Quality Risk Management Plan (2)

Quality Risk Management Plan Status:

DRAFT

Version Number:

Approals

Approe! by

Signature

Date

001

1" Purpose

This Master Plan defines how our Quality Risk Management (QRM) program will be conducted through integration of knowledge gained from formal risk assessments, operational alerts, change controls and inspections as required by !" Q# Quality Risk   Management $ nformation on higher risks will be communicated to management and the quality unit through a risk register intended to increase %isibility and pro%ide focus in discussions on risk control and mitigation$ #" S$ope

This plan applies to all personnel in%ol%ed in the deli%ery of results in the e%aluation of  quality attributes of starting materials, e&cipients, components, 'P, and drug products intended for in%estigati%e medicine testing$ Risk management will also be applied to the systems used to enable testing, including instruments and equipment qualification and to the design of analytical methods for use in support commercial manufacturing$ The following risk management programs are not in scope of this plan and are addressed by other guidance •

Risk management for T supported applications

•

Risk management of spongiform encephalopathies to our 'P and products

•

afety risk assessments

•

Testing acti%ities conducted at contract facilities

•

Testing of research materials$

%" Roles an! Responsibilities

Roles Management

Quality -nit

Responsibilities Pro%ide the resources necessary to support the implementation of this • Master Plan for Quality Risk Management$ *nsure that employees complete any required training regarding risk • assessment$ *nsure that related tandard +perating Procedures and ork • nstructions are aligned with this Master Plan$ *nsure periodic assessments are conducted to %erify that related • acti%ities are in compliance$ *nsure risk assessments, when they are appropriate, are performed, • and that they are properly documented and appro%ed by the Quality -nit as needed$ Re%iew risk assessments$ • Perform periodic re%iew of risk register$ • 'ssist in identifying and e%aluating sources of risk and in •

Quality Risk Management Plan .ersion //0

Page 0 of 1

Roles

Personnel

Responsibilities establishing appropriate controls$ Re%iew and appro%e risk assessments on acti%ities go%erned by •  procedures$ Perform periodic re%iew of risk register$ • -tili2e risk tools and perform risk assessments where appropriate$ • f in the role of risk assessment facilitator • 3 study the features of the tool to use$ 3 identify sub4ect matter e&perts to participate in the assessment$ 3 document the assessment$ ubmit formal risk assessments to 5unctional 'rea Management and • Quality -nit for re%iew and appro%al$ !omply with this management plan$ •

Quality Risk Management Plan .ersion //0

Page 6 of 1

&" 'a$kgroun!

7$0$ The principles of QRM in the preparation of medicinal products are described in !" 8uidance for ndustry Q# 3Quality Risk Management$ n alignment with !" Q# recommendations, this QRM plan is built around the following steps Risk 'ssessment, !ontrol, !ommunication and Re%iew$ 7$6$ QRM is a critical component of quality systems and feeds from the in%estigations and inspections program and is le%eraged to guide change management$ Risk management is implemented with practices appropriate to the stage of pro4ect de %elopment$ (" Risk Assessment

9$0$ Risk dentification 9$0$0$ !" Q# defines risk as the combination of the probability of occurrence of harm and the se%erity of that harm for the intended patients$ 's an organi2ation de%eloping analytical knowledge and methods, another fitting definition for risk is that of the + :0/// Risk Management tandard which defines risk as uncertainty in reaching ob4ecti%es$ This QRM intends to both address potential of harm to  patients and uncertainty in ob4ecti%es$ The primary focus of risk management is to control the risk to data on product attributes, as this data is used to both determine suitability of products for clinical programs and to propose specifications utili2ed in e%aluation of manufacturing process control$ +ther ob4ecti%es include accurate data for proposal of labeling information; de%elopment and %alidation of robust methods, and testing in support of manufacturing acti%ities (e$g$, water testing)$ 9$0$6$ Risks are proacti%ely identified in deli%erables by conducting risk assessments to the type of tests that e%aluate product quality attributes used in the decision for  batch release$ 5ailure modes are identified by e&perts in the technique and ranked$ Multiple sources are used for further identification of risks to be e%aluated as well as to trigger re%iew of processes for risk assessment$ These sources include Quality -nit and regulatory inspections, benchmarking, internal self inspections, in%estigations on operational alerts, and trend e%aluations$ These risks are analy2ed and e%aluated for inclusion in the Risk Register$

Quality Risk Management Plan .ersion //0

Page : of 1

9$6$ Risk 'nalysis < *%aluation 9$6$0$ Multiple tools will be used for the estimate of risk posed by the ha2ards identified$ ub4ect matter e&perts will consider the risk to be e%alua ted and select a tool appropriate to the comple&ity of the system or acti%ity under e%aluation$ nformal risk management may be used, including empirical e%aluations where appropriate, flow charts, check lists and procedures$ 9$6$6$ 5or the analysis and e%aluation of data for batch release, 5ailure Mode and *ffect 'nalysis was chosen as it can guide e%aluation of numerous failure modes, summari2ing the effect and quantitati%e ranking for guiding control efforts$ 5or the 5M*' risk analysis of tests for the release testing a cti%ity, the table presented below outlines the starting point$ ' team using this tool can further refine this table to suit the risk question and should capture the analysis table in the documentation of the risk assessment$

S$ore

S)V)R*T+

10

Passing a failing product, can result in release of adulterated product

/

% 1

 =ot used to ensure the assessment of  se%erity is most conser%ati%e$> 'dditional introduction of error, e&panding the uncertainty of the method but still meeting specification @ata representati%e of product attribute

,--.RR)N-)

D)T)-T*,N

5requent

!annot be detected

Moderate, occasional

.ery ?ow

nfrequent or has occurred>>

Moderate

Remote or unlikely

'lmost !ertain

>5alse ++A++' were not included in 4udgment of se%erity as these are in%estigated and resol%ed without impact to the product release timeline and consequently no impact to product a%ailability to patients >>n an effort to address the uncertainty on failure mode occurrence, any obser%ation of a failure mode was gi%en a raised %alue occurrence %alue (:) recogni2ing limitations in detecting some failure modes $

Quality Risk Management Plan .ersion //0

Page 7 of 1

9$6$:$ *ach failure mode is assigned a Risk Priority =umber (RP=) B e%erity C +ccurrence C @etectability$ 5or e&le for e%erityB0/, +ccurrenceB:, and @etectabilityB0/ the calculated RP= is ://$ These RP= are then categori2ed as ?ow 030//, Medium 0/039// and "igh 9/0 30///$ " Risk -ontrol

D$0$ The purpose of a risk management program is to decide, for the ha2ards identified, what controls are possible and when they should be sought and implemented$ *%aluation of risk controls will consider the following questions • • •

• •

s the risk currently managed at an acceptable le%elE hat can be done to reduce or eliminate the riskE s there other data that helps manage the process, e%aluation and can be used in lieu of a controlE hat is the appropriate balance among benefits, risks and resourcesE @oes implementation of the control introduce new risksE Final Risk eel 3ig4

Me!ium

o6

De$ision 2ui!an$e  (0/) Risk is una$$eptable an! a$tion to re!u$e risk is re5uire!" Design Ne6 -ontrols: 'cti%ely work to mitigate these through design, systems, procedures and other controls$ De$ision re5uire! a$$epting risk or taking a$tion to re!u$e risk" Take a$tion: f detectability of risk is poor (e$g, 130/), consider whether action is required and seek to de%elop clear understanding on how to recogni2e when this failure mode occurs$ 'ction might include awarenessAtraining or de%elopment of new controls$ ,bsere7A$$ept: f detectability of risk is good (e$g$, 03:) or se%erity is low (03:), maintain %igilance (operational alerts program)$ Resi!ual risk is a$$eptable8 risk is !ete$table an! o9 lo6 seerity8 no 9urt4er a$tion is re5uire!" Fnowledge of the actual process is well understood$

Quality Risk Management Plan .ersion //0

Page 9 of 1

/" Risk -ommuni$ation

1$0$ The goal of a risk communication is to, by way of sharing information on risks identified and their controls, increase risk awareness and promote controls that support quality$ This means that personnel in different roles ha%e different needs regarding communication of risk$ 1$6$ Personnel conducting acti%ities will need to be informed of risks so that they maintain  beha%iors that support best practices sustain %igilance and understand process so as to help control risk$ This communications is achie%ed through training, method details, formal procedures and aides such as check lists to enhance their ability to control risk$ 1$:$ Management is responsible to allocate resources for acti%ities; therefore, they must support identification of risk and stay informed of risks that require additional controls$ Management is also responsible to commit resources to the de%elopment of those controls or accept residual risk$ This communication will be achie%ed and documented through their appro%al of plans, procedures, formal chan ge controls and of the risk register$ 1$7$ @ocumentation of Risk 'ssessments 1$7$0$ 5ormal documentation of risk assessment and other risk management acti%ities will be at the discretion of management and the Quality -nit obser%ing the guiding  principle of documentation effort commensurate with the impact of the risk $ 5ormal risks assessments will utili2e a template which will include the following elements 0) 6) :) 7) 9) D)

!ontain a unique number   @efine the risk assessment method Atool and rationale for selection !onducted by appropriately trained personnel @iscuss controls and risk acceptance (if appropriate) @efine periodic re%iew cycle nclude appro%al by the Quality -nit when analy2ing a process for purpose of  buildup of the risk register or used to 4ustify changes to procedures$

Quality Risk Management Plan .ersion //0

Page D of 1

1$7$6$ ?ow impact risk assessments for easily understood or specific situationsAprocesses may be analy2ed and documented by an M*$ These will be managed informally, documented in the process tools (e$g$ Trackise record, instrument qualification document, notebook record) or incorporated into a  procedure

1$9$ *stablishment of a Risk Register  1$9$0$ ' risk register(s) will be maintained to be comprised of a ranking of risks identified through risk assessment of the ma4or deli%erables and processes$ The Gusiness -nit and the Quality -nit will re%iew the risks identified and decide which risks should be managed through the risk register based on the potential impact to  patients and the quality of deli%erables$ 1$9$6$ *ach risk listed in the register will 0) "a%e a number assigned as per the following scheme a) *Q-*=T'? =-MG*R A T*  b) *Q-*=T'? =-MG*R B 0, 6, : etc (indi%idual risk within the risk assessment) 6) T* :) !lassify the risk listed qualitati%ely (e$g$, Medium or "igh)$ 7) 'ddress how the risk is managed or controlled$ 9) @ocument the decision on whether the risk is accepted under current controls or new controls should be de%eloped$ D) !ontain a reference to an issued risk assessment or other reference 1$9$:$ t is intended that the register will list high risks and can include medium risks agreed during the re%iew as requiring remediation$ 1$9$7$ The risk register will be appro%ed by Management and the Quality -nit$

" Risk Reie6

To remain effecti%e, the risk register re%iew will consider the impact of trends in quality e%ents, change controls and lessons learned from auditsA inspections and its re%iew documented at a minimum once e%ery : years$ This re%iew will also document remo%al of a risk from the register  due to risk reassessment$

;" Re9eren$es

10" Do$ument 3istory

)99e$tie Date

Do$ument *D < Version

Quality Risk Management Plan .ersion //0

Aut4or=s>

Des$ription

Page 1 of 1

Quality Risk Management Plan .ersion //0

Page H of 1