IRM 05 - Risk Assessment - The GAMP5 Way Part 02 - 0410EN

CSV – Introduction to Risk Management 05 – 1/15
The GAMP® 5 Way – #02 – Risk Assessment Online Training, 2022
#WS2022-ECA-IRM-05-0410EN#
Computerised System Validation
Introduction to Risk Management
05 – Risk Assessment the GAMP® 5 Way – Part #2
© 2020-2022; Rob Stephenson & Yves Samson
Rob Stephenson Yves Samson

Rob Stephenson Consultancy Kereon AG, Basel
info@robstephensonconsultancy.co.uk yves.samson@kereon.ch
ECA – CSV – Introduction to Risk Management – Online Training – 2022
#WS2022-ECA-IRM-05-0410EN#
Notification
 Disclaimer
Information presented in this document reflects the current opinion of the authors, at the publication
date, about the concerned topics. This document is provided for information only.
Contained information may be subject to change.
It does not legally bind nor privilege anybody. It does not necessarily represent the opinion of
regulatory agencies as well as of the mentioned organisations, e.g. ISPE ®, GAMP®.
 Copyright
© 2020-2022: Rob Stephenson & Yves Samson
It is not allowed to re-use, reproduce or copy – fully nor partially – this presentation in any form or by
any means, without written permission of the authors.
All trademarks used are acknowledged.
ISPE® and GAMP® are registered trademarks of the International Society for Pharmaceutical
Engineering.
ECA – CSV – Introduction to Risk Management – Online Training – 2022 2
Version 4.10 /EN © 2022; all rights reserved by Rob Stephenson & Yves Samson
#WS2022-ECA-IRM-05-0410EN#
Risk Assessment the GAMP® 5 Way
Content
 GAMP® 5 risk assessment method

 Assessment scales
 Functional risk assessment
 Risk reduction strategies
 Test rigour H H M
 Summary H M L
M L L
#WS2022-ECA-IRM-05-0410EN#

GAMP® 5 SE Risk Assessment Method
 Based on FMEA*
 Widely used in the industry
 Should be sufficient for CSV purposes
 Three stage process:

1. Identify risk scenario
2. Determine risk class
3. Determine risk priority
* Failure mode and effects analysis

#WS2022-ECA-IRM-05-0410EN#
G5SE Appendix M3 (FMEA) (1/3)
 In addition to an overall and comprehensive approach to risk management,

GAMP® 5 Second Edition (G5SE) proposes a simple and pragmatic risk
assessment method.
 Appendix M3, §11.5.4
 Risk Class: hazard impact (severity) vs likelihood of occurrence
 Risk Priority: Risk Class vs likelihood of detection before harm
occurs
Remark
In GAMP® 5 Second Edition, Appendix M3 has been updated
The comprehensive risk management process aligned with ICH Q9 described

in the first edition is retained.
Several short case studies are proposed for illustrating the concept and its
possible impact.
#WS2022-ECA-IRM-05-0410EN#

 Step 0 : Hazard Identification
 Step 1 : Risk Classification
 Severity of impact on patient safety, product quality and data integrity is
evaluated against the likelihood that a fault will occur.
Source: GAMP® 5 SE – Figure 11.5
#WS2022-ECA-IRM-05-0410EN#
 Step 2 : Risk priority
 Plotting Risk Class against the likelihood that the fault will be detected
before harm occurs.
Source: GAMP® 5 SE – Figure 11.5
#WS2022-ECA-IRM-05-0410EN#
Assessment Scales
 What do HIGH, MEDIUM, and LOW mean when assessing Risk?

 Need to be defined …
 Severity of harm (impact)
 Probability of occurrence (likelihood of occurrence)
 Probability of detection (detectability)
… in the context of patient risk and …
…business risk
L M H
#WS2022-ECA-IRM-05-0410EN#
Scale – Severity of harm
 The pharmaceutical context is particularly complex and diverse, covering:

 Patient safety * European Directive 2001/83/EC, Article 81 (excerpt):
… The holder of a marketing authorisation for a medicinal product
 Product quality and the distributors of the said medicinal product actually placed
on the market in a Member State shall, within the limits of their
 Data integrity responsibilities, ensure appropriate and continued supplies of
that medicinal product to pharmacies and persons authorised to
 Business capability* supply medicinal products so that the needs of patients in the
Member State in question are covered. …
 Additionally, fixed manufacturing and quality control times for some

products make manufacturing incidents rapidly critical since those could
significantly jeopardise product supply to the patients.
 The definition of a scale for ranking the severity of harm is a sensitive

process where the specificities of the company and its products must be
taken into account in their entirety.
#WS2022-ECA-IRM-05-0410EN#
 Patient Safety  Product Quality  Data Integrity

 Product can injure or  Defect can  Data loss
kill the patient irremediably impact  Data inaccuracy
 Product availability product quality
 Including
 Lifesaving  Wrong product – falsification
product is not mislabelled, incorrect
 Product release based
available dosage – will be
on inaccurate data
delivered to the
 Inability to recall  Missing/lost traceability
patient
defect products
 Product  Inability to recall
 Product can cause products
contamination
remaining after-
 Impurity  Inability to release

effects (sequel)
starting material
 Microbial
 …
 Inability to deliver
 Plant contamination
products
 …
 …
#WS2022-ECA-IRM-05-0410EN#
 Scale example
 High
 Patient’s life will be threatened
 Hospitalisation, long term effects
 Medium
 Patient will suffer some impact
 Short term effects, negative impact ceases when dosing stops
 Low
 No impact on the patient
 No negative effects on patient
#WS2022-ECA-IRM-05-0410EN#
Severity Scale: Example
Potential for release of product which would cause

Worst case High
serious injury or death of a patient
impact on
Potential for release of product which would cause minor
patient Medium
injury to a patient
safety/
product Potential for poor quality product which would not be
quality Low released or would cause dissatisfaction but no harm to
patient
Loss of data integrity such that product recall could not
High be carried out or release could be made of a product
which would cause serious injury to a patient
Worst case Loss of data integrity such that release could be made of
impact on Medium product which would cause minor injury to a patient

data integrity
Loss of data integrity such that product would need to be
Low scrapped or data records not essential to product
release or recall might be lost or impaired
#WS2022-ECA-IRM-05-0410EN#
Likelihood Scale: Example
Problem known to have occurred previously or could

High
reasonably be expected to occur with a high frequency
Likelihood: Problem not known to have occurred previously but
Process Medium could reasonably be expected to occur with a moderate
Problem frequency
Problem known to be unlikely to occur or is guarded
Low against by an existing control
Complex software functionality difficult to cross-check
High
Function performed by custom software
Likelihood:
Function performed by configured software or custom
System Medium
hardware
Problem
Function performed by standard software or hardware
Low
#WS2022-ECA-IRM-05-0410EN#
Likelihood Scale
 Remark
 Within a pharmaceutical context, FMEA can usually be only qualitative.
 Each plant is unique
 Limited numbers of identical equipment
 Processes are often product specific.
 Within a context of mass production*, FMEA can be quantitative, based
on reliable statistical figures.
* e.g. automotive, consumer electronic
#WS2022-ECA-IRM-05-0410EN#
Likelihood Scale
 Areas of interest
 Supplier maturity
 Acceptable and robust quality management system (QMS), e.g.:
 Design review
 Robustness of the Software Development Life Cycle (SDLC)
 Quality and extent of the regression testing / continuous
integration testing
 Quality of the documentation
 Technical capability
 Implementation of Good Engineering Practice

 Complexity and novelty of the system / solution
 Previous experience – issues with the same or similar systems?
#WS2022-ECA-IRM-05-0410EN#
Scale – Detectability
 Detectability
 Probability that the fault will be detected before harm occurs
 If the probability of detection is LOW, the risk is HIGH
 HIGH detectability:
 Alarms
 Dialogue verification e.g. confirmation boxes
 Including the application of “4-eyes” principle
 By process control systems
 Disagreement monitoring of process critical or safety critical
measurements
#WS2022-ECA-IRM-05-0410EN#
Scale – Detectability
 Scale example
 Low detectability
 Not detectable prior to occurrence
 Poorly detectable prior to occurrence
 Not detectable even after occurrence
 Medium detectability
 Detectable prior to occurrence
 but only one way (mechanism) for detection
 High detectability
 Several (multiple) ways for detection prior to occurrence

 Detectable “long” time before occurrence
#WS2022-ECA-IRM-05-0410EN#
Functional Risk Assessment Template (1/4)

#WS2022-ECA-IRM-05-0410EN#
Functional Risk Assessment Template (#1) (2/4)
#WS2022-ECA-IRM-05-0410EN#

#WS2022-ECA-IRM-05-0410EN#
#WS2022-ECA-IRM-05-0410EN#
Risk Reduction
Mitigating Strategies
 Focus attention where risk is highest

 Influenced by risk tolerance of process and company
 Eliminate by process redesign

 Reduce with downstream error traps & checks
 Reduce probability of error
 Validation is a control that reduces the probability of error
 Increase in-process detectability of error

Functional Risk Assessment Template (#2)
#WS2022-ECA-IRM-05-0410EN#
Re-Assess Functional Risks after Mitigation
#WS2022-ECA-IRM-05-0410EN#
Functional Risk Assessment

Another Example
Impact Risk Assessment Risk Assessment
Functional Requirements (Y/N) (Pre‐mitigation) (Post‐mitigation)
Risk Priority (1,2,3)
Detectability (HML)
Detectabiity (HML)
Risk Priority (1.2,3)
Risk Class (1, 2, 3)
Business Critical?
Liklihood (HML)
Liklihood (HML)
Impact (HML)
Impact (HML)
Risk Class
Risk Scenario Risk Mitigation/
GxP?
FRS Ref. Description Category (How Function might fail) Additional Controls Comments and Justifications

3.2.3.11 Actuator_Control SOFTWARE N Y Profibus is not mapped to H H 1 M 1 Remap Profibus H L 2 H 3
Standard correct diagnostics. diagnostics
Modules
Perform explicit
test
N Y Loss of a digital input L L 3 M 3 Already mitigated L L 3 H 3
module on I/O rack by nozzle valve
resulting in loss of status control.
information for machine
stop and enable. Perform explicit
test.
N Y I/O mapping inconsistent H M 1 H 2 Check during code H L 2 H 3
to the Profibus devices. review.
Re‐run drive test.
N Y Failure of analog inputs H L 2 H 3 Add diagnostic H L 2 H 3 Alarm added to make diagnostics easier.
alarm.
Test analog inputs.
N Y I/O mapping on analog H M 1 H 2 Check during code H L 2 H 3
inputs incorrect review.
Re‐run analog test.
3.2.3.12 Auto Repack SOFTWARE Y Y Module fails to run L L 3 M 3 Indirectly tested at L L 3 H 3 There is no direct interaction between the modules
Standard 'set‐up & test'. and the I/O devices.
Modules
#WS2022-ECA-IRM-05-0410EN#
Risk-based Decision Making in Validation
 Activities aimed at ensuring GxP compliance and fitness for intended use
should be scaled according to:
 Process specificity
 System impact
 System complexity and novelty (GAMP®5 Categories)
 Supplier capability
 Specific activities that may be scaled include:

 Levels of specification
 Need for and extent of design reviews
 Need for and extent of code reviews

 Extent and vigour of verification activities
 Extent and rigour of performance monitoring
#WS2022-ECA-IRM-05-0410EN#
Test Rigour – A risk-based Approach
Risk Priority Residual Risk Test Strategy

(after risk
controls applied)
• Show it works
High  Medium • Challenge test the controls
• Show it works
High  Low • Challenge test the controls
• Show it works
Medium  Medium • Test the controls
• Show it works
Medium  Low • Test the controls
Low  Low • Show it works
#WS2022-ECA-IRM-05-0410EN#
Test Rigour – Example
 Acceptable input range = 10.0 to 20.0
 High Risk Priority  Medium Risk Priority  Low Risk Priority

 Boundary test at:  1 value <10  Verify normal
 9.9, 10.0, 10.1  1 value in range data accepted
 19.9, 20.0, 20.1  1 value >20
 Null value  Null value
 Incorrect decimal
precision
Alpha character
#WS2022-ECA-IRM-05-0410EN#
Risk Management – The GAMP® 5 SE Way

Benefits
 Secured patient safety and product quality

 Secured data integrity
 Informed and justified decisions
 Achieving compliance and fitness for intended use
 Efficient qualification and validation
 Cost effective operation and maintenance
#WS2022-ECA-IRM-05-0410EN#
Risk Assessment – Summary
 Risk Assessment – FMEA methodology

 Determine risk class & risk priority
 Use assessment scales
 Functional Risk Assessment

 Facilitates risk reduction and mitigation
H H M
 Informs validation strategy / testing rigour
 Apply critical thinking H M L

 Considering the business process in its entirety M L L
#WS2022-ECA-IRM-05-0410EN#
Rob Stephenson Yves Samson

Rob Stephenson Consultancy Kereon AG, Basel
+44:7818:075 718 +41:61:383 04 55
info@robstephensonconsultancy.co.uk yves.samson@kereon.ch
. www.kereon.ch/yves

IRM 05 - Risk Assessment - The GAMP5 Way Part 02 - 0410EN

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IRM 05 - Risk Assessment - The GAMP5 Way Part 02 - 0410EN

Uploaded by

Copyright:

Available Formats

CSV – Introduction to Risk Management 05 – 1/15

The GAMP® 5 Way – #02 – Risk Assessment Online Training, 2022

Rob Stephenson Yves Samson

ECA – CSV – Introduction to Risk Management – Online Training – 2022

ECA – CSV – Introduction to Risk Management – Online Training – 2022 2

 GAMP® 5 risk assessment method

ECA – CSV – Introduction to Risk Management – Online Training – 2022 3

Risk Assessment the GAMP® 5 Way

 Three stage process:

* Failure mode and effects analysis

 In addition to an overall and comprehensive approach to risk management,

The comprehensive risk management process aligned with ICH Q9 described

ECA – CSV – Introduction to Risk Management – Online Training – 2022 5

Risk Assessment the GAMP® 5 Way

Source: GAMP® 5 SE – Figure 11.5

ECA – CSV – Introduction to Risk Management – Online Training – 2022 6

Source: GAMP® 5 SE – Figure 11.5

ECA – CSV – Introduction to Risk Management – Online Training – 2022 7

 What do HIGH, MEDIUM, and LOW mean when assessing Risk?

ECA – CSV – Introduction to Risk Management – Online Training – 2022 8

 The pharmaceutical context is particularly complex and diverse, covering:

 Additionally, fixed manufacturing and quality control times for some

 The definition of a scale for ranking the severity of harm is a sensitive

ECA – CSV – Introduction to Risk Management – Online Training – 2022 9

Scale – Severity of harm

 Patient Safety  Product Quality  Data Integrity

 Impurity  Inability to release

ECA – CSV – Introduction to Risk Management – Online Training – 2022 10

 No negative effects on patient

ECA – CSV – Introduction to Risk Management – Online Training – 2022 11

Severity Scale: Example

Potential for release of product which would cause

impact on Medium product which would cause minor injury to a patient

ECA – CSV – Introduction to Risk Management – Online Training – 2022 12

Problem known to have occurred previously or could

ECA – CSV – Introduction to Risk Management – Online Training – 2022 13

* e.g. automotive, consumer electronic

ECA – CSV – Introduction to Risk Management – Online Training – 2022 14

 Implementation of Good Engineering Practice

ECA – CSV – Introduction to Risk Management – Online Training – 2022 15

ECA – CSV – Introduction to Risk Management – Online Training – 2022 16

 Several (multiple) ways for detection prior to occurrence

ECA – CSV – Introduction to Risk Management – Online Training – 2022 17

Functional Risk Assessment Template (1/4)

ECA – CSV – Introduction to Risk Management – Online Training – 2022 18

ECA – CSV – Introduction to Risk Management – Online Training – 2022 19

Functional Risk Assessment Template (#1) (3/4)

ECA – CSV – Introduction to Risk Management – Online Training – 2022 20

ECA – CSV – Introduction to Risk Management – Online Training – 2022 21

 Focus attention where risk is highest

 Eliminate by process redesign

 Increase in-process detectability of error

ECA – CSV – Introduction to Risk Management – Online Training – 2022 22

Functional Risk Assessment Template (#2)

ECA – CSV – Introduction to Risk Management – Online Training – 2022 23

Functional Risk Assessment

FRS Ref. Description Category (How Function might fail) Additional Controls Comments and Justifications

ECA – CSV – Introduction to Risk Management – Online Training – 2022 24

 Specific activities that may be scaled include:

 Need for and extent of code reviews

ECA – CSV – Introduction to Risk Management – Online Training – 2022 25

Test Rigour – A risk-based Approach

Risk Priority Residual Risk Test Strategy