1 / 35

Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM

Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM. Presented by: Karen Ginsbury For IFF, Denmark October 2013. Six Quick Questions. Do you have a risk management master plan and is it updated annually?

daire
Download Presentation

Risk Assessments – A Risk Based Approach Benchmark Your Company’s Success in Implementing QRM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Assessments – A Risk Based ApproachBenchmark Your Company’s Success in Implementing QRM Presented by: Karen Ginsbury For IFF, Denmark October 2013

  2. Six Quick Questions • Do you have a risk management master plan and is it updated annually? • Who is responsible for risk management in your company? • Are risk management / assessment and outcomes part of the annual training program? • Do you have a risk register? Who updates it? • Are risk assessment / mitigation measures formally reviewed for effectiveness and ongoing implementation? • Are RM and outcomes part of management review?

  3. Does an Inspector have the authority to ask about risk management? • If yes, where is that authority found? • Yes they do and it is found in chapter 1 of the GMPs Part 1 (fPs) and it is also found in Part 2

  4. Left side Right side • What should be addressed in your Quality risk management policy • Start preparing a checklist of items which need to be addressed in your QRM Master Plan • YOU can do it by product / process or quality system activity

  5. Quality Risk Management Policy

  6. Quality Risk Management Policy • Who is to approve the policy: • Who needs to UNDERSTAND this policy

  7. Quality Risk Management Policy • Commitment of Senior Management – it won’t work without commitment from senior management • Who signs off the policy? CEO needs to be on there and Director / VP Quality and all her / his colleagues at the executive level – if they don’t sign off on the policy – they need to understand it and so you must communicate the contents to them

  8. QualityRisk Management Policy • Responsibilties: • Someone in the organization needs to be made responsible for the QRM implementation • Who is responsible for: • Performing the risk assessment • Documenting

  9. QualityRisk Management Policy • Approving the risk assessment • Communicating the risk • Verifying effectiveness of control measures • Updating the risk assessments • Scope of the Policy • Covers quality RM and under that GMPs of course NOT business riskNOT Environmental, Health and Safety(these are critical but under a separate risk assessment) • [you might want a corporate risk management policy which says it does apply to all types of risk but that separate risk assessments must be performed for each of the different types]

  10. Policy • Define the risk assessment methodology / tools or refer to a separate SOP on conducting risk assessments

  11. Defining the Risk Question:QRM performed to comply with GMPs is concerned with product safety and efficacy / fitness for use • What are the risks associated with manufacturing a cytotoxic drug in our facility? • Business risk • Health and safety: operators are exposed day after day and it becomes a containment / protection conern • Quality: cross contamination of other products • Environment: don’t want to leak cytotoxics into waste

  12. Outsourced Operations • Risks for contract giver • Risks for contract acceptor

  13. QRM Master Plan – What should be included? • External and Internal audit management (scheduling and handling) • Supplier / contractors qualification, auditing and management • List of products and unit operations • List of processes and unit operations • Analytical methods and laboratory operations • Validation • Calibration • Qualification of equipment and systems • Qualification and training of personnel… • Utilities management • Maintenance • Gowning practices • Etc……

  14. What is Risk Management? • A systematic process for identifying risk, quantifying risk and implementing controls (mitigation measures) and accepting the residual risk.

  15. Risk Management • Risk management policy – Initiating the process • Master plan – identify which processes / products / systems need risk assessments based on knowledge of our operations(Brainstorming) • Risk Assessment

  16. Risk Assessment • Risk Identification:What is the nature of the risk – what could go wrong • Risk Analysis:How might it go wrong and why : • how probable is it that this will happen - likelihood of occurrence (OCC) • how serious is it if it goes wrong - severity of harm (SEV) and • If it does go wrong will we know about it – likelihood of detection (DET)

  17. Who performs the risk analysis • A multi-disciplinary team with EXPERTS (subject matter experts SMEs) from the relevant departments • NOT QA on their own being terrified of everything! • Wherever possible – USE actual data (not the “data” in your head) to assess frequency of events based on documented history and use that to estimate likelihood of occurrence • Don’t let QA / regulators bias the picture because they were ONCE burned!

  18. Define what you mean • High frequency of occurrence means it is an event which has occurred in our experience (documented in company database) several times in the past few months / year… • Medium frequency means it has occurred more than once in the past few months to year • Low frequency means once or not at all this year but once or twice in the past three years but could also mean we have never seen it • (could we have zero frequency – NO)NEVER put a zero into a risk prioritization number

  19. What does OCC mean • Is it the likelihood of occurrence in the absence of any controls at all?Most companies skip this stepBUT this assessment allows you to understand the inherent risk associated with the occurrence of the event and is therefore an important part of risk understanding and communication • Is it the likelihood of occurrence in the presence of current procedures and practices and design features?Allows us to understand what the existing controls are and why they exist and if the existing controls – the current quality system are adequate OR if we need to do better (continuous improvement) • Is it the likelihood of occurrence after implementing additional risk mitigation / reduction measures?Should give us the controls needed to allow us to accept the residual risk.

  20. Risk Assessment Procedure • Should offer tools for performing the assessment • In the procedure – define how you assign a RISK PRIORITIZATION NUMBER and what scale you use e.g. Low Medium High or 1 – 3 or 1 – 4 or 1 – 5 / 10 or any otherANDhow you rank the outcome (generally) without being overly rigid.

  21. Risk Assessment Procedure • For a scale of 1 – 5 • Any value less than 8 represents a low risk and existing controls will be considered acceptable • Values between 9 and 27 are generally considered as representing medium risk and will result in consideration of additional risk mitigation measures to further reduce the risk as part of an overall improvement plan (goes in CAPA plan) • Values greater than 27 are generally considered to represent high risk and will need a rapid resolution / introduction of additional mitigation measures.

  22. Risk Register • Allows us to follow up on critical control points and to make sure that we deliberately check that they continue to operate as designed / intended and continue to be effective • If events occur – since we are doing reviews we tie them in and if an event occurs between reviews it might be a trigger to revisit the risk assessment and to add additional mitigation measures

  23. Existing Controls or added reduction measures (controls) are CCPs

  24. Is QRM a waste of time

  25. Who approves a RA

  26. Process Maps

  27. Supplier Risk AssessmentStep 1 – What could go wrong • API supplier in China is offering an irresistible offer (price) for replacing a current supplier in USA. • Key excipient supplier – (inactive ingredient but represents 95% of the tablet formulation) has just notified purchasing that they are going out of business in three months. You do have an approved alternative but only one and have never used them for commercial supply

  28. Identifying inputs and outputs(Risk Assessment for control strategy) • How can we reduce risk by controlling critical process parameters so that we are certain of achieving critical quality attributes

  29. Product development CCPs • Identifying and assigning risk criteria to Critical Quality Attributes (CQA) • Sampling/ Test / Data Collection plan for: • Technology Transfer • Process validation (PPQ)

  30. Preliminary Hazard Analysis PHA for: • clinical trial material • product control strategy

  31. HACCP • Hazard Analysis at Critical Control Points • A tool for microbiological risk assessment

  32. Safeguards • Does your risk assessment tool, have safeguards to prevent making unjustified assumptions? • Minimizing bias?

  33. Communication • Formal methods? • Is QRM integrated into your annual training program?

  34. CAPA and Continual Improvement • Monitoring the effectiveness of your QRM program • Do you discuss risks at management review meetings? • KPIs for risk?

  35. Thank You for Your Attention

More Related