to reduce the
risk