This document outlines the quality risk assessment process at Hester Bioscience Limited. It discusses risk assessment for products, processes, equipment, facilities and more. Key points include:
- Quality risk assessment is a systematic process to identify, analyze, evaluate and control risks that could affect quality. It is applied across the product lifecycle.
- Risks are identified based on factors like deviations, complaints, audits and changes. They are analyzed using tools like FMEA to determine severity, likelihood and current controls.
- Identified risks are evaluated and assigned a risk level of minor, major or critical. Control measures are considered and implemented to reduce risks to acceptable levels.
- Various departments and functions are
3. Quality Risk Management is a systematic process for the assessment,
control, communication, and review of risks to the quality of the product
across the product lifecycle.
Quality management is a valuable component of an effective quality system.
Key Player in the Life Cycle Approach.
Objective
4. This procedure is applicable to the Quality Risk Management of,
Products manufactured at the Hester Bioscience Limited.
Man & Material Movement in Manufacturing
Equipments, Systems, Utilities and Facility etc.
Out of Specification investigations.
QC TP
Out of Trend Investigations.
Deviation Investigation.
Documentation Procedure
Change control
Market Complaints investigations.
Self inspection.
Scope
5. Departmental Heads, Process and System owners are responsible for the
ensuring that risks to quality, compliance and other site functions are
considered, understood and managed to an appropriate level.
They must ensure that a suitable Quality Risk Management process is
implemented and that appropriate inputs with the necessary competence
are involved.
Final approval of the quality assessment should be done by the head of the
Quality Assurance.
Responsibility
6. Reference
ICH Q9 : Quality risk management , Current step 4 , Version November 2005.
Impact assessment of guidance for Industry, process validation: General
Principles and practices, CDER, USFDA, January 2011.
PICs guideline PE009-9 Annex 20 “Quality Risk Management”.
WHO Technical Report Series No. 981; 2013, Annexure 2 “Quality Risk
Management.”
Orange book - Rules and guidance for pharmaceutical manufacturers and
distributers 2015, EU Guidance on good manufacturing practices; Chapter 1
“Pharmaceutical Quality System”; Section 1.12 -1.13 “Quality Risk
Management.”
21 CFR (Code of federal regulation), part 211.67
8. A systematic use of objective evidence to identify quality risk through
processes like collection and organizing information, reviewing appropriate
references and identifying assumptions.
The information required to risk identification shall be gathered from
questions like :
What might go wrong?
What is the likelihood it will go wrong?
What are the consequences?
1.0 Risk Identification
9. Do Risk analysis for each Identified Risk
Severity
Occurrence or Probability
Control
2.0 Risk Analysis
10. Evaluate the Risk based on the Risk Analysis
Risk is to be either
Major
Minor
Critical
For Evaluated Risk
Controls available
Uncontrolled condition
Improvement in Controls
Additional Controls required.
3.0 Risk Evaluation
11. Decision shall be made based on evaluation of the below questions:
Is the risk above an acceptable level?
What can be done to reduce or eliminate risks?
What is the appropriate balance among benefits, risks and resources?
Are new risks introduced as a result of the identified risks being
controlled?
Acceptance of the residual risk shall be addressed in risk assessment report.
4.0 Risk Control & Risk Reduction
12. During risk control activities the following key questions to be
What can be done to reduce or eliminate risks?
What is the appropriate balance between benefits, risks and
resources?
Are new risks introduced as a result of the identified risks being
controlled?
Risk control can include:
not proceeding with the risky activity;
taking the risk;
removing the risk source;
changing the likelihood of the risk;
changing the consequences of the risk;
sharing the risk with another party (e.g. contractor);
retaining the risk by informed decision.
13. Risk management for new product manufacturing
Risk management for Site Transfer Product manufacturing
Risk Management for Aseptic Manufacturing Process
14. FMEA format and shall be based on the potential variables that
can affect Sterility Assurance of Product, Endotoxin level,
Particulate count. (For us vaccine safety, efficacy, purity)
The risk assessment shall be based on personnel, material,
equipment, components, environment and utility control. (5 M)
Critical parameter such as aseptic process simulation (media
fill), smoke test study, personnel, environment, material
movement, process, equipments, utility and any direct impact
on aseptic process/sterility assurance shall be considered.
Risk Management for Aseptic Manufacturing Process
15. Incidents/events, Market complaints, Batch failure investigations, process
/ Analytical trend monitoring, Audits, Change control related to aseptic
manufacturing process shall be reviewed as a part of risk assessment
process to identify the potential variables that can affect sterility
assurance of product, endotoxin level, particulate count and ultimately the
risk at the end use.
The risk assessment reports shall be prepared by concerned department,
reviewed by concerned department head to which the risk is concerned
and approved by QA.
Subsequent to process validations, Critical Quality attributes (CQA) shall
be monitored through APR. based on the frequent failure in controlled
system Risk Assessment is to be revised.
16. Give the number of risk assessment in the format of HBL/RA/00N/YY
00N is serial number of Risk Assessment & YY is revision number of RA. If its
first version then no need to mention it.
Title of Risk assessment : Title of Risk Assessment for which number is to be
assigned.
Type of Risk assessment : The type for which risk assessment is assigned shall
be mentioned. Type includes Product / System / Equipment / Instrument /
Machine / Utility/ Material / Other.
Risk assessment Number : Allotted number to be shall be mentioned.
Effective on : Date on which the risk assessment report is approved shall be
mentioned.
Year : Year of risk assessment number allocation shall be mentioned.
Remarks : Remark shall be written if any. In case of no remark “None” shall be
recorded.
Procedure for risk assessment document numbering
17.
18. Three factors shall be considered when assessing the level of risk
Severity / Impact of Risk
Probability of Occurrence
Probability of Detection (State of Controls)
S O C
19. SEVERITY
Quantitative
Rating
Qualitative
Rating
Criteria
1-2
(Low)
Low
· No impact on product identity, strength, purity and quality
· Minor GMP non-compliance
· No impact on user safety (defects which may not pose any
significant hazard to health)
3-4
(Medium)
Medium
· Likely impact on product identity, strength, purity and quality
· Major GMP non-compliance
· Potential impact on user safety (defects which could cause
illness or mistreatment but are not life threatening or serious
ones or are medically Reversible)
5-6
(High)
High
· Direct impact on product identity, strength, purity and quality
· Critical GMP non-compliance
· Critical impact on user t safety (defects which are potentially
life-threatening or could cause serious risk to health)
Severity Assessment
20. Example of the Risk Assessment of Initiation of Deviation
21.
22. Assessment of Probability of Occurrence (O) of the Cause
PROBABILITY OF OCCURRENCE
Quantitative
Rating
Qualitative Rating Criteria
1-2 (Low) Low
The quality related event is unlikely to occur. (i.e.
it has not occurred in the past and is not expected
to occur or recur)
3-4 (Medium) Medium
The quality related event may occur (i.e. It has
occurred infrequently in the past and is expected
to recur)
5-6 (High) High
The quality related event is likely to occur (i.e. it
has occurred in the past on a frequent basis and is
definitely expected to occur again).
23. Example of the Risk Assessment of Initiation of Deviation
24. Risk rating based on probability of occurrence
Risk rating
based on
severity
Low Medium High NA
High Level-1 Level-1 Level-1 Level-1
Medium Level-2 Level-2 Level-1 Level-2
Low Level-3 Level-3 Level-2 Level-3
NA Level-3 Level-3 Level-2 NA
25. Assessment of the ‘Probability of Detection (D) (or ‘State of Control’)
DETECTION
Quantitative Rating Qualitative Rating Criteria
5-6
(Weak)
Weak
The Quality System has either ‘weak’ or ‘no’ controls to
detect the quality related event after its occurrence and
prevent it from recurring, e.g. systems are non validated or
with perception based evaluation techniques, process
controls are dependent on human efficiency, etc.
There is a low chance the current controls will detect the
quality event after its occurrence.
3-4
(Medium)
Medium
The system has controls and will possibly detect the
quality related event after its occurrence.
1-2
(Strong)
Strong
The system has multiple controls and is very likely to
detect the quality related event after its occurrence.
26.
27. Final Risk Classification
Rating – Probability of Detection
Risk level based
on severity &
probability of
occurrence
Strong Medium Weak NA
Level-1 Major Critical Critical Critical
Level-2 Minor Major Critical Critical
Level-3 Minor Minor Major Major
NA Un-classified Un-classified Un-classified Un-classified
28. Significance of Risk Priority Number (RPN = SxOxD )
Risk Priority Number
Risk Category
Nature of
impact
Acceptance criteria & Mitigation
(action) statusRisk on Product
Risk on people/
Facility/
Organization
< 20 < 25 Minor Non impact
Risk is acceptable.
No mitigation is required
< 60 < 75 Major Indirect impact
Acceptable with control
/explanation of control.
≥ 60 ≥ 75 Critical Direct Impact
Requires additional control
measure before acceptance
Risk Evaluation
29. Is the risk above an acceptable level?
What can be done to reduce or eliminate risks?
What is the appropriate balance among benefits, risks and resources?
Are new risks introduced as a result of the identified risks being controlled?
Risk Control/ Mitigation
Control Measures/CAPA shall be considered for risk control/ mitigation and
shall be implemented using applicable procedures for the same. Such
actions shall be prioritized to control/ mitigate the risk or reduce it to an
acceptable level.
30. Assessment of Risk Level and Its Mitigation
Sr.No Potential Failure Mode/ Type of problem RPN Number Level of Risk Risk Mitigation
Reference
Document No
1. GMP document is to be prepare in A4 size paper approved uniform format. 3 Minor
NA Process is under Control NA
2.
SOP is to be clear, unambiguous language, easy to understand and easy to
follow.
12 Minor
3.
Concerned department person has to filled Change control form for the
preparation of the new GMP document.
3 Minor
4.
For the preparation of the GMP document Draft copy is to be prepared and
send to Quality assurance department for review.
3 Minor
5.
Subject matter expert from the concerned department can prepare SOP if
he or she is trained for the SOP. Officer, executive or concerned person who
has expertise in subject of SOP can review and signed as checked by.
9 Minor
6.
GMP document numbering is to be done by Quality Assurance department
and as per the Master Document numbering guide.
9 Minor
7.
Once the document is reviewed and approved and respective change
control is closed then QA person will stamp signed and approved GMP
document as Master Copy in red color at the bottom right corner and retain
it as Master in QA document archival.
6 Minor
8.
QA person will make the no of required photocopies of the GMP document
from the Master Copy and stamp as CONTROLLED COPY or UNCONTROLLED
COPY as required for issuance.
2 Minor
9.
In case of the GMP records QA person will take print in black and white and
stamp as CONTROLLED COPY or UNCONTROLLED COPY for issuance.
2 Minor
10
If any change is required in the GMP document, concerned person will
fill change control and follow the change control procedure. 45 Major
SOP HBl-QAD-1001-01-02 is
to be revised Controlled copy
must be photocopied of the
scan signed approved master
copy.
Each issued controlled copy
of record must have
identification number.
Ref CAPA :
_______
31.
32. Risk Reduction may be achieved by (but not limited to):
Improvement in the quality of the product by design
- this may include improvement in the process,
procedures, control measures, monitoring.
Change of process and / or procedures.
Revision of specification to stringent limits.
Improvement of periodicity of the measurement of
parameters.
Change in the frequency of calibration, qualification,
validation, quality system internal audits in order to
proactively identify the chances of the risk.
Risk Reduction
33. Risk assessment tools
Following risk assessment tools can be used for performing risk assessment, but not limited to:
Flow Charting
Brainstorming
Process Mapping
Statistical Tools
Risk Ranking & Filtering
Preliminary Hazard Analysis (PHA)
Root Cause Analysis
Ishikawa or Fish Bone Diagrams
FMEA (Failure Mode and Effects Analysis)/FMECA (Failure Mode Effects and Criticality
Analysis)
HACCP (Hazard Analysis and Critical Control Points)
Variation Risk Management
Probabilistic Risk Analysis
Decision Trees
Event Tree Analysis
FTA (Fault Tree Analysis)
34. QUALITY SYSTEMS FOR WHICH RISK ASSESSMENT IS TO BE PERFORMED
Sr.No Risk Assessment is to be Performed Department/Section TCD
1 Deviation Handling Procedure Quality Assurance
2 Change Control Procedure Quality Assurance
3 DocumentationSystem Quality Assurance
4 Vendor Audit & Approval Quality Assurance
35. EQUIPMENT & UTILITY FOR WHICH RISK ASSESSMENT IS TO BE PERFORMED
Sr.No Risk Assessment is to be Performed Department/Section TCD
1 Water System Engineering
2 PSG Engineering
3 Compressed Air Engineering
4 Autoclave Engineering
5 DHS Engineering
6 Incubator Engineering
7 Lyophilizer Engineering