Integration of Less-Formal Risk Assessment Tools into Change Control

Managing risk in biopharmaceutical operations is of utmost importance for patient protection.
Oct 02, 2012
Volume 36, Issue 10

Managing risk in biopharmaceutical operations is of utmost importance for patient protection, ensuring that only the highest quality products are developed and distributed. A quality risk-management program systematically identifies and analyzes the risks associated with a product or process, mitigates those risks deemed unacceptable, and monitors the overall risk profile as conditions change. These programs facilitate more informed decision-making within a company regarding a product's quality and provide greater assurance to a company's stakeholders of the ability to deliver the highest quality product to patients. In this paper, the authors describe risk-assessment tools used in change control.

According to the International Conference on Harmonization (ICH) Q9 guidance, Quality Risk Management, all manufacturing processes carry certain, inherent risks (1). It is, therefore, essential that these risks are assessed and mitigated throughout the product lifecycle. Risk assessment is especially critical when changes are made to validated processes or systems to ensure the integrity of the product is preserved as the risk profile evolves. Not all risks pose a concern; it is important to distinguish between risks that are problematic and require mitigation efforts and those that do not. Thus, an effective risk assessment will ensure that maximal resources are directed towards products, equipment, and processes deemed high risk and minimal resources towards those deemed low risk.

Less-formal tools for managing change control

Figure 1: Risk assessment tool formality. (FIGURE 1 COURTESY OF AUTHOR.)
Risk management tools provide the necessary means by which risk can be successfully understood and controlled, making the entire process both efficient and consistent. While there are several well-known formal tools for risk assessment, such as failure mode effect analysis (FMEA), fault tree analysis (FTA), hazard operability analysis (HAZOP), and hazard analysis and critical control points (HACCP), ICH Q9 notes that the use of formal tools is not always appropriate or necessary to manage risk. It is, therefore, important to select the appropriate tool based on the objective and scope the assessment. The greater the risk and complexity of the system (or process) under review, the greater the level of formality and detail is required of the risk tool (see Figure 1). Less-formal tools, such as the comparison matrix (CM) and the risk estimation matrix (REM), which are designed to be easily implemented and broadly applied, are useful when assessing simple or well-understood systems or changes. Less-formal tools can also be used to make preliminary decisions about whether to stop or advance a given project or to employ more formal risk assessment methodologies.

There are two primary goals in the assessment of risk when managing change: to assure that a company is not taking on additional risk by making the change, and to ensure the success and effectiveness of the change through the identification of risk mitigation activities to be implemented in parallel with the change. The risk tools selected to assess changes should also be simple enough to use in a fast-paced manufacturing environment and clearly communicate the scope and impact of the change to all stakeholders. CM and REM are two such tools.

Both the CM and REM have a foundation in critical parameters—that is, categories of attributes that are deemed critical to the proper functioning of a system and must be considered to fully characterize the implications of a given change. Critical parameters are system-specific and should capture such elements as critical quality attributes (CQAs), critical or key process parameters (CPPs/KPPs), critical aspects (CAs) of equipment, system capacity, process capability, raw materials, and product-contact materials. These critical parameters will serve as the input into the risk assessment process.

lorem ipsum