320 likes | 451 Views
Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM. Presented by: Karen Ginsbury For IFF, Denmark October 2013. Six Quick Questions. Do you have a risk management master plan and is it updated annually?
E N D
Risk Assessments – A Risk Based ApproachBenchmark Your Company’s Success in Implementing QRM Presented by: Karen Ginsbury For IFF, Denmark October 2013
Six Quick Questions • Do you have a risk management master plan and is it updated annually? • Who is responsible for risk management in your company? • Are risk management / assessment and outcomes part of the annual training program? • Do you have a risk register? Who updates it? • Are risk assessment / mitigation measures formally reviewed for effectiveness and ongoing implementation? • Are RM and outcomes part of management review?
Does an Inspector have the authority to ask about risk management? • YES • Where is that authority found in the GMPs? • The authority for inspecting the quality risk management program comes from Part1 chapter 1 of the EU GMPs which require the use of QRM as in Part 2 there is also a requirement for API / Active substance / drug substance manufacturers to use QRM
Left side Right side • What should be addressed in your Quality risk management policy • Start preparing a checklist of items which need to be addressed in your QRM Master Plan • YOU can do it by product / process or quality system activity
Quality Risk Management Policy • Who is to approve the policy: QA Manager (VP QA) – CEO (noone else at present) • The CEO needs to provide resources and should be amenable to allowing the company a certain level of residual risk and should NOT be willing to allow the company to function at any HIGHER level of risk than that agreed upon under the policy • Who needs to UNDERSTAND this policy and therefore we will need to communicate the policy to them? All VPs, probably managers, supervisors and a little bit to workers / employees
Quality Risk Management Policy • Which tools to be used • What scale of measurement to be used for the risk assessment • Who is responsible for performing risk assessment, for documentation, communication and follow up • Who is responsible for compiling a master plan and triaging / prioritizing the risk assessments that need to be done?
What is Risk Management? • Ask – “what could go wrong” • Think about “what would be the reason” or “how could it go wrong” – the mechanism of failure • In order to do this we must brainstorm • How bad is it if this risk happens (severity)
What is Risk Management? • How likely is this event to happen (occurrence) - have we encountered this event and if yes – often, sometimes, never • If the event occurs are we likely to detect it or will it happen and we won’t know about it and the product will be damaged and the patient will be harmed (maybe) • That gives us a Risk Prioritization Number
What is Risk Management? • And then we have to decide do we accept this level of risk or not (Y/N) • If yes – document that and no further action needed except risk communication • unless some new event occurs or a change takes place in which case we need to reassess • If no – risk mitigation / reduction measures • Do a new RPN number and then do we accept this new level of risk Y/N • If yes Communicate – add to RISK REGISTER for formal follow up • If no – redesign the process • FOLLOW up on implementation / continued implementation of the risk mitigation measures and revise risk assessment based on events – periodic review
Gowning is a risk mitigation measure • The idea is to contain contaminants from the person – thus protecting the product and the patient from contaminationBUT • If we are working with hazardous materials what is the purpose of gowning?To reduce the risk of the person (operator) becoming contaminated. • Therefore – the SAME gown and gowning procedure may participate in TWO different risk assessments and serve TWO different purposes.
Existing Controls or added reduction measures (controls) are CCPs • A CCP – is a CriticalControl Point – which means it is a measure designed specially to reduce an identified risk (something that is fairly likely to happen if the control fails) and it needs to be monitored i.e. we need to check periodically that it is still working or being implemented as intended and new personnel are routinely told about its importance, QA check to make sure people are still gowning properly etc.
Formulating a precise risk question for the assessment is critical • For a contract acceptor (contractor they do the outsourced work) the question is:What are the risks associated with this work which may adversely impact OTHER work already being performed in my facility • For the contract giver (the owner / sponsor of the product) the question is:What are the risks posed to MY PRODUCT by OTHER products currently manufactured (or that might be introduced in the future) in that outsourced facility
Once you have prioritized the risk and accepted it • Put it in the risk register for follow up and monitoring of effectiveness of the control
What is better • Should we reduce the likelihood that an event will occur • Or should we increase the likelihood of detection (after the event has occurred) • Or should we reduce the severity of the effect if the event actually happens • IT WILL ALWAYS BE MORE COST EFFECTIVE, SAFER AND BETTER FOR YOUR COMPANY AND FOR THE PATIENT IF YOU ELIMINATE THE HAZARD (REDUCE THE LIKELIHOOD THAT THE EVENT WILL OCCUR)
Or should we reduce the severity of the effect if the event actually happens • Usually we cannot impact in any way the severity of a risk – it is what it is • When looking for risk reduction measures we want to focus on reducing the likelihood of an event happening at all. • After we have exhausted possibilities for reducing the likelihood of occurrence (OCC) then we may have to think about ways of increasing the likelihood of detection (DET) that the event has occurred – but this is always less reliable than preventing or reducing the likelihood of the event occurring
Topics for risk assessment • CPV –continued process verification (PQR) • Batch release • Audit scheduling
QRM Master Plan use a list of products, departments, processes • Scope – what needs to be assessed • LIST • Facilities, equipment utilities • Development • Materials management / supply chain • Production • Laboratory controls • Packaging labelling • RA of the quality system – what could go wrong • Regulatory operations • Stability • Audit scheduling • Batch release • Process validation and CPV specifically • Transportation • distribution • Frequency of review of risk assessments
How do we master plan methodically • Take a list of all products currently manufactured and any in development • Take a list of all product types / processes / unit operations • Prioritize unit operations / products based on perceived risk e.g. aseptic processing will always be highest risk so master plan starts with aseptically manufactured product and then moves on to terminally sterilized • Direct compression is a more straightforward process and so start with products which need granulation • Can also use volume of production – so focus on high volume because more batches and people affected – BUT don’t forget the inherent risks associated with small volume less well understood processes – use CAPA events to help identify likelihood of occurrence
PIC/s aide memoire – QRM policy needs to show that • Senior management is committed to QRM – will provide resources • Commitment can be shown in the policy by APPOINTING / designating an individual as responsible for the QRM program within the company
Is QRM a waste of time • NO – it should have very distinct benefits and should result in getting things done right the first time and high quality product meeting ALL defined requirements time after time • BUT it can also become a time-wasting, valueless activity if done just for the sake of the regulatoror • If done to justify bad behavior e.g. rejected batch – risk assessment shows its just fine and needs to be sold
Who approves a RA • Relevant department personnel – people who participated, supervisors / managers – you decide and put in an SOP • Always approved by VP Quality
Risk Management Policy • How do you prioritize RISK ASSESSMENTS – make a Risk Management Master Plan
Process Maps • Allow systematic review so that we identify unit operations • Then drill down systematically to identify “what can go wrong” using the batch manufacturing instructions”
Identifying inputs and outputs(Risk Assessment for control strategy) • How can we reduce risk by controlling critical process parameters so that we are certain of achieving critical quality attributes
Product development CCPs • Identifying and assigning risk criteria to Critical Quality Attributes (CQA) • Sampling/ Test / Data Collection plan for: • Technology Transfer • Process validation (PPQ)
Preliminary Hazard Analysis PHA for: • clinical trial material • product control strategy
HACCP • Hazard Analysis at Critical Control Points • A tool for microbiological risk assessment
Safeguards • Does your risk assessment tool, have safeguards to prevent making unjustified assumptions? • Minimizing bias?
Communication • Formal methods? • Is QRM integrated into your annual training program?
CAPA and Continual Improvement • Monitoring the effectiveness of your QRM program • Do you discuss risks at management review meetings? • KPIs for risk?