SOP FOR QUALITY RISK MANAGEMENT

1.0 Purpose
1.1 To ensure all the activities of the organization is functioning as per the documented procedure and to identify risks,
if any, within the procedure or other area which are not documented.
2.0 Scope
2.0 This procedure shall be applicable to products, process, equipment, systems, facilities and the workforce
3.0 Responsibility
3.1 All department heads
4.0 Procedure
4.0.1 Any process that can have any type of risk should go through the quality risk management. This risk may ultimately
impact the health issues of the workforce, quality of the product, mean life of the equipment and facilities
4.1. Initiation of risk management process
4.1.1 Risk management should be initiated with the listing of possible question about the risks involved in the process or
the system. Potential of the risk on human health and product quality should be identified. A time limit or deadline
for the risk assessment should be specified.
4.2 Identification of risk
4.2.1 Risk should be identified by the available data or as data from the history of the process or system or the
information derived from the end user.
DEPARTMENT RISK RISK REDUCTION PLAN
Purchase 1. Need analysis Installing Procurement software packages Setting
2. supply chain management up approved vendor portal and fully automate
3. Single vendor for supply vendor evaluation so that it is easy to track vendor
performance and to identify opportunities for
negotiation. Quotation may be invited from
approved vendors before purchase.
Filling /Packing 1. Quality of Packing Material Human factors present the greatest risks which can
2. Labelling be minimized automating the label and packaging
3. Product information processes with software.
4. Seal integrity.
QC 1. Analytical turnaround time Evaluate the prospective laboratory’s commitment
2. The quality and reliability of test and compliance to its quality policies and technical
results procedures. Rely on laboratory recognition by
conformity assessment bodies.
Production 1. Automatic changeover switch Installing Automatic changeover switch. Removal
for uninterrupted power supply of unwanted loose wires or proper concealing of
2. Loose wires electrical connections. Avoid water stagnation to
3. Slippery areas reduce slippery areas in production.
4.3 Analysis of risk
4.3.1 After identification of risks involved in any process or system its analysis is done. The harms associated with the
risk are listed and chances of their occurrence and criticality are determined.
4.4 Evaluation of risk.
4.4.1 The analyzed risk is compared against the risk criteria. The outcome of the assessment may be either in the
quantitative form as a number (1, 2, and 3) or in the qualitative form (low, medium or high)
1. Qualitatively: the risk shall be categorized into critical, major and minor
2. Quantitatively: the risk shall be provided with scores “01 to“15” based on severity.
The risk shall be categorized as:
Category Description Score
Critical Very significant and having catastrophic impact on product >15
Major Highly significant and severe effect on end product 10-14
Minor Impact on operations and efficiency, but limited effect. 01-09

Based on the discussion / view of the users department & QA/QC head. Likelihood of occurrence of the risk shall be
Categorized as:
Category Description Score
Frequently Is expected to occur in most circumstances 5
Likely Will probably occur in most circumstances 4
Occasionally Will probably occur at some time 3
Unlikely Could occur at some time 2
Impossible May occur in exceptional circumstances 1

The consequence (severity) of the occurred risk may be categorized as follows:

Category Description Score
Very high Batch failure, not recoverable by rework. 5
High Noticeable impact to product quality, but can be recovered by 4
reprocessing.
Medium Impact on product quality and process robustness is not noticeable 3
but can be recovered by reprocessing.
Low Impact on product quality and process robustness is not noticeable 2
Very low No impact on product quality and process robustness. 1
 Risk = Likelihood of occurrence of risk x Consequences (Severity)

4.5 Control of risk

4.5.1 Risk control is the application of the methods to reduce the risk to the acceptable level. First of all determine that
whether the risk is above the acceptable level. Determine the way to control the risks, new risks should not be
generated while controlling the risk.
4.3.2 During the implementation of risk reduction measures, it may affect the significance of other existing risks or
generate new risks. Therefore, one should do risk assessment again to evaluate the changes in risks during the
implementation of the risk reduction process.
4.6 Communication of risk
4.6.1 Communication of risk is the exchange of information regarding the risk between the decision management and
others. The results of quality risk management should be documented and communicated. The information
regarding the nature of risk. Its severity, control and related information should be communicated.
4.7 Review the risk
4.7.1 Risk management is a continuous process and a system should be implemented to reviews the risks at a fixed time
interval. All events of the system should be monitored for the risks associated with it. The frequency of the review
the risk management depends upon the severity of the risk. It should be mentioned clearly in risk management
protocol.
4.7.2 The appropriate quality indicators like change control, deviations and CAPA procedures shall followed to execute
the QRM (quality risk management).
4.7.3 Training shall provide to all concerns between the decision makers and makers and the actual executors:
4.8 Risk control
Control mitigation of risk shall categorize as
Category Description Score
Not effective Mitigation plans though in place do not ensure adequate control over risk 3
occurrence/ impact.
Effective Mitigation plans involve is effective against the identified risk. Although 2
chances of occurrence minimize, but there is very less possibility of
occurrence of identified risk.
Very effective Mitigation plans involve high degree of control on the operational procedure 1
and is effective against all identified risk.
4.8.1 Procedure for mitigation shall be explained in the respective protocol.
Risk mitigation plan shall be discussed amongst the cross-functional departmental heads and appropriate
measures to mitigate the risk be used.
4.8.2 Risk identification number shall provide as R001, R002… so on, for the risk management protocol, and the
severity, likelihood and mitigation of risk shall be evaluated on the basis of qualitative and quantitative means.
4.8.3 Identified risk with severity, likelihood and mitigation shall club together to provide the overall picture of risk
assessment.
4.8.4 Interdisciplinary teams are formed to undertake the activity of QRM, they should include experts from the
appropriate areas (e.g. QA, QC, production, regulatory affairs engineering, stores, marketing, legal, etc.) in addition
to individuals who are knowledgeable about the QRM process.
4.8.5 As after categorize the risk, evaluate the individual risk, and execute the corrective and preventive action, as per
the high, and medium and low risk
5.0 RELATED DOCUMENTS
a) Risk management register