QUALITY RISK MANAGEMENT

Risk

The combination of the probability of occurrence of harm and the severity of that harm

Hazard

The potential source of harm

Severity

A measure of the possible consequences of a hazard

Detectability

The ability to discover or determine the existence, presence, or fact of a hazard

Harm

Damage to health, including the damage that can occur from loss of product quality or availability

Quality

degree to which a set of inherent properties or characteristics of a product, system or process fulfills requirements

Management

systematic process for the assessment, control, communication, and review of the risks to the quality of the drug product across the product life cycle

quality risk management

integral to an effective pharmaceutical quality system.

quality risk management

it can provide a proactive approach to identifying, scientifically evaluating, and controlling potential risks to quality

quality risk management

it facilitates continual improvement of process performance and product quality throughout the product lifecycle

ICH Q9

provides principles and examples of tools for quality risk management that can be applied to different aspects of pharmaceutical quality

quality risk management

can be useful for identifying and prioritizing areas for continual improvement.

The guideline QRM provides principles and examples of quality risk management tools that can be applied to different aspects of pharmaceutical quality. These aspects include development, manufacturing, distribution, and the inspection and submission/review processes throughout the lifecycle of drug substances, drug (medicinal) products, and biological and biotechnological products.

what is the scope of QRM?

➢ Drug substances

➢ Drug (medicinal) products

➢ Biological and biotechnological products

other 3 scopes

➢ Raw materials

➢ Solvents

➢ Excipients

➢ Packaging and labeling materials

Including the selection and use of

• EVALUATION OF THE RISK TO QUALITY

• LEVEL OF EFFORT

2 PRINCIPLES OF QRM

EVALUATION OF THE RISK TO QUALITY

should be based on scientific knowledge and ultimately link to the protection of the patient

LEVEL OF EFFORT

The formality of documentation of the quality risk management process should be commensurate with the level of risk

team approach

decision makers

Who is /are responsible of implementing QRM process?

team approach

usually, but not always, undertaken by interdisciplinary teams from areas appropriate to the risk being considered) in addition to individuals who are knowledgeable about the quality risk management process

decision makers

person(s) with competence and authority to make a decision and should:

decision makers

take responsibility for coordinating quality risk management

decision makers

across various functions and departments of their organization; ensure that a quality risk management process is defined, deployed, and reviewed and that adequate resources are available

decision makers

support team approach

• Risk Assessment

• Risk Control

• Result/Output of the QRM process

• Risk Review

QRM PROCESS

1.Define the problem and/or risk question, including pertinent assumptions identifying the potential for risk;

2. Assemble background information and/ or data on the potential hazard, harm, or human health impact relevant to the risk assessment.

3. Identify a leader and necessary resources;

4. Specify a timeline, deliverables and appropriate level of decision making for the risk management process.

Here are the STEPS used to initiate and plan a Quality Risk management process;

risk assesment

consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards

well-defined problem description or risk question.

Quality risk assessments begin with a ___

▪ an appropriate risk management tool

▪ the types of information needed to address the risk question will be more readily identifiable

When the risk in question is well defined.....

1. Risk identification

2. Risk Analysis

3. Risk Evaluation

As an aid to clearly defining the risk(s) for risk assessment purposes, here are three fundamental applications or processes or methods to use:

➢ Create awareness of hazards and risks.

➢ Identify who may be at risk (e.g., employees, cleaners, visitors, contractors, the public).

➢ Determine whether a control program is required for a particular hazard.

➢ Determine if existing control measures are adequate or if more should be done.

➢ Prevent injuries or illnesses, especially at the design or planning stage.

➢ Prioritize hazards and control measures.

➢ Meet legal requirements where applicable.

Risk assessments are important as they are integral to an occupational health and safety management plan in a company, institution, or organization. They help to:

❑ the risk assessment process AIMS evaluates hazards, then removes that hazard or minimizes its risk level by adding control measures, as necessary. ❑ By doing so, you have created a safer and healthier workplace.

What is the goal of risk assessment?

➢ What can happen, and under what circumstances?

➢ What are the possible consequences?

➢ How likely are the possible consequences to occur?

➢ Is the risk controlled effectively, or is further action required?

The goal is to try to answer the following questions:

➢ Before new processes or activities are introduced.

➢ Before changes are introduced to existing processes or activities, including when products, machinery, tools, equipment change, or new information concerning harm becomes available.

➢ When hazards are identified.

A risk assessment is needed when:

➢ What the scope of your risk assessment will be (e.g., be specific about what you are assessing, such as the product’s lifetime, the physical area where the work activity occurs, or the types of hazards).

➢ The resources needed (e.g., training a team of individuals to carry out the assessment, the types of information sources, etc.).

➢ What risk analysis measures will be used (e.g., how exact the scale or parameters must be to provide the most relevant evaluation)?

➢ Who are the stakeholders (e.g., manager, supervisors, workers, worker representatives, suppliers, etc.)?

➢ What relevant laws, regulations, codes, or standards may apply in your jurisdiction, as well as organizational policies and procedures?

How do you plan for a risk assessment? In general, determine:

risk identification

a systematic use of information to identify hazards referring to the risk question or problem description.

risk identification

Information can include historical data, theoretical analysis, informed opinions, and the concerns of stakeholders,

risk identification

includes identifying the possible consequences. This provides the basis for further steps in the quality risk management process.

risk identification

addresses the question, “What might go wrong?”

risk analysis

is the estimation of the risk associated with the identified hazard

risk analysis

it is the qualitative or quantitative process linking the likelihood of occurrence and severity of harms.

risk analysis

In some risk management tools, the ability to detect the harm (detectability) also factors in the risk estimation.

risk analysis

addresses the question, “What is the likelihood (probability) it will go wrong

risk evaluation

compares the identified and analyzed risk against given risk criteria.

risk evaluation

consider the strength of evidence for all three fundamental questions

risk evaluation

address the question, “What are the consequences (severity)

Risk Assessment Matrix and Rating

The probability and impact of occurrence for each identified risk will be assessed by the project manager, with input from the project team using the following approach

quality risk analysis

Ranking or prioritizing hazards is one way to help determine which risk is the most serious and, thus, which to control first.

quality risk analysis

Priority is usually established by considering the employee exposure and the potential for incident, injury, or illness. By assigning a priority to the risks, you are creating a ranking or an action list.

quality risk analysis

There is no one simple or single way to determine the level of risk. Nor will a single technique apply in all situations.

quality risk analysis

The organization has to determine which technique will work best for each situation.

High – Greater than <70%>

Medium – Between <30%> and <70%>

Low – Below <30%>

How are risks ranked or prioritized?In probability ratings

high

Greater than <70%> probability of occurrence - likely to be experienced once or twice a year by an individual

medium

Between <30%> and <70%> probability of occurrence - maybe experienced once every five years by an individual

low

Below <30%> probability of occurrence - may occur once during a working lifetime

Major, Moderate, minor

Impact/Severity ratings

major

risk that has the potential to impact project cost, project schedule, or performance greatly

moderate

risk that has the less severe potential to impact project cost, schedule, or performance slightly -

minor

risk that has relatively little impact on cost, schedule, or performance

minor

an injury that require first aid only; short-term pain, irritation, or dizziness

moderate

sprain, strain, localized burn, dermatitis, asthma, injury requiring days off work

major

major fracture, poisoning, significant loss of blood, serious head injury, or fatal disease

probability X impact

seriousness of risk=

extreme risk

stop the process and implement controls

high risk

investigate the process and implement controls immediately

medium risk

keep the process going; however, a control plan must be developed and should be implemented as soon as possible

low risk

keep the process going, but monitor regularly. A control plan should also be investigated.

red and yellow zones

Risks that fall within the_ and __zones will have risk response planning, which may include risk mitigation and contingency plans.

Risk Management Plan

Quantitative Risk Analysis: Analysis of risk events that have been prioritized using the qualitative risk analysis process and their effect on project activities will be estimated, a numerical rating applied to each risk based on this analysis, and then documented in this section of the ____

risk control

includes decision-making to reduce and/or accept risks

risk control

the purpose.... is to reduce the risk to an acceptable level

risk control

the amount of effort used for this should be proportional to the significance of the risk.

risk control

Decision makers might use different processes, including benefit-cost analysis, to understand the optimal level of ___

• Is the risk above an acceptable level?

• What can be done to reduce or eliminate risks?

• What is the appropriate balance among benefits, risks, and resources?

Risk control might focus on the following questions:

risk reduction

focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable).

risk reduction

include actions taken to mitigate the severity and probability of harm processes that improve the detectability of hazards and quality risks might also be used as part of a risk control strategy

risk reduction

the implementation of this measures can introduce new risks into the system or increase the significance of other existing risks. Hence, it might be appropriate to revisit the risk assessment to identify and evaluate any possible change in risk after implementing a risk reduction process.

Risk Response Planning

Each major risk (those falling in the Red & Yellow zones) will be assigned to a project team member for monitoring to ensure that the risk will not “fall through the cracks”

avoid, mitigate, transfer

For each major risk, one of the following approaches will be selected to address it: ·

avoid

eliminate the threat by eliminating the cause

mitigate

identify ways to reduce the probability or the impact of the risk

transfer

make another party responsible for the risk (buy insurance, outsourcing, etc.)

risk response planning

For each risk that will be mitigated, the project team will identify ways to prevent the risk from occurring or reduce its impact or probability of occurring. This may include prototyping, adding project schedule tasks, resources, etc.

risk response planning

For each major risk that is to be mitigated or accepted, a course of action will be outlined if the risk materializes to minimize its impact.

risk acceptance

a decision to accept risk and can be a formal decision to accept the residual risk, or it can be a passive decision in which residual risks are not specified

risk acceptance

for some types of harm, even the best quality risk management practices might not entirely eliminate risk. In these circumstances, it might be agreed that an appropriate quality risk management strategy has been applied and that quality risk is reduced to a specified (acceptable) level. This (specified) acceptable level will depend on many parameters and should be decided on a case-by-case basis.

❑ Keeping records of the assessment and control actions taken and storing assessments for specific years is very important.

❑ Check for local requirements in your jurisdiction.

What documentation should be done for a risk assessment?

➢ Level of risk involved

➢ Legislated requirements

➢ Requirements of any management systems that may be in place

The level of documentation or record keeping will depend on:

➢ Conducted a good hazard review

➢ Determined the risks of those hazards

➢ Implemented control measures suitable for the risk

➢ Reviewed and monitored all hazards in the workplace

Your records should show that you:

➢ Review the output/results of the QRM process

➢ Take into account new knowledge and experience

➢ Utilize for planned or unplanned events

➢ Implement a mechanism to review or monitor events

➢ Reconsideration of risk acceptance decisions, as appropriate

➢ the project manager will maintain a risk log, which will be reviewed as a standing agenda item for project team meetings.

Risk review: Review Events

Risk Monitoring, Controlling, And Reporting

The level of risk on a project will be tracked, monitored, and reported throughout the project lifecycle.

“Top 10 Risk List”

will be maintained by the project team and reported as a component of the project status reporting process.

Risk Monitoring, Controlling, And Reporting

All project change requests will be analyzed for their possible impact on the project risks.

Executive Project Status Report

Management will be notified of important changes to risk status as a component of the___

➢ It is important to know if your risk assessment was complete and accurate.

➢ It is also essential to be sure that any changes in the workplace have not introduced new hazards or changed hazards that were once ranked as a lower priority to a higher priority.

➢ It is good practice to review your assessment regularly to ensure your control methods are effective.

➢ recommended validity for review every six (6) months

importance of Risk Review

every 6 months

validity for review

Risk Communication

Methodology / Tools used

QRM process Requirements

risk communication

is the bi-directional sharing of information about risk and risk management between the decision-makers and others

risk communication

parties can communicate at any stage of the risk management process ;

risk communication

The output/result of the quality risk management process should be appropriately communicated, and documented communications might include those among interested parties, e.g., regulators and industry, industry and the patient, within a company, industry or regulatory authority, etc.