Quality Risk Analysis: Value for Money in the Pharmaceutical Industry

Pharmaceuticals play an important role in keeping people fit, but they can also put live at risk if they don’t have the required quality. Contamination and mix-up may have a great impact on them because of their tiny active doses and because of the often precarious state of health of the patients, not to mention the existence of routes of administration, which skip certain defense barriers of the body.


Introduction
Pharmaceuticals play an important role in keeping people fit, but they can also put live at risk if they don't have the required quality. Contamination and mix-up may have a great impact on them because of their tiny active doses and because of the often precarious state of health of the patients, not to mention the existence of routes of administration, which skip certain defense barriers of the body. This explains why knowledge management is put beside QRM as an enabler. Experience shows that more often than not information on the products and on the processes is "lost", either because it is not duly registered and disappears or because it is just kept away by a given person and never diffused within the company. The result is that in many cases there is or there was information but it is not available when needed by the persons of the company who have to take a decision.
And the fact is that if we cannot gather information on the product or process, either in house or outside it (other sites, publications, courses, etc.) it is very unlikely that we might follow a QRM approach. In other words, both enablers are linked and thus, the amount and

Risk Harm
The potential source of harm Damage to health, including the damage that can occur from loss of product quality or availability.
The combination of the probability of occurrence of harm and the severity of that harm.
characteristics of the knowledge at our disposal will be one of the main factors which will dictate how to perform our QRM.

Figure 2. Quality risk management steps
QRM is the result of a certain number of operations or steps, which can be summarized in different ways differing only slightly one from the other. The first part of QRM is evidently devoted to the quality risk analysis (QRA), that is, to the estimation of the risk associated with the identified hazards, whereas the second one concerns, properly speaking, the administration of this risk. Any QRM process has to start by defining its goal (what is intended) and by gathering information. All other steps are shaped by this first one.
But, speaking in practical terms, what kind of knowledge we need? Let us try to respond to this question by considering three different cases.

Product
If we are dealing with a product, we might need to be familiar with:  Its characteristics and specifications  Its CQAs (critical quality attributes), that is physical, chemical, biological or microbiological properties or characteristics that should be within an appropriate limit, range, or distribution to ensure the desired product quality "in [4]".

Process
If we are dealing with a process we might need to be aware of:  Its flow-chart;  Its equipment;  Its CPPs (critical process parameters), that is process parameters whose variability has an impact on a critical quality attribute and therefore should be monitored or controlled to ensure the process produces the desired quality "in [4]".  The factors which can affect them and the ways for doing this;  The likeness and the consequences of these deviations.
Exactly as said above, this has to be done by people possessing or gathering this knowledge.
In this case, the table might appear like this one.
The approach to be followed is the same that was mentioned before.  Introduce isolators where product is exposed Note: The contents of this table are just given as an example; they don't intend to represent any real situation.

GMP and QRM
An interesting question that might arise as a consequence of the application of QRM is about precedence. What is more important a GMP statement or the result of a QRA? This is however a completely false question because if GMP can be considered the logic baseline in pharmaceutical production, then how can QRA be anything different? In fact QRM is complementary to GMP because it provides the frame for taking a decision, whereas GMP proposes us some practical and well known solutions. It is important to understand that "good manufacturing practice" has been, and still is, accompanied by some amount of "bad practice". And this is the result of seeing in GMP as a kind of oracle which will provide us with magical solutions.
No solution for a problem should be looked for, before having defined it perfectly. This assertion might seem surprising but experience shows that analysis is often left aside because all attention is eagerly focused on the quick search of a solution.
Once the problem is well understood and its causes and likely effects have been determined is when the search for a solution can be started. In any case this requires, as said before, possessing knowledge. It is evident that GMP has to be taken into account, but only when the problem has been analyzed and understood in depth. Then, an answer to the problem can be found and it is evident that it will be science and knowledge-based and GMP compliant.

Selection of tools
There are different tools which can be used in QRM, both unspecific and specific for this task "in [2,6]". In reality, and very unpleasantly for some people, tools just organize in a more or less sophisticated way the information that we have. They will neither provide us with the knowledge that we don't have nor liberate us from the task of thinking about the question. Brainstorming will always be inevitable. According to their function QRM tools can be classified in three main groups: risk analysis, risk comparison and statistical support.
Risk analysis tools are either inductive or deductive. The first, starting with the normal operation, try to detect possible problems. The second, starting with the problem, try to find the chain of events that led to it. It is also very common to talk about formal and informal tools. In fact the former have really been devised for this purpose, whereas the latter are just data given in a certain way and they can be only considered "tools" in a loose sense.
It might seem surprising to explain that there are QRM tools that do not consider risk, but hazard. Although this is discussed in more detail below, here we need only point out that "risk analysis or management" is a general concept which can consider just hazards or their associated risk too.  Even if it is true that specific tools have been developed with an intended objective, and this somewhat restricts their scope of use, there is often overseen that they can have a wider utility. In fact tools are at our service and we should use them to organize information in order to get the most of it. Except in those cases when there is a need for coordination, e. g., different sites of the same group, or a requirement by the Authorities we should feel free in the way we use QRM tools.
In practice, it is possible to distinguish six basic cases in QRM: 1. As it has been indicated before the presentation of data is a basic need in QRM, hence informal tools, such as flow charts are necessary. 2. A first task in any QRM is hazard assessment and for doing this PHA is the right tool. 3. If risk assessment is desired, then FMECA is what we need. 4. HACCP is an appropriate tool for the monitoring of processes by means of their parameters. 5. When the search for the root cause of an event is required then FTA will do. 6. RRF allows for comparisons.
These six cases will cover practically all the needs regarding QRM. Understanding and using them can thus be considered a must.

QRM tool
Practical utilization  Check lists, reports, graphs, etc.
Basic data presentation

PHA (Primary hazard analysis)
Basic hazard assessment

HACCP (Hazard Analysis and Critical Control Points)
Process monitoring

FTA (Fault Tree Analysis)
Root cause identification Table 5. QRM most common tools and their practical utilization

Basic data presentation
Any system may be used to gather and present data and further on we provide some examples. Ishikawa and Pareto diagrams not only show data but the first organizes them at a certain level and the second treats them statistically. This is why they are also mentioned for the root cause identification.

Basic hazard assessment
In every situation (product, process, etc.) there is a period of time, in the beginning, when knowledge is very limited and unsure. Suppositions count more than facts. Then, there is a very simple tool, perfectly adapted to this situation: PHA (Primary hazard analysis) "in [2,6]".
It is developed by using a table, which might vary slightly according to specific needs or requirements, but which considers basically these items: hazards, causes, effects and preventive measures. Note that often it is not necessary to consider the "effects", as they are either evident or are already somewhat included in the "hazard".
The hazards which put the quality of the products at risk during their manufacturing may belong to five categories:  Contamination (external): Any contamination of a material or of a product not related to other materials or products manufactured in the factory (e. g., pollen, sand, hair, scales, dandruff, fibers, microorganisms, etc.)  Cross-contamination: Contamination of a material or of a product with another material or product.  Environmental contamination: Contamination of the production rooms, the operators or the surroundings of the pharmaceutical unit because of the voluntary or accidental liberation of materials or products  Mix up / error: Operation inadequately performed (error) or where one thing is taken by another one (mix up)  Degradation: Loss of quality of the product because of inadequate conditions The following Note: The contents of this table are just given as an example; they don't intend to represent any real situation.

Risk assessment
In order to analyze quality risks in the operations, when there is a significant amount of operator participation, the choice tool is FMECA (failure mode, effects and criticality analysis) "in [2,6,7]". It is performed by using a Note: The contents of this table are just given as an example; they don't intend to represent any real situation.

Process monitoring
It is evident that if a process is well understood it is possible to identify its CPPs and if we can keep them under control by a process monitoring system then the quality of the products will be ensured. Establish corrective measures to be implemented when a CCP is out of range

Inacceptable?
Risk reduction Risk evaluation HACCP (hazard analysis and critical control points) is a method that detects the hazards for the quality of the products (or for the safety) and then their "critical control points" (CCP) "in [2,6,8]". The rational of HACCP is exposed in the annexed figure.
The flow chart is studied to identify potential hazards, which might affect the quality of the product. Then these hazards have to be assessed. Do they have to be controlled?  The rationale for the establishment of CCP can be summarized as follows.

Root cause identification
When a deviation is detected it is necessary to implement corrective and preventive actions (CAPA system), But this is only possible if the root cause has been identified. To do this we can use several tools, both unspecific (such as Ishikawa or Pareto diagrams) and specific (FTA). Two simple tools can be used for a primary analysis of causes.
The first one is the diagram of Ishikawa, also known as cause-effect or fishbone diagram, which shows in a graphical way cause relations and their interaction to provoke an effect.
The second one is the diagram of Pareto, which orders the data in relation to their importance and this allows for the distinction among frequent and infrequent causes of failures. It is prepared by listing all the elements and determining their frequencies. Then, the elements are classified in relation to their cumulative frequency.
FTA (fault tree analysis) is a deductive tool which uses a pictogram to represent in an organized way the factors (causes) which produce or contribute to the production of an undesirable event "in [2,6,9]".
The tree is started by placing the top event. Then the events which contributed to it are analyzed. Events are united by gates, which show the relation amongst them.
Gates can be very varied, but the most common ones are the "and" and "or" gates. Although there are specific gate symbols defined by an international standard, in practice for most cases it would suffice to represent them by a circle and write inside to which type they belong.

Comparison
RRF (Risk ranking and filtering) is a tool specifically devised for the comparison of different sets (units, processes, companies, etc.) possessing varied levels of risks "in [2, 6, 10]". Once they are reduced to a common denominator they can be compared and this allows for the establishment of priorities.
As in any method, it is necessary to individualize first the hazards or problems and then the different attributes, components or elements, which contribute to them.
Then each attribute, component or element is evaluated in terms of risk. It is possible to get a comprehensive evaluation taking into account all the intervening elements. This allows for the ranking of the problems or hazards, which can be filtered.  Figure 11. Hazard -Risk -Harm

Problem / Hazard
It is also possible to rank and filter risks by using tables combining the three well-known factors (probability, severity and difficulty of detection).

Is it really necessary to determine risk in QRM?
This is not the kind of stupid question that, at first sight, might seem. And in fact this is not a question, but two. The first one might be related to the fact that in everyday's life we somehow tend to mix-up hazard and risk. As the latter is the consequence of the former, we tend to consider both practically as synonymous. The second one comes out because of the fact that identification of hazards is a prerequisite for the determination of their risk, and risk allows for an assessment of hazard. Thus, why to limit ourselves to something of "low level" like hazard when we can get something "better" like risk? Unfortunately this is not correct. By definition, to determine risk we have to start by knowing the probability of occurrence of the hazard. And this is often very difficult and in the end it turns to be just an inference. Then, we should know the seriousness of the harm and, although this is usually clearer, it is neither an easy task and often requires some degree of imagination. Consequently, in many cases, risk is not more than an estimation, that has to be improved along the time as more experience is collected. The case might be that hazard, usually a concrete thing, is substituted by risk, an estimated value and this can hardly be something better.
In practice, our first aim should be to determine hazard and then, only if there is an objective possibility of estimating risk, do it. Speaking in general terms the evolution should be hazard detection > qualitative risk estimation > quantitative risk estimation. In projects or new processes we would move towards the left (hazard), whereas as we gain process knowledge we might move towards the right (risk).

Risk classification Severity High
Middle Low

Class 2 Low
Class 3

Risk filtration Difficulty of detection Low
Middle High

How to determine risk?
Risk is determined by the combination of the two already mentioned factors, probability and severity, to which a third one, detection, can be added when a system of detection is in place. This gives us the classical formula: Risk = Probability of occurrence of the harm x Severity of the harm x Detection of the harm.
Instead of probability it is often used the term frequency, pointing out that most of times what we really know is how often it happened in a well established process. It is evident that even if we don't know how to estimate probability, if we really do know that harm never happened in our process we can affirm that probability is very low.
Severity is easier to understand because we are only asked to assess the importance of harm.
The capacity of detection of harm is linked to the existence of a system for its detection. Thus, its assessment tends to be more objective, as it is related to the equipment. This factor, however, has a marked particularity: risk increases when the capacity of detection decreases; it is an inverse factor. This is not a problem if we bear in mind this fact, but it can be easily overcome by changing the way we express it, for instance, instead of talking about "detection of the harm" we could say "difficulty of detection of the harm", thus turning it a direct factor like the other two.

How to better evaluate risk?
All three risk factors can be evaluated either qualitatively or quantitatively. Again, a quantitative estimation of risk (e.g. of 45 over 50, say) might appear much more satisfactory than a qualitative one (e.g. middle), but this might be too, and often is, misleading, because it provides a false sensation of precision.
As it was discussed above, the main objection one can do regarding risk is that its determination is too subjective and this makes it unreliable. Although there is some amount of truth in this, we may, however, counterattack by explaining that the objective of assessing risk is not getting a faithful estimate of it, but obtaining a risk baseline to be used as an indicator for future improvement. This is why what really matters is providing a good deal of information on the rationale which led to the estimation of the factors of risk.
Independently from that, it is necessary to determine how many risk levels will be estimated for each hazard. The simplest case and maybe the commonest too is the utilization of three levels, a very intuitive approach, as we are talking about "a lot" (high), "medium" (middle) and "little" (low). More levels allow for a better classification, but they turn more complicate the assessment.
Another point that needs to be discussed, when using quantitative evaluation, is the relation between these levels. Beside the normal series of values (1, 2, 3, etc.), we might use other with wider gaps between the levels, either regular (e. g., 1, 3, 5, 7) or even irregular (e. g., 1, 3, 7, 12). These last cases would give more weight to the higher levels, thus increasing the sensation of higher risk. It is not necessary to insist on the fact that any type of characterization of the levels is acceptable, provided that it is clearly defined and indicated and that it is not used to take false conclusions regarding higher evaluations of risk.

Qualitative evaluation
For instance in three levels:

DIFFICULTY OF DETECTION High
The failure /accident occurs frequently The consequences of the failure /accident are important The failure /accident will very likely not be detected

Medium
The failure /accident occurs periodically The consequences of the failure /accident are moderate The failure /accident might be detected

Low
The failure /accident occurs rarely The consequences of the failure /accident are low The failure /accident will very likely be detected An important inconvenient of the qualitative evaluation of the factors appears when determining risk. Everybody would agree that low x medium x high = medium, but the score of low x low x high is not so evident (medium?). And this becomes even more unclear if we consider more than three levels.
This is however less important that it might seem at first sight. As we have seen above, risk estimation, and particularly the qualitative one, is likely to be more a rough approximation than a very exact value. Thus, adding some more roughness should not be considered critical. In any case, this inconvenient can be overcome by using a complementary table which would provide a homogeneous estimation.  It is evident that if the risk factors are estimated by using more than three levels, then the table becomes more complicated.

Quantitative evaluation
If it is done in three levels, then the approach might be exactly the same that shown above for the qualitative estimation, but instead of low, medium and high there will be used numbers (1, 2, 3) and this will facilitate calculation (e. g., 3 x 1 x 2 = 6).
The next table provides an example of quantitative evaluation in five levels, both following the natural series of numbers and an irregular (or "enhanced") one. Both are, of course, acceptable, but it is necessary to bear in mind that the final risk quantification will depend on the system which has been chosen and thus comparisons have to take this into account.

3
Expected between >50% and ≤80% of times There are deviations and batch is investigated and rejected.
Detection but only when the process is finished 3 5 Expected between >10% and ≤50% of times.
There are deviations and batch is investigated but accepted.
Detection during a stage of the process, before finishing it.
A trend is detected, but limits are not exceeded and the batch is not investigated.
Detection during the stage in process.

9
Expected ≤1% of times. There is no trend and limits are not exceeded. Batch is not investigated.

How to introduce QRM in a company?
One might tend to think that what matters is to teach people how to use QRA tools and how to evaluate risk. Although this is something that has to be done, it is necessary to bear in mind that this is only second to the understanding of the purpose and practical utility of QRM.
QRM is not just a kind of new task in a company. It is, in fact, a new way of looking at things, a new approach in analyzing the problems and in proposing solutions to them. This is why the most important and basic task is to make up the mind of people.

Figure 13. Introduction of QRM in a company
To simplify matters it is generally agreed that a good practice is to prepare a detailed protocol describing how the company intends to develop and to apply QRM.

Is there a way to facilitate QRA?
Everybody can have a personal approach towards QRA, but experience shows that there are no simple ways. As said above a good knowledge of the subject is essential, then some dose of experience is helpful and a big amount of patience is necessary.
It has already been described the paramount importance of getting information on the subject and how this can be done. It has also been explained how to choose and use the more common (and practical) tools. Thus, getting an adequate QRA is just a question of work. Get a first draft, review it and improve it little by little until getting something satisfactory. There are no rules, but the approach of working by progressive "retouches" is certainly very appropriate.
It is worth to mention that while working on QRA one of the most puzzling aspects is the frequent confusion that one tends to experience regarding "hazard", "cause" and "effect". This can be overcome in two complementary ways. Firstly by understanding well the meaning of these terms and applying them carefully to the elements being analyzed and secondly by reviewing the draft after a few hours of rest. Normally what is not seen clear now, it will be later.

Why QRA is worthy?
QRA provides us with a systematic and deep knowledge of the problems faced by the process under study. In this sense QRA can help us to overcome one of the main troubles derived of the application of GMP, their being seen as a kind of "tables of the law". The consideration of GMP as the golden principles supposed to provide the answer for every problem, has often led to a passive attitude. We had a problem and then we looked up in GMP. Now, QRA means that we analyze and understand well our problem. It is not necessary to say that this is extremely important and worthy.
QRA is also a key element in the introduction of improvement in the pharmaceutical industry. Without the concept of QRA, improvement would not be understood. In the past improvement didn't exist, because we didn't accept risk. Now when we recognize risk and accept that it is inevitable we can also say that improvement exists and that it consists of the reduction of this risk.

Some common problems solved by using QRA
QRA is a powerful instrument, which may help to solve typical problems faced by the technicians working in a pharmaceutical laboratory and in this sense the ICH Q9 guideline provides many examples regarding the potential applications of QRA "in [4]". It is however worthwhile to study in detail three very common problems: documentation, inspections/audits and handling of active products.

Documentation
"Which documents do I need?" or "tell me which documents I have to prepare and I will do it" are much heard questions. And this is so because GMP does not provide an answer. An impossible answer, anyway, because documentation is closely related to every particular situation and this is why GMP just mentions the documents directly associated with the products (specifications, formulae, processing instructions, etc.) and some general documents (sampling, testing, release, etc.). Documents have to be established on a case by case base, even if in the end all laboratories finish by having about the same documents and the basic difference relies on their extension and on how information is organized and grouped.
Documentation is used to attain two basic goals, information on how to perform operations, in general, and confidence in the control of critical operations, in particular. The first determines basically the number of documents to be written, whereas the second focuses on their contents.
Write a list of the processes of your company and then prepare flow charts for each of them. By doing this a number of operations will appear. Procedures have to describe these operations. There is no rule of thumb about how many are needed. Neither very long nor very short procedures are practical. Consequently a certain level of grouping is necessary and each company has to decide how to do it. Factors which might help in this decision are basically related to logistics, organization and personnel.
Once you have these flow charts perform on them QRA using a very basic tool such as PHA. This will allow detecting hazards and will oblige thinking of the related control measures. And then, these control measures will have to appear in the documents describing the operations.

Inspections / Audits
Inspections and audits worry always personnel. They remind them of the student days and consequently they ask themselves again "how can I pass them successfully"? In the school the obvious answer would have been "learn well the lessons of the program", but in the pharmaceutical industry the program is less obvious and "lessons" are not so clearly stated. They have to take into account GMP, of course, but also other things (GLP, regulations, guidelines, unwritten expectations, company standards, etc.). Here again QRA can help us. As summarized in the figure below our approach should focus in showing that we know our hazards and we keep them mastered.

Handling of active products
GMP establishes the need for dedicated facilities in some cases (production of penicillin or live microorganisms) or requires separation for certain products (antibiotics, hormones, cytotoxics, etc.). Most products are however manufactured in multiproduct facilities, where products share utilities and equipment, after performing the required validations. As products and processes can be very varied it is evident that the orientation provided by GMP can't be very detailed. This is why a QRA approach is very useful.
Among both extremes, a dedicated building (with separated equipment and utilities) and a multiproduct facility, there are less radical solutions, such as, for instance, separated areas (rooms or set of rooms with their own air-locks and changing rooms), provided with separate equipment and utilities, within a multiproduct unit. Also, when this is feasible, a simpler way of preventing cross-contamination might be the use of specific parts of equipment (e.g., filters, sieves), instead of dedicated equipment.
Another approach would be segregating the process from its environment by using isolation technology (i.e. production equipment within isolators or closed equipment instead of separating the rooms).
Campaign manufacturing, which certainly requires appropriate validation, is also a way to prevent cross-contamination.
The application of quality risk assessment to the products and to the processes to be performed within a pharmaceutical unit, allows for their rational design. Containment design of facilities, equipment, and utilities.

Working by
Dedicated rooms or suites of rooms, equipment, and utilities.

LOW RISK
Normal, multi-product facility, equipment, and utilities.

HIGH RISK
The appraisal of the hazard can be performed by using primary hazard analysis (PHA) as it was previously described. In this case from the five categories of hazards mentioned only two have to be taken into account: environmental contamination and cross-contamination. Note: The contents of this table are just given as an example; they don't intend to represent any real situation. Note: The contents of this table are just given as an example; they don't intend to represent any real situation.