Quality Risk Assessment

Quality Risk Assessment

In Australia, a Quality Risk Assessment is now a regular GMP activity since we saw the introduction of PIC/S Version PE 009-08, in 2009 (read more here) and the massive impact, especially of the two new clauses §1.5 and §1.6 (Part 1 of the PIC/S GMP) had on the Australian industry, as we followed the USFDA into the 21st century, Science and Risk Based Approach (a GAMP like approach by Sion Wyn).

Quality Risk Management (QRM) as defined in ICH Q9 (or Annex 20 of the PIC/S GMP Guide) is now an enduring GMP compliance requirement for all Pharmaceutical manufacturers and something Pharmaceutical Consultants are well aware of.

Over the years PharmOut, GMP consultants, trainers and engineers have become proficient in performing Quality Risk Assessments, usually embedded into other quality system processes. More recently, since the introduction of cross contamination in Chapters 3 and 5 (in the EU code of GMP) our toxicologists, process engineers and pharmaceutical consultants have had to develop complimentary skills in Occupational Hygiene and HAZOP risks assessment as we design, build and help operate pharmaceutical plants. Often these plants have highly potent active ingredients, requiring specialist skills to ensure safety that goes beyond simple patient safety as required in the GMPs.

How do we do this, well obviously drawing on expertise available in the general industry, but in addition, for many years we worked with Medical Device Manufacturers and their quality risk assessment and framework, i.e. the ISO 14971:2012 Risk Management for Medical Devices, this has honed these skills.

ISO 14971 (we run a training course) taught us three risk considerations –

Inherent safety by design

  1. Use specific connectors that cannot be connected to the wrong component, e.g. gas cylinders.
  2. Improve the detectability or readability of controls, labels, and displays, e.g. keypoint cards.

Protective measures in the medical device itself or in the manufacturing process

  1. Incorporate safety mechanisms such as physical safety locks, as well as software or hardware interlocks, e.g. clean rooms doors.
  2. Use alerts for hazardous conditions, such as a “low battery” alert when an unexpected loss of the device’s operation could cause harm or death, e.g. UPS.

Information for safety

  1. Provide written information, such as warning or caution statements in the user manual that highlight and clearly discuss the use-related hazard, e.g. well written SOPs.
  2. Train users to avoid the “error”, e.g. proper training.

However, before this can be done, risks need to be identified, using the fundamental principles of Quality Risk Management, which includes a simple grading system, and can be defined by the regulated company. We would recommend a simple High, Medium and Low scoring system, which is more than adequate in most environments. The rating should be applied to the following three factors, Severity, Likelihood of Occurrence and the probability of Detection, SOD. But identifying the risk, it can be managed.

This systematic process for the assessment, control and communication of the risk is still inherent in the new PIC/S GMP Guide version 13, with the increase in the use of the word RISK increasing from 419 times in in PIC/S version 8 to 512 times in the PIC/S version 13.

Quality Risk Assessment


It is very interesting that when the original Australian TGA GMPs were published in 1971, the 4th set of unique GMPs in the world, Risk was only mentioned 3 times, and did you know, risk is not mentioned once in the CFR Part 11?

This short blog makes you aware of a Quality Risk Assessment flowchart and SOP which can be made available to anyone contacting our office, alternatively why not try our quick online course on Annex 20.