The document discusses quality risk management in the pharmaceutical industry. It defines key risk management terms and principles, and describes the risk management process including risk assessment, control, communication and review. It provides examples of risk management tools and methods used in different applications. The integration of quality risk management into industry and regulatory operations is discussed, with the goal of improving decision making and patient safety.

1. QUALITY RISK MANAGEMENT:
Pharmaceutical Industry
Dr. A. Amsavel

2. Content
 What is risk
 Principle of risk management
 Risk management process
 Risk assessment
 Risk control
 Risk communication
 Risk review
 Risk management methodology
 Integration of quality risk management in to
industry and regulatory
 operations

3. What is risk?
Definition:
Dictionary meaning for risk “possibility of loss or
injury; a dangerous element or factor.”
What is Risk: In simple words risk is a potential
undesirable out come.
Risk (ICH Q9 definition):
“The combination of the probability of occurrence of
harm (undesired effect) and the severity of that
harm.”
Q9: The risk for the patients.

4. Definition
Harm – damage to health, including the damage that can
occur from loss of product quality or availability.
Hazard - the potential source of harm.
Uncertainty – the inability to determine, or the
ambiguity in the true state of a system caused by a
combination of variability and incomplete knowledge.
Risk assessment – a systematic process of organizing
information to support a risk decision to be made within a
risk management process. It consists of the identification
of hazards and the analysis and evaluation of the risks
associated with exposure to those hazards.

5. Definitions
Risk control - actions implementing risk management
decisions.
Risk reduction: Actions taken to eliminate or lessen the
probability of occurrence of harm and severity of that harm.
Risk review – Review or monitoring of the output/results
of the risk management process considering (if appropriate)
new knowledge and experience about the risk.
Quality risk management – a systematic process for the
assessment, control, communication and review of risks to
the quality of the drug

6. Risk measurement
Risk is the combination of the probability of occurrence of
harm and the severity of that harm
Risk = Probability x Severity = (P x S)
Risk Priority Number (P x S x D)
often used in FMEA, FMECA
Risk can be Quantified or Qualitative
Risk = (4 x 3) = 12
Risk = Moderate, Major, Un/acceptable

7. Why it is for Pharmaceutical industry
Manufacturers must ensure their medicinal
products “do not place patients at risk due to
inadequate safety, quality of efficacy”
Example:
Many recalls occur every year.
Medicinal products manufactured with “validated
processes” do in fact put patients at risk

8. 21st
Century GMP Initiative
Adoption of Q8, Q9 and Q10
Integration of Quality systems and Risk management
Regulatory agencies encourages the adoption of modern
and innovative manufacturing technology.
Pre-approval review will be easier and faster.
Scientific analysis to address quality issues, especially
those associated with predictable or identifiable health
risks.”

9. Advantages of risk based GMP
Systematic, scientific & data-driven and it reduces
subjectivity
Ranks risk - allows prioritization
Improves decision making
Identifies the most benefit to the patient
Means of building in quality
Document – improves communication

10. Regulatory approach
Regulators evaluate category of risk, based on:
• Product, process and facility
• Controls to assess & mitigate risk
• Quality system implementation
Regulators determine ‘risk category’ accordingly
• Post-approval change review
• GMP inspections
Result:
• Removal of barriers to continuous improvement
• Efficient use of resources

11. What’s in a Name?
Many of us do Risk Assessment & Risk Management
without calling it this…
Warehouse Temperature Mapping is a form of Risk
Assessment
Assessment in the change Control is a Risk Management
Validation Master Plan is a form of Risk Management
Audit / Self-Inspection Programme

12. Risk Assessment
Risk assessment is the process of identifying the
harm/hazards and evaluating the potential consequences
of those harm
The assessment process must answer for below questions:
What might go wrong?
What is the probability, it will go wrong?
What are the consequences for product quality?
Will the failure be detected? How?
It identifies the opportunities to do things better.
The decision to accept an opportunity is generally based
on an analysis of the costs and benefits.

13. Risk Management Tools
Many formal tools are available…
FTA – Fault Tree Analysis
FMEA – Failure Mode & Effects Analysis
HACCP - Hazard Analysis and Critical Control Points
HAZOP – Hazard Operability Analysis
FMECA - Failure Mode, Effects & Criticality Analysis
PHA - Preliminary Hazard Analysis
ISPE’s Impact Assessment Method for GEP,
Commissioning & Qualification
GAMP 5

14. Fault Tree Analysis- FTA
1. Define the undesired event
to study
2. Obtain an understanding of
the system
3. Construct the fault tree
4. Evaluate the fault tree
5. Control the hazards
identified

15. Fault Tree Analysis- FTA

16. FTA and FMEA
FMEA in Failure Mode Identification –
What could go wrong, and its ‘effects’
Probability of occurrence and severity of failure
Most tools were developed for non-pharma
industries
So, modification may be required
Most do not address Qualification & Validation
requirements

17. FMECA
Failure Mode, Effects & Criticality Analysis
Identifies potential Failure Modes in a system, facility,
process or product
Prioritises the Failure Modes in accordance with their risk
Put control in place to address the most serious concerns

18. HACCP
Hazard Analysis and Critical Control Points
Hazards & their Preventative Measures to be Identified
Critical Control Points are to be devised
use as Critical Process Parameters
CCP Limits & Monitoring Methods to be Established
Corrective Actions has to be Pre-determined for
deviations
CCPs are Verified (… or validated in our industry)
Record keeping requirements to be Defined

19. Probability of Occurrence Levels
Probability
Probability This Means The Failure Mode
This Means The Failure Mode …
…
Frequent
Frequent …
… is Very Likely to Occur, > 20%
is Very Likely to Occur, > 20%
Probable
Probable …
… will Probably Occur, 5
will Probably Occur, 5 –
– 20%
20%
Occasional
Occasional …
… should Occur at Some Time, Infrequently,
should Occur at Some Time, Infrequently,
0.1
0.1 –
– 5%
5%
Remote
Remote …
… Unlikely to Occur in Most Circumstances
Unlikely to Occur in Most Circumstances
< 0.1%
< 0.1%
Note: These levels are arbitrary and for illustrative purposes only

20. Severity Levels
Severity This Means the Failure Mode May
Result in….
Critical
Critical Very Significant Non-Compliance with GMP or
Very Significant Non-Compliance with GMP or
Patient Injury
Patient Injury
Major
Major Significant Non-Compliance with GMP or ,
Significant Non-Compliance with GMP or ,
Patient Impact
Patient Impact
Minor
Minor Minor Infringement of GMP /
Minor Infringement of GMP /
No expected Patient Impact
No expected Patient Impact
Note: These levels are arbitrary and for illustrative purposes only

21. Risk Table – Acceptance Criteria
Failure Mode
Failure Mode Minor
Minor
Severity
Severity
Major
Major
Severity
Severity
Critical
Critical
Severity
Severity
Frequent
Frequent Unacceptable
Unacceptable Intolerable
Intolerable Intolerable
Intolerable
Probable
Probable Unacceptable
Unacceptable Unacceptable
Unacceptable Intolerable
Intolerable
Occasional
Occasional Acceptable
Acceptable Unacceptable
Unacceptable Unacceptable
Unacceptable
Remote
Remote Acceptable
Acceptable Acceptable
Acceptable Unacceptable
Unacceptable

22. Acceptance Criteria Notes
Red Means…
The Risk is Intolerable. Eliminate the Hazard or build in
systems/controls to ensure the effects of the hazard are not realised
(e.g. redundant systems)
Amber Means…
The Risk is Unacceptable. The Risk must be Reduced or
Controlled to an acceptable level
Green Means…
The Risk is Acceptable. No Reduction or New Controls are
Required

23. Detection Levels
Detection
Detection This Means
This Means…
….
.
High High Likelihood that Controls will Detect
the Failure Mode or its Effects
Medium Medium Likelihood that Controls will
Detect the Failure Mode or its Effects
Low Low Likelihood that Controls will Detect
the Failure Mode or its Effects
None Detection Controls are Absent
Note: These levels are arbitrary and for illustrative purposes only

24. GMP - Risk management Initiative
Key Events 2002 - 2004
Aug. 2002 FDA launch 21st century GMP initiative
Jul. 2003 ICH GMP Workshop
Sep. 2003 ICH Q8 ‘Pharmaceutical Development’
Nov. 2003 ICH Q9 ‘Risk Management’
Jun. 2004 ICH Q10 ‘Quality Management’ agreed “in
principle”
Sep. 2004 FDA announcements on implementation

25. ICH Q9– Quality Risk Management
Table of contents
1. Introduction
2. Scope
3. Principles of Quality Risk Management (QRM)
4. General Quality Risk Management Process
5. Risk Management Methodology
6. Integration of QRM process into industry & regulatory
operations
7. Definitions
8. References
Annex I: Risk Management Methods and Tools
Annex II: Potential Applications for Quality Risk Management

26. 1. Introduction
Risk Management
Quality Risk Management
Harm
Severity
Stakeholders
Product life cycle
Quality

27. 2. Scope
This guideline provides a framework that may be
applied to all aspects of pharmaceutical quality,
including development, manufacturing,
distribution, inspection and submission/review
processes throughout the lifecycle of drug
substances and drug products and the use of raw
materials, solvents, excipients, packaging and
labeling materials.

28. 3. Principles of QRM
Two primary principles:
1. The evaluation of the quality risk should ultimately link
back to the potential harm to the patient.
2. The level of effort, formality and documentation of the
quality risk management process should be
commensurate with the level of risk.

29. 4. QRM Process

30. 5. Risk Management Methodology
1. Fault tree analysis (FTA)
2. Failure Mode Effects Analysis (FMEA)
3. Failure Mode Effects & Criticality Analysis (FMCEA)
4. Hazard Analysis of Critical Control Points (HACCP)
5. Hazard Operability Analysis (HAZOP)
6. Preliminary Hazard Analysis (PHA)
7. Risk Ranking and Filtering
8. Supporting statistical tools

31. 6. Implications of QRM
Companies can choose whether to use formal quality risk
management
If used it should enable regulators to adopt a more flexible
approach to their oversight of a site
It will be acceptable to continue to use informal
approaches to managing risk
Quality risk management is likely to become ‘best
practice’ over time

32. Q9- Conclusion
QRM provides a useful process that enables both industry
and regulators to focus on what is important for patients.
Integration of Quality Risk Management into existing
systems and regulatory process will take time.
ICH Q8, Q9 & Q10 together will enable the
pharmaceutical community to move towards the desired
state for 21st century quality management.
If There Is No Documented Risk Assessment, The System
Is Classified As ‘High Risk’!

33. Schematic Overview of GMP Risk Management
Risk Assessment
Hazards identified, risk estimated, decision
risk acceptability made
Risk Control
Risk Reduction or Risk Maintenance Controls
Initiated
until Risk is Acceptable or Adequately
Controlled
Qualification & Validation
requirements are determined & auctioned
Risk Knowledge Is Communicated
Periodic
Review
Risk
Management

34. Case Study: Proposed RA Tool – How it works
1. Select the Process for the Risk Assessment exercise
2. Assemble a Multi-Disciplinary Team
3. Define Probability of Occurrence Levels
4. Define Severity Levels
5. Draw up Risk Acceptability Criteria (or table)
6. Determine Detection Levels
7. Map the Process (as it stands) & present as a series of steps
8. Input each process step into the Risk Assessment worksheet
9. Work through & Complete the worksheet, as required
10. Implement the actions identified… and communicate.

35. Case Study: The RA Worksheet
1. Identifying failure modes, their causes & consequences
2. Calculating the Risk associated with each failure mode
3. Deciding is the Risk acceptable or not
4. If unacceptable: checking what detection controls are in place
5. If controls are adequate, stop the RA here & proceed to the
qualification & validation section near the end
6. If controls are inadequate, implement new Risk Control measures &
repeat steps b & c above
7. If risk still unacceptable: put new detection controls in place
8. When controls adequate, go to qualification & validation section
9. Implement the validation & qualification actions identified (and any
other actions)

36. Design of facility
“Cross contamination should be avoided by….. minimising
the risk of contamination caused by re-circulation or re-
entry of untreated or insufficiently treated air.”
“If air is re-circulated…. appropriate measures should be
taken to control risks of contamination and cross
contamination.”

37. Change control - Example
A change control was approved for changing the status of a dryer from
being dedicated to drying one product to drying two products
The dried products were relatively potent materials, they were
exposed to the air in the room during manual handling, and the room
was serviced with HEPA filtered re-circulated air.
No risk assessment performed as part of this change control, e.g. risks
associated with a HEPA filter failure or a HEPA filter change not
assessed.
A risk assessment approach could have helped determine whether the
change required any additional qualification or validation work for the
HVAC & cleaning controls.

38. Sampling of Materials
Risk not specifically mentioned
Sampling methodology:
Sampling plan
Handling of damaged drum
Sampling room:
Separate room with filtered air
Pressure / temperature monitoring
Balance for weighing
Clothing and PPEs
Disposal or washing of the above
Cleaning of room after each sampling or dispensing
Sampling kit cleaning and storing
 Record

39. Example
A company plans to change its supplier.
This preservative (mixture of propyl & methyl parabens) is used in
various company products, including a multi-dose powder for
suspension containing frusemide
This suspension is reconstituted with tap water by pharmacists, & it has
a 45 day shelf life after reconstitution
More extensive validation work (e.g. Some Process Validation,
Preservative Efficacy Testing, Stability testing,) may be required to
justify this preservative change for this medicinal product than for
other products. Why?
Multi use product & potential risk associated with product opening,
closing, handling and re-use.
Potential microbial risk associated with the water used.

40. What happens when risk is not identified
40

41. What happens when risk is not identified
41

42. What happens when risk is not identified
42

43. What happens when risk is not identified
43

44. What happens when risk is not identified
44

45. What happens when risk is not identified
February 24, 2018 SRC / 001 / 12 45

46. #
Item /
Functi
on
Potential
Failure
Mode
(Failure
Mode)
Potential Effect
of Failure
(Effect)
S
Potential
cause(x)
mechanism of
Failure
O Current Control D
Risk
Prior
ity
Num
ber
(RP
N)
Recommended
Action (x)
Res
pons
ibilit
y &
Tar
get
Com
pleti
on
Date
New RPN
(S*O
*D)
S O D
RPN
(S*
O*D
)
1 Vend
or
Evalu
ation
Overseas
vendors
being
approved
on basis
of
vendor
qualificat
ion
Documen
ts
1) Existance
of GMP
gaps/issues
will not be
known since
physical audit
is not carried
out
2) Non
complaince
and regualtry
impact
5 1) Feasibility
of visiting
overseas
vendors,
2) Non-
availability
of resources
3) Reliability
of the vendor
3 1) Purchase
orders are
placed and
Specifications
are forwarded
for
dispatch/supply
.
2) All incoming
materials are
tested as per
approved
specifications/S
TPs
3) API
suppliers are
approved based
on the
certification of
the competing
authority bodies
1 15 1) SOP shall be
updated to
audit overseas
RM/KSM/
vendors based
on the impact
on product
quality.
2)
Organise auidt/
third parties
audit
au
dit
2 3 1 6

47. Thank You