To guarantee that their products are safe, effective, and of the best quality before being distributed to patients, the pharmaceutical industry is highly regulated by government organizations, which means that compliance alone does not provide confidence; instead, a durable and proactive methodology for risk identification, analysis and control must be used to ensure a sufficient level of confidence.
Quality Risk Management (QRM) provides the foundation for today's pharmaceutical quality system, and serves as a scientific methodology for identifying, evaluating and controlling potential risks during the totality of the product's life cycle from development to the point where it is delivered.
This guide is designed to be a reference for QRM principles, the regulatory basis for QRM, the process stages associated with QRM development and applicable tools and strategies for the execution of QRM as required by ICH Q9 (R1).
The following additional references have also contributed to the establishment of this framework:
ICH Q10, Pharmaceutical Quality System; incorporates QRM into its overall quality systems
EU GMP Part III; Guidelines for QRM
World Health Organization TRS 981 Annex 2;
Principles of QRM U.S. FDA Guidance on QRM (2006).
All of these guidance documents indicate the necessity of a proactive approach to managing risks, of documenting risks and of relating risk management to the severity of risk involved.
1. Patient Safety: Demonstrate that all products consistently conform to established standards for safety, effectiveness and quality.
2. Compliance with Rules and Regulations: Conduct testing in accordance with the requirements of relevant health authorities like FDA, EMA and WHO in order to meet their requirements.
3. Understanding Processes: To determine and control the critical process parameters and quality attributes.
4. Supporting Decision-Making: To provide a logical framework upon which to prioritize resources and corrective actions.
5. Continuous Improvement: To facilitate continuous improvement of processes and the overall organizational learning experience.
1. The scientific foundation and patient safety serve to support the risk evaluation process. All decision-making regarding product quality and patient safety must be based upon these two principles.
2. The level of documentation and effort necessary when performing the QRM process should be commensurate with the level of risk for each individual identified risk. The depth of analysis required for any individual risk will vary widely depending upon its potential impact and as such the methods and approach employed to perform the QRM process should be proportionately matched to the anticipated consequences.
1. What may turn out badly?
2. What is the probability (likelihood) it will turn out badly?
3. What are the outcomes (seriousness)?
A) Identification of Risk: Risk should be identified by the available data as data from the history of the process or system, different opinions or the information derived from the end user. The question “What might go wrong?” helps to identify the risks involved in process or system and provides the base for the further assessment of the risk.
B) Analysis of Risk: After identification of risks involved in any process or system its analysis is done. The harms associated with the risk are listed and chances of their occurrence and criticality are determined.
C) Evaluation of Risk: The analyzed risk is compared against the risk criteria.
The outcome of the risk assessment may be either in the qualitative form as a number (1,2,3) or in the qualitative form (low, medium or high)
During the implementation of risk reduction measures, it may affect the significance of other existing risks or generate new risks. Therefore, one should do risk assessment again to evaluate the changes in risks during the implementation of the risk reduction process.
Reference: ICH Q9 - Quality Risk Management.
Risk Management Sample Protocol
1. FMEA (Failure Modes and Effects Analysis) assesses potential risks by assigning severity, occurrence, and detection values (ranking) and is used in the validation of processes for equipment design.
2. FMECA (Failure Mode, Effects, and Criticality Analysis) is similar to the FMEA but it has a ranking of criticality value (ranking) and can be used to evaluate the reliability of equipment.
3. Fault Tree Analysis (FTA) uses a logical diagram to help identify root cause of an issue. This logical diagram can also be used to help identify when an issue (or failure) has occurred in a system.
4. Hazard Analysis and Critical Control Points (HACCP) are methods for determining and controlling those critical areas in your production process. HACCP is used in the manufacture of sterile products.
5. Risk Ranking and Filtering ranks risks by impact and probability and is used to evaluate suppliers.
6. Fishbone (or Ishikawa) diagrams can be utilized to assist in determining the cause of a quality issue and are valuable during the investigation of deviations.
1. Change Controls: Assessment of risks before implementing changes.
2. Deviation Management: Root cause assessments and how deviations impact the quality of products.
3. Corrective and Preventive Actions (CAPA): Prioritizing actions based on the identified level of risk.
4. Supplier Qualification: Use of risk ranking to evaluate vendor reliability.
5. Validation and Qualification: Identification of critical process parameters (CPP).
6. Audit and Inspection: Concentrating on areas of high risk for review.
Integrating QRM in this manner helps ensure a risk-based approach to all quality decision-making activities.
1. Enhanced Risk-Based Decision-Making: A greater emphasis on objective and consistent assessment of risks.
2. Increased Awareness of Human Bias: Recognition of the fact that the various forms of personal bias will have an impact on risk assessment decision making.
3. Risk-based Control Strategies: Risk based control strategies in line with the QRM is essential for lifecycle management and continuous improvement.
4. Quality Defect & Supply Chain Risk: Increased recognition of the risks associated with the supply chain.
5. Formal vs Informal QRM: To clarify the basis for applying QRM tools based on the level of risk to which they will be applied.
With these changes QRM remains applicable and relevant in the current pharmaceutical environment.
Quality Risk Management (QRM) is more than a regulatory requirement — it’s a thought process that enables you to be proactive in making data-driven decisions about the safety of patients and the quality of products.
If implemented effectively, QRM can help pharmaceutical companies mitigate uncertainty, adhere to Good Manufacturing Practices (GMP) and support continuous improvement of their operations.
As more regulatory authorities promote the use of risk-based methods, a cornerstone to modern pharmaceutical quality systems has emerged as Quality Risk Management (QRM).
This guide is designed to be a reference for QRM principles, the regulatory basis for QRM, the process stages associated with QRM development and applicable tools and strategies for the execution of QRM as required by ICH Q9 (R1).
What is Quality Risk Management (QRM)?
QRM provides a structured method to identify, assess, manage, communicate and monitor risks related to the quality of pharmaceutical products. It assists companies in making decisions based on science on how best to direct their resources for maintaining product quality and patient safety. The purpose of QRM is to predict potential issues, assess their possible impact and put in place preventative actions.Regulatory Guidance for QRM
The QRM (Quality Risk Management) methodology was developed from the foundation established by ICH Q9, Quality Risk Management, which harmonizes a common approach to risk management for the entire product lifecycle.The following additional references have also contributed to the establishment of this framework:
ICH Q10, Pharmaceutical Quality System; incorporates QRM into its overall quality systems
EU GMP Part III; Guidelines for QRM
World Health Organization TRS 981 Annex 2;
Principles of QRM U.S. FDA Guidance on QRM (2006).
All of these guidance documents indicate the necessity of a proactive approach to managing risks, of documenting risks and of relating risk management to the severity of risk involved.
Objectives of QRM
Quality Risk Management's key objectives include the following:1. Patient Safety: Demonstrate that all products consistently conform to established standards for safety, effectiveness and quality.
2. Compliance with Rules and Regulations: Conduct testing in accordance with the requirements of relevant health authorities like FDA, EMA and WHO in order to meet their requirements.
3. Understanding Processes: To determine and control the critical process parameters and quality attributes.
4. Supporting Decision-Making: To provide a logical framework upon which to prioritize resources and corrective actions.
5. Continuous Improvement: To facilitate continuous improvement of processes and the overall organizational learning experience.
Quality Risk Management Principles
Two primary principles of Quality Risk Management (QRM) are established in the ICH Q9 Document.1. The scientific foundation and patient safety serve to support the risk evaluation process. All decision-making regarding product quality and patient safety must be based upon these two principles.
2. The level of documentation and effort necessary when performing the QRM process should be commensurate with the level of risk for each individual identified risk. The depth of analysis required for any individual risk will vary widely depending upon its potential impact and as such the methods and approach employed to perform the QRM process should be proportionately matched to the anticipated consequences.
The Quality Risk Management Process
QRM typically follows a structured six-step process:1. Initiation of Risk Management Process
Risk management should be initiated with the listing of possible questions about the risks involved in the process or the system. Potential of the risk on human health and product quality should be identified. A time limit or deadline for the risk assessment should be specified.2. Assessment of Risk
Risk assessment includes the identification of hazards associated with risk. Following questions can help to identify and analyze the risk.1. What may turn out badly?
2. What is the probability (likelihood) it will turn out badly?
3. What are the outcomes (seriousness)?
A) Identification of Risk: Risk should be identified by the available data as data from the history of the process or system, different opinions or the information derived from the end user. The question “What might go wrong?” helps to identify the risks involved in process or system and provides the base for the further assessment of the risk.
B) Analysis of Risk: After identification of risks involved in any process or system its analysis is done. The harms associated with the risk are listed and chances of their occurrence and criticality are determined.
C) Evaluation of Risk: The analyzed risk is compared against the risk criteria.
The outcome of the risk assessment may be either in the qualitative form as a number (1,2,3) or in the qualitative form (low, medium or high)
3. Control of Risk
Risk control is the application of the methods or tricks to reduce the risk to the acceptable level. First of all, determine that the risk is above the acceptable level. Determine the way to control the risks. New risks should not be generated while controlling the risk.During the implementation of risk reduction measures, it may affect the significance of other existing risks or generate new risks. Therefore, one should do risk assessment again to evaluate the changes in risks during the implementation of the risk reduction process.
4. Communication of Risk
Communication of risk is the exchange of information regarding the risk between the decision management and others. The results of quality risk management should be documented and communicated. The information regarding the nature of risk, its severity, control and related information should be communicated. Dotted arrows in the figure indicate that communication in risk management should be done in every stage.5. Review the Risk
Risk management is a continuous process and a system should be implemented to review the risks at a fixed time interval. All events of the system should be monitored for the risks associated with it. The frequency of the review the risk management depends upon the severity of the risk. It should be mentioned clearly in risk management document.6. Methodology
Method of the risk management is given in the sample protocol.Reference: ICH Q9 - Quality Risk Management.
Risk Management Sample Protocol
Common Tools and Techniques in QRM
There are different tools used for Quality Risk Management. Some of those are discussed below.1. FMEA (Failure Modes and Effects Analysis) assesses potential risks by assigning severity, occurrence, and detection values (ranking) and is used in the validation of processes for equipment design.
2. FMECA (Failure Mode, Effects, and Criticality Analysis) is similar to the FMEA but it has a ranking of criticality value (ranking) and can be used to evaluate the reliability of equipment.
3. Fault Tree Analysis (FTA) uses a logical diagram to help identify root cause of an issue. This logical diagram can also be used to help identify when an issue (or failure) has occurred in a system.
4. Hazard Analysis and Critical Control Points (HACCP) are methods for determining and controlling those critical areas in your production process. HACCP is used in the manufacture of sterile products.
5. Risk Ranking and Filtering ranks risks by impact and probability and is used to evaluate suppliers.
6. Fishbone (or Ishikawa) diagrams can be utilized to assist in determining the cause of a quality issue and are valuable during the investigation of deviations.
Integration of QRM into the Pharmaceutical Quality System
Risk management is not an isolated process but is an integrated component of many different components within the Quality System. For example, Risk Management integrates with:1. Change Controls: Assessment of risks before implementing changes.
2. Deviation Management: Root cause assessments and how deviations impact the quality of products.
3. Corrective and Preventive Actions (CAPA): Prioritizing actions based on the identified level of risk.
4. Supplier Qualification: Use of risk ranking to evaluate vendor reliability.
5. Validation and Qualification: Identification of critical process parameters (CPP).
6. Audit and Inspection: Concentrating on areas of high risk for review.
Integrating QRM in this manner helps ensure a risk-based approach to all quality decision-making activities.
ICH Q9 (R1) Revisions — What’s New
ICH Q9 updated in January 2023 enhances clarity and strengthens risk management areas.1. Enhanced Risk-Based Decision-Making: A greater emphasis on objective and consistent assessment of risks.
2. Increased Awareness of Human Bias: Recognition of the fact that the various forms of personal bias will have an impact on risk assessment decision making.
3. Risk-based Control Strategies: Risk based control strategies in line with the QRM is essential for lifecycle management and continuous improvement.
4. Quality Defect & Supply Chain Risk: Increased recognition of the risks associated with the supply chain.
5. Formal vs Informal QRM: To clarify the basis for applying QRM tools based on the level of risk to which they will be applied.
With these changes QRM remains applicable and relevant in the current pharmaceutical environment.
Benefits of Quality Risk Management
Having a strong QRM system offers many organizational and compliance benefits, including:- Improved understanding of products and processes
- Enhanced regulatory compliance and audit preparedness
- Fewer deviations, rejections and recalls
- Better decision-making documentation
- Increased efficiency through prioritization of critical risk
- Culture of ongoing improvement.
Challenges in Implementing QRM
The implementation of QRM presents numerous unique and different challenges for companies due to the following identified challenges and barriers.- The lack of collaboration across function groups
- Lack of training on QRM tools
- Poor documentation practices
- Too many complicated risk assessments
- Resistance to transition to a new quality culture
Quality Risk Management (QRM) is more than a regulatory requirement — it’s a thought process that enables you to be proactive in making data-driven decisions about the safety of patients and the quality of products.
If implemented effectively, QRM can help pharmaceutical companies mitigate uncertainty, adhere to Good Manufacturing Practices (GMP) and support continuous improvement of their operations.
As more regulatory authorities promote the use of risk-based methods, a cornerstone to modern pharmaceutical quality systems has emerged as Quality Risk Management (QRM).
WHAT ARE THE SOFTWARE USED TO CREATE FISHBONE DIAGRAM IN QBD WORKS WHICH RISK ASSESSMENT TOOL IS USED FOR QRM
ReplyDelete