A to Z Risk Management with statistical approach

Risk assessment is a systematic examination of a task, job or process that you carry out at work for the purpose of; Identifying the significant hazards that are present (a hazard is something that has the potential to cause someone harm or ill health).

Now a day’s it’s a very popular approach in pharmaceutical industry, Most of the regulatory authority now a day’s looking for risk approach in design to implementation.

ICH guidelines clearly say all the approaches briefly, but the implementation quite difficult practically.

In this article am going to teach you the A to Z of risk in scientific and as well as unscientific

         Introduction

According to the definition, given in Annex 15, 20 of the EU-GMP-Guide and ICH Q9, a risk assessment is a method to assess and characterise the critical parameters in the functionality of an equipment or process. Therefore, risk assessment is a key element in the qualification and validation approach.

In the project context, risk analyses are performed as basic GMP/EHS-Risk assessment, which shall help to identify important GMP/EHS-requirements.

          Aim of the Risk Analysis

At the very basic stage of design the risk assessment is to verify that all features are taken into consideration to avoid the risk of failure of critical GMP and EHS parameter in the equipment.

During study all GMP and EHS parameters will be identified and assessed for the risk if not considered in the design or requirements.

The Risk assessment report is produced to provide the documented evidence that design concepts or requirement are complete in considering all GMP and EHS risks.

RISK Management Process

A typical Risk management process consists of following steps:

·         Risk Assessment:

Ø  Risk Identification

Ø  Risk Analysis

Ø  Risk Evaluation

·         Risk Control

Ø  Risk Reduction

Ø  Risk Acceptance

·         Result of Risk management processes

·    Risk Review

• Risk Assessment:

It consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards.

1. Risk identification is a systematic use of information to identify hazards referring to the risk question or problem description.

2. Risk analysis is the estimation of the risk associated with the identified hazards. It is the qualitative or quantitative process of linking the likelihood of occurrence and severity of harm.

3. Risk evaluation compares the identified and analyzed risk against given risk criteria. Risk evaluation considers the strength of evidence for all three of the fundamental questions.

The output of a risk assessment is either a quantitative estimate of risk or a qualitative description of range of risk. In case of qualitative description the risk is expressed using descriptors such as “high”, “medium” or “low”.

• Risk control:

It includes decision making to reduce and/ or accept risks. The purpose of risk control is to reduce the risk to an acceptable level. The amount of effort used of risk control should be proportional to the significance of the risk.

1. Risk reduction focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable) level. Risk reduction might include actions taken to mitigate the severity and probability of harm. 

2. Risk acceptance is a decision to accept risk. Risk acceptance can be a formal decision to accept the residual risk or it can be a passive decision in which residual risks are not specified.

The output/ result of the quality risk management process should be appropriately communicated and documented.

•  Risk management should be an ongoing part of the quality management process. A mechanism to review or monitor events should be implemented.

The output/ results of the risk management process should be reviewed to take into account new knowledge and experience.

This document applies the risk management principles to identify the risks associated with the design, construction and operational features of any equipment, which is going to be procured and installed in the facility. 

Now a day, its being a practice by pharma major, to adopt the Risk factor before preparing URS of any critical equipment (User Required Specification) and criticality is based on GMP impact assessment. Then all the points are mentioned in URS are addressed through proper risk mitigation method.

Like Loading & Unloading system, Control system, requirement material of construction, alarms, Interlocks & additional safety feature, measurable/calibrated instrument, Documentation for Qualification, Operation & maintenance etc.Different risk tools available as mentioned ICH Q9.

Before going to assessment of any risk we need to work out, what is the severity/impact behind the failure. Second we need to consider probability of occurrence. Risk level depend on the level of these two parameters are enough to assessment primary risk. Qualitative and quantitative both approaches are appreciable.

So,

Risk = Severity (of event occurring) Vs likelihood (of event occurring)

Now tell me how many people working with risk assessment, are you facing difficulties during this??

No need to panic!! Here I am giving the simple solution for Risk assessment.

Problem 1: You have a facility/or hospital/or pharma industry where you looking for best cleaning.

Above mention format is the basic format mostly used by industries.

1. Potential Failure mode : For assessing the probable  failure modes. e.g a. Improper / insufficient sanitization or cleaning

2. Potential effect: Explain what will be the effects for that potential failure. e.g  Increase bio-load in the area/contamination of product and process/area

3. Severity: To assess the impact or how severe it can be . If is take a scale of 1-5 ration, then I will consider as 5 means Severity is high.

4. Contributory factor: Facts that are contributing or probable cause. e.g. Improper disinfectant selection/Frequency of cleaning not established/Untrained stuff/ No written procedure or SOP

6. Occurrence: Assessment of chances or probability of occurrence.

7. Control measures: Area to define the control parameter we are maintaining to minimizing the critical phenomenon. e.g. Select effective disinfectant test for efficacy, if required do 0.2 microne filtration. / frequency need to be validated/ Stuff need to be trained/written procedure to be there where preparation , dilution, frequency and cleaning procedure are defined.

8. detect-ability: If all the measures are taken, then what if the ratio of detection. Rather how easily the risk can be identified.

Risk Evaluation Matrix

The shading in the table represents an example of how the risk classification can be assigned a high, medium or low status. If a quantitative model is used, the severity and probability levels can be multiplied to calculate a Risk Priority Number (RPN) and this can be used to determine the risk classification.

 In the example above: 

RPN ≤ 4 = Low risk classification 

RPN 5 – 9 = Medium risk classification 

RPN ≥ 10 = High risk classification 

Information on how the risk classification will be determined should be included in the relevant procedure.

For more details on Risk Management approach, Please follow below link:

Fault tree analysis
http://www.uscgmp.com/2015/11/popular-methods-of-risk-assessment-part_17.html

Failure Mode Effects Analysis (FMEA)
http://www.uscgmp.com/2015/11/popular-methods-of-risk-assessment-part.html

A to Z Risk Management with statistical approach
http://www.uscgmp.com/2013/12/a-to-z-risk-management-with-statistical.html

Workshop On Risk Assesment by Palash Ch Das from Palash Das