OBJECTIVE:
To define the Risk management process requirements and provide method of identification of Potential risk, assessing, monitoring and documenting the identified risks.
SCOPE:
This SOP shall cover to all Risk having impact on Product Quality and Compliance, Environment Health and Safety that arise from different operations, activities, discrepancies, deviations and failures in the manufacturing operations of ----------
RESPONSIBILITY:
Each Operating Manager and the Department Head shall be responsible for identification of operations and activities that pose potential risk, reporting and investigation of discrepancies, deviations and failures within the department and carrying out Risk assessment, control and review.
QA-Head shall be responsible for facilitating and evaluating the adequacy of Risk assessment and its management.
Risk Management Team shall be responsible for the overall Risk Management Program, its review and closure.
ACCOUNTABILITY:
Risk Management Team (RMT) shall be accountable for the overall Risk Management Program.
PROCEDURE:
5.1 General Information:
Quality Risk Management is a systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle. The two primary principles of Quality Risk Management are:
1) The evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient and
2) The level of effort, formality and documentation of the Quality Risk Management process should be commensurate with the level of risk.
5.2
Risk
Assessment: The Risk Assessment
consists in the identification of hazards, analysis and evaluation of risks associated
with exposure to those hazards Risk assessment defines with three fundamental
questions.
a)
Risk Identification address what might go wrong.
b)
Risk analysis, to analyze the risk involved.
c)
Risk evaluation, comparing the risk identification and analyze the risk against
the criteria.
5.3
Risk Management Team shall be formed comprising of at least one
responsible member from each function (Quality Assurance, Production,
Engineering, Quality Control, Warehouse, and Personnel & Administration).
5.4
The “Responsibilities of the Risk Management Team”
shall be as follows:
5.4.1
Assuring the Risk Management Program continuity,
5.4.2
Providing directions to the user departments,
5.4.3
Verifying the identified cause(s) of risks,
5.4.4
Risk analysis (using various tools),
5.4.5
Endorsing the identified control measures,
5.4.6
Providing guidance on implementation of control measures and time frame,
5.4.7
Assuring Risk Management Program related communication and
5.4.8
Training and reporting to the senior management.
5.5
A Quality Risk Manager shall be assigned the responsibility of
coordinating the entire Risk Management Program with all technical functions.
5.6
The “Responsibilities of the Quality Risk Manager”
shall be as follows:
5.6.1
Coordinating the Risk Management Program
between the user departments,
5.6.2 Organizing monthly meetings of the Risk Management Team,
5.6.3 Releasing minutes of meetings,
5.6.4 Risk communication
5.6.5 Facilitating the identification and categorization of risks,
5.6.6 Facilitating implementation of control measures,
5.6.7 Organizing follow-up and closure of risk implementation,
5.6.8 Organizing training related to Risk Management Program,
5.6.9 Preparing a annual report for the senior management and
5.6.10 Archival of related records and documentation.
5.7
RMT shall conduct regular monthly meeting coordinated by Quality Risk
Manager. The meeting can be conducted with a minimum quorum of 3 members and
the Quality Risk Manager. However, the presence of the QA member is essential
in all such meetings.
5.8
The Risk Management Program shall cover following
areas:
5.8.1
Facilities and Equipment,
5.8.2
Production, processing and packing,
5.8.3
Quality Control Laboratories, Testing and Analysis,
5.8.4
Materials and warehousing,
5.8.5
Engineering, Maintenance, and Utilities,
5.8.6
Quality Assurance and Quality Management System,
5.8.7
HR-related GMPs,
5.8.8 Environment, Health, and Safety, and
5.8.9 Any other area, considered significant for the risk for running the business.
5.8.10 Each member of RMT shall ensure that any operation and activity that poses a potential risk, or any discrepancy, deviation or failure discovered in the department or its processes/systems shall be reported by the operating personnel to the Senior Officer / Manager.
5.9
Each member
of RMT shall initiate a “Risk Assessment Log” as per current Format No.: F/QA-033-01.
5.10
The
department subject expert shall analyze the operation and activity,
discrepancies, deviations or failures and categorize the potential risk and its
impact on the process or system or operation and/or product quality, yield,
purity, potency, identity, stability, safety, or efficacy within 7 days,
depending on the seriousness of the risk and the area or process affected.
5.11
The “Risk
Assessment Report” shall be prepared and compiled as per current Format No.: F/QA-033-02.
5.12
All
identified risks shall bear a unique Risk Reference number and shall be
numbered as an alphanumerical number consisting of 14 characters. For example,
R/DC/MM/YY/NNN.
5.12.1
In the format-number ‘R/DC/MM/YY/NNN’, the first character ‘R’ represent
the Risk.
5.12.2
The 2nd character is a forward slash as separator that represents ‘/’.
5.12.3
The next two characters ‘DC’ denotes ‘Department Code’.
5.12.4
The 5th character is a forward slash as separator that represents ‘/’.
5.12.5 Next two 6th and 7th alphabetic characters ‘MM’ denote
the month in which the review is conducted.
5.12.6
The 8th character is again a forward slash as a separator that represents
‘/’.
5.12.7
The next two 9th and 10th characters ‘YY’ denote the year say ‘12’ for
2012.
5.12.8
The 11th character is again a forward slash as separator that represents
‘/’.
5.12.9 The last three characters i.e. 12th to 14th are serial
number of the risk in that particular area, starting with ‘001’ and continuing
serially in increments of one unit, till 999 in a particular year. The number
would restart from the next calendar year.
5.13
Risk Evaluation:
5.14
Risk Priority Number (RPN) is calculated by
using the formula:
RPN = Occurrence (O) x Severity (S) x Detectability (D)
5.14.1
The risk shall be rated according to the table
below:
|
Category |
Low Risk |
Medium Risk |
High Risk |
|
Occurrence |
1 |
3 |
5 |
|
Severity |
1 |
3 |
5 |
|
Detectability |
1 |
3 |
5 |
|
RPN |
1 |
27 |
125 |
|
|
1 - 5 |
9 - 45 |
75 - 125 |
5.14.2
As depicted
above, the higher the risk priority number, higher is the risk and vice versa.
5.15
Occurrence (O)
5.15.1 Occurrence (O) refers to an assessment of the probability of the incident of a risk effect or discrepancy or deviation or failure. A higher probability of occurrence may be possible if the equipment or system or process is poorly designed or the operation is in manual mode instead of automation.
5.15.2 The lower the probability of occurrence, the lower is the risk involved. The rating scale for determining the probability of occurrence is given in the following Table.
|
Ranking |
Criteria |
|
1 |
Remote probability of
failure. One occurrence every six months to three years or one occurrence in
one million events. |
|
3 |
Moderate probability of
failure. One occurrence every three months or three occurrences in 1000
events. |
|
5 |
Very high probability /
frequency of failure |
5.16
Severity (S)
5.16.1 Severity (S) refers to an assessment of the seriousness of the risk effect or the discrepancy or deviation or failure as it affects the end-user.
5.16.2 A higher severity rating may be assigned to process steps that involved manual operations or interventions as compared to done by automation. The higher rating is necessary because of quality failure or introduction of contamination during these steps will result in a higher risk to the product safety and end-user. The lower the severity the lower the risk involved. The rating for determining severity is given in the following Table.
|
Ranking |
Criteria |
|
1 |
Product quality is not
affected. Or lesser deviation from the requirements which calls for moderate
action (i.e. higher frequency of tests of the final products, additional
tests etc.) |
|
3 |
Low severity. A deviation
from the requirements which calls for strong action (i.e. quarantining of a
batch, product recall, OOS- situation etc.) |
|
5 |
High to Very high
severity. Affect to the patient or threat to the life. |
5.17
Detection (D)
5.17.1 Detection is the ability to detect a risk or an incident of defect, discrepancy, deviation or a failure as it affects the end-user. The ability of detection depends on the system, equipment or operation – which, with advanced technology or automated inspection will have a higher ability to detect the defects, discrepancies or failures. In a manual mode of inspection the ability of detection will be poor.
5.17.2 Lower the ability to detect the defect, higher is the risk.
|
Ranking |
Criteria |
|
1 |
Assured detection of
failure. 100% automatic inspection with regular calibration and preventative
maintenance of the inspection instrument. An effective Statistical Process
Control (SPC) program is in place. |
|
3 |
Detection possibility is
moderate. Some SPC is used in process and the product is finally inspected
off-line. Fault may get detected, not
sure. |
|
5 |
Failure is not inspected
or the failure is not detectable or difficult to detect. |
5.18
The risks
shall be categorized as Low, Moderate or High, depending on the product of
probability of occurrence, degree of severity and ability of detection as the
Risk Priority Number (RPN) value as mentioned in 5.14.2.
5.18.1 Low Risk: This risk has low potential and is less likely to impact directly or indirectly the process, system, operation, product quality, yield, purity, potency, identity, stability, safety or efficacy.
5.18.2 Moderate Risk: This risk has moderate potential and is likely to moderately impact directly or indirectly the process, system, operation, product quality, yield, purity, potency, identity, stability, safety or efficacy.
5.18.3 High Risk: This risk has high potential and is likely to highly impact directly or indirectly the process, system, operation, product quality, yield, purity, potency, identity, stability, safety or efficacy.
5.19 If the risk and impact is considered to be moderate or high, the discrepancies, deviations or failures shall be immediately reported to the QA and the Quality Risk Manager. After initial review and assessment, it must be reported to RMT members within 5 days.
5.20 If the risk and impact is Low, then it shall be only reported to the Quality Risk Manager within 10 working days.
5.21 For any such identified risk (Low, Moderate, High), necessary Risk Control Measures shall be identified and evaluated to mitigate / reduce the risk to an acceptance level.
5.22 RMT shall evaluate the risk of Moderate and High categories and examine the existing control measures and other immediate possible control measures.
5.23 RMT shall finalize the control measures and communicate to the department representative and the Quality Risk Manager to effect implementation within a pre-determined planned time-frame.
5.24 The determination and finalization of “Risk Control Measures, Implementation and Deviation Closure” shall be defined as per current Format No.: F/QA-033-03.
5.25 RMT shall also determine deployment of resources (personnel and funds) and time-frame for implementation of control measures.
5.26 The concerned department’s RMT member shall discuss with the department group the Risk Control Measures and the mechanism of implementation.
5.27 The Control Measures shall be implemented within the allowed time frame to complete satisfaction. In case, the controls are not completed within the time frame allowed, an extension can be sought in advance from RMT by the department concerned, after providing a valid reason for the extension.
5.28 The department RMT member along with the Quality Risk Manager shall examine the effectiveness of implementation of control measures.
5.29 The implementation activity shall be reported to RMT as per current Format No.: F/QA-033-03.
5.30 RMT in the next meeting shall do final evaluation of the implementation and order for Deviation Closure as per current Format No.: F/QA-033-03.
5.31
Risk Communication and Report:
5.31.1
RMT shall identify what communication shall be
released to the employees from time to time on matters related to Risk
Management and the actions undertaken.
5.31.2 It will also initiate the points to be included in the Risk related ‘Annual Report’ for the senior management review.
5.32
Management
Review:
5.32.1 The senior management representative(s) shall review the activities related to Risk Management Program and the actions and follow-up being done by the Risk Management Team, periodically.
5.32.2 The Annual Report shall also be reviewed by the senior management representative(s) and a feedback will be sent to the Risk Management Team by the Quality Risk manager for providing necessary directions and facilitation in deploying resources and funds where necessary.
5.33
Flow Scheme:
5.33.1 The Flow scheme for the “Quality Risk Management” is depicted as per Annexure No.: A/QA-033-01 for reference and training purpose.
6.0
LIST OF FORMATS:
|
Sr. No. Sr.
No. |
Title of
Format |
Format No. |
|
|
Risk Assessment Log |
F/QA-033-01 |
|
|
Risk Assessment
Report |
F/QA-033-02 |
|
|
Risk Control
Measures, Implementation and Deviation Closure |
F/QA-033-03 |
|
|
Flow Scheme for
Quality Risk Assessment |
F/QA-033-04 |
|
|
Risk Management Team |
F/QA-033-05 |
7.0
REFERENCES:
7.1
SOP-QA-001
7.2
F/QA-001-01
7.3
SOP-QA-014
7.4
SOP-QA-031
8.0
REVISION HISTORY:
|
Sr. No. |
Date |
Reason for Revision |
Revision No |
|
1.
|
31/10/2018 |
New SOP |
R0 |
|
2.
|
31/10/2020 |
Schedule Revision |
R1 |
9.0
ABBREVIATIONS:
|
Sr. No |
Abbreviations |
Details |
|
01 |
QA |
Quality Assurance |
|
02 |
SOP |
Standard operating procedure |
|
03 |
FDA |
Food And Drug
Administration |
|
04 |
COA |
Certificate Of
Analysis |
END
OF DOCUMENT
No comments:
Post a Comment
Pharmaceutical guideline only