QUALITY

RISK MANAGEMENT
(QRM)
-Arijit Dasgupta
 ICH REQULATORS: USFDA, EMEA and MHLW
 Agreed on a GMP Workshop in July 2003 (5 years vision)
 To develop a Harmonised Pharmaceutical Quality System based
upon Risk Based Concept and Principles Across Lifecycle of
Product.
 ICH Q8 on Pharmaceutical Development
 ICH Q9 on Quality Risk Management
 ICH Q10 on Quality Systems
 ISO/ IEC GUIDE 73:2002 related to Risk Management Guideline for Use in
Standards
 ISO/IEC GUIDE 51:1999 related to Safety Aspects Guideline for their inclusion
in Standards
 WHO Technical Report Series No. 908, 2003 Annex 7 Application of Hazard
Analysis and Critical Control Point (HACCP)
 GAMP Good Practice Guide ISPE 2005 related to Risk Based Approach for
Electronic Records and Electronic Signatures
 ISO 14971:2000 related to Application of Risk Management to Medical Devices
A systematic process for the assessment,
control, communication and review of risks to
the quality of the drug (medicinal) product
across the product lifecycle.
 Risk assessment process shall be initiated with problem and
/or risk question description along with its background to
identify the potential for risk.

 Cross functional team shall be formed which comprises of

team leader and experts from the appropriate areas (e.g.,
quality unit, process development, engineering, regulatory
affairs, production operations) in addition to individuals who
are knowledgeable about the quality risk management process.
 The team shall identify the probable risks i.e. what might go
wrong? Tools like process mapping, Ishikawa diagram (Fish
bone analysis), Fault Tree Analysis (FTA), can be used to
identify the probable sources of risk.

 Each identified variable / risk factor shall be analysed and

evaluated qualitatively and quantitatively against its severity,
Detectability and likelihood of its occurrence.

 Risk analysis / Risk Ranking shall be independent, unbiased, in-

depth and by use of sound scientific knowledge and experience
of team members.
 I) Prospective Approach: In case of introduction of new Facility/ Product/
Equipment/ Utility / Process and/ or prior to finalization of process design,
product design and control strategy at development and technology transfer
stage.

 II) Retrospective Approach: In case of non-conformities like deviation,

inspection and submission / review processes, market complaints, product
failures, risk assessment will be done primarily to assess risk associated with
such failures on end product quality.
Magnitude of Description Qualitative Risk Quantitative Risk
Severity Parameter Parameter
Critical Critical impact on product quality. e.g. Failure Critical 5
of variable has result into catastrophic or
disastrous condition.
High Major impact on product quality. e.g. Failure High 4
of variable has impact on quality out of its
design space causing OOS.
Moderate Medium impact on product quality. e.g. Failure Moderate 3
of variable has impact on quality within
design space exceeding out of trend level.
Low Minor impact on product quality. e.g. Failure Low 2
of variable has impact on quality within
design space and with minimal variation.
Very Low Has no impact on product quality e.g. Failure Insignificant 1
of variable has no impact on quality.
Probability of Description Qualitative Risk Quantitative
Detection Parameter Risk
Parameter

Very Low The non-conformance caused by the failure is not Not detected 5
detectable. e.g. No recording (manual and/or auto)
and no standards.
Low Non-conformance is detected but the assurance of High 4
detection is not 100% e.g. Only manual recording but
no standard or check by Use of "tick mark” without
actual observation recording.
Moderate Statistical control is used and there is immediate Moderate 3
reaction to out-of-control conditions. e.g. Standard
with manual recording and check.
High Risk identified is 100% inspected. e.g. Auto detection/ Low 2
Auto recording and print or Standard with manual
recording, check and cross check by competent
person.
Very High 100% detectable and sufficient measures are available Almost certain 1
to control the risk e.g. Auto Prevention/ Auto control,
recording and print.
 Likelihood Description Qualitative Risk Quantitative Risk
of Parameter Parameter
Occurrence
Very High Expected to happen frequently Almost Certain 5
e.g. Monthly failures
High Happening at a low frequency Likely 4
e.g. Quarterly failures
Moderate Expected to happen Possible 3
infrequently e.g. Half yearly
failures
Low Rare to occur e.g. Yearly Rare 2
failures
Very Low Unlikely to happen. e.g. No Unlikely 1
failure or one failure in three
year
 Based upon Risk Priority Number (RPN) which is a product of Severity
(S), Detectability (D) and Likelihood of Occurrence (L) for Identified Risks
i.e. RPN=SxDxL
 Risk associated with each variable shall be categorized as High / Medium
/ Low as described in the tables below:

Qualitative Quantitative Acceptable

(Product of ratings on Severity,
Detectability & Likelihood of occurrence)
High Risk 65 to 125 No
Medium Risk 9 to 64 No
Low Risk 1 to 8 Yes
 Improve Communication and Transparency.
 Improve Communication and Transparency.
 Raise Awareness of Rationales for Decision Making.
 Improve Communication and Transparency.
 Raise Awareness of Rationales for Decision Making.
 Develop training on methods and tools, as appropriate.
 Improve Communication and Transparency.
 Raise Awareness of Rationales for Decision Making.
 Develop training on methods and tools, as appropriate.
 Proactive preventive control of risks and uncertainty with
knowledge transfer by team approach.
 Improve Communication and Transparency.
 Raise Awareness of Rationales for Decision Making.
 Develop training on methods and tools, as appropriate.
 Proactive preventive control of risks and uncertainty with
knowledge transfer by team approach.
 Create baseline for better understanding of science/ risk
based decisions.
Up gradation of New Application Software in a
New Computerized System.
Note: Risks Identified , Ranking Done & Justification For Identified Risks
were only for Understanding & can differ based upon Situation, Knowledge &
Brain Storming Sessions conducted by Subject Matter Experts from
respective Cross Functional Departments in an Organization.
 Parameter Risk Analysis Justification for Risk Analysis
Ranking
Parameter Rating

New Computer System may not be S 1 Insignificant as new computer system

compatible with Instrument to be connected to the instrument is connected
Connected. as per configuration recommended by
Service Engineer of Vendor.
D 1 Almost Certain as Qualification activity
shall be performed and compatibility can
be easily detected.
L 1 Unlikely to happen as new computer
system shall be qualified for hardware
configuration before connecting with the
instrument which confirm the required
configuration as per recommended by
Vendor.
 Parameter Risk Analysis Justification for Risk Analysis Ranking

Parameter Rating

Up graded version of S 3 Moderate as per information from vendor, the

Application Software installed upgraded software version is compatible with
in Computer System for electronic data generated by existing software.
Instrument Controlling and Upgraded software shall be installed in new
Data Acquisition may not be computer system & existing computer system
compatible with data having installed software along with data shall be
generated with existing preserved with I.T.
Application Software. There will be no impact on existing electronic data.
D 2 Low as after installation of software, it shall be
qualified as a part of CSV.
L 1 Unlikely to happen as there is no major
modification in upgraded version of software.
Software is upgraded to eliminate bugs observed
by Vendor.
 Parameter Risk Analysis Justification for Risk Analysis Ranking

Parameter Rating

Chances of existing data S 2 Low as to control data loss, mitigation plan is already in
loss while performing place. Electronic data and Audit Trail is being backed up
upgraded software at defined frequency and existing computer system
installation and shall be preserved with I.T without deletion or removal
computer system of any data/ software.
replacement. In case of any requirement, it can be referred for
future use.
D 1 Almost certain as sufficient measures are available to
control risk. Data available on existing computer, back
up on server shall be transferred to new computer
system for verification of completeness by I.T
L 1 Unlikely to happen as electronic data & audit trail are
backed up by I.T Administrator as per Site SOP. In case
of any loss it can be restored from final back up data
server.
 Parameter
Parameter
Auto sampler may not be
compatible with the up
graded software version
to be connected.
Risk Analysis Justification for Risk Analysis Ranking
Rating
S 1 Insignificant as Auto sampler to be connected with
upgraded software is as per configuration
recommendation from the vendor.
D 1 Almost certain as qualification activity shall be
performed by using instrument and software &
compatibility can be easily detected.
L 1 Unlikely to happen as there is no major modification in
upgraded version of software as per report from
vendor.
New Software and Auto sampler shall be qualified to
confirm Compatibility.
Also Instrument shall be further calibrated to confirm
connectivity and functioning of the auto sampler as well
as instrument.
Analytical Method Validation & Analytical
Method Transfer of Test “A” for Product “B”
were completed successfully.
However; during revision of STP &
Specification it was found that Known
Impurity “X” eluted at RRT 0.97 shall be
replaced by “Y” based upon evaluation of
characterization data.
 1) Incorrect Value & Name of Impurity will be reflected in
already approved Analytical Method Validation (AMV) Protocol
& Report, Analytical Method Transfer (AMT) Protocol & Report.

 2) Incorrect Name of Impurity will be reflected in Test Data

Sheet (TDS)/ Laboratory Notebook (LNB).
 3) Incorrect Result of Impurity due to incorrect name of
Impurity will be reflective in TDS/LNB & AMV/ AMT Report.

4) Incorrect Name of Impurity will be reflected in executed

Validation/ Transfer Chromatograms.
Introduction of New Facility
Following requirements; but not limited to
shall be taken into consideration:
1) Flow of Material & Personnel
2) Minimize Contamination & Prevention of Mix-Ups
3) Dedicated or segregated areas for Open vs Closed
Equipment
4) Pest Control Measures
 Risk Assessment based upon Product Properties

 1) API physico-chemical properties during the step of

manufacturing properties e.g. Particle Size, Surface Area,
Solubility.
 Risk Assessment based upon Product Properties… Continued

 2) Drug Product Dosage Form during the steps of

Manufacturing process e.g. API tightly bound within a matrix
Such as Coated Tablets, Filled Capsules or API Unbound e.g.
Powder, Granules.

 3) Decontamination & Inactivation Capability determine which

type of cleaning or inactivation procedure is required.
 Risk Assessment based upon Process

1) Process Design which include consideration of Flow of

Operational Process, Open/ Closed Systems, Utilities.

 2) Batch related process steps which include consideration of

Normal Operation, Consideration of Change Over Cleaning,
Exceptions e.g. Spillage
 Risk Assessment based upon Process… Continued

 3) Production Scale & Volume which include consideration of

Batch Size, Change over frequency, Sequential Steps in
Manufacturing Process.

 4)Supporting Activities which include consideration of

Maintenance, Waste Handling.
THANK YOU