risk assessments a risk based approach benchmark your company s success in implementing qrm n.
Skip this Video
Loading SlideShow in 5 Seconds..
Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM PowerPoint Presentation
Download Presentation
Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM

Loading in 2 Seconds...

play fullscreen
1 / 35

Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM - PowerPoint PPT Presentation

  • Uploaded on

Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM. Presented by: Karen Ginsbury For IFF, Denmark October 2013. Six Quick Questions. Do you have a risk management master plan and is it updated annually?

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM' - daire

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
risk assessments a risk based approach benchmark your company s success in implementing qrm

Risk Assessments – A Risk Based ApproachBenchmark Your Company’s Success in Implementing QRM

Presented by: Karen Ginsbury

For IFF, Denmark

October 2013

six quick questions
Six Quick Questions
  • Do you have a risk management master plan and is it updated annually?
  • Who is responsible for risk management in your company?
  • Are risk management / assessment and outcomes part of the annual training program?
  • Do you have a risk register? Who updates it?
  • Are risk assessment / mitigation measures formally reviewed for effectiveness and ongoing implementation?
  • Are RM and outcomes part of management review?
does an inspector have the authority to ask about risk management
Does an Inspector have the authority to ask about risk management?
  • If yes, where is that authority found?
  • Yes they do and it is found in chapter 1 of the GMPs Part 1 (fPs) and it is also found in Part 2
left side right side
Left side Right side
  • What should be addressed in your Quality risk management policy
  • Start preparing a checklist of items which need to be addressed in your QRM Master Plan
  • YOU can do it by product / process or quality system activity
quality risk management policy1
Quality Risk Management Policy
  • Who is to approve the policy:
  • Who needs to UNDERSTAND this policy
quality risk management policy2
Quality Risk Management Policy
  • Commitment of Senior Management – it won’t work without commitment from senior management
  • Who signs off the policy? CEO needs to be on there and Director / VP Quality and all her / his colleagues at the executive level – if they don’t sign off on the policy – they need to understand it and so you must communicate the contents to them
quality risk management policy3
QualityRisk Management Policy
  • Responsibilties:
    • Someone in the organization needs to be made responsible for the QRM implementation
    • Who is responsible for:
      • Performing the risk assessment
      • Documenting
quality risk management policy4
QualityRisk Management Policy
      • Approving the risk assessment
      • Communicating the risk
      • Verifying effectiveness of control measures
      • Updating the risk assessments
  • Scope of the Policy
    • Covers quality RM and under that GMPs of course NOT business riskNOT Environmental, Health and Safety(these are critical but under a separate risk assessment)
    • [you might want a corporate risk management policy which says it does apply to all types of risk but that separate risk assessments must be performed for each of the different types]
  • Define the risk assessment methodology / tools or refer to a separate SOP on conducting risk assessments
Defining the Risk Question:QRM performed to comply with GMPs is concerned with product safety and efficacy / fitness for use
  • What are the risks associated with manufacturing a cytotoxic drug in our facility?
    • Business risk
    • Health and safety: operators are exposed day after day and it becomes a containment / protection conern
    • Quality: cross contamination of other products
    • Environment: don’t want to leak cytotoxics into waste
outsourced operations
Outsourced Operations
  • Risks for contract giver
  • Risks for contract acceptor
qrm master plan what should be included
QRM Master Plan – What should be included?
  • External and Internal audit management (scheduling and handling)
  • Supplier / contractors qualification, auditing and management
  • List of products and unit operations
  • List of processes and unit operations
  • Analytical methods and laboratory operations
  • Validation
  • Calibration
  • Qualification of equipment and systems
  • Qualification and training of personnel…
  • Utilities management
  • Maintenance
  • Gowning practices
  • Etc……
what is risk management
What is Risk Management?
  • A systematic process for identifying risk, quantifying risk and implementing controls (mitigation measures) and accepting the residual risk.
risk management
Risk Management
  • Risk management policy – Initiating the process
  • Master plan – identify which processes / products / systems need risk assessments based on knowledge of our operations(Brainstorming)
  • Risk Assessment
risk assessment
Risk Assessment
  • Risk Identification:What is the nature of the risk – what could go wrong
  • Risk Analysis:How might it go wrong and why :
  • how probable is it that this will happen - likelihood of occurrence (OCC)
  • how serious is it if it goes wrong - severity of harm (SEV) and
  • If it does go wrong will we know about it – likelihood of detection (DET)
who performs the risk analysis
Who performs the risk analysis
  • A multi-disciplinary team with EXPERTS (subject matter experts SMEs) from the relevant departments
  • NOT QA on their own being terrified of everything!
  • Wherever possible – USE actual data (not the “data” in your head) to assess frequency of events based on documented history and use that to estimate likelihood of occurrence
  • Don’t let QA / regulators bias the picture because they were ONCE burned!
define what you mean
Define what you mean
  • High frequency of occurrence means it is an event which has occurred in our experience (documented in company database) several times in the past few months / year…
  • Medium frequency means it has occurred more than once in the past few months to year
  • Low frequency means once or not at all this year but once or twice in the past three years but could also mean we have never seen it
  • (could we have zero frequency – NO)NEVER put a zero into a risk prioritization number
what does occ mean
What does OCC mean
  • Is it the likelihood of occurrence in the absence of any controls at all?Most companies skip this stepBUT this assessment allows you to understand the inherent risk associated with the occurrence of the event and is therefore an important part of risk understanding and communication
  • Is it the likelihood of occurrence in the presence of current procedures and practices and design features?Allows us to understand what the existing controls are and why they exist and if the existing controls – the current quality system are adequate OR if we need to do better (continuous improvement)
  • Is it the likelihood of occurrence after implementing additional risk mitigation / reduction measures?Should give us the controls needed to allow us to accept the residual risk.
risk assessment procedure
Risk Assessment Procedure
  • Should offer tools for performing the assessment
  • In the procedure – define how you assign a RISK PRIORITIZATION NUMBER and what scale you use e.g. Low Medium High or 1 – 3 or 1 – 4 or 1 – 5 / 10 or any otherANDhow you rank the outcome (generally) without being overly rigid.
risk assessment procedure1
Risk Assessment Procedure
  • For a scale of 1 – 5
    • Any value less than 8 represents a low risk and existing controls will be considered acceptable
    • Values between 9 and 27 are generally considered as representing medium risk and will result in consideration of additional risk mitigation measures to further reduce the risk as part of an overall improvement plan (goes in CAPA plan)
    • Values greater than 27 are generally considered to represent high risk and will need a rapid resolution / introduction of additional mitigation measures.
risk register
Risk Register
  • Allows us to follow up on critical control points and to make sure that we deliberately check that they continue to operate as designed / intended and continue to be effective
  • If events occur – since we are doing reviews we tie them in and if an event occurs between reviews it might be a trigger to revisit the risk assessment and to add additional mitigation measures
supplier risk assessment step 1 what could go wrong
Supplier Risk AssessmentStep 1 – What could go wrong
  • API supplier in China is offering an irresistible offer (price) for replacing a current supplier in USA.
  • Key excipient supplier – (inactive ingredient but represents 95% of the tablet formulation) has just notified purchasing that they are going out of business in three months. You do have an approved alternative but only one and have never used them for commercial supply
identifying inputs and outputs risk assessment for control strategy
Identifying inputs and outputs(Risk Assessment for control strategy)
  • How can we reduce risk by controlling critical process parameters so that we are certain of achieving critical quality attributes
product development ccps
Product development CCPs
  • Identifying and assigning risk criteria to Critical Quality Attributes (CQA)
  • Sampling/ Test / Data Collection plan for:
    • Technology Transfer
    • Process validation (PPQ)
preliminary hazard analysis
Preliminary Hazard Analysis

PHA for:

  • clinical trial material
  • product control strategy
  • Hazard Analysis at Critical Control Points
  • A tool for microbiological risk assessment
  • Does your risk assessment tool, have safeguards to prevent making unjustified assumptions?
  • Minimizing bias?
  • Formal methods?
  • Is QRM integrated into your annual training program?
capa and continual improvement
CAPA and Continual Improvement
  • Monitoring the effectiveness of your QRM program
    • Do you discuss risks at management review meetings?
    • KPIs for risk?