SOP on Quality Risk Management

0
488

1.0 Objective

To describe the procedure for management of risks, arising from different operations, activities and discrepancies.

2.0 Scope

This Standard Operating Procedure is applicable for the preparation and implementation of all Standard Operating Procedures to be followed at Pharmaceutical formulation plant.

3.0 Responsibility

3.1 Each Operating Manager and the Department Head shall be responsible for identification of operations and activities that pose potential risk, reporting and investigation of discrepancies, deviations and failures within the department and carrying out Risk assessment, control and review.

3.2 QA-Head shall be responsible for facilitating and evaluating the adequacy of Risk assessment and its management.

3.3 Risk Management Team shall be responsible for the overall Risk Management Program, its review and closure.

4.0 Accountability

4.1 Department Head & QA Head shall be accountable for implementation of this SOP.

5.0 Abbreviations and Definitions

Initiator Department   :           Department who shall initiate the preparation of SOP.

SOP                             :            Standard Operating Procedure; a document where step by step instructions are cited to serve as support for methods or manners of fulfilling a function or functions reliably and consistently.

QA                              :            Quality Assurance

RMT                            :            Risk Management Team

6.0 Procedure

6.1 RMT shall be formed comprising of at least one responsible member from each function (Quality Assurance, Production, Engineering, Quality Control, Warehouse, and Personnel & Administration).

6.2 The “Responsibilities of the Risk Management Team” shall be as follows:

6.2.1 Assuring the Risk Management Program continuity.

6.2.2 Providing directions to the user departments.Verifying the identified cause(s) of risks.

6.2.3 Verifying the identified cause(s) of risks.

6.2.4 Risk analysis (using various tools).

6.2.5 Endorsing the identified control measures.

6.2.6 Providing guidance on implementation of control measures and time frame,

6.2.7 Assuring Risk Management Program related communication and

6.2.8 Training and reporting to the senior management.

6.3 A Quality Risk Manager shall be assigned the responsibility of coordinating the entire Risk Management Program with all technical functions.

6.4 The “Responsibilities of the Quality Risk Manager” shall be as follows:

6.4.1 Coordinating the Risk Management Program between the user departments.

6.4.2 Organizing monthly meetings of the Risk Management Team,

6.4.3 Releasing minutes of meetings.

6.4.4 Risk communication

6.4.5 Facilitating the identification and categorization of risks.

6.4.6 Facilitating implementation of control measures.

6.4.7 Organizing follow-up and closure of risk implementation.

6.4.8 Organizing training related to Risk Management Program.

6.4.10 Preparing an annual report for the senior management.

6.4.11 Archival of related records and documentation.

6.5 RMT shall conduct regular quarterly meeting coordinated by Quality Risk Manager. The meeting can be conducted with a minimum quorum of 3 members and the Quality Risk Manager. However, the presence of the QA member is essential in all such meetings.

6.6 The Risk Management Program shall cover following areas:

6.6.1 Facilities and Equipment.

6.6.2 Production, processing and packing.

6.6.3 Quality Control Laboratories, Testing and Analysis.

6.6.4 Materials and warehousing.

6.6.5 Engineering, Maintenance and Utilities.

6.6.6 Quality Assurance and Quality Management System.

6.6.7 HR related GMPs.

6.6.8 Environment, Health and Safety.

6.6.9 Any other area, considered significant for the risk for running the business.

6.6.10 Each member of RMT shall ensure that any operation and activity that poses potential risk, or any discrepancy, deviation or failure discovered in the department or its processes / systems shall be reported by the operating personnel to the Senior Officer / Manager.Each member of RMT shall initiate a “Risk Assessment Log” as per current Annexure- I.

6.7 Each member of RMT shall initiate a “Risk Assessment Log” as per current Annexure- I.

6.8 The department subject expert shall analyze the operation and activity, discrepancies, deviations or failures and categorize the potential risk and its impact on the process or system or operation and/or product quality, yield, purity, potency, identity, stability, safety or efficacy within 15 days, depending on the seriousness of the risk and the area or process affected.

6.9 The “Risk Assessment Report” shall be prepared and compiled as per current Annexure- I.

6.10 All identified risks shall bear a unique Risk Reference number and shall be numbered as an alphanumerical number consisting of 14 characters. For example, R/AC/MM/YY/NNN.

6.10.1 In the format number ‘R/AC/MM/YY/NNN’, the first character ‘R’ represent the Risk.

6.10.2 The 2nd character is a forward slash as separator that represents ‘/’.

6.10.3 The next two characters ‘AC’ denotes ‘Department Code’.

6.10.4 The 5th character is a forward slash as separator that represents ‘/’.

6.10.5 Next two 6th and 7th alphabetic characters ‘MM’ denote the month in which the review is conducted.

6.10.6 The 8th character is again a forward slash as separator that represents ‘/’.

6.10.7 The next two 9th and 10th characters ‘YY’ denote the year say ‘17’ for 2017.

6.10.8 The 11th character is again a forward slash as separator that represents ‘/’.

6.10.9 The last three characters i.e. 12th to 14th are serial number of the risk in that particular area, starting with ‘001’ and continuing serially in increments of one unit, till 999 in a particular year. The number would restart from the next calendar year.

6.11 Risk Evaluation:

6.11.1 Risk Priority Number (RPN) is calculated by using the formula:

RPN = Occurrence (O) x Severity (S) x Detectability (D)

6.11.2 The risk shall be rated according to the table below:

Category Low Risk Medium Risk High Risk
Occurrence 1 3 5
Severity 1 3 5
Detectability 1 3 5
RPN 1 27 125
RPN Range 1 – 5 9 – 45 75 – 125

6.11.3 As depicted above, the higher the risk priority number, higher is the risk and vice versa.

6.12 Occurrence (O)

6.12.1 Occurrence (O) refers to an assessment of the probability of the incident of a risk effect or discrepancy or deviation or failure. A higher probability of occurrence may be possible if the equipment or system or process is poorly designed or the operation is in manual mode instead of automation.

6.12.2 The lower the probability of occurrence, the lower is the risk involved. The rating scale for determining the probability of occurrence is given in the following Table:

Ranking Criteria
1 Remote probability of failure. One occurrence every six months to three years or one occurrence in one million events.
3 Moderate probability of failure. One occurrence every three months or three occurrences in 1000 events.
5 Very high probability / frequency of failure

 

6.13 Severity (S)

6.13.1 Severity (S) refers to an assessment of the seriousness of the risk effect or the discrepancy or deviation or failure as it affects the end-user.

6.13.2 A higher severity rating may be assigned to process steps that involved manual operations or interventions as compared to done by automation. The higher rating is necessary because of quality failure or introduction of contamination during these steps will result in a higher risk to the product safety and end-user. The lower the severity the lower the risk involved. The rating for determining severity is given in the following Table:

Ranking Criteria
1 Remote probability of failure. One occurrence every six months to three years or one occurrence in one million events.
3 Moderate probability of failure. One occurrence every three months or three occurrences in 1000 events.
5 Very high probability / frequency of failure

6.14 Detection (D)

6.14.1 Detection is the ability to detect a risk or an incident of defect, discrepancy, deviation or a failure as it affects the end-user. The ability of detection depends on the system, equipment or operation – which, with advanced technology or automated inspection will have a higher ability to detect the defects, discrepancies or failures. In a manual mode of inspection the ability of detection will be poor.

6.14.2 Lower the ability to detect the defect, higher is the risk.

Ranking Criteria
1 Assured detection of failure. 100% automatic inspection with regular calibration and preventative maintenance of the inspection instrument. An effective Statistical Process Control (SPC) program is in place.
3 Detection possibility is moderate. Some SPC is used in process and the product is finally inspected off-line.  Fault may get detected, not sure.
5 Failure is not inspected or the failure is not detectable or difficult to detect.

6.15 The risks shall be categorized as Low, Moderate or High, depending on the product of probability of occurrence, degree of severity and ability of detection as the Risk Priority Number (RPN) value as mentioned in 6.11.2.

6.15.1 Low Risk: This risk has low potential and is less likely to impact directly or indirectly the process, system, operation, product quality, yield, purity, potency, identity, stability, safety or efficacy.

6.15.2 Moderate Risk: This risk has moderate potential and is likely to moderately impact directly or indirectly the process, system, operation, product quality, yield, purity, potency, identity, stability, safety or efficacy.

6.15.3 High Risk: This risk has high potential and is likely to highly impact directly or indirectly the process, system, operation, product quality, yield, purity, potency, identity, stability, safety or efficacy.

6.16 If the risk and impact is considered to be moderate or high, the discrepancies, deviations or failures shall be immediately reported to the QA and the Quality Risk Manager. After initial review and assessment, it must be reported to RMT members within 5 days.

6.17 If the risk and impact is Low, then it shall be only reported to the Quality Risk Manager within 10 working days.

6.18 For any such identified risk (Low, Moderate, High), necessary Risk Control Measures shall be identified and evaluated to mitigate / reduce the risk to an acceptance level.

6.19 RMT shall evaluate the risk of Moderate and High categories and examine the existing control measures and other immediate possible control measures.

6.20 RMT shall finalize the control measures and communicate to the department representative and the Quality Risk Manager to effect implementation within a pre-determined planned time-frame.

6.21 The determination and finalization of “Risk Control Measures, Implementation and Deviation Closure” shall be defined as per current Annexure- III.

6.22 RMT shall also determine deployment of resources (personnel and funds) and time-frame for implementation of control measures.

6.23 The concerned department’s RMT member shall discuss with the department group the Risk Control Measures and the mechanism of implementation.

6.24 The Control Measures shall be implemented within the allowed time frame to complete satisfaction. In case, the controls are not completed within the time frame allowed, an extension can be sought in advance from RMT by the department concerned, after providing a valid reason for the extension.

6.25 The department RMT member along with the Quality Risk Manager shall examine the effectiveness of implementation of control measures.

6.26 The implementation activity shall be reported to RMT as per current Annexure- III.

6.27 RMT in the next meeting shall do final evaluation of the implementation and order for Deviation Closure as per current Annexure- III.

6.28 Risk Communication and Report:

6.28.1 RMT shall identify what communication shall be released to the employees from time to time on matters related to Risk Management and the actions undertaken.

6.28.2 It will also initiate the points to be included in the Risk related ‘Annual Report’ for the senior management review.

6.29 Management Review:

6.29.1 The senior management representative(s) shall review the activities related to Risk Management Program and the actions and follow-up being done by the Risk Management Team, periodically.

6.29.2 The Annual Report shall also be reviewed by the senior management representative(s) and a feedback will be sent to the Risk Management Team by the Quality Risk manager for providing necessary directions and facilitation in deploying resources and funds where necessary.

6.30 Flow Scheme:

6.30.1 The Flow scheme for the “Quality Risk Management” is depicted as per Annexure- IV for reference and training purpose.

7.0 Forms and Records (Annexures)

  • Risk Assessment Log                                                                         –           Annexure-I
  • Risk Assessment Report                                                                    –           Annexure-II
  • Risk Control Measures, Implementation and Deviation Closure        –           Annexure-III
  • Quality Risk Management                                                                  –           Annexure-IV

8.0 Distribution

  • Master copy –           Quality Assurance
  • Controlled copies- Quality Assurance, Production, Quality Control, Stores, Engineering, & Human Resource Development

9.0 History

     Date    Revision Number                       Reason for Revision
                       New SOP

RISK-1

RISK2-1

RISK3-1

LEAVE A REPLY

Please enter your comment!
Please enter your name here