The risk-scoring model
The risk-scoring model that arose out of the Paris 2009 meeting centered around the concept that sites would be risk-rated
on the basis of three main attributes: complexity, criticality, and compliance. These attributes encompassed almost all of
the nine risk factors previously identified as being important:
Complexity refers to the complexity of the site, its manufacturing processes, and its products. Each of these attributes is assessed
individually using the tool and an overall complexity score is then assigned.
Criticality relates to how critical the availability of the products manufactured at the site is from a supply perspective, or to how
critical the services provided by the site are. An example of a critical service may be an important analytical testing service
performed by a site for several other sites that is not readily available elsewhere.
Compliance reflects the compliance status of the site following the most recent routine inspection at the site. When this risk is being
estimated, the classification and number of deficiencies identified at the last inspection are taken into account.
The complexity and criticality scores for a site would then be combined using a matrix to obtain what is termed an intrinsic risk rating for the site. This rating refers to the inherent risk that is associated with a site, its processes and products, regardless
of its compliance status. It reflects the complexity of the site, its processes and products, as well as the criticality of
the products or services provided by the site from a supply perspective. Complexity and criticality often remain fairly constant,
regardless of the compliance status of the site. Therefore, one usually cannot assess this risk on the basis of inspection
deficiencies or compliance history.
Once the intrinsic and compliance risks associated with a site have been estimated, they are combined using another matrix
to generate a relative risk rating for the site. It is this risk rating that is considered when deciding the frequency of
the next routine inspection at the site.
With regard to the scope of the next routine inspection at the site, the tool requires the inspector who last inspected the
site to consider certain items before making his/her recommendation for the scope of the next inspection. These items include,
- The areas in which deficiencies were identified during the most recent inspection
- The areas that were not inspected (or that were not inspected in detail) during the most recent inspection
- The areas that were considered during the last inspection to have been inadequately resourced at the site.
Another significant change in the tool that arose from the 2009 Expert Circle meeting was the decision to focus the tool on
GMP inspections only, because it proved too difficult to design one tool that could effectively be applied to both GMP and
GDP inspections at the same time.
Following the 2009 meeting, the tool was refined to reflect the lessons learned to date, and a pilot testing phase on the
tool began. Between Oct. 2009 and March 2010, several inspectorates evaluated the tool as part of their national inspection
planning programs. The tool was also presented for critical analysis to another PIC/S Expert Circle, relating to APIs, which
met in Dublin in May 2010. Useful lessons were gained from each of these meetings, and the penultimate version of the tool
was presented for review at the final meeting of the Expert Circle in Warsaw, in Sept. 2010, where the tool was adopted.
A PIC/S-wide consultation on the tool ran from Dec. 2010 to March 2011. Afterward, additional refinements were made to further
improve the tool. The final version was reviewed and formally adopted by the PIC/S Committee in December of that year.
The finalized QRM tool is contained within the PIC/S document 037-2 (1). While there are, of course, certain limitations associated
with the use of this tool, it is hoped that the methodology provided will enable inspectorates to apply more science- and
risk-based principles to the planning of GMP inspections. There are several important design features of the tool that are
not discussed in this brief article, but the aforementioned PIC/S document provides a comprehensive overview of the tool,
its design, and how it works.
There is also evidence that the tool can easily be customized for application in other areas. For example, it is likely that
pharmaceutical companies will be able to customize the tool for application in their own auditing programs, such as in relation
to active substance suppliers.
The author would like to acknowledge the contribution made by the PIC/S inspectors who worked on the development of the inspection
planning tool between 2007 and 2012.
Kevin O'Donnell, PhD, is Market Compliance Manager of the Irish Medicines Board (IMB).
1. PIC/S website, "A Recommended Model for Risk-Based Inspection Planning in the GMP Environment,"
http://www.picscheme.org/, accessed Oct. 16, 2012.