The slides will be looking at the principles of risk management in the context of the European Pharma regulatory framework. This will include the regulatory framework, problems we face in the Pharma supply chain, the definition of risk and how it can be managed.

1. GDP MASTERCLASS 2016
@PostNL Pharma & Care
15 September 2016

2. Lecture 4
• Speaker: Stephen Mitchell
• Function: Compliance & Quality Manager
• Company name: GlaxoSmithKline
• Presentation subject: Risk management

3. GDP MASTERCLASS: RISK MANAGEMENT
Dr Stephen Mitchell FCQI CQP
QA and Compliance Manager, Global Logistics
GlaxoSmithKline
University of Leuven Sept 15th 2016

4. Outline and Content
• General Background and Considerations
• Regulatory Environment- Considerations from the EU GDP
• What is Risk & How is it Managed?

5. General Background and Considerations-1
 Do you know your supply chain and how can performance be
improved? Consider the following:
 supply chain qualification & temperature management, capacity,
facility standards, destination and final use conditions
 What do we expect of supply chain partners from a quality viewpoint ?
Is this achievable?
 Delivery of the agreed service including management of all
subcontractors in the process - collaboration or dictation?
 Understand the role and limitations of KPIs & audits, quality
agreements / SLRs, data quality and integrity

6. General Background and Considerations -2
 Expectations of customers- pharmacies & medical treatment centres
 Online medication and supplies
 Patient priority- no out of stocks problems due to supply chain?
 Contingency planning and crisis management- shared information
 Current supply chain capability – available service provision,
resources, controls
 Falsified Medicines Directive & Supply chain integrity – are we
including security of data as well as product?
 Expectations from Regulators- how do we cope with differences in
these?
 increasing expectations for supply chain temperature management,
security and data controls.
 EU GDP now baseline standard
?

7. Considerations from the EU GDP 2013/C 68/01
 Requirement to have a Quality System
 The system for managing quality should encompass the organisational structure,
procedures, processes and resources, as well as activities necessary to ensure confidence
that the product delivered maintains its quality and integrity and remains within the legal
supply chain during storage and/or transportation.
 The quality system should extend to the control and review of any outsourced activities
related to the procurement, holding, supply or export of medicinal products. These
processes should incorporate quality risk management...
• Scope: Applicable to Wholesale Distributors- not me then!
 Compliance with the guidelines will ensure control of the distribution chain and consequently
maintain the quality and the integrity of medicinal products.
 wholesale distribution of medicinal products is all activities consisting of procuring, holding,
supplying or exporting medicinal products, apart from supplying medicinal products to the
public. Such activities are carried out with manufacturers or their depositories,
importers, other wholesale distributors or with pharmacists and persons authorized or
entitled to supply medicinal products to the public in the Member State concerned.

8. Considerations from the EU GDP- 2
• Quality Risk Management
 Quality risk management is a systematic process for the assessment,
control, communication and review of risks to the quality of medicinal
products. It can be applied both proactively and retrospectively.
 Quality risk management should ensure that the evaluation of the risk to
quality is based on scientific knowledge, experience with the process
and ultimately links to the protection of the patient.
 The level of effort, formality and documentation of the process should
be commensurate with the level of risk. Examples of the processes and
applications of quality risk management can be found in guideline Q9 of
the International Conference on Harmonisation (ICH).

9. So what is Quality Risk Management?
• What is Risk?
 Risk is defined in ISO 73 as the ‘effect of uncertainty on objectives’
 Assumes that organisational objectives are clear
 Risks have implications across an organisation- risk appetite
 The impact of risk when inadequately managed can reach to the smallest organisation or
part of it- ripple effect
 Risk identification, recording and assessment. Consider:
 Origin- brainstorming, audits, surveys, internal, external
 Reputational (Brand), Market, Technology, Financial, Infrastructure
 Focus on the real problems
 Be succinct
 Ownership
 Ranking- likelihood and consequence if they occur
 Existing controls
 Mitigation plans- tracking, review and Escalation
 Tolerate
 Manage
 Transfer

10. Considerations from the EU GDP- 3
 Other sections cover:
 Personnel, training and Hygiene
 Premises and Equipment
 Temperature and Environmental Control
 Equipment
 Computerised systems- validation requirements
 Qualification and Validation of Equipment
 Documentation
 Operations, including traceability, storage, qualification of suppliers and customers
 Complaints, returns and recalls
 Outsourced activities
 Transportation- packaging and temperature requirements

11. Final Take Home Points
• Thank- you for listening
 ISO 31000
 The Association of Insurance and Risk Managers
 The Public Risk Management Association
 Specific resource well worth reading:
 “A Structured Approach to Risk Management and the Requirements of ISO 31000”-
downloadable as a pdf from the IRM
 Resilient Risk Management (GT Nexus) Resilient to Risk
 http://www.theirm.org/ISO31000guide.htm
 “A Guide to Supply Chain Risk Management for the Pharmaceutical and Medical Device
Industries and their Suppliers”, PQG & CQI Monograph, 2010
 “Risky Business”- article published in ‘Quality World’ , June 2012, by Lyndon Bird
 Recently updated ISO 9000 has introduced a risk management requirement