1. Introduction to quality management system
• Product quality review (PQR)
• Quality risk management (QRM)
2. Product quality review (PQR)
Regular periodic or rolling quality reviews
of all authorised medicinal products,
including export only products, should be
conducted with the objective of verifying the
consistency of the existing process, the
appropriateness of current specifications for
both starting materials and finished
product, to highlight any trends and to
identify product and process improvements.
Such reviews should normally be conducted
and documented annually, taking into
account previous reviews.
3. Product Quality Review (PQR) is a mechanism to ensure that data captured by the Pharmaceutical
Quality System (PQS) is reviewed for trends.
This tool can support a continuous improvement environment.
PQRs are designed for the purpose of identifying and implementing recommendations for required
improvements.
The objectives of a PQR are to:
• verify the consistency of the existing manufacturing process
• verify the appropriateness of current specifications for both starting materials and finished products
• highlight any adverse quality trends
• identify product and process improvements
Product quality review (PQR)
4. PQR should include at least a review of :
• Starting materials and packaging materials used in the product.
• Critical in-process controls and finished product results.
• All batches that failed to meet established specification(s) and their investigation.
• All significant deviations or non-conformances, their related investigations, and the effectiveness
of resultant corrective and preventive actions taken.
• All changes carried out to the processes or analytical methods.
• Marketing Authorisation variations submitted, granted or refused.
• The results of the stability monitoring programme and any adverse trends.
• All quality-related returns, complaints and recalls and the investigations performed at the time.
• Post-marketing commitments for new Marketing Authorisations and variations to Marketing
Authorisations.
• The qualification status of relevant equipment and utilities.
• Any contractual arrangements to ensure that they are up to date.
5.
6. Hazards and Risks are not the same!
Risk: It is commonly understood that risk is defined as the combination of the probability of occurrence of
harm and the severity of that harm.
Harm: a condition with the potential to cause personal injury or death, property damage, or
operational degradation
Example: Driving on icy roads is a hazardous condition.
Risk is lessened by driving slow while using snow tires or chains (less probability of slipping and less
damage if you go in the ditch at a slower speed).
Risk is increased with speed or bald tires (higher probability of slipping and greater damage on impact).
Risk is zero if you don’t drive at all, even though the hazard still exists! However, if we don’t drive at
all, we won’t “get the job done” either!
Risk Management allows us to still do the job, but with the safest (less risk) method
7. Quality risk management (QRM)
Quality Risk Management (QRM) is a systematic process for the assessment, control,
communication and review of risks to the quality of the drug (medicinal) product across the
product lifecycle.
Principles of Quality Risk Management:
• The evaluation of the risk to quality is based on scientific knowledge, experience with the
process and ultimately links to the protection of the patient;
• The level of effort, formality and documentation of the Quality Risk Management process
is commensurate with the level of risk.
8. At the outset, risk management is presented with three potential outcomes:
• Intolerable situation: either the risk source (such as a technology or a chemical) needs to
be abandoned or replaced, or, in cases where that is not possible (e.g. natural hazards),
vulnerabilities need to be reduced and exposure restricted.
• Tolerable situation: the risks need to be reduced or handled in some other way within the
limits of reasonable resource investments. This can be done by private actors (such as
corporate risk managers) or public actors (such as regulatory agencies) or both (public–
private partnerships).
• Acceptable situation: the risks are so small and regarded as negligible that any risk
reduction effort is unnecessary. However, risk-sharing via insurance and/or further risk
reduction on a voluntary basis present options for action that can be worthwhile pursuing
even in the case of an acceptable risk.
Quality risk management (QRM)
9. Quality risk management process (QRM)
Initiating a QRM process
• Define the problem and/or risk question, including
pertinent assumptions identifying the potential for risk.
• Assemble background information and/ or data on the
potential hazard, harm or human health impact relevant to
the risk assessment.
• Identify a leader and necessary resources.
• Specify a timeline, deliverables and appropriate level of
decision making for the risk management process.
10.
11. Risk assessment
Risk assessment is a systematic process of organizing information to
support a risk decision to be made within a risk management process.
It consists of the identification of hazards and the analysis and
evaluation of risks associated with exposure to those hazards..
As an aid to clearly defining the risk(s) for risk assessment purposes,
three fundamental questions are often helpful:
1. What might go wrong?
2. What is the likelihood (probability) it will go wrong?
3. What are the consequences (severity)?
The quality risk assessment process also seeks to identify
opportunities to improve processes.
12. 1. Risk identification addresses the “What might go wrong?” question, including
identifying the possible consequences.
Risk identification is the systematic use of information to identify potential sources of
harm (hazards) referring to the risk question or problem description.
The information is obtained from historical data, facts, trends, attributes, theoretical
analysis, business interests, opinions, experience, audits, etc.
Risks are identified by several techniques which include information gathering techniques
(brainstorming), Delphi technique, interviews, documentation review, checklists, and
diagramming techniques
Risk assessment
13. Brainstorming
• Brainstorming is most commonly used risk
identification technique in which suggestions and ideas
from different groups who represent different scientific
backgrounds are used to articulate the risks.
• Facilitator with good leadership skills is required to
conduct brain storming meetings.
• These meetings proceed uninterrupted, without
criticizing others and do not pass any judgment.
• The disadvantage with brainstorming though is that the
outcome is severely affected by the composition of the
group involved in risk identification.
14. Delphi technique
• In Delphi technique, the technical experts provide their
feedback anonymously and thus reduce the bias and human
influence.
• Facilitator prepares a questionnaire and translates the
response to this questionnaire by participants into risk
categories.
• Comments on these risks are then sought from the experts
and consensus on project risks is reached after few rounds of
this process.
• Interviews with experienced and technically sound
professional staff members can address risks in detail.
• The process is however, time consuming and requires
filtering to arrive at a final project risks.
15. Checklists
• Checklists are based on previous experience and
knowledge of risks associated with similar projects
handled in the past.
• They are very easy to use and are handy in risk
identification in new projects.
• However, at times they become limiting and possibility
of other risks which were not observed previously
should be investigated.
• Interviews, checklists and prompt list offer an
advantage of utilizing knowledge and previous
experience in new projects.
16. Diagramming techniques
• Deliberations with diagrams and flow charts
facilitate decision making process.
• Visual representation of risks in the form of cause
and effect diagrams promote structured thinking.
• Flow charts describe process step by step showing
the relationship between steps and the factors
affecting the process steps.
• The influence of variables on each other and on the
output can be depicted by influence diagrams.
17. 2. Risk analysis is the estimation of the risk associated with the identified hazards. During
quality risk analysis a detailed understanding of the probability that the identified risk will occur
shall be estimated. It can also include detectability.
Depending on likelihood and severity, risks can be categorized as high, moderate, or low. As part
of the risk management process. Take the risks of the coronavirus pandemic to biotech
healthcare enterprises as a risk assessment matrix example.
Supply chain disruption might be classified as a high-level risk — an event that has a high
probability of occurring and a significant impact on the business.
The need for first aid or minor medical treatment for staff, on the other hand, is a low-level
risk — it might occur but will have negligible impact if it does.
Risk assessment
18. Risk Assessment Matrix
• The risk matrix is a matrix that is used during risk
assessment to define the level of risk by considering the
category of probability or likelihood against the category
of consequence severity.
• This is a simple mechanism to increase visibility of risks
and assist management decision making.
• The risk assessment matrix works by presenting various
risks as a chart, color-coded by severity: high risks in red,
moderate risks in yellow, and low risks in green.
• Every risk matrix also has two axes: one that measures
likelihood, and another that measures impact.
Likelihood: the level of probability that the risk will occur.
Impact: the level of severity that the risk will have.
• Most companies use the following five categories to
determine the likelihood of a risk event: very likely,
likely, possible, unlikely, and very unlikely.
19. 3. Risk evaluation includes comparison of identified and analysed risk against pre-defined
acceptance criteria and consideration of probability, severity and detectability.
The complete risk assessment shall result in an overall risk value expressed as either
• A qualitative description of a range of risk using descriptions such as high, medium or low.
• quantitative description of risk expressed numerically on probability scale.
Detectability: Likelihood that the fault will be noted before harm occurs.
• High – when the control is likely to detect the negative event or its effects
• Medium – when the control may detect the negative event or its effects
• Low – when the control is not likely to detect the negative event or its effects
• Zero –when no detection control in place.
Risk assessment
20. Risk control
Risk control includes decision making to reduce and/or accept risks. The purpose of risk control is to
reduce the risk to an acceptable level.
Risk control might focus on the following questions:
• Is the risk above an acceptable level?
• What can be done to reduce or eliminate risks?
• What is the appropriate balance among benefits, risks and resources?
• Are new risks introduced as a result of the identified risks being controlled?
Risk reduction focuses on processes for mitigation or avoidance of quality risk when it exceeds a
specified (acceptable) level.
Risk acceptance is a decision to accept risk.
21. Risk communication
• Risk communication is the sharing of information about risk
and risk management between the decision makers and others.
• Decision makers may include the highest levels of a company’s
leaders and regulatory authorities, depending on the seriousness
of the risk.
• Communication is vital to the joint effort of framing and
scoping a risk assessment problem.
• Communications might include those among interested parties;
e.g., regulators and industry, industry and the patient, within a
company, industry or regulatory authority, etc.
• The communications should be open and transparent and occur
early and frequently during the risk management process.
• The included information might relate to the existence, nature,
form, probability, severity, acceptability, control, treatment,
detectability or other aspects of risks to quality.
22. Risk review
• The output/results of the risk management process should be reviewed to take into account new
knowledge and experience.
• Once a quality risk management process has been initiated, that process should continue to be utilized
for events that might impact the original quality risk management decision, whether these events are
planned (e.g., results of product review, inspections, audits, change control) or unplanned (e.g., root
cause from failure investigations, recall).
• The frequency of any review should be based upon the level of risk.
• Risk review might include reconsideration of risk acceptance decisions.
23. Risk management methodology
Quality risk management supports a scientific and practical approach to decision-making. It provides documented,
transparent and reproducible methods to accomplish steps of the quality risk management process based on current
knowledge about assessing the probability, severity and sometimes detectability of the risk. Risk management methodology
includes :
• Basic risk management facilitation methods
• Failure Mode Effects Analysis (FMEA).
• Failure Mode, Effects and Criticality Analysis (FMECA);
• Fault Tree Analysis (FTA);
• Hazard Analysis and Critical Control Points (HACCP);
• Hazard Operability Analysis (HAZOP);
• Preliminary Hazard Analysis (PHA);
• Risk ranking and filtering (RRF)
• Supporting statistical tools.
24. Basic risk management
facilitation methods
Some of the simple techniques that are
commonly used to structure risk
management by organizing data and
facilitating decision-making are:
• Flowcharts.
• Check Sheets.
• Process Mapping.
• Cause and Effect Diagrams (also called
an Ishikawa diagram or fish bone
diagram).
25. Failure Mode Effects Analysis (FMEA)
• FMEA provides for an evaluation of potential failure
modes for processes and their likely effect on
outcomes and/or product performance. Once failure
modes are established, risk reduction can be used to
eliminate, contain, reduce or control the potential
failures.
• FMEA can be applied to equipment and facilities and
might be used to analyze a manufacturing operation
and its effect on product or process.
• The output/ results of FMEA can be used as a basis
for design or further analysis or to guide resource
deployment.
26. Failure Mode, Effects and Criticality Analysis (FMECA)
• FMEA might be extended to incorporate an investigation of the degree of severity of the
consequences, their respective probabilities of occurrence, and their detectability, thereby becoming
a Failure Mode Effect and Criticality Analysis (FMECA).
• In order for such an analysis to be performed, the product or process specifications should be
established.
• FMECA can identify places where additional preventive actions might be appropriate to minimize
risks.
• FMECA application in the pharmaceutical industry should mostly be utilized for failures and risks
associated with manufacturing processes; however, it is not limited to this application.
• The output of an FMECA is a relative risk “score” for each failure mode, which is used to rank the
modes on a relative risk basis.
27. Fault Tree Analysis (FTA)
• Fault tree analysis (FTA) is a graphical tool to explore the
causes of system level failures. The results are represented
pictorially in the form of a tree of fault modes. At each level in
the tree, combinations of fault modes are described with
logical operators.
• FTA can be used to investigate complaints or deviations in
order to fully understand their root cause and to ensure that
intended improvements will fully resolve the issue and not
lead to other issues.
• Fault Tree Analysis is an effective tool for evaluating how
multiple factors affect a given issue.
• The output of an FTA includes a visual representation of
failure modes. It is useful both for risk assessment and in
developing monitoring programs.
28. Hazard Analysis and Critical Control Points (HACCP)
• HACCP is a systematic, proactive, and preventive tool for assuring product quality, reliability, and
safety. It is a structured approach that applies technical and scientific principles to analyze, evaluate,
prevent, and control the risk or adverse consequence(s) of hazard(s) due to the design, development,
production, and use of products.
• HACCP might be used to identify and manage risks associated with physical, chemical and biological
hazards (including microbiological contamination).
• The output of a HACCP analysis is risk management information that facilitates monitoring of critical
points not only in the manufacturing process but also in other life cycle phases.
29. Hazard Operability Analysis (HAZOP)
• HAZOP, or a Hazard and Operability Study, is a systematic way to identify possible hazards in a
work process. In this approach, the process is broken down into steps, and every variation in work
parameters is considered for each step, to see what could go wrong.
• The output of a HAZOP analysis is a list of critical operations for risk management. This facilitates
regular monitoring of critical points in the manufacturing process.
30. Preliminary Hazard Analysis (PHA)
PHA is a method for the identification of hazards at
an early stage in the design process. It provides an
initial assessment of the identified hazards.
PHA typically involves:
• Determining hazards that might exist and possible
effects.
• Determining a clear set of guidelines and objectives
to be used during a design.
• Creating plans to deal with critical hazards.
• Assigning responsibility for hazard control
(management and technical).
• Allocating time and resources to deal with hazards.
31. Risk Ranking and Filtering (RRF)
• Risk Ranking and Filtering (RRF) is a process of comparing and ranking risks.
• RRF provides focus on critical risks within a system.
• RRF breaks down the overall risk into various risk components. Each risk component is then
evaluated and their individual contributions to overall risk is estimated.
• Risk ranking is useful when management needs to evaluate both quantitatively-assessed and
qualitatively-assessed risks within the same organizational framework.
32. Supporting statistical tools
Statistical tools can support and facilitate quality risk management. They can enable effective data
assessment, aid in determining the significance of the data set(s), and facilitate more reliable decision
making.
A listing of some of the principal statistical tools commonly used in the pharmaceutical industry is
provided:
• Control Charts.
• Design of Experiments (DOE).
• Histograms.
• Pareto Charts.
• Process Capability Analysis.
33. References
• Aven, T., & Renn, O. (2010). Risk management and governance: Concepts, guidelines and
applications (Vol. 16). Springer Science & Business Media.
• Charoo, N. A., & Ali, A. A. (2013). Quality risk management in pharmaceutical development. Drug
Development and Industrial Pharmacy, 39(7), 947–960.
• Guideline, I. C. H. H. T. (2005). Quality risk management. Q9, Current Step, 4, 408.
• Lotllikar, M. V. (2013). Quality risk management (QRM): A review. Journal of Drug Delivery and
Therapeutics, 3(2).
• Scheme, P. I. C. (2009). Guide to good manufacturing practice for medicinal products Part I.