Standard operating procedure for quality risk assessment and quality risk management (QRM) in pharmaceuticals.
1.0 OBJECTIVE:
To lay down the procedure for Quality Risk Management.
2.0 SCOPE:
This procedure shall be applicable to Product, Process, Equipment, Systems.
3.0 RESPONSIBILITY:
All Department Heads
4.0 ACCOUNTABILITY:
All Department Heads
5.0 PROCEDURE:
5.1 Quality Risk Management
Quality Risk Management is a systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle.
The two primary principles of Quality Risk Management are:
- the evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient and
- the level of effort, formality and documentation of the Quality Risk Management process should be commensurate with the level of risk.
Risk Assessment:
The Risk Assessment consists in the identification of hazards, analysis and evaluation of risks associated with exposure to those hazards Risk assessment defines with three fundamental questions.
a) Risk Identification address what might go wrong.
b) Risk analysis, to analyze the risk involved.
c) Risk evaluation, comparing the risk identification and analyze the risk against the criteria.
Any potential risk identified shall be assessed qualitatively and quantitatively. The risk assessment shall be done in a cross functional committee to read upto a common rating.
The output of risk is measured in two ways:
- Qualitatively: The risk shall be categorized into “High” “Medium” and “Low”.
- Quantitatively: The risk shall be provided with numerical values “1” “2” “3” “4” and “5”.
The severity of risk shall be categorized as:
Category | Description | Score |
Critical | Very significant and having catastrophic impact on product | 1 |
High | Significant losses and require timely addressal management intervention required. | 2 |
Moderate | Loss of operating capability, long term of problem causes adverse effect. | 3 |
Minor | Impact on operations and efficiency, but limited effect. | 4 |
Insignificant | Very minor or no impact on operations and quality of operational efficiency. | 5 |
Likelihood of risk shall be categorized as:
Based on the discussion/ view of the user department & QA/QC head.
Category | Description | Score |
Almost certain | Is expected to occur in most circ*mstances | 1 |
Likely | Will probably occur in most circ*mstances | 2 |
Possible | Will probably occur at some time | 3 |
Unlikely | Could occur at some time | 4 |
Rare | May occur in exceptional circ*mstances | 5 |
Risk Control:
Risk Control analyzes and categorizes accordingly.
Control of risk divided into:
Risk Reduction by different measures opted and elaborated in risk Management document.
Risk Acceptance, as the risk involved is up to the acceptable level.
Control Mitigation control of risk shall categorize as:
Category | Description | Score |
Not aware | Insufficient information to adequately assess and rate the control | 1 |
Non existent | No mitigation plans in place | 2 |
Not effective | Mitigation plans though in place do not ensure adequate control over risk occurrence / impact. | 3 |
Effective | Mitigation plans involve is effective against the identified risk of HVAC, although chances of occurrence minimize, but there is very less possibility of occurrence of identified risk. | 4 |
Very Effective | Mitigation plans involve high degree of control on the operational procedure and is effective against all identified risk. | 5 |
Procedure for mitigation shall be explained in the respective protocol.
Risk mitigation plan shall be discussed amongst the cross-functional departmental heads and appropriate measures to mitigate the risk be used.
On the basis of qualitative and quantitative status risk shall categorize into:
RISK LEVEL | OBTAINED SCORE |
HIGH RISK | 3 to 6 |
MEDIUM RISK | 7 to 11 |
LOW RISK | 12 to 15 |
Sr.No. | Risk Identification No. | Risk Involved | Quantitative Score | Qualitative Status | Remarks |
Risk Identification number shall provide as R001, R002 … so on, for the risk management protocol, and the severity, likelihood and mitigation of risk shall be evaluated on the basis of qualitative and quantitative means.
Identified Risk with severity, likelihood and mitigation shall club together to provide the overall picture of risk assessment.
Sr. No | Identification of Risk Involved | Analyzing the Risk | Evaluation of Risk | Risk Reduction | Quantitative Evaluation | Qualitative Evaluation | Risk Identification No. |
Description | Severity of Risk Impact | Likelihood Risk | Mitigation Plan (Control) | Total Score | Risk Category | ||
Interdisciplinary teams are formed to undertake the activity of QRM, they should include experts from the appropriate areas (e.g. QA, QC, Production, Regulatory Affairs, Engineering, stores, Marketing, Legal, etc.) in addition to individuals who are knowledgeable about the QRM process.
As after Categorize the risk, evaluate the individual risk, and execute the corrective and preventive action, as per the High, Medium and Low risk.
Risk Category: High, Medium and Low.
Risk ID. No. | Total Score | Corrective action | Preventive action | Responsibility | Remarks |
Risk Review:
The appropriate quality indicators like Change Control, Deviations and CAPA procedures shall followed to execute the QRM (Quality Risk Management).
Risk Communication:
Training shall provide to all concerns between the decision makers and the actual executors:
Also see:Quality Risk Management in Pharmaceuticals