Quality Risk Management (QRM) is a systematic process that assesses, controls, communicates, and reviews risks to the quality of medicinal products throughout their lifecycle, emphasizing scientific knowledge and patient protection. It involves categorizing hazards, evaluating risks based on severity and frequency, and implementing risk management practices to ensure safety and compliance within the pharmaceutical industry. Effective QRM requires interdisciplinary teams to assess and mitigate risks through a structured approach focusing on continuous monitoring and adaptation.

1. BASIC CONCEPT OF QUALITY
RISK MANAGEMENT
BY
TALHA USMANI
Manager Production and Development
NQ Pharma

2. ICH GUIDELINES
 Q1 Stability
 Q2 AnalyticalValidation
 Q3 Impurities
 Q4 Pharmacopoeial Text of different test
 Q5 Quality of Biotechnological Products
 Q6 Specifications
 Q7 Good Manufacturing Practice
 Q8 Pharmaceutical Development
 Q9 Quality Risk Management
 Q10 Pharmaceutical Quality Systems
 Q11 Development and manufacturing of APIs

3. HAZARD AND RISK
HAZARD
Anything that can cause harm (e.g.
chemical, fire, electricity etc)
RISK
How great the chance that
someone or something will
be harmed by the hazard

4. Quality Risk Management
 "Quality Risk Management is a systematic
process for the assessment, control,
communication and review of risks to
the quality of the medicinal product across
the product lifecycle.“ (ICH Q9)
 The quality risk management system should
ensure that the evaluation of the risk to
quality is based on scientific knowledge,
experience with the process and ultimately
links to the protection of the patient

5. What types of hazards are
there?
A common way to classify hazards is by category:
 biological - bacteria, viruses, insects, plants, birds,
animals, and humans, etc.,
 chemical - depends on the physical, chemical and
toxic properties of the chemical.
 ergonomic - repetitive movements, improper set up
of workstation, etc.,
 physical - radiation, magnetic fields, pressure
extremes (high pressure or vacuum), noise, etc,
 psychosocial - stress, violence, etc.,
 safety - slipping/tripping hazards, inappropriate
machine guarding, equipment malfunctions or
breakdowns

6. What is risk?
 A Risk (R) is a mathematical expression
with two parameters: severity (S) and
Frequency (F).
 The risk is then expressed as: R = S x F
 Risk evaluation is then nothing but
addressing a quantified answer to the
double question:
1. What probability?
2. Which consequences?

7. Degree of Risk
Factors that influence the degree of risk
include:
 how much a person is exposed to a
hazardous thing or condition,
 how the person is exposed (e.g.,
breathing in a vapor, skin contact)
 how severe are the effects under the
conditions of exposure.

8. Risk management “a new concept”?
 Risk management is not new – we do it
informally all the time
 Any daily life example?
 Driving / riding is one
of the riskiest
activities that people
perform on a daily
basis.
 Cancer chemotherapy

9. Risk Management in Pharma
Industry
 Risk management has also been part of the
pharma industry for many years:
◦ GMP requirements are designed to address risk. For
example, the specific GMP requirements for sterile
products are designed to mitigate the risk of sterility
failure
◦ In some cases, GMP specifies a risk based approach.
For example, "a risk assessment approach should be
used to determine the scope and extent of validation
required" (WHO Annex 4, 5.2.10)

10. Scope of Risk Management
 From a GMP point of view, we are only
concerned with risks associated with
quality, safety and efficacy – quality risk
management
 Main focus is the “Personal” safety.
 It is appropriate to periodically revisit the
risk assessment process during the life
cycle for new risks or increased
significance of existing risks.

11. Questions in QRM
 What might go wrong?
 What is the likelihood (probability) it will
go wrong?
 What are the consequences (severity)?
 Is there any system for detection?

12. Manufacturing Example
• What might go wrong?
Product may not give desired results.
• What is the likelihood (probability) it will
go wrong?
Any batch can give undesired results
• What are the consequences (severity)?
Patient will get under-therapeutic or over-
therapeutic response.
• Is there any system for detection?
QC testing is the detection system

13. DECISION DIAGRAM FOR RISK
MANAGEMENT

14. Who should do QRM?
 Usually quality risk management is undertaken by
“interdisciplinary” teams comprising of which is
based on risk being considered.
1. Quality unit
2. Development
3. Production unit
4. Engineering / Utilities
5. Sales / Marketing / BD
6. Individuals knowledgeable of the QRM process
7.Who knows the process

15. Risk should “always” be mitigated
wherever necessary

16. Terminologies.
 People often use terms “Risk analysis”,
“Risk assessment” and “risk management”
interchangeably which is incorrect from
pharmaceutical point of view.

17. Risk Review
RiskCommunication Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
RiskManagementtools
Overview of QRM

18. How to proceed?
1st Step: Risk Assessment
Probability Detectability Severity
Basedonexperience
Past Present Future
Canwefindit?
Impact

19.  What might go
wrong or has gone
wrong?
 What is likelihood
or probability?
 What are the
consequences
(severity)?
 What is the level
of risk?

20. Define Risk Assessment
 "A systematic process of organizing
information to support a risk decision to
be made within a risk management
process. It consists of the identification
of hazards and the analysis and
evaluation of risks associated with
exposure to those hazards." (ICH Q9)

21. Risk analysis - probability
P – Probability of Occurrence
Likely to occur High
May occur Medium
Unlikely to occur Low
Very unlikely to occur Remote

22. Risk analysis - severity
S – severity level if event occurs
Serious GMP non-compliance
Patient injury possible
Critical
Significant GMP non-compliance
Impact on patient possible
Moderate
Minor GMP non-compliance
No patient impact
Minor

23. Risk Evaluation
Risk = P x S
Severity
CriticalModerateMinor
Intolerable
risk
Intolerable riskUnacceptable
riskHigh
Probability
Intolerable
risk
Unacceptable
risk
Acceptable
riskMedium
Unacceptabl
e risk
Acceptable riskAcceptable
riskLow
Acceptable
risk
Acceptable riskAcceptable
risk
Remote

24. Risk Evaluation
 Detectability:
◦ High – the control is likely to detect the
negative event or its effects
◦ Medium – the control may detect the
negative event or its effects
◦ Low – the control is not likely to detect the
negative event or its effects
◦ Zero – no detection control in place

25. Risk Evaluation
 Risk definitions:
 Intolerable – work to
eliminate the negative event
or introduce detection
controls is required as a
priority
 Unacceptable – work to
reduce the risk or control
the risk to an acceptable
level is required
 Acceptable – the risk is
acceptable and no risk
reduction or detection
controls are required

26. 2nd Step: Risk Control
Questions to ask:
 Is the risk above an acceptable level?
 Is the risk reducible?
 What can be done to reduce / eliminate
it?
 Is the risk reduced to an acceptable level?
 Are new risks introduced as a result of
the identified risks being controlled?

27. Learning and Conclusion
“Risk comes from not knowing what you are
doing.”
-Warren Buffett
“Risk is like fire: if controlled it will help you; if
uncontrolled it will rise up and destroy you.”
-Theodore Roosevelt
“Nothing will ever by attempted, if all possible
objections must be first overcome.”
-Samuel Johnson

28. THANKYOU