1.0 PURPOSE:
1.1 To lay down a procedure for identification and evaluation of risk involved in quality management.
1.2 The objective of this document is to offer site a systematic approach to quality risk management. This document offers guidance on the principles and various tools of quality risk management, facilitating more effective and consistent risk-based decision-making.
2.0 SCOPE:
This procedure outlines principles and examples of tools for quality risk management that can be applied to various aspects of pharmaceutical quality at (Company name). These aspects include different processes, equipment, instrument or systems like HVAC, Water purification, product or component sterilization etc.
3.0 DEFINITIONS:
3.1 Risk: The combination of the probability of occurrence of harm and the severity of that harm (ISO/IEC Guide 51).
3.2 Risk management: The systematic application of quality management policies, procedures, and practices to the tasks of assessing, controlling, communicating, and reviewing risk.
4.0 RESPONSIBILITY:
4.1 User Department personal identifies the risk in the departmental operations and prepares the Risk assessment document.
4.2 Head of the Department or their designee to review the Risk assessment document.
4.3 Head or their designee of Quality Assurance Department shall approve the risk assessment document.
4.4 QA personal shall assign document number to all Risk Assessment.
5.0 PROCEDURE:
5.1 Quality risk management is a systematic process for assessing, controlling, communicating, and reviewing risks to drug product quality throughout its life cycle.
5.2 The team including the expert from the appropriate areas in addition to individual who are knowledgeable about the risk management process should carry out quality risk management activities.
5.3 Risk Assessment:
5.3.1 Risk assessment should involve identifying hazards and analyzing them to evaluate the risks associated with exposure to these hazards, such as:
5.3.1.1 What might go wrong?
5.3.1.2 What is the probability it will go wrong?
5.3.1.3 What are the consequences?
5.4 Risk Identification:
5.4.1 It is a systematic use of information to identify hazards referring to the risk question or problem description. Information may include historical data, theoretical analysis, informed opinions, and stakeholder concerns. Risk identification addresses the “What might go wrong?” question, including identifying the possible consequences. This forms the basis for subsequent steps in the quality risk management process.
5.5 Risk Analysis:
5.5.1 It is the estimation of the risk associated with identified hazards. It is the qualitative process of linking the likelihood of occurrence and severity of harms. In certain risk management tools, the ability to detect harm (detectability) is also considered in the risk estimation.
5.6 Risk Evaluation:
5.6.1 It compares the identified and analyzed risks against established risk criteria. Risk evaluations take into account the strength of evidence for all three fundamental questions.
5.6.2 In doing an effective risk assessment, the robustness of the data set is important because it determines the quality of the output. Revealing assumptions land reasonable sources of uncertainty will enhance confidence in this output and/or help identify its limitations. Uncertainty arises from a combination of incomplete knowledge about a process and its expected or unexpected variability. Common sources of uncertainty include gaps in knowledge, gaps in pharmaceutical science, process understanding, and sources of harm (e.g. failure modes of a process, sources of variability) and probability of detection of problems.
5.7 Risk Control:
5.7.1 It includes decision making to reduce and/or accept risks. The aim of risk control is to reduce the risk to an acceptable level. The extent of effort used for risk control should be proportional to the significance of the risk.
5.8 Risk Reduction:
5.8.1 It focuses on processes for mitigation or avoidance of quality risk when it exceeds an specified (acceptable) level. Risk reduction involves taking measures to decrease the chance and minimize the impact of potential harm. Processes which improves the detectability of hazards and quality risks may also be used as part of risk control strategy. Implementation risk reduction measures can potentially introduce new risks or amplify existing ones within the system. Therefore, it may be advisable to revisit the risk assessment to identify and assess any potential changes in risk following the implementation of risk reduction processes.
5.9 Risk Acceptance:
5.9.1 It is a decision to accept risk. Accepting risk can involve a deliberate acknowledgment of remaining risks or simply not specifying residual risks. Despite employing robust risk management practices, some types of harm may still persist. In these circumstances, it might be agreed that an appropriate quality risk management strategy has been applied and that quality risk is reduced to a specified (acceptable) level.
5.10 Risk Communication:
5.10.1 It is sharing of information about risk and risk management between the decision makers and others.
5.10.2 Initiate the Risk Management by using risk management tools “Failure Mode Effects Analysis”.
5.11 Risk Assessment Procedure:
5.11.1 QA shall prepare the risk assessment document as per the guideline mentioned in the Failure Mode Effects Analysis.
5.11.2 Risk assessment document shall be reviewed and approved by heads of concern departments before implementation of actions taken.
5.11.3 Risk assessment document shall be reviewed after the defined actions have been completed their over-all effect on the failure mode / risk they’re supposed to address must be reassessed.
5.12 Risk Assessment Numbering:
5.12.1 The FMEA base Risk Assessment number shall be given as:
RAP/FMEA/YY-ZZZ
Where,
RAP- Risk Assessment Protocol
FMEA – Failure Mode Effects Analysis
YY- is last two digit of current calendar year
ZZZ- is serial number starting from 001 and so on.
5.12.2 The HACCP base Risk Assessment number shall be given as:
RAP/HACCP/YY-ZZZ
Where,
RAP – Risk Assessment Protocol
HACCP – Hazard Analysis and Critical Control Points.
YY- is last two digit of current calendar year
ZZZ- is serial number starting from 001 and so on.
5.12.3 QA shall assign document number and recorded in Annexure-I.
5.13 Risk assessment document shall be revised with the change in version number in following conditions but not limited to
5.13.1 Modification or up gradation of the Equipment / Instruments.
5.13.2 Major breakdown / replacement of major parts of Equipment / Instrument.
5.13.3 New risks / failure modes are identified.
5.13.4 Change in process / activity / Environmental conditions.
5.13.5 Frequent product, process or system failures.
6.0 ABBREVIATION:
6.1 No :Number
6.2 SOP :Standard Operating Procedure
6.3 QA :Quality Assurance
6.4 HVAC :Heating ventilation and air condition
7.0 REFERENCES:
8.0 LIST OF ANNEXURES:
Annexure-I: Risk assessment numbering register
Also read: SOP for Handling of deviation
Also read: SOP for Change control programme