Managing risk in biopharmaceutical operations is of utmost importance for patient protection, ensuring that only the highest
quality products are developed and distributed. A quality risk-management program systematically identifies and analyzes the
risks associated with a product or process, mitigates those risks deemed unacceptable, and monitors the overall risk profile
as conditions change. These programs facilitate more informed decision-making within a company regarding a product's quality
and provide greater assurance to a company's stakeholders of the ability to deliver the highest quality product to patients.
In this paper, the authors describe risk-assessment tools used in change control.
According to the International Conference on Harmonization (ICH) Q9 guidance, Quality Risk Management, all manufacturing processes carry certain, inherent risks (1). It is, therefore, essential that these risks are assessed
and mitigated throughout the product lifecycle. Risk assessment is especially critical when changes are made to validated
processes or systems to ensure the integrity of the product is preserved as the risk profile evolves. Not all risks pose a
concern; it is important to distinguish between risks that are problematic and require mitigation efforts and those that do
not. Thus, an effective risk assessment will ensure that maximal resources are directed towards products, equipment, and processes
deemed high risk and minimal resources towards those deemed low risk.
Less-formal tools for managing change control
Risk management tools provide the necessary means by which risk can be successfully understood and controlled, making the
entire process both efficient and consistent. While there are several well-known formal tools for risk assessment, such as
failure mode effect analysis (FMEA), fault tree analysis (FTA), hazard operability analysis (HAZOP), and hazard analysis and
critical control points (HACCP), ICH Q9 notes that the use of formal tools is not always appropriate or necessary to manage
risk. It is, therefore, important to select the appropriate tool based on the objective and scope the assessment. The greater
the risk and complexity of the system (or process) under review, the greater the level of formality and detail is required
of the risk tool (see Figure 1). Less-formal tools, such as the comparison matrix (CM) and the risk estimation matrix (REM), which are designed to be easily
implemented and broadly applied, are useful when assessing simple or well-understood systems or changes. Less-formal tools
can also be used to make preliminary decisions about whether to stop or advance a given project or to employ more formal risk
Figure 1: Risk assessment tool formality. (FIGURE 1 COURTESY OF AUTHOR.)
There are two primary goals in the assessment of risk when managing change: to assure that a company is not taking on additional
risk by making the change, and to ensure the success and effectiveness of the change through the identification of risk mitigation
activities to be implemented in parallel with the change. The risk tools selected to assess changes should also be simple
enough to use in a fast-paced manufacturing environment and clearly communicate the scope and impact of the change to all
stakeholders. CM and REM are two such tools.
Both the CM and REM have a foundation in critical parameters—that is, categories of attributes that are deemed critical to
the proper functioning of a system and must be considered to fully characterize the implications of a given change. Critical
parameters are system-specific and should capture such elements as critical quality attributes (CQAs), critical or key process
parameters (CPPs/KPPs), critical aspects (CAs) of equipment, system capacity, process capability, raw materials, and product-contact
materials. These critical parameters will serve as the input into the risk assessment process.