Standard Operating Procedure - Gmpsop

1 Standard Operating ProcedureTitle: Quality Risk Management TechniquesCopyright All rights reservedUnauthorized copying, publishing, transmission and distribution of any part of the content by electronic meansare strictly SOP definesthe approach to Quality Risk Management(QRM)of a GMP siteand gives practicalexamples for tools which may be used to facilitate the process and to aid personnel performing to any process ata GMP sitewhich requires a Risk Management applicabilityof QRM methodology and the corresponding level of documentation may vary depending on theindividual circumstances. Examples of circumstances to which QRM may be applied in conjunction withexisting SOPs include but are not limited to: Identification and evaluation of the potential quality and compliance impact of product and/orprocess deviations, including the impact across multiple and/or divergent markets.

2 Evaluation and determination of the scope of internal and external quality assessments such asquality concern investigation systems, complaint handling, out-of-specification investigation, qualitycontrol testing etc. Evaluation of design of facilities, equipment, materials of construction, utilities and PreventativeMaintenance (PM) programs. Determination of the scope and extent of commissioning, qualification and validation activities forfacilities, equipment and production processes. Risk tools for engineering project evaluation and validation projects are not included in thisprocedure. References to those tools are made in Appendix 6 and 7 of this extent to which QRM is used and documented shall be consistent with thecomplexity and/orcriticality of the issue to be Teamhas oversight responsibilities for all QRM Heads, Process and System Owners and Project Leaders are responsible for ensuring thatrisks to quality, compliance and other site functions are considered.

3 Understood and managed to anappropriate level withinthe GMP must ensure that a suitable Quality Risk Management process isimplemented and thatappropriate resources with the necessary competence are must also ensure theinvolvement of all Heads, Process and System Owners and Project Leaders are responsible for ensuring thatthere is a process for reviewing and approving documented quality risk assessments and thatappropriate records are Associates and Laboratory Supervisors involved in deviation, complaint and OOS investigationshould follow the risk tool Risk Ranking and Filtering Method 1 as demonstrated in appendix 1 for aquick turn around in decision Associate, Production and Engineering supervisors or anyone who is involved in manufacturing andregulatory change management, in-house rework, supplier quality audit and other analysis ofDepartmentQuality ManagementDocument noQMS-135 TitleQuality Risk Management TechniquesPrepared by:Date:Supersedes:Checked by:Date:Date Issued:Approved by:Date:Review Date: Standard Operating ProcedureTitle.

4 Quality Risk Management TechniquesCopyright All rights reservedUnauthorized copying, publishing, transmission and distribution of any part of the content by electronic means are Quality Risk Management(QRM) are multi-dimensional and a shared understanding is a prerequisite for thesuccess ofany risk management initiation phase of theQRMprocess involvesunderstandingthe risk eventby defining and agreeing the context, the scope andthetolerability criteria for the quality risk assessment, together with anyunderlying of QRM processshould involve all the the relevantinformation isassembled and shared, any gaps are identified and analysis toolsare scope of the quality risk assessment must be clearly defined both inbusiness andtechnical scope should clearly establish the boundaries of the process, system.

5 Projector activitybeing assessed and any inherent assumptions that are made. It shouldconsider possible interactions outside the boundary and their potential risk assessment process evaluates the tolerability of the identified risks against somedefined criteria to determine whether any mitigating actions common approachto establishing criteria is to divide risks into five categories: A very high risk band where adverse risks are intolerable whatever benefits the activitymight bringand risk reduction measures are essential, whatever the cost. A high risk band where the risk would not be generally acceptable unless there werevery significant benefits and where reduction measures are expected as the norm.

6 A medium risk band area where costs and benefits are taken into account andopportunities are balanced againstpotential adverse consequences. A low risk band where positive or negative risks are small and where potential benefitscan only be justified at minimum cost. A very low risk band where positive or negative risks are negligible or so small that norisk treatment measures are team comprising individuals with the education, training and experience relevant to the issueor situation under evaluation should undertake the risk assessment matterexpert (SME)should also be consulted or involved to ensure that best practice is Risk Assessmentis reviewed and approved by appropriate department heads should be given to consultation of the EHS Manager or a delegateshould review and approve allcompliance Register For traceability purposes, a reference numberis assigned to each Risk Assessment byQuality Assurance personnel.

7 Risk Assessment conducted for deviation, complaint or out of specificationinvestigations do not need a template to follow due to their adherence with theinvestigation. An entry to Risk Register is also not required. Risk Assessment conducted for calibration interval; supplier assessment and externalsupplier audit frequency; engineering and validation projects do not need a referencenumber. Hence, an entry to Risk Register is also not required. All initiated Risk Assessments using the tool Risk Ranking and Filtering Method2 are logged intotheRisk Register. The hard copy register is located in the RiskAssessment and Quality Investigation folder kept inQA Operating ProcedureTitle: Quality Risk Management TechniquesCopyright All rights reservedUnauthorized copying, publishing, transmission and distribution of any part of the content by electronic means are ControlThe number of tools which may be used to document and assess risk are many and varied and anappropriate tool should be used for the individual tools are described in brief thetable below.

8 The formal risk assessment steps and methodologies are described in control describes the actions taken to deal with the identified quality risks and theacceptance of any residualquality risks. Risk control must address the followingquestions: Is the risk acceptable without further action? What can be done to reduce, control or eliminate risks. What is the appropriate balance among benefits, risks andresources? Are new risks introduced as a result of the identified risks beingcontrolled? ReductionRisk Reduction focuses on processes for mitigation or avoidance of quality risk when the riskexceeds an acceptable level. Risk reduction includes: Actions taken to mitigate the severity and probability of risk; or Processes or methods that improve the ability to detect risk Implementation of riskreduction measures may introduce new risks into the system or increase thesignificance of other existing risks.

9 Therefore, the risk assessment must be repeated toidentify and evaluate any possible change in the risk AcceptanceRisk Acceptance is a decision to accept risk. The risk acceptance decision shall be: A decision to accept known, residual risk; A decision to accept residual risks, which are partially assessed, based upon limitedinformation; or A combination of these QRM strategy is designed to reduce risk to an agreed upon acceptable level. Thisacceptable level will depend on many parameters, shall be decided on a case-by-case basisand managed through identified mitigation and Communication of theQRMoutcome / result to results of theQRM process must be communicated to the relevantstakeholders, includingmanagement and those Operating the process or system who maybe affected by those requires that each stepof the risk management process bedocumented at an appropriatelevel.

10 The purpose of the output from the risk management process is: To share and communicate information about the risks and how they arecontrolled. To obtain the appropriate approval of the decisions taken. To demonstrate to stakeholders that there has been a properly conductedsystematicapproach. To provide a recordof the risks that enables decisions to be reviewed and the processto be audited. To facilitate ongoing monitoring and review and to sustain the output from the risk assessment must specify a risk owner a personresponsible forensuring that any actionsare entered into CAPA database located inG:\QA\CAPA Databaseand all identified corrective actionsare implementedin fulland that the riskis is an iterative process that must be sustained throughout the lifecycle of theproduct, AStandard Operating ProcedureTitle: Quality Risk Management TechniquesCopyright All rights reservedUnauthorized copying, publishing, transmission and distribution of any part of the content by electronic means are of33 Appendix 1.