Tutorial - Risk Management in (Bio)Pharmaceutical and Device Industry

8/10/2019 Tutorial - Risk Management in (Bio)Pharmaceutical and Device Industry

1/63

Home | Contact Us | Newsletter | Usersclub | Books | Audio Seminars

ial - Risk Management in (Bio)Pharmaceutical and Device Industry http://www.labcompliance.com/tutorial/risk/default.aspx

3 8/13/2014


2/63

Seminars

Literature

Usersclub

Tutorials

Risk ManagementPractices

Computer ValidationPart11

Method Validation

ISO 17025

Lab Equipment Qualification

Good Laboratory Practices

About

Twelve 2-dayIn-personInteractive GMP and

Validation seminars

available in America,Europe and Asiadelivered by Dr. LudwigHuber.

Practical Risk

Assessment in

Laboratories:Step-by-Step

With Risk Master Plan,SOPs and Case Studiesfor Easy Implementation

Recorded, available atany time

Risk Based Validation

Risk Management in the (Bio)Pharmaceutical

Industry

Links to specific sections of thetutorial

Other informatio

Introduction and LiteratureOverviewRegulations and GuidelinesApproaches for RiskManagementTools and MethodologiesSteps for Risk Management

ApplicationsReferencesGlossaryAbout LabcoTutorials

Forward this tutorial

Introduction and Literature Overview

Risk-based compliance is expected by regulatory agerecommended by industry task forces and private authors to

efforts and costs vs. product quality and patient safety. Risk mahistory in the industry. For example, when car manufacturers hwith specific models in the market they will go through a thoroprocess to decide whether to recall the cars or not. The costthe problem will be balanced against the cost that may potentidoing anything and the effect this would have on the companliability issues.

Risk assessment is also nothing new in our private life. We eday long before we start our daily work. Before we cross a busour workplace, we look left and right because there is a risk thand run us over. By observing car traffic and stopping until thlooking for a pedestrian crossing or traffic lights we can elimicar will hit us.

Objectives and Principles of Risk Management

Risk management is the process that helps to identify problethen to create an action plan to avoid or manage these problerisk management during pharmaceutical device and dru


3 8/13/2014


3/63

of Software and

Computer Systems

Strategies for FDA/EUCompliance and Tools forImplementation


Risk Management for

FDA/EU Regulated

Industries

Introduction andStrategies forCompliance andTrouble-free Operation

Recorded, available at

any time

Developing a Risk

Management Master

Plan

A must for efficient andconsistent implementationof risk managementprojects


Risk Based Computer

Validation and Part 11

Compliance


manufacturing is to provide drugs and devices that are efficispending too many resources, for example, for validating proce

All recommendations from official guidelines, from industry tprivate authors basically follow the same principles for risk asse

Identify the risks: What can go wrong?1.Analyze the risks: What is the likelihood or probability that s

and what are the consequences or what is the severity if sowrong?

2.

Estimate the risk priority number (RPN) and assess if the ritoo high.

3.

If the risk is too high develop and implement control steps tothe risk.

4.

Analyze the residual risk and assess if it is acceptable.5.

Let's look at the road traffic example we mentioned at the b

same steps as above.Risk or unwanted event: Car runs over a pedestrian crossin1.Probability of occurrence: Depends on the road traffic - lowmedium for town roads and high for city streets.Severity: Always high, because the accident may lead to pedeath.

2.

Risk level expressed by the risk priority number (RPN): Alwhigh severity and some probability. The RPN increases frothe city street due to increasing probability.

3.

Control steps to reduce probability: Depends on the risk pri- Country road: Look left and right before crossing the road.- Town road: Use pedestrian traffic lights or a pedestrian cro- City street: Use pedestrian overpass or underpass.

4.

Residual risk: Is acceptable because probability of occurrenreduced.

5.

The effort to reduce the risk to an acceptable level increasesnumber. This is a simple example, but illustrates the steps thasafely across the road. The principles can be applied to most ris

The person crossing the road does not follow a formal andShe or he is using a practical approach which is only basecommon sense. This way we can define risk management for

justified and documented common sense". Official guidelines aICH Q9, ISO 31000 and others have listed a couple of importmanagement.

Risk Assessment:


3 8/13/2014


4/63


5/63

Doing nothing about compliance, quality or validation is a high rmay receive warning letters from the FDA, or when looking athave high failure rates. Or even worse, patients may get sick ifadverse impurities because of insufficient quality or validatiosystems. Of course, the advantage is that in this case there a

When going to the right side of the diagram everything is vastringent interpretation is used for compliance and the costs gThe risk decreases but so does the additional value, for exavalidation efforts. One of the tasks of a risk managementoptimum which should be somewhere in the middle.

For each process or piece of equipment the company should dcan be taken. General recommendations should come from tMaster Plan or directly from management for a specific project.much risk a company can or will take, or what is the acceptabanswer depends on which direct impact equipment or a proces

device product. For example, when looking at the drug varesearch through preclinical and clinical development to manimpact on consumers increases. Therefore, assuming everytvalidation effort for equipment used in manufacturing will be hsame equipment is used in early development.

Similarly one can argue that the validation efforts during qualitpharmaceutical ingredient (API) can be lower than for finishedquality problems can still be uncovered by the pharmaceuticalthe product reaches patients through incoming checks of the A

control of finished drugs.The main benefit of quality risk management is that the reoptimize resources towards high risk products, equipment andresources for low or no risk systems. This increases the oimproves product quality and patient safety. While in the past thesitated in applying risk management, this changed since theand Drug Administration (FDA) started promoting quality risk mits 21st century cGMP initiative along with some follow-up actithe word compliance can be eliminated from the x-axis in Fcompliance is not always proportional to validation because

'The type and extent of validation depends on the risk on thecompliance can be achieved at less than 100% validation.

The example used to illustrate the benefits of quality risk managissues. QA and other professionals may disagree that develomanufacturing of API's don't require the highest focus on qualitis a good point as long as we understand that risk managemwith objective criteria such as direct impact on product qualitWhen looking at relative risks, quality control of finished producthan equivalent measures of API products or test samples from


3 8/13/2014


6/63

Objectives of the Tutorial

This tutorial addresses risk management in the (bio)pharmadevice industry. It is intended to give project managers and oththe (bio)pharmaceutical and medical device industry a goodobjectives and principles of risk assessment and to guide tmanagement process. Quality managers and staff as wellprofessionals will also benefit through extensive discussions ofquality standards and guidelines. The tutorial will discuss tooland specific recommendations for all steps of risk managidentification, risk evaluation, risk assessment and mitigation co

In less than one day readers will get:

An overview of regulatory and quality standard requirementrecommendations.

Tools and common practices available for risk assessmentStrategies for implementation with practical help on how tooutcome.Recommendations for special applications, e.g., for laboratsoftware and computer validation, equipment maintenancefor process validation.

From our experience in attending risk management workshopsand Risk Management Master Plans and procedures we realipractical information available on how to identify, evaluate

together with documentation of failures, hazards, possible harrisk priority numbers based on severity, probability of occurrendetection. It seems that most authors describe conceptual stehelp. Also, official documents such as ICH Q9 don't give detatutorial tries to fill this gap.

Literature Overview

Risk management for the (bio)pharmaceutical and device indudocumented in regulatory guidance, by industry task forces anThis chapter lists some literature publications with relevance tomanagement in the (bio)pharmaceutical and medical device indu

The European Council Directive 93/42/EEC of June 14 199


3 8/13/2014


7/63

Medical Devices (1) was one of the first regulatory documeeliminate risks as much as possible during the design and mmedical devices when weighed against the benefits to the pThe US FDA Quality System Regulation (2) requested to vamedical devices and that design validation should include riappropriate.The EU GMP Annex 15 for "Validation and Qualification" (3)

assessment approach to determine the scope and extent ofevaluate the impact of the change of facilities, systems and(medicinal) product including risk analysis.Risk-based compliance was an important element of the FDcGMP Initiative for the 21st Century in 2002 (4).Risk-based compliance was also a key component in the Ffor dealing with electronic records and signatures: 21 CFRProbably the single most important document related to riskpharmaceutical industry is the ICH Q9 "Guide on Quality Ris

2005 (6). It describes a systematic approach for risk managdrug development and manufacturing including laboratories.The World Health Organization Expert Committee on SpecifiPharmaceutical Preparation published a paper entitled "HazAnalysis in Pharmaceutical Products" (30). It provides geneuse of Hazard Analysis and Critical Control Points (HACCP)of pharmaceuticals.The Pharmaceutical Inspection Convention/Cooperation Scan example of a methodology for implementing ICH Q9 in thfield (29).

Risk management is well known and practiced in many inindustry task forces have developed guidance documentsmanagement.

In 2001 GAMP published the "Guide for Validation of Autom(GAMP 4)" (7). Appendix M3 was dedicated to risk assessmfocuses on risk-based validation of computer systems.Its successor GAMP 5 was released in 2008 (8). The title: 'Approach to Compliant GxP Computerized Systems' indicat

guide is focused on risk-based compliance of computerizedThe Global Harmonization Task Force (GHTF) has publishedguidance for the medical device industry titled: 'ImplementatManagement Principles and Activities within a Quality ManaIn 2000 ISO published a standard 14971:2000: 'Applicationto Medical Devices'. Even though it was developed for medalso recommended the approach for pharmaceutical applicawas updated in 2007 (10).In 2009 ISO released two more standards: ISO 31000 on "


3 8/13/2014


8/63

Principles and Guidelines" (11) and ISO 31010 on "Risk AssTechniques" (12). Both standards are applicable to all indust

Private authors and professional service providers have pgeneral recommendations for risk management which are alsapplications.

R. Jones (13) gave an overview of risk management for phdevelopment and manufacturing with an introduction to risktechniques and with focus on probabilistic risk assessment Campbell (14) discussed how quality risk management princto achieve a practical equipment verification strategy.Several authors contributed to a book: "Risk Management iIndustry" (34). The book includes introductory chapters on rrequirements and risk management tools followed by a totalJ.L. Vesper (33) authored a book titled: "Risk Assessment ain the Pharmaceutical Industry: Clear and Simple". The book

of the risk management process and some of the more comassessment methods and tools. It also examines how the vapplied to identifying hazards and evaluating their potential iHuber (15) applied the concepts of risk management to thecommercial off-the-shelf computer systems.K. O'Donnel and A. Green described a risk management solfacilitate risk-based qualification, validation and change conGMP and the pharmaceutical regulatory compliance environtwo parts. Part I (35) gave an overview on fundamental prin

criteria outlined in the process and Part II (36) focused on tlimitations, principle findings and novel elements.

Most literature publications give a general overview on risk mand also offer tools that help for easy implementation. For exaoffers a "Risk Management Master Plan" (16), several SOPstudies (20).

Regulations, Guidelines and Quality Standard

Regulatory agencies expect (bio)pharmaceutical risk manageassociated with development and manufacturing of medicinal pother task forces have developed guidelines and standards tunderstand and implement risk management processes. Thoverview of the most important regulations, guidelines and quali


3 8/13/2014


9/63

United States Food and Drug Administration (FDA)

FDA 21 CFR 820: Quality System Regulation (2)

This regulation was released for medical devices in 1996. Therisk-based design validation.

30(g): Design validation. Each manufacturer shall establiprocedures for validating the device design. Design validatiunder defined operating conditions on initial production unitstheir equivalents. Design validation shall ensure that deviceuser needs and intended uses and shall include testing of practual or simulated use conditions. Design validation shall ivalidation and risk analysis, where appropriate.

FDA Guidance: General Principles of Software Validation (20

The guidance was developed for validation of software used inFDA clearly spelled out the basic idea of risk-based compliefforts should be commensurate with the complexity of the sofrisk associated with the use of the software.

This guidance recommends an integration of software life cand risk management activities. Based on the intended useassociated with the software to be developed, the softwaredetermine the specific approach, the combination of techniqthe level of effort to be applied.

The selection of validation activities, tasks and work itemscommensurate with the complexity of the software design aassociated with the use of the software for the specified intFor lower risk devices, only baseline validation activities mthe risk increases additional validation activities should beadditional risk.

Pharmaceutical cGMPs for the 21st Century: A Risk-Based

With this document the FDA introduced risk management toindustry.

Risk-based orientation: In order to provide the most effectivprotection, the FDA must match its level of effort against theResource limitations prevent uniformly intensive coverage oproducts and production. Although the agency has already brisk-based programs, a more systematic and rigorous risk-bbe developed.


3 8/13/2014


10/63

FDA Guidance: Part 11, Electronic Records; Electronic SignApplication (2003) (5)

In this guidance the FDA documented the new approach for elsignatures. They recommended basing the decision on horequirements of Part 11 on a justified and documented risk asse

We recommend that you base your approach on a justifiedassessment and a determination of the potential of the systquality and safety and record integrity.We recommend that your decision on whether to apply audibased on "a justified and documented" risk assessment.

FDA Guidance: Quality Systems Approach to PharmaceuticRegulations (2006) (22)

Risk management is one of the focuses of this guidance. Risare expected to be used for setting specifications andqualification of personnel, selection of quality unit (QU) persoauditing.

Quality risk management is a valuable component of an effeframework. Quality risk management can, for example, helpspecifications and process parameters for drug manufacturimitigate the risk of changing a process or specification andof discrepancy investigations and corrective actions.In a quality system, personnel should be qualified to do the tassigned to them in accordance with the nature of, and pote

operational activities.Although QU personnel should not take on the responsibilitiethe organization, these personnel should be selected basedand technical understanding, product knowledge, process kassessment abilities to appropriately execute certain qualityquality systems feature is also found in the cGMP regulatiospecific qualifications, such as education, training and expecombination thereof (see 211.25 (a) and (b)).The quality systems approach also calls for periodic auditin

on risk assessment.Although the cGMP regulations (211.180(e)) require a produannually, a quality systems approach calls for trending on aas determined by risk.As with other procedures, audit procedures should be develdocumented to ensure that the planned audit schedule takerelative risks of the various quality system activities, the reaudits and corrective actions, and the need to audit the co


63 8/13/2014


11/63

European Regulations

The Council Directive 93/42/EEC of 14 June 1993 Concernin(1) requires a risk-based design and manufacture validation andacceptable levels.

The devices must be designed and manufactured in such aunder the conditions and for the purposes intended, they wilclinical condition or the safety of patients, or the health andwhere applicable, other persons, provided that any risks whassociated with their use constitute acceptable risks whenbenefits to the patient and are compatible with a high level oand safety.The solutions adopted by the manufacturer for the design adevices must conform to safety principles, taking account o

acknowledged state of the art.In selecting the most appropriate solutions, the manufacturefollowing principles in the following order:- Eliminate or reduce risks as far as possible (inherently safconstruction).- Where appropriate take adequate protection measures incnecessary.- In relation to risks that cannot be eliminated, inform usersdue to any shortcomings of the protection measures adopte

Annex 15 to the EU GMPs Validation and Qualification (3) harisk-based approaches to validation and for changes to facilitiesequipment.

A risk assessment approach should be used to determine thof validation.The likely impact of the change of facilities, systems and eqproduct should be evaluated, including risk analysis.

Annex 11 to the EU GMPs Using Computerized Systems (23

controls for computerized systems on a justified and documentedOnce finalized the Annex will have legal status.

Extent of validation and data integrity controls should be badocumented risk assessment.

Pharmaceutical Inspection Convention/Cooperation Schem

ThePIC/S Good Practices Guide on using Computers in Gx


63 8/13/2014


12/63

(24) was developed for inspectors but it is also a good source dfirms. Risk-based approaches are recommended throughout the system.

For GxP regulated applications it is essential for the regulatrequirement specification prior to selection and carry out arisk analysis for the various system options.

The inspector will consider the potential risks as identified athe regulated user, in order to assess the fitness for purpossystem(s).This risk-based approach is one way for a firm to demonstrapplied a controlled methodology to determine the degree ofcomputerized system is fit for its purpose. It will certainly beconsideration by an inspector.Regulated users should be able to justify and defend their stacceptance criteria, procedures and records in the light of trisk and complexity assessments, aimed at ensuring fitness

regulatory compliance.The business/GxP criticality and risks relating to the applicathe nature and extent of any assessment of suppliers and sThe URS should also form the basis for a risk assessmentcompliance requirements, in addition to other risks such asanalysis may be based on the FS, which is related to the Usystems). The risk assessment and the results including theranking as either: 'critical' or 'non-critical' should be documeany GxP risks should be clearly stated.

The risk analyses and the results, together with reasoning fnon-critical classifications should be documented. Risks potGxP compliance should be clearly identified.Inspectors will be interested in the company's approach to iand the criteria for assessing the fitness for purpose of the

An informal Working Group within PIC/S has developed an objexample of methodology for implementing ICH Q9 (29). The dtraining purposes and will not have an impact on PIC/S inspecti

United States Pharmacopeia (USP)

USP develops methodology for specific applications anddifferent analytical aspects for FDA regulated industry. Most reand draft chapters recommend risk benefit approaches fosolvents.

Elemental Impurities (Proposal)The presence of unexpected elemental contaminants, as w


63 8/13/2014


13/63

impurities likely to be present, should be considered in deterand planning the risk-based extent of testing. Residual SolventsSolvents that are known to cause unacceptable toxicities sthe production of drug substances, excipients or drug producan be strongly justified in a risk benefit assessment.

International Conference for Harmonization

ICH Q9: Quality Risk Management (6) is the single most importdocument for risk management for the pharmaceutical industry. Iscientific knowledge and the link to the protection of the patientsprinciple. The guide also gives recommendations for implementat

Two primary principles of quality risk management are:- The evaluation of the risk to quality should be based on sc

and ultimately linked to the protection of the patient; and- The level of effort, formality and documentation of the qualprocess should be commensurate with the level of risk.It is neither always appropriate nor always necessary to usmanagement process (using recognized tools and/or internastandard operating procedures). The use of informal risk ma(using empirical tools and/ or internal procedures) can alsoacceptable.

ICH Q9 has been adopted by the European Union and PIC/S i

and PIC/S GMP Guides.

International Organization for Standardization (ISO)

ISO currently has three standards related to risk managemendevices and 31000 and 31010 which are for general purpoprojects. ISO 31000 describes principles and guidelines and 31techniques.

ISO 14971:2007 - Application of Risk Management to Medic

This document was developed for medical devices but has alsby FDA officials for pharmaceutical industry.

This International Standard specifies a process for a manufhazards associated with medical devices (including in vitromedical devices), to estimate and evaluate the associated rrisks and to monitor the effectiveness of the controls.The requirements of this International Standard are applicablife cycle of a medical device.


63 8/13/2014


14/63

This International Standard does not apply to clinical decisiThis International Standard does not specify acceptable risThis International Standard does not require that the manufquality management system in place. However, risk manageintegral part of a quality management system.

ISO 31000:2009 - Risk Management - Principles and GuideliThis International Standard provides principles and genericmanagement. It can be used by any public, private or commassociation, group or individual. Therefore, this Internationaspecific to any industry or sector.This International Standard can be applied throughout the lifand to a wide range of activities, including strategies and dprocesses, functions, projects, products, services and asseThis International Standard can be applied to any type of ris

nature, whether having positive or negative consequences.Although this International Standard provides generic guidelintended to promote uniformity of risk management across odesign and implementation of risk management plans and frto take into account the varying needs of a specific organizobjectives, context, structure, operations, processes, functiproducts, services or assets and specific practices employIt is intended that this International Standard be utilized to hmanagement processes in existing and future standards. Itapproach in support of standards dealing with specific risks

does not replace those standards.This International Standard is not intended for the purpose o

ISO 31010:2009 - Risk Assessment Techniques (12)

This International Standard is a supporting standard for ISOguidance on selection and application of systematic techniqassessment.Risk assessment carried out in accordance with this Internacontributes to other risk management activities.The application of a range of techniques is introduced, withto other International Standards, where the concept and aptechniques are described in greater detail.This International Standard is not intended for certification, rcontractual use.This International Standard does not provide specific criterineed for risk analysis, nor does it specify the type of risk anrequired for a particular application.


63 8/13/2014


15/63

This International Standard does not refer to all techniquestechnique does not mean it is not valid. The fact that a methparticular circumstance does not mean that the method shoapplied.

Approaches for Risk Management

Alternatives

Risk management can be very simple and straightforward butcomplex. For example, risk assessment of equipment can be doparagraph with a simple statement such as: The risk levelequipment does not have any impact on the quality of the finmore complex computer system used in pharmaceutical man

management may require an assessment of the criticality ofneed for testing if the function has a high impact on the system

Similarly the vendor risk can be justified and documented onvendor meets all criteria as required for low risk vendors. Thisthan five to ten minutes. On the other hand a full riskpharmaceutical development or manufacturing process can takecan fill one hundred pages or more. Whether the process asimple or complex it is always most important that it follows a fthat the outcome and conclusion are justified and documented.process as applicable to the (bio)pharmaceutical and devic

described in several official publications, for example ICH, GH10) and by private authors. All proposals for risk management irisk initiation, risk assessment and evaluation, risk mitigationcommunication and review. This chapter outlines the ICH Qrecommendations for estimating severity and probability.

The ICH Process

ICH Q9 is the most authentic document for risk

(bio)pharmaceutical industry. The guide describes quality rissystematic process from the assessment, control, communicrisks to the quality of the drug along the product life cycle. Theexample model for quality risk management but includes amodels are also possible. The example model is illustrated in Fi

Risk management projects can be proposed by anybodywhenever there is a need for such a project and the propproposal should describe any problem with background informatdata on potential hazards and harms.


63 8/13/2014


16/63

Figure 2: Risk Management Process According to ICH Q9

The project is reviewed, approved and supported by managemeidentifies a project owner who, with the help of affected dassembles a risk management project team. The team developproject plan with information on process steps, requiredeliverables and responsibilities. The plan should also include a

In the risk assessment phase the team identifies hazards andseverity and probability based on criteria as defined inManagement Master Plan.

Questions team members should ask are:

What might go wrong?What is the likelihood (probability) that it will go wrong?What are the consequences (severity) if something does g


63 8/13/2014


17/63

The outcome from this phase is a group of risk priority numbefrom severity and probability. Alternatively ICH permits a quathe terms, for example 'high', 'medium' or 'low'. The qualitativnumber can be compared with risk acceptance criteria as geRisk Management Master Plan or by management specificallyrisk number or corresponding qualitative description exceeds this reduced. After reduction the residual risk is evaluated againresulting risk is lower than the acceptable risk.The outcome of the risk management process is communicmakers and any others who might be affected by this procreviewed for existing and possible new hazards on an ongoingnew hazards may be identified or the defined level for proEverybody affected by the project is encouraged to actively mogive feedback for possible updates.

Criteria for Severity, Probability and Risk AcceptanceDefining a process and objective criteria for severity (S) ancriteria for risk acceptance is most important for riskinternational standards nor regulatory guidance documents remethod is used. Severity in general means: How big is theProbability means: What is the likelihood that a problem occurshazard the probability and severity factors are estimated and acategories. The number of categories is usually 3, 5 or 10 but cto or more than 10. ICH does not give any preference.management should give recommendations on how to decishould be used. The number can be fixed in the master plan fcan allow two or three options. For example, the final numbercould be dependent on the confidence of the estimates.

The first part of this chapter suggests a procedure to estimatand the overall risk of an identified hazard. The second part hon how to define objective criteria and a process for assigningand severity.

Procedure for Estimating Probability and Severity

The scales can be qualitative, quantitative or semi-quantitatithorough statistical or other reliable data available, the scalesqualitative. An example for a qualitative description of proba'medium' or 'low'. Equivalent semi-quantitative expressions w'once a day', 'once a week' or 'once a month'. Figure 3 showqualitative and semi-quantitative descriptions for severity aequivalent examples for probability.


63 8/13/2014


18/63

Qualitative Semi-Quantitative Qu

Very high FrequentLikely to happen

Every da

High Probable Every 3Medium Occasionally Every w

Low Can happen Every 3

Very low Improbable Every 2

Figure 3: Examples for Qualitative, Semi-Quantitative an

Categories for Probability

Qualitative Semi-Quantitativ

Very highCatastrophic

Death or permanent injuryLoss > $50 million

HighCritical

Injury for up to 1 monthLoss $10-50 million

MediumSerious

Temporary injury for 2 daysprofessional medical treatmLoss $2-10 million

LowMinor

Temporary injury for 2 daysprofessional medical treatmLoss $500 thousand / $2 m

Very lowNegligible

Temporary discomfort for 2Loss < $500 thousand


63 8/13/2014


19/63

Figure 4: Examples for Qualitative and Semi-QuantitativeSeverity

Probability of detection has also been suggested as a riskoption but it is not a must. One can argue that severity faprobability of detection is low. It should be considered under

decide whether the risk could be included or not.It is most important to make the risk analysis and evaluatpossible. A frequent mistake is that individual members tend thigh risk. One way to ensure objectivity across an orgassessment criteria and examples for severity from the corporaMaster Plan. The probability data should be derived from availthe same or similar systems or processes. If such data are nmost unfavorable situation should be used for the initial risk ass

Documentation of the severity factors should include a scient

all the risks have been discussed and rated, the team reviecomparison. Adjustments should be made for RPNs that are coorder.

Graphical Determination of the Overall Risk

After values for severity and probability have been assignedetermined. This can be done graphically as shown in Figure 5medium and high are drawn as columns and probability as rowslow risk, in yellow medium risk and cells in red are defined as hi


63 8/13/2014


20/63

Figure 5: Graphical Determination of Risk

The equivalent graph including detectability is shown in Figure 6Figure 5 is drawn using detectability as columns starting with hi


63 8/13/2014


21/63

Figure 6: Graphical Determination of Risk including Detectability

Determination of the Overall Risk with Risk Priority Numbers

Levels for severity as described before can be converted to n'low' becomes a 1, 'medium' a 2 and 'high' a 3. This is espeassigning the risk for routine applications for the determination

Risk priority numbers (RPNs) are calculated from severity ausing the formula:

RPN = Severity (S) x Probability (P)

Risk (RPN) is expressed as the multiplication of severity with oc

RPN = S x O.

In the example in Figure 5 the RPN can go from 1 in the left lowupper cell. RPNs from 1 to 2 are equivalent to low, 3 to 5 are mhigh risk.

This procedure is much more flexible than the graphical determfor specific situations weight factors can be added to probabilthis case the formula could look like:

RPN = 2S x P

This means the impact is double weighted compared to probabil

Another advantage of using numerical values is that multiple ris


63 8/13/2014


22/63

combined. For example, non-patient related business risk capatient risk using the formula:

RPN = S x (P (Business) + S x P (Patient)

Again weight factors can be added, for example, if the patientbe more important than non-patient related business risks.

This procedure also easily allows using detectability as a con

overall risk. But first, categories for the detectability have tcategories have to be converted to numbers. The resulting form

RPN = S x P x 1/D

Working with calculated numbers is very easy but unless thereabout the meaning they don't tell us anything about the abscause problems when values for severity, probability and detassigned. Therefore, a good practice is using qualitative or quaduring initial ranking and then allocating numbers to the descripti

Estimating Severity of Potential Harms

There are several factors that contribute to the severity of p(bio)pharmaceutical and device industry. The final ranking is dfactors. ICH Q9 recommends using patient safety as the mainthe decision on estimating levels on a scientific judgment.

Factors contributing to severity typically include:

Impact on Product Quality

The question here is if the potential harm has a direct impa

which means that any failure cannot be corrected before a nproduct is approved for marketing or before a batch is releasecase the probability of detecting the problem is low or zeranalysis system used in a quality control laboratory where anaas criteria whether to release a batch or not.

Impact on People's Health and Safety

Poor product quality as discussed in the previous paragraph onrole if the poor quality can have an adverse impact on consumeinto health effects for patients. An example for high severity iquality can cause sickness that requires treatment in a hospital.

Impact on Business Continuity

This is related to a company's ability to timely market a new prthe system and process uptime for continuous shipment of prothe level comes from the question: How big is the loss in $product approval or shipment stoppages?

Impact on Compliance


63 8/13/2014


23/63

This is related to the risk of failing regulatory inspections anmultiple warning letters or inspectional observation reports. Cshipment stops, substantial amounts of reengineering to fix proto implement corrective actions.

There are other indirect factors like claims by end-users, prproduct recalls and a company's reputation, e.g., if problems w

compliance become public.

Estimating Probability of Potential Harms

Probability should answer the question: What is the likelihohazard occurs? Probability should be expressed in occurrencsource for reliable probability data is experience with the samesystem. One important point is that we should look at thecomplete sequence from the occurrence of the hazard throughthe harm. A specific hazard may not always cause harm.

The probability should be estimated by subject matter experts.data are:

Historical data from using the same process or system.Historical data from using a similar process or system.For equipment and systems: Information from the vendor, foestimates, costs for guaranteed uptime and extended warraInitial production data.

Sources can be used individually or jointly. Preferably multiplused to increase the confidence level.Estimates are very difficult to make when no historical dataworkaround you can ask if within the same company eithersites adequate data are available. Even if the information canyou can look at similarities and differences and add uncertaintie

Most critical is the situation for new systems. In this casesupplier can be used to judge what could possibly go wrong. Hhaving a very good relationship based on trust with the supplier.

If no data are available the probability level should be baseestimates.

Risk Threshold

The risk threshold is a measure on how much risk a company expressed on a scale of very low risk tolerance to very highrisk threshold means a company is not willing to take a riskmeans the company is willing to accept a lot of risk. The Rproject team for each risk management process and shomanagement. For example, when looking at computer syste


63 8/13/2014


24/63

threshold is higher for a system used in early product develosame system is used in manufacturing control. Similarly promanufacturing can take higher risk factors than processes for mbecause of additional quality control of finished drugs that canproblems of APIs. Recommendations on how to apply the RTbe documented in the Risk Management Master Plan.

Figure 7: Risk Priority Number vs. Risk Threshold

The relationship between the RPN and the RT is shown on twoOn a scale of 0 to 10 the risk factor is determined as approximthis RPN is higher than the RT (approximately 3) which meansto below 3. In Example 2 the RPN is lower than the RT, so iprocedure requires that the RPN and RT numbers should bethe same range.

Tools and Methodologies for Risk Managemen

Tools are important to make the entire risk management pconsistent. They can be as simple as templates in Microsoft Wbe filled out by risk management team members and other ihazards and harms and to justify and document risk priority nusteps. Tools can also include software to guide risk manag


63 8/13/2014


25/63

through the full risk assessment process. The most well-establrisk assessment are: Failure Mode Effect Analysis (FMEA),(FTA), Preliminary Risk Analysis (PRA), Hazard, Hazard(HAZOP) and Hazard Analysis and Critical Control Points (HACbe categorized into deductive and inductive tools. Inductive tequestion: What if something bad happens? Deductive techniquproblem and answer the question: What caused it to happen

inductive tool is FMEA and an example for a deductive tool is FWhile these formal tools often proved to be efficient and reliaband risk control of specific projects, a systematic use of thesareas with requirement for risk assessment would generallyexisting resources. ICH Q9 also has a comment about usinalways appropriate nor always necessary to use a formal risk(using recognized tools and/or internal procedures e.g.,procedures). The use of informal risk management processes and/or internal procedures) can also be considered acceptabl

more empirical tools have been used there is a tendency noestablished formal tools.

All tools, whether they are simple or complex have one disadvreplace subject expert knowledge! The output is only as gooimportant is that inputs should not only come from single indivirisk management team that has all the required knowledge and

This chapter will describe some of the most frequently used todescribes examples of informal tools that are mainly used to dThey include tables, templates, forms and examples and alsoMaster Plan, internal procedures, a risk database and softwarepart of the chapter we describe and move on to morwell-established methodologies. Figure 8 lists some of tmethodologies with advantages and limitations.

FTAFMEA /FMECA

HACC

Principle Graphical,deductive,structured tool.

Structuredinductive tool,can bequalitative andquantitative.

Prevent knhazards toreduce risspecific C

Advantages Visual faulttree diagramswithstandardizedsymbols to

Very universaland scalable,e.g., for highlevel anddetailed risk

Full riskmanagemeprocess.

Specific a


63 8/13/2014


26/63

show thepathway frombasic eventsto theundesiredevent.

assessment. flexible.

Focus onprevention

Record

keepinganswersproduct liaand compliquestions.

Limitations Can quicklybecome verycomplexbecause it

looks at onefailure at atime.

Tool does notconsideroperationalissues or

operatorperformance.

Does not showinteractionbetweenevents.

Requiresdetailedinformationthe produc

process.

Tool Graphics withstandardizedsymbols.

Dedicatedsoftwarerecommended.

Tables. Detailedprocessdiagrams.

Tables.

MainApplicationand Use

Used to definea particularundesiredevent andidentify itscauses (basicevents).

For potentialproblems withseriousimpact.

Universal use,e.g., medicaldevice,hospitals.

Used toidentify knownand potentialfailure modesand impact onprocesses,facilities andequipment.

Food andchemicalindustry.

Adapted fopharmaceuindustry byWHO.

Covers fulproduct ch


63 8/13/2014


27/63

Used duringdesign andoperation.

Figure 8: Formal Risk Management Methodologies

Informal Tools

Informal tools are simple and easy to use. They are recommthat are not so complex and if there is not much experiencewithin a company. They are useful to make all risk assessmprocesses consistent and effective. They are also quitepreliminary documentation which is used when making the dec

moving a risk management project forward to a more detailed riestablished methodologies.

The Importance of a Generic Risk Management Master Plan

One of the biggest challenges in risk management is to make awhich means make it independent from subjective opinions oflook at risk from just one angle. Legislation does not give any sproblem and different risk methods as well as private authors gto the problem.

For example, recommended numbers for probability range fromand severity can vary from 1 to 3, 5 or 10. Some methods inc"discovery probability" in the formula and there is even inconsisused for calculation. The subjectivity problem has also been brEach stakeholder might perceive different potential harmsprobability on each harm occurring and attribute different severi

However, while it may be very difficult to get a common undeindustry on the formal process and criteria to assess a risk, itget this understanding within a company. The outcome of the s

process should be consistent within a company, no matter who Master plans in general are excellent tools to get a commspecific topics. For example, validation master plans arefrequently used to ensure consistency and effectiveness of valManagement Master Pans with specific examples are even mensure objectivity for criteria such as severity and probabiManagement Master Plan provides a framework and practicesof processes and equipment. It also ensures that risk assesscarried out efficiently and consistently throughout the orga


63 8/13/2014


28/63

meeting regulatory, customer, quality and business requiremeensure that the company's risk management procedures are bthat they are understood and followed throughout the organizati

The risk management document is the first and most importantbe available when starting individual risk management processindividual Risk Management Project Plans and is the referencemanagement projects, no matter which risk management metho

This master plan describes:

The company's risk management policy.The links between the company's organizational objectivesrisk management policy.Relationship of the risk management plans with other documaster plans or quality manual.The approach to the company's risk management process.Members of risk management teams (by function).

Responsibilities of the project leader and team members.Products and processes that should be covered by risk manContents of individual Risk Management Project Plan.Detailed steps for risk management.How the likelihood is defined.How to identify risk levels.Factors contributing to high and low severity.Definition and determination of RPNs with examples.Criteria and examples for acceptable risk thresholds.

How to make a high-level risk assessment.Communication of project status and outcome of risk managFrequency and procedures for ongoing review.

The Risk Management Master Plan should be developed by aat the highest level possible. Preferably the corporate QA deparproject and also ensure that the concepts are implemented formanagement projects.

Procedures

Step-by-step procedures should be developed for initiatinupdating individual application-specific risk management prorisk-based supplier assessment, risk-based computer syrisk-based testing of starting materials for drug manufacturing.of such procedures should be controlled by corporate qualityconsistent use throughout the organization.


63 8/13/2014


29/63

Templates and Forms

Templates and forms with examples and process flow charts artools to improve consistency and efficiency for risk identificcontrol. They can be part of SOPs or the Risk Management Mabe individual documents. Examples are specifically importan

ranking risk elements such as probability, detectability and seve

Examples and Case Studies

As organizations gain experience with risk management projeprojects have been executed, a library with representativedeveloped. The examples help risk management project manidentify, evaluate and control risks. The library should includeexamples. Each example should include recommendations onsimilar projects.

Checklists

Checklists are lists of hazards, possible harms and contrdeveloped from experience either as a result of previous assesa result of past failures or from daily product or process supporhelp desk can generate such a list for various computer sychecklists is not to forget common important hazards and contro

Risk Database

A corporate database with examples for risk hazards and harhelps to facilitate the collection and maintenance of risk data.numbers for severity and probability and mitigation steps alsassessment within a company. While initially there may be no oa database will provide increased value over time when datawith data from more risk management projects.

Software for Risk Assessment and Risk Mana

To be added later

Failure Modes, Effects and Criticality Analysis (FMECA)

Failure Modes and Effects Analysis (FMEA) evaluates a


63 8/13/2014


30/63

strengths and weaknesses, for potential problem areas, risksprevents failures before they occur. FMECA adds evaluatincluding severity, occurrence and detectability and tries to ans

How can a product or process fail?What is the likelihood that it fails and if so, what is the likeliwill be detected? and,

What will be the effect on the rest of the process or systeand is not detected such that it can be corrected?

FMEA has the highest impact and should be performed during dof a product or process when failures are less expensive topowerful tool to improve product reliability and reduce desigmanufacturing costs. FMEA is a bottom up approach to failurebe used to evaluate failures that can occur when designing or when designing, developing or operating equipment. FMEAmanufacture a trouble-free product. Identified failures in a pro

corrected before they occur to ensure trouble-free functioning a

Applications

FMEA and FMECA are the most generic risk management methapplied to a large variety of applications.

For example, they can be used during design and manufacturingas to set up and optimize qualification and maintenance plans fdesign FMEA can help to select the best design alternative an

of procedures and processes. Both methodologies are also uscreening method for complex risk management before the projto more time-consuming methodologies.

Advantages and Limitations

FMEA and FMECA have many advantages. They include:

Wide applicability from design to manufacturing, servicing amechanical and electronic equipment.Identifies failure modes, their causes and effects on the syIdeal for simple to medium complex systems.

Limitations include:

Optimized for single individual failure modes, but they don'tcombinations of failure modes.Can be time-consuming for complex systems.


63 8/13/2014


31/63

Assessment Process

FMEA and FMECA require a very good knowledge of the proassessment process is the same as described in Figure 10.

Select a team and team leader. All team members must be s

experts.

1.

Select the FMECA form from the company's Risk Managemnot available, create one.

2.

Train team members on the process and on criteria for rankoccurrence and impact of failure when it occurs.

3.

Make the team members familiar with the design of the prodensure that all team members have the same understandingdistributing product and process documentation supported b

4.

Set up one or more brainstorming meetings. Multiple sessiofor complex product/process designs. Individual sessions c

of the entire product/process.

5.

Brainstorm the product or process design for possible failuroutcome on a flipchart.

6.

Sort all suggested failures by categories.7.Combine or remove similar or duplicate entries.8.Document potential effects on the system, subsequent oper(e.g., patient).

9.

Assign rating factors for each identified severity, occurrencDefinition and scale of rating factors should be taken from t

Management Master Plan not only to ensure objectivity andproject team but also with other risk management projects. Jreference to the plan. For occurrence, historical data from tprojects can be used.

10.

For each identified effect list all possible causes of failuresand with all uncertainties.

11.

Calculate the risk priority number using the formula from theMaster Plan. The RPN is a measure for the overall risk assproject.

12.

Take actions to reduce potential critical risks.13. Assign owners, a schedule and deliverables for the actions.14.After the action has been implemented make a new rating fooccurrence and detection and calculate the RPN.

15.

In the brainstorming meeting the risk management team ifailures. Most important for new products and processes isengineers who have designed the product or process even thouin admitting that failures may occur. For products that have b


63 8/13/2014


32/63

time the user of the products and support engineers are excecan not only provide good information on which failures may ocpredict the likelihood of occurrence and the severity of a failure.

The overall risk number is calculated from the probability adecision is made on which potential failures require risk reductiactions could be redesign of products or processes such that eoccurrence or severity factors are reduced such that the overais also reduced.

Fault Tree Analysis (FTA)

Fault Tree Analysis is a deductive tool that assumes a failure ofproduct or process. It can be used as a qualitative and quantitais used to define a particular event and identify its causes. Rvisualized in a tree of fault modes and this is where the nadiagrams can be used to identify the pathways from the

undesired events. The methodology is particularly useful to exequipment, facilities and operational conditions.

FTA identifies the potential root cause(s) ('basic events') of thhypothetical event. Problems can be caused by design and enalso by human factors. When it is unlikely that the root causesingle-base events, 'cut sets' of all scenarios can be definedtop event.

Advantages and Limitations

FTA has advantages and limitations.

Advantages are:

Highly systematic but also flexible.The 'top-down' approach focuses attention on the failure effdirectly related to the top event.Useful for analyzing systems with many interfaces.Pictorial representation helps to easily understand the syst

Limitations are:Uncertainties in the probability of the base events are inclucalculations of the probability of the top event.The static model does not address time interdependencies.Fault trees can only deal with binary states (failed/not failed

Steps for FTA Analysis


63 8/13/2014


33/63

Steps for FTA analysis include:

1. Form a Team and Determine a Team Leader

Team members should be experts in the application, and eitherexperience in FTA methodology or get trained; with emphasisstandardized symbols used in a flow chart.

2. Definition of a Problem and Justification of the ProjectDefine the event or describe what it is that should be prevamount of work for a complex FTA analysis can be significant, tthe project should be well justified. The definition should alsoscope and boundaries of the project. Most important is to cevent and to keep it in line with the project scope.

3. Construction of the Fault Tree

After team members have acquired all the information aboutpossible root causes that could lead to the unwanted event.

are linked through "intermediate" events to the top event inconnection between top and basic events defined logical pathA basic event can cause the unlikely event (top event) on its owith others (cut sets).

4. Evaluate the Fault Tree

This step prioritizes basic events based on probability data. Thais only useful if such data are available.

5. Prepare a Report

The report should include a description and scope of thdescription, all relevant process flow diagrams, fault tree anaFTA flow chart. It should also include a conclusion of the anoriginal question.

Hazard Analysis and Critical Control Points (HACCP)

The Hazard Analysis and Critical Control Points (HACCP) metfood management system. The objective is to ensure food safe

and preventing known hazards and risks as they may occur atfood chain. As such it is a systematic method for identificatcontrol of safety hazards. The methodology is not limited to thas also been suggested for the pharmaceutical, chemical, aviaIn the scope of this methodology hazards are defined as biphysical agents or operations that are likely to cause illncontrolled. The purpose of HACCP in the pharmaceutical manufensure products with quality as specified that are efficient andand HACCP are not contradictory but rather complementary. Im


63 8/13/2014


34/63

Manufacturing Practices is facilitated through HACCP methodoenvironment with well-structured procedures facilitates impleme

HACCP Principles and Methodology

HACCP principles and methodology are very well standarditraining and applying the HACCP system. The system address

material production, procurement and handling, to manufactuconsumption of the finished product. HACCP principles were deAdvisory Committee on Microbiological Criteria for Foods (NAdocument was reviewed and updated by the Committee in 199HACCP was defined as a "systematic approach to evaluatefood safety hazards". The HACCP system is based on seven pr

Conduct a hazard analysis.1.Determine critical control points (CCPs).2.Establish critical limits for each CCP.3.

Establish a monitoring system for the CCPs.4.Establish corrective actions when the CCP is not under con5.Establish verification procedure to confirm HACCP is workin6.Establish documentation concerning all procedures and recprinciples and their application.

7.

Figures 9 show a flow diagram with steps for implementation ofSome preparation work is needed before the hazard identificatio

Preliminary Task

1. Develop a HACCP Plan

After the project has been initiated by management and aftdefined a project leader a preliminary plan is drafted by the prbe product or process specific to address specific situationsshould also be in line and derived from a company's generMaster Plan or HACCP Master Plan to ensure efficiency and cothe company. The plan should include:

The scope of the project,steps, tasks,deliverables,responsibilities anda time line.

2. Assemble a HACCP Process Team and Define a Team Le

Team members should include subject matter experts with sp


63 8/13/2014


35/63

expertise in pharmaceutical engineering. Preferably team memall affected disciplines, e.g.

Research,development,production,sanitation,

engineering,maintenance,quality control,laboratories,quality engineering andmembers of other disciplines directly involved in the plan's d

The team should also include local personnel who are familiarlimitations of the operation. Team members should either h

experience in HACCP methodology and product safety hatraining. One of the first tasks of the team is to finalize the HAC

3. Describe the Product or Process and Develop a Flow DiaProcess

The description should include the intended use and end usersdistribution method. The intended users of a food or drug produpublic or a particular segment of the population, e.g. infants anproduct description should include a list of specifications e.g., pproperties.

A flow diagram should be developed with the purpose of provoutline of the steps in the process which are under the controlIt should include all process steps such as mixing, drying, cleanpackaging, labeling, storing and distribution.

4. Verify the Flow Diagram Onsite

This step compares in a walk-through, the actual operationprocess documentation, such as product description and flowobjectivity the verification should not be done by the samedeveloped the flow diagram. Deviations should be corrected indocumented.

Implementing HACCP Principles

After the preparation has been done, the seven HACCP ppreviously are implemented. Steps include:

1. Identify all Potential Hazards

All potential hazards and associated control measures, if availa


63 8/13/2014


36/63

documented for each operational step from receipt of rawrelease and distribution of the finished product.

2. Conduct a Hazard Analysis

The purpose of the hazard analysis is to develop a list of hazarsignificance that they are reasonably likely to cause injury or illcontrolled. Hazards that are not reasonably likely to occur wou

consideration. Potential hazards include:Biological,chemical andphysical compounds.

The analysis is done by the HACCP team in a brainstorminidentification followed by a workshop on hazard evaluation.

The process of conducting a hazard analysis involves two stepsThe first step, hazard identification, lists all potential hazards.the brainstorming session. The team develops a list of potentiaor physical hazards.

After the list of potential hazards is assembled, step two theconducted. In a workshop the HACCP team decides which poteaddressed in the HACCP plan. During this stage each potentiabased on the severity of the potential hazard and its likoccurrence factor also takes into account control measures thato reduce the probability of occurrence.

The outcome of this exercise is to decide which identifiedenough that they are defined as critical control points (CCPs)then implemented to reduce the risk to an acceptable level. Ifthat need to be controlled there is no need to establish criticproject moves directly to establishing monitoring procedures.

3. Determine Critical Control Points

Once the critical hazards are identified the team identifiesreduction or elimination of each critical hazard. Areas that shoul

Material,equipment malfunction,failures of sensors,human errors,power failures andexternal impacts such as natural forces, e.g., lightning or wi

Control steps are identified for all critical hazards where no co


63 8/13/2014


37/63

Complete and accurate identification of CCPs is fundamental tThe information developed during the hazard analysis is essteam in identifying which steps in the process are CCPs. Onethe identification of each CCP is the use of a CCP decision treexample of such a decision tree with three questions to answer.

Important questions to ask are:

Does this step involve a hazard of sufficient risk and severitcontrol?Does a control point for the hazard exist?Is control at this step necessary to prevent, eliminate or redhazard to consumers?

If all questions are answered with yes, a critical control is defin

Figure 9: Decision Tree to Identify Critical Control Points (From

4. Establish Critical Limits for Each Control Point

Critical limits should be established for each control point.maximum and/or minimum value to which a biological, cparameter must be controlled at a CCP to prevent, elimin


63 8/13/2014


38/63

acceptable level, the occurrence of a food safety hazard.based on:

Temperature,time,humidity,salt concentration,

viscosity,pH orsensory parameters.

The limits should be scientifically justified.

Before the project moves to the next step, the remaining risCCPs and critical control is evaluated and the team repeats the

5. Establish a Monitoring Procedure

Monitoring is a planned sequence of observations or measwhether a CCP is under control and to produce an accurate reverification. The monitoring system must be able to detect lossIt should be either continuous or done at a sufficient frequencyavailable in time to ensure that corrections are possible beforeavoid violation of limits as much as possible, tighter control limwhere corrective actions are initiated before the critical limit isand documents associated with CCP monitoring should beinitiated by the person doing the monitoring. Examples ofinclude:

Visual observations andmeasurement of temperature, time, pH and moisture level.

6. Establish Corrective Actions

For each observed limit violation a corrective action shouldmatter experts should determine the root cause for the vcorrective actions. Corrective actions should include the followi

Determine and correct the cause of non-compliance.

Determine the disposition of a non-compliant product.Record the corrective actions that have been taken.

Specific corrective actions should be developed in advanceincluded in the HACCP plan. As a minimum, the HACCP plan sh

What is done when a deviation occurs,who is responsible for implementing the corrective actions,that a record will be developed and maintained of the action


63 8/13/2014


39/63

The corrective action should be extended to similar CCPs to aof limits. The action plan should be verified for efficiency.

7. Establish Verification Procedures

Verification is defined as those activities, other than monitorinvalidity of the HACCP plan and ensure that the system is operplan. Another important aspect of verification is the initial vali

plan to determine:That the plan is scientifically and technically sound.That all hazards have been identified and that the HACCP pimplemented.That these hazards will be effectively controlled.

Verification procedures should be implemented to determinesystem is working effectively or not. Examples for verificatreview of the HACCP plan for completeness, CCP monitoring

and corrections, validation of critical limits to confirm that tcontrol significant hazards and confirmation that CCPs areVerification should be conducted, e.g., routinely or on an unconfirm that changes have been implemented correctly after tbeen modified and to assess whether a HACCP plan shouldchange in the process equipment. Verification records can inclHACCP plan and the person(s) responsible for administeriHACCP plan, certification that monitoring equipment is propeworking order and training and knowledge of individuals respoCCPs.

8. Document and Communicate all Activities

Accurate documentation and communication is essential forHACCP project. Documentation should be developed accordinthe project and not just at the end. Important steps shouldeverybody who is affected by the project throughout the develoof the project.

Records should be retained to document that the HACCconducted according to documented HACCP requirements. The

demonstrate compliance in case of any product liability issuretained in any format, e.g., paper and electronic versions.that should be retained include:

A summary of the hazard analysis, including the rationale foand control measures.The HACCP plan.Training records of the key project leader and HACCP teamRecords generated during the operation of the plan.


63 8/13/2014


40/63

Hazard and Operability Studies (HAZOPs)

HAZOP examines a planned or existing product, process, proidentifies risks to people, equipment and environment. HAZOPfor risk mitigation. The HAZOP team identifies failure modes ofand possible causes and consequences similar to FMEA. Widentifying failure modes, HAZOP considers unwanted outcomeintended outcomes and works back to possible causes.

Characteristic for a HAZOP process is the use of guide wordsMore, Less, Part of and Compatible".

HAZOP was initially developed to analyze chemical procesextended to other complex mechanical, electronic and softwareundertaken during the design stage of software and hardware d

Steps of HAZOPs include:

Appointment of project leader and project team. The team spersonnel not directly involved in the design of the project o

1.

Definition of objectives.2.Establishing a set of guide words.3.Collection of the required documentation.4.Splitting the system or process into smaller pieces and subsreviewing the relevant documentation.

5.

Defining and recording deviations, possible causes, actionsidentified problem and person(s) responsible for the correct

6.

Evaluating the remaining risk for deviations that cannot be a7.

Preliminary Hazard Analysis (PHA) andPreliminary Risk Analysis (PRA)

Preliminary Hazard Analysis (PHA) is a qualitative, inductive tSometimes PRA and PHA are interchangeably used wherevaluation of impact and probability. PRA/PHA are baseexperience or knowledge of hazards to identify future hazards

useful to identify and reduce risks early in a new or changed prof this chapter we also mean PHA when we talk about PRA.

Steps of a PRA methodology include:

1. Form a Project Team

As the success of the method relies on experience with histormembers should include subject matter experts with experiencesuch information is not available external consultants shouldleader should have experience in FTA projects.


63 8/13/2014


41/63

2. Create a Project Plan

The plan is created by the team under the supervision of the tebackground information on why the project has been initiateapproach the risk project will follow as well as the scope, respdeliverables. A schedule is also included. The plan follows the rRisk Management Master Plan. The plan also describes the

which activities will be analyzed.3. Describe the Situation

The situation is described by the teams technical subject matteinformation is collected and distributed to other team members hazard identification step. The package also includes a proposaproject will be covered by the PRA methodology. Furtherpackage also includes forms and recommendations on howpreparation for the hazard identification meeting. For completraining should be organized to ensure that the process is we

that the team members can give meaningful inputs.4. Identify Hazards

Hazards are best identified in a brainstorming meeting. All sughazards are collected and documented. The suggested hazacategories, for example, product characteristics, processingphases, such as start-up or normal operation. When all potentiidentified and categorized they are reviewed and comparedteam leader will put all suggested potential hazards up for discdecides to leave them or remove them from the list. This sh

credible failures are retained. An important criterion on whetherthe list or not is if there are currently controls in place to reduchazards without sufficient control will stay on the list.

5. Estimate the Probability of Occurrence and Severity

The final risk is estimated through looking at the probability oseverity of identified hazards. For probability and severity aalready in place are considered. Results are either expresshigh, medium and low or through more specific descriptionsufficient data are available.

6. Prioritize Risks for Control

For hazards exceeding the acceptable risk thresholds the teareduce the risk. The residual risks are evaluated again usingbefore.

7. Prepare a Report

The report should include a description of the process, thescope, the methodology and the identified hazards with justi


63 8/13/2014


42/63

should also include the result of risk assessment with justificcontrols put in place for hazards with too high risks.

Steps for Effective Risk Management

Previous chapters of this tutorial gave an overview on regulatalso described the ICH Q9 process for risk management. In aand methodologies have been presented on how to implementrisk management for various situations. While most tools havelimitations this chapter describes a generic approach and recrisk management. The overall process and individual steps arewith more details on each step following in this chapter.

Figure 10: Risk Management Process and Steps

The process is initiated by management based on inputs fromManagement also appoints a project leader who drafts a preThe project leader assembles a project team that finalizes the p

In the risk analysis step team members suggest, sort, combineand harms. Team members then determine the risk using severi


63 8/13/2014


43/63

optional detectability as criteria. If the risk is below the acproject goes into the monitoring phase or is discontinued. Tprocess for some time to verify that the risk level was correctlycheck if new hazards arise.

If the risk is higher than the acceptance criteria a risk mitigatioimplemented. The residual risk is determined using the same pas for the first evaluation.

The outcome of the risk assessment and managementcommunicated during and at the end of the process.

Step 1: Project Preparation and Planning

The risk management process requires detailed preparation anincludes project initiation and identification of a project manager

Project Initiation

A risk management project can be proposed by anybody. Thforwarded to functional managers who review it and thenmanagement. The proposal should include:

Description of the potential risk management project.Definition of potential problems with some examples for hazBackground information.Benefits of the proposed project.List of departments that should be part of the project.

Identification of the Project Manager and Team

Once the decision is made to initiate a risk managementidentifies a project leader. Selection criteria for the project owne

Experienced in risk management.Project management skills.Excellent communication skills.Knowledge of the organization, system, process or applicatiAbility to manage people without direct reporting.

Tasks of the project owner include:

With the help of functional managers selects a risk manageManages the entire process.Ensures necessary resources.Organizes and chairs team meetings.


63 8/13/2014


44/63

Drafts the risk management project plan.Represents the team in management meetings.Communicates the status and outcome of the project to ma

One of the first tasks of the project leader is to recruit a teinclude members from all affected areas and groups.

Examples are:Affected operations (product development, manufacturing).Project management.Information Services (IS).Quality Assurance (QA).Legal department.Quality Control (QC).Plant safety, maintenance and engineering.Regulatory affairs.Sales and marketing.Accounting.Suppliers (optional).

Team members should be subject matter experts with at leasexperience in the related subject. General responsibilities of tteam are defined for each function in the Risk Management Mas

Define Team ResponsibilitiesRisk management involves several departments, functionsrequires good organization. For example, tasks and responsidefined for everybody. The Risk Management Master Planguideline where the master plan allocates responsibilities onlynot to individual persons. For a specific project, responsibilitieindividuals by name in addition to functions.

Management

Provides evidence of their commitment to the risk managemProvides necessary resources.Defines and documents the policy for determining criteria foApproves the Risk Management Master Plan.

System User Departments

Contribute to development and maintenance of Risk ManagCreate and maintain equipment inventory.


63 8/13/2014


45/63

Give inputs on potential hazards with estimation on severityinitial RM.Monitor efficiency of ongoing RM and give inputs on new ha

Plant Safety/Maintenance/Engineering

Advises the facility/laboratory on possible hazards and har

environment and staff safety.

Information Services (IS)

Advises the facility on possible hazards and harms related tParticipates in risk assessment and mitigation.Reviews Risk Management Project Plans related to networ

Risk Management Team

Develops and maintains the Risk Management Project PlanProvides expertise to develop and implement RM for procesduring development and during initial and ongoing use.Responsible for risk assessment and the final decision on ifrisks.

Quality Assurance (QA)

Provides quality assurance expertise in the creation of the r

plans.Monitors regulatory requirements and develops and updatesfor RM.Develops and coordinates a training program on RM.

Validation Team

Gives inputs for risk analysis and participates in risk assesReviews and approves individual Risk Management Projectdeliverables.

Consultants

Some of the activities can be outsourced to consultants, e.classification of risks.

Vendors

Inform users on potential risks arising from known software


63 8/13/2014


46/63

workaround solutions.

All

Get trained on risk assessment and management.Provide inputs on hazards and possible harms for new andmanagement projects.

Create a Risk Management Project Plan

Using the company's Risk Management Master Plan as a sproject leader with the help of the team creates the Risk ManaWhile the Risk Management Master Plan (RMMP) is a framewall projects, individual projects should be covered by the RiskPlan (RMPP). The relationship between both these plans is sho

Figure 11: Risk Management Master Plan and Risk Managemen

The project plan outlines how risk assessment is conducprocedures the project team will implement and who is doing wtime schedule and defines deliverables for each step. The


63 8/13/2014


47/63

proposals for risk thresholds. The project leader presents theManagement reviews the plan and discusses the suggesthresholds with the team in a meeting.

This is the most important step in the entire project. The accwill determine the costs for reducing the risk but also assocproblems that can arise if risks are not reduced. Functiaccounting, QA and operations should indicate priorities focompany can take. Most likely different functions will have diexample, when looking at the graph in Figure 1x QA tends mside of the graph with 100% quality, whereas finance most likproject cost which is only possible if a trade-off is made betwee

The Risk Management Project Plan should include chapters on:

Purpose

The purpose should be specific to the system and should in

description.

Scope

The scope defines what is and what is not covered by the pdocuments constraints and limitations.

Responsibilities

This section describes responsibilities of corporate manage

manager and staff, IT managers and staff and the risk manathe master plan the project plan lists responsible people byrather than by function only.

Approach

Describes the approach taken for managing the risk.

Risk Identification

Describes how risks, hazards and potential harms are identdocumented. Includes tables with risks, hazards, harms andmitigation.

Risk Evaluation

Describes how risks are evaluated, categorized, prioritizedincludes matrices with risks, categories for probability and scodes.


63 8/13/2014


48/63

Risk Threshold

Documents risk threshold values for the project.

Risk Mitigatio