Thinking, Planning and Doing-Quality Risk Based is so significant in pharmaceutical manufacturing. Real Application for the Risk Assessment and dealing with the risk protocol as a living document is the core of the entire risk assessment effort.
2. Risk in General
Business Organization Structure
Business Risk Assessment Objectives
Quality Risk Management
o Scope,
o General Quality Risk Management Process,
o Applicability & Evaluation Tools,
o Case Study.
Contents
Fouad Serag El. Dein, MSc
7. Business Organization Structure-Pharmaceutical Industry
Operation
Quality
Quality
Assurance
Quality
Control
Research &
Developmen
t
Production Warehouse
Supply
Chain
Engineering/
Maintenance
Distribution
Quality
Safety
Efficacy
Main
Objective
Fouad Serag El. Dein, MSc
8. Business Risk Assessment Objectives
1. Studying new investment and ROI.
2. Expand Business to new area as per market segmentation.
Fouad Serag El. Dein, MSc
10. Quality Risk Management
“Quality by Design-paradigm”
ICH Q8-9-10
Fouad Serag El. Dein, MSc
Quality by
Design
ICH Q8
Pharmaceuti
cal
Development
ICH Q9
Quality Risk
Management
ICH Q10
Pharmaceuti
cal Quality
System
11. Quality Risk Management - Scope
• Principles and examples of tools for quality risk management
can be applied to different aspects of pharmaceutical quality.
• These aspects include development, manufacturing,
distribution, and the inspection and submission/review
processes throughout the lifecycle of drug substances, drug
(medicinal) products.
Fouad Serag El. Dein, MSc
13. Quality Risk Management - Process
Definitions
– Harm:
Damage to health; the damage that can occur from loss of product quality.
– Hazard:
The potential source of harm.
– Severity:
A measure of the possible consequence of a hazard.
Fouad Serag El. Dein, MSc
14. Quality Risk Management - Process
Definitions
– Risk:
Combination of the probability of occurrence of harm and the severity of that harm.
Risk = Probability * Severity.
– Quality Risk Management:
Systematic process for the assessment, control, communication and review of risks to
the quality of the drug substance/ and drug (medicinal) product across the product
lifecycle.
Fouad Serag El. Dein, MSc
15. Quality Risk Management - Process
Definitions (ISO Perspective)
– Risk:
Effect of uncertainty on objectives. An effect is a deviation from the expected.
– Two types:
Positive Risk Negative Risk
Create Opportunities Create threats
+ve Impact and outcome -ve Impact on the project
Manage to complete a project
under budget
Delay happened during project
delivery/ RM delivery lead time
Fouad Serag El. Dein, MSc
16. Quality Risk Management - Process
Principles
• QRM is based on the following two primary principles:
– Evaluation of risk to quality should be based on scientific
knowledge and ultimately link to the protection of the patient.
– Level of effort and documentation of the quality risk
management process should be commensurate/ appropriate
with the level of risk
Fouad Serag El. Dein, MSc
17. Quality Risk Management - Process
ICH Q9 links back to Patient Safety
Design
Facilities
Materials
Process
Manufacturing
Distribution
Patient
Opportunities to impact risk using quality risk
management
Fouad Serag El. Dein, MSc
18. Risk Management Process
• ICH Q9 Quality Risk Management document can be broadly divided into
– Main Body gives a broad idea about the “What ?”.
– Annexure – 1 gives a broad idea about the “How ?”
Titled: “Annex I: Risk Management Methods and Tools”
– Annexure – 2 gives a broad idea about the “Where ?”
Titled: “Annex II: Potential Applications for Quality Risk Management”
Quality Risk Management - Process
Fouad Serag El. Dein, MSc
19. Risk Management Lifecycle
Quality Risk Management - Process
Risk Review
Ri
s
k
C
ommun
ic
at
i
on
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Fouad Serag El. Dein, MSc
20. Quality Risk Management - Process
• Initiation of Risk Management
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Fouad Serag El. Dein, MSc
21. Quality Risk Management - Process
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
• Risk Assessment (Risk Assessment tells us whether a risk is acceptable or not)
– Risk Identification (What might go wrong ?)
• A systematic use of information to identify hazards/ or Failure Modes
referring to the risk question or problem
– Through historical data
– Theoretical analysis
– Information / opinions of end users / team members
– Concerns of stake holders
Fouad Serag El. Dein, MSc
22. Quality Risk Management - Process
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
• Risk Assessment
– Risk Analysis (What is the likelihood (probability) it will go wrong ?)
(What are the consequences (severity) if it go wrong ?)
• The estimation/ calculation of the risk-including:
1. Risk Likelihood (Probability) & (Severity).
2. A qualitative or quantitative process of linking the likelihood of
occurrence (Probability) and (Severity) of harm.
3. How to detect the Harm (Detectability).
Fouad Serag El. Dein, MSc
23. Quality Risk Management - Process
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
• Risk Assessment
– Risk Analysis
– Examples of qualitative severity levels:
– Examples of qualitative probability levels:
Common Terms Possible Description
Significant Death or loss of function or structure
Moderate Reversible or minor injury
Negligible Will not cause injury or will injure slightly
Common Terms Possible Description
High Likely to happen, often, frequent
Medium Can happen, but not frequently
Low Unlikely to happen, rare, remote
Fouad Serag El. Dein, MSc
24. Quality Risk Management - Process
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
• Risk Assessment
– Risk Evaluation
• Comparison of identified and analyzed risk against given/pre-defined
risk criteria
• Derivation of Risk Priority Number (RPN)
Quantitative
Method
Fouad Serag El. Dein, MSc
25. Quality Risk Management - Process
Item/
Function/
Step
Event (Potential
Failure Mode)
Effect
(Severity)
Severity (S)
[1<2<3<4<5]
Potential Cause
of Failure
Probability (P)
[1<2<3<4<5]
Existing Controls
(Current Controls)
Detectability (D)
[1>2>3>4>5]
(RPN =
S*P*D)
Risk %
(R % = RPNX100/
125)
Preparation of
blank and
STD test
solution
• Wrong weight.
• Wrong Dilution.
un-correct
results
5 • Un-calibrated
balance.
• Analyst fault.
2 Calibration balance
check as per SOP.
Attach the weight with
worksheet and sign of
analyst.
1 10 8
Risk Identification
Describe as a manner in which the
process fails to meet specified conditions.
Potential failure modes are listed
assuming that they could “occur” and not
necessary “occur”.
Use official technical term/ Guidelines
language.
Risk Analysis
Failure effect is what will be
experienced or perceive once failure
occurs. E.g. product degradation,
contamination etc
Potential cause of failure shall be
described beyond/ depth to root
cause thoroughly.
Risk Evaluation
Risk Priority Number
Risk Ranking
1. less than or equal to 5 % is considered as Low –
Acceptable.
2. Above 5 % and less than or equal to 19 % are
considered as Medium (not acceptable).
3. Above 20 % are considered as High (Intolerable).
Fouad Serag El. Dein, MSc
26. Quality Risk Management - Process
• Risk Control
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk
Control Is the risk above an
acceptable level?
What can be done to
reduce (to an
acceptable level) /
eliminate a risk?
Is the risk within the
acceptable level?
Accept the risk
Fouad Serag El. Dein, MSc
27. Quality Risk Management - Process
• Risk Control
– Risk Reduction
– Mitigation or Avoidance of Quality Risk when it exceeds the
acceptable level:
• Action taken to mitigate the severity & probability.
• Improve or introduce a new control strategy (detectability).
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Fouad Serag El. Dein, MSc
28. Quality Risk Management - Process
• Risk Control
– Risk Acceptance
– Risk Acceptance (the decision making activity)
• The risk will be accepted if it is reduced to an acceptable
level.
• Made on case by case basis:
For some types of harms, even the best quality risk management
practices might not entirely eliminate risk. In these circumstances, it
might be agreed that an appropriate quality risk management strategy
has been applied and that quality risk is reduced to a specified
(acceptable) level.
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Fouad Serag El. Dein, MSc
29. Quality Risk Management - Process
• Risk Control / Risk Acceptance
• Risk Acceptance (Who has to accept ?)
– Person(s) with the competence and authority to make appropriate and timely quality risk management
decisions
– Decision makers / Stake holders
• Any individual, group or organization (Multi-disciplinary team)
Def. (Stakeholder): Person or organization that can affect, be affected by, or perceive themselves to be affected by
decision or activity.
NB: The term “interested party” can be used as an alternative to “stakeholder”. ISO 31000:2018
Fouad Serag El. Dein, MSc
30. Quality Risk Management - Process
• Risk Communication
– Communication of information about risk and risk management
between the decision makers and others.
– Parties can communicate at any stage of the RA process.
– Communication to be carried out for each and every risk acceptance.
– Communicate and document the output/result of the QRM process.
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Fouad Serag El. Dein, MSc
31. Quality Risk Management - Process
• Risk Review
– Ongoing part of the quality management process.
– Review the output / results of the QRM process.
– The frequency of any review should be based upon the level of risk.
e.g. STD case may be daily, in case of stability may be 3 or 6 months.
– Implement a mechanism for revision and monitoring.
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Risk Review
Risk
Communication
Risk Assessment
Risk Evaluation
unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk Acceptance
Initiate
Quality Risk Management Process
Output / Result of the
Quality Risk Management Process
Risk
Management
tools
Fouad Serag El. Dein, MSc
32. Quality Risk Management - Process
Recommended Actions
(Risk Reduction Strategy)
After Implementation
Comments
Severity
(S)
[1<2<3<4<5]
Probability
(P)
[1<2<3<4<5]
Detectability
(D)
[1>2>3>4>5]
Risk
Priority
Number
(RPN
=
S*P*D)
Risk
%
(R
%
=
RPNX100
/
125)
• Proposed action/ study based on accurate
and scientific decision and so on.
5 1 1 5 4 Accepted
Risk Reduction Risk Review Risk Acceptance
Fouad Serag El. Dein, MSc
34. Quality Risk Management- Applicability & Evaluation Tools
• Application
❑ Integrated Quality Management
e.g. Documentation, Change control / management system, Audit and compliance, training……
❑ Industrial Operations
e.g. Material management, product development, facilities, equipment and utilities, production,
packing and labeling, laboratory controls, stability management……
❑ Regulatory Operations (by regulatory bodies)
e.g. Inspections, Assessment activities……
Fouad Serag El. Dein, MSc
35. Quality Risk Management- Applicability & Evaluation Tools
• Evaluation Tools
❑ Failure Mode Effects Analysis (FMEA)
❑ Failure Mode, Effects and Criticality Analysis (FMECA)
❑ Fault Tree Analysis (FTA)
❑ Hazard Analysis and Critical Control Points (HACCP)
❑ Hazard Operability Analysis (HAZOP)
❑ Preliminary Hazard Analysis (PHA)
❑ Other supporting statistical tools
No one tool or set of tools is
applicable to every situation
in which a QRM procedure
is used
Fouad Serag El. Dein, MSc
37. Case Study- Scope
1. Evaluation of potential failure modes for Rapid Mixer
Granulator and their likely effect on product quality.
Fouad Serag El. Dein, MSc
38. Case Study- Wet granulation process flow chart
Fouad Serag El. Dein, MSc
39. Case Study – Risk Assessment Procedure (Severity Rating)
Effect Severity of effect Rating
Very high
Very high severity ranking when a potential failure mode effects safe operation or involves non-
compliance with regulations without warning. Equipment/production stopped, with loss of function
5
High Equipment/production continuing with reduced output 4
Moderate Equipment/process in operating conditions but may cause damage to equipment or repair 3
Low Process or equipment may cause slight inconvenience to operations
2
Very low Very minimum or un noticeable effects
None Process/equipment under normal conditions except few non noticeable effects 1
Fouad Serag El. Dein, MSc
40. Case Study – Risk Assessment Procedure (Occuring Rate)
Probability of
occurrence
Criteria for rating of Occurrence Occurance
Very high Failure is almost inevitable 5
High Repeated Failures 4
Moderate Occasional Failures 3
Low Relatively few Failures 2
None Failure is unlikely 1
Fouad Serag El. Dein, MSc
41. Case Study – Risk Assessment Procedure (Detection Rate)
Detection Criteria for ranking Detection Ranking
None
There are no detection controls existing or cannot detect any failure
occurring
5
Low Low chance of failure to be detected before occurring 4
Moderate Moderate chance that a failure would be detected 3
High High chance that a failure would be detected 2
Very High Very high chance of detection capabilities of failures 1
Fouad Serag El. Dein, MSc
42. Case Study – Risk Assessment Procedure (Risk Percentage Scale)
Risk Percentage Classification
Risk percent below 5% Acceptable
Risk percent obtained falls between 5% and 19% Un-acceptable
Risk percent above 20% Intolerable
Fouad Serag El. Dein, MSc
43. Case Study – Risk Assessment Procedure (Risk Percentage Scale)
Item
Function
Potential
Failure mode
Failure
mode effects
SEV
Potential failure
causes
O
Current
Controls
DET RPN
%
RPN
Risk %
Scale
Chopper assembly Chopper drive.
Motor.
• Granules are not
uniform.
• Variation in speed of
mixing.
5
Any electrical /
circuit/
mechanical
problem 2
PLC.
HMI display. 1 10 8
Un
acceptable
Impeller assembly Impeller drive.
Motor.
• Inadequate
granulation.
• Inadequate process
performance.
3
Shaft problem.
Motor failure. 2
PLC.
HMI display. 2 12 9.6
Un
acceptable
Calculation of % RPN
%RPN= Obtained RPN for failure/ Maximum obtainable RPN for failure * 100
Fouad Serag El. Dein, MSc
44. Case Study – Risk Assessment Procedure (Implementation of actions)
Item
Function
%
RPN
Risk %
Scale
Actions
Chopper
assembly
8
Un
acceptable
SOP.
Verification
during
qualification
PMP.
Impeller
assembly
9.6 Acceptable
SOP.
PMP.
After
Implementation
SEV O DET RPN
1 1 1 0.8
1 1 1 0.8
Fouad Serag El. Dein, MSc