GxPpro News Archive
QRM should now be integrated into your quality systems,
so let’s take a look at some FAQ about QRM
Do all inspections cover the quality risk management process?
Yes, quality risk management (QRM) is a requirement of Chapter 1 of the EU GMP Guide Part I and Annex 20. All manufacturing authorisation holders, third country manufacturing sites, blood establishments, blood banks and active pharmaceutical ingredient manufacturers must have a system for QRM. Inspectors will review the QRM system as part of the Quality Systems section of the inspection (along with complaints, recalls, deviations, and product quality reviews etc). Additionally, inspectors may review specific risk assessments when encountered during inspection. Inspectors will allocate time commensurate with their perceived significance of the risk and if necessary request the company to produce a formal summary of the risk assessment, key decisions and conclusions or take copies of risk assessments for further consideration outside the inspection.
Should a company have a procedure to describe how it approachs QRM related to manufacture and GMP?
Yes, the procedure should be integrated with the quality system and apply to planned and unplanned risk assessments. It is an expectation of Chapter 1 that companies embody quality risk management. The standard operating procedure (SOP) should define how the management system operates and its general approach to both planned and unplanned risk management. It should include scope, responsibilities, controls, approvals, management systems, applicability, and exclusions.
What are the key attributes of a good risk assessment?
The following key attributes should be observed (mindful of the risk significance addressed in the previous question):
- clearly identify the process being assessed and what it is attempting to achieve, ie what the harm/risk is and what the impact could be on the patient
- be based on systematic identification of possible risk factors
- take full account of current scientific knowledge
- be conducted by people with experience in the risk assessment process and the process being risk assessed
- use factual evidence supported by expert assessment to reach conclusions
- do not include any unjustified assumptions
- identify all reasonably expected risks – simply and clearly along with a factual assessment and mitigation where required
- be documented to an appropriate level and controlled/approved
- ultimately be linked to the protection of the patient
Should we expect there to be no risk to patient safety as a conclusion to a risk assessment?
In reality there is always a degree of risk in all situations but mitigation controls should minimise the likelihood to an acceptable level of assurance.
The degree of risk tolerated very much depends on the circumstances, the proximity to the patient and other controls that may follow the process being assessed before the product is used by the patient.
It should be expected that risk mitigation plans are identified and implemented where any risk to patient safety is posed. Companies should take a holistic view and be mindful that critical issues often occur where multiple failures in systems occur together so mitigation plans should be sufficiently robust to tackle such potential.
Inspectors will be assessing if risk assessments underate either the likelihood, consequences or detection of occurrences in order to make it appear that there is minimal risk to the patient.
The factual evidence behind statements may be challenged. The impact should not consider the financial impact on a site/company to the detriment of the patient.
|
