2. Introduction
Risk
“Probable rate of occurrence of a hazard
causing harm, and the degree of severity of the
harm”
Hazard
“A source of potential harm”
3. Introduction
ICH Q9 step 4
• Risk Analysis
– “Investigation of available information to identify hazards
and estimate risks”
– “Risk analysis is the estimation of the risk associated with
the identified hazards. It is qualitative or quantitative
process of linking the likelihood of occurrence and
severity of harms. In some risk management tools, the
ability to detect the harm (detectability) also factors in
estimation or risk.”
4. Introduction
Quality Risk management
“It is a systematic process for the assessment,
control, communication and review of risk to
the quality of the medicinal product across the
product lifecycle”
5. Introduction
Purpose of “Risk Analysis”
– To identifying, documenting and
quantifying potential risk to product due to
any activity, process, testing or change and
to determine appropriate measures, with the
objective of eliminating or reducing the risk
to patient.
6. Introduction
Benefits through “Risk Analysis”
– Identification of critical parameter
– Improvement in product quality & safety
– To find out the risk of any change in activity, process, testing or
change.
– Reduction in validation cost
– Establishes a systematic, well-informed and thorough method of
decision making which leads to greater transparency and
predictability
– Increased knowledge of exposure to risk
– Fosters quality by design, continuous improvement and new
technology introduction, which generally leads to enhanced
product quality
7. Introduction
Scope of “Risk Analysis”
• Risk analysis is conducted for various activity
related to manufacturing, testing, handling, and
distribution of intermediate, drug substance and
drug product.
• Risk analysis aspects include development,
manufacturing, distribution, and the inspection
and submission/review processes throughout the
lifecycle of drug substances, drug product,
biological and biotechnological products.
8. Introduction
Principles for “Risk Analysis”
• “The evaluation of the risk to quality should be
based on scientific knowledge and ultimately link
back to the protection of the patient”
• The level of effort, formality, and documentation
of the quality risk management process should be
commensurate with the level of risk.”
9. ICH Q9’s Sample Process for “Risk Analysis”
Initiate
Risk Management Process
Risk Assessment
Risk Analysis
Risk Management tools & statistic toolbar
Risk Evaluation
(Resources, Interfaces & Line functions)
Risk Control
Risk Mitigation
(incl. elimination and avoidance)
[Severity]
Risk Reduction
[Probability]
Risk Acceptance
Risk Communication
Output / Results of the Review
Risk Management Process (e.g. Inspections/Audits, Complaints)
No additional risk
10. Step – 1 [Risk Assessment]
• Risk assessment consist of;
– The identification of Hazard
– Analysis of risk
– Evaluation of risk
• Quality Risk assessment begin with Risk question
– What might go wrong ? (Carry out Risk analysis)
– What is the probability it will go wrong? (Determine probability)
– What are the consequences (Determine severity)
11. Risk Identification
• Risk identification addresses the “what might
go wrong?” question, including identifying the
possible consequences.
12. Risk analysis
• Risk analysis is a systematic use of information to
identify specific sources of harm (hazards) and to
estimate the risk.
• Risk analysis is the estimation of the risk associated
with the identified hazards. It is the qualitative or
quantitative process of linking the likelihood of
occurrence and severity of harms. In some risk
management tools, the ability to detect the harm also
factors in the estimation of risk.
13. Risk evaluation
• Risk evaluation compares the estimated risk
against given risk criteria using a quantitative
or qualitative scale to determine the
significance of the risk.
14. Step-2 [Risk control]
Risk control describes the actions of implementing risk
management decisions.
– What can be done to mitigate and reduce risks?
– What options for controlling risks are available?
– What are the impacts of current risk management
decisions on future options for risk management?
• Risk mitigation focuses on a reduction of severity of harm.
• Risk reduction focuses on the reduction of probabilities of
occurrence of harm and detection of harm.
• Risk acceptance is a decision to accept risk, i.e., no additional
risk control activities are necessary at that time.
15. Step -3 [Risk communication]
– Risk communication is the exchange or sharing of
information about risk and risk management
between the decision maker and other stakeholders.
The information can relate to the existence, nature,
form, probability, severity, acceptability, treatment,
detectability or other aspects of risks to quality.
– The communication among stakeholders
concerning quality risk management decisions can
be made through existing channels
16. Step - 4 [Risk monitoring and review]
– All risk management processes are
dynamic/iterative. Quality risk management when
applied should benefit from new knowledge with
each decision cycle and used to enhance future
decisions allowing for continuous improvement.
17. Risk management Tools
1. Process mapping
2. Preliminary Hazard Analysis (PHA)
3. Hazard Analysis of Critical Control Points
(HACCP)
4. Hazard Operability Analysis (HAZOP)
5. Fault tree analysis (FTA)
6. Failure Mode Effects Analysis (FMEA)
7. Failure Mode, Effects and Criticality Analysis
(FMECA)
8. Risk Ranking and Filtering
9. Informal Risk Management
10. Taguchi, variation risk management method
18. Supporting Statistical Tools
• Design of experiments (DOE)
• Process Capability Analysis
• Control charts:
1. acceptance control charts.
2. Shewart control charts.
3.Accumulative sum charts
19. Integration of Quality Risk Management
into operations
1. Development (e.g. Specification Setting, Test Method
Selection and process development).
2. Regulatory scrutiny during pre and post approval.
3. As a component of Quality systems ( e.g. Auditing,
Deviations/Discrepancies, Complaints & Recall
Management, Change management)
4. Facility systems management ( e.g. Design, Hygiene,
Qualification, environmental control, Preventative
maintenance and Computerized systems)
5. Materials Management (e.g. Supply chain, Assessment
and evaluation of suppliers and contract
manufacturers, procurement and release of material)
20. Integration of Quality Risk Management
into operations (Contd..)
6. Production (e.g. PAT, Validation, in-
process sampling, testing, reporting and
trending)
7. Laboratory controls (e.g. validation,
testing, methods development, stability).
8. Packaging and labeling (e.g. Selection of
container closure system and label controls).
9. Regulatory Authority Activities
21. How to calculate RPN
RPN = Risk Priority Number
= Severity index X Frequency Index X Detectability Index
• Estimating severity index
– Severity of the failure shall be estimated based on the effect it may have on the
process/product /patient
– Assign a quantitative value to the possible effect of each hazard according to the scale
show in Table -1
Index Value Severity Interpretation
3 Critical May cause serious/critical effect. High risk to safety and
efficacy of the product
2 Major May cause adverse effect directly or indirectly
1 Minor No potential of adverse effect
22. How to calculate RPN (Contd..)
• Estimating frequency index Index Severity Interpretation
Value
– Estimate frequency index
based on the frequency of 3 High Will occur: Expected to
occur or has occurred
occurrence of each identified frequently (multiple times)
cause. in the past with similar
product types.
– Frequency may be interpreted
as probability of occurrence 2 Moderate Likely to occur: Has
whose quantitative value shall occurred in past and can be
be assigned based on the scale expected to occur if action
is not taken to correct or
shown in table -2. prevent
1 Low Unlikely to occur: No
record of Previous
occurrence and it not
expected to occur
23. How to calculate RPN (Contd..)
• Estimating detectability Index
Value
Estimated
Detectability
Risk Interpretation
– Assign detectability 3 Not detectable High There are no controls in
place designated to detect
index based on ; the defect or failure mode
• The ability to detect the 2 Moderately Mode Current method may
Detectable rate identify the failure.
event prior to or during its Procedures, tests are
occurrence and thereby designated to increase the
likelihood of detection.
preventing the hazard of where the detection
method is test, the test is
effect. well characterized and
• Assign quantitative value validated
for detectability based on 1 Readily or Low Failure are detected with
highly high degree of probability
the scale shown in Table-3 detectable before the product is a
test, the test is well
characterized and
validated
24. How to calculate RPN (Contd..)
• Review of Risk value
– The calculated risk factor shall be analyzed to
determine the need for mitigation, CA/PA, etc.
– Table-4 describes recommended action based on a
calculated risk factor.
– After mitigation/taking appropriate action to
reduce the risk for a given operation/activity, the
FMEA may be carried out again to calculate the
RPN.
25. How to calculate RPN (Contd..)
Risk Category Risk Factor (RPN) Interpretation
Unacceptable Risk > 21 Risk too sever to be tolerated. A risk
in this region must be reduced to
ALARP region to implementation of
the activity/product etc.
ALARP region of acceptable risk > 6 -21 Tolerable risk, only if the reduction is
impractical or cost of reduction
grossly disproportionate to
improvement. Acceptable risk
Negligible Risk 1–6 Risk is Negligible. Mitigation not
necessary
26. Thanks
Quality is the responsibility of each and every
individual employee of the organization.