Quality Risk Management – Industrial Pharmacy II B. Pharma 7th semester PDF Notes

Quality Risk Management (QRM)

Quality Risk Management (QRM)


  • Identification and management of risk in the pharmaceutical industry are vital to understanding pharmaceutical products and processes to minimize potential negative impacts on patients
  • In the highly regulated pharmaceutical industry, it is important that significant risks be formally identified, reduced, controlled, and effectively communicated throughout the supply chain and the product lifecycle

Quality Risk Management (QRM)

  • Quality risk managementis a systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle
  • Risk management principlesare effectively utilized in many areas of business and government including finance, insurance, occupational safety, public health, pharmacovigilance, and by agencies regulating these industries
  • It is commonly understood that risk is defined as the combination of the probability of occurrence of harm and the severity of that harm
  • The manufacturing and use of a drug (medicinal) product, including its components, necessarily entail some degree of risk
  • The risk to its quality is just one component of the overall risk
  • It is important to understand that product quality should be maintained throughout the product lifecycle such that the attributes that are important to the quality of the drug (medicinal) product remain consistent with those used in the clinical studies
  • An effective quality risk management approach can further ensure the high quality of the drug (medicinal) product to the patient by providing a proactive means to identify and control potential quality issues during development and manufacturing
  • Additionally, use of quality risk management can improve the decision making if a quality problem arises
  • Effective quality risk management can facilitate better and more informed decisions, can provide regulators with greater assurance of a company’s ability to deal with potential risks and can beneficially affect the extent and level of direct regulatory oversight

Scope of QRM according to ICH Guidelines

  • ICH Quality Guideline Q9: Quality Risk Managementpresents general principles of risk management and examples of various risk management tools that can be applied to different aspects of pharmaceutical quality
  • These aspects include development, manufacturing, distribution, and the inspection and submission/review processes throughout the lifecycle of drug substances, drug (medicinal) products, biological and biotechnological products (including the use of raw materials, solvents, excipients, packaging and labelling materials in drug (medicinal) products, biological and biotechnological products)

Principles of QRM

Two primary principles of quality risk management are:

  1. The evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient; and
  2. The level of effort, formality and documentation of the quality risk management process should be commensurate with the level of risk


  • QRM activities are usually, but not always, undertaken by interdisciplinary teams
  • When teams are formed, they should include experts from the appropriate areas (e.g., quality unit, business development, engineering, regulatory affairs, production operations, sales and marketing, legal, statistics and clinical) in addition to individuals who are knowledgeable about the quality risk management process

Decision makers should

  • Take responsibility for coordinating quality risk management across various functions and departments of their organization; and
  • Assure that a quality risk management process is defined, deployed and reviewed and that adequate resources are available

Risk assessment

1. Risk assessment

Risk assessment consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards

Quality risk assessments begin with a well-defined problem description or risk question

As an aid to clearly defining the risk(s) for risk assessment purposes, three fundamental questions are often helpful:

a. What might go wrong?

b. What is the likelihood (probability) it will go wrong?

c. What are the consequences (severity)?

2. Risk identification

Is a systematic use of information to identify hazards referring to the risk question or problem description

Information can include historical data, theoretical analysis, informed opinions, and the concerns of stakeholders

Risk identification addresses the “What might go wrong?” question, including identifying the possible consequences

This provides the basis for further steps in the QRM process

3. Risk analysis

Is the estimation of the risk associated with the identified hazards

It is the qualitative or quantitative process of linking the likelihood of occurrence and severity of harms

In some risk management tools, the ability to detect the harm (detectability) also factors in the estimation of risk

4. Risk evaluation

Compares the identified and analyzed risk against given risk criteria

Risk evaluations consider the strength of evidence for all three of the fundamental questions

Output of Risk

  • The output of a risk assessment is either a quantitative estimate of risk or a qualitative description of a range of risk
  • When risk is expressed quantitatively, a numerical probability is used
  • Alternatively, risk can be expressed using qualitative descriptors, such as “high”, “medium”, or “low”, which should be defined in as much detail as possible
  • Determination of the Critical Quality Attributes (CQAs) of the drug substance, raw materials (components), in-process materials, and drug product that have an impact on product quality through use of prior knowledge and experimentation.
  • Identifying which attributes are critical to meeting product quality and ensuring patient safety are key to the risk assessment process
  • Once the significant material attributes and process parameters are identified, they can be studied further to gain a higher level of understanding on the impact on product quality.
  • Along with the drug substance and raw material attributes risk assessment, the selection of an appropriate manufacturing process that links material attributes and process parameters to CQAs should be evaluated using a risk assessment tool

Risk Control

  1. Risk Control
  • Includes decision making to reduce and/or accept risks
  • The purpose of risk control is to reduce the risk to an acceptable level
  • The amount of effort used for risk control should be proportional to the significance of the risk
  • Decision makers might use different processes, including benefit – cost analysis, for understanding the optimal level of risk control
  1. Risk Reduction
  • Focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable) level
  • Risk reduction might include actions taken to mitigate the severity and probability of harm
  • Processes that improve the detectability of hazards and quality risks might also be used as part of a risk control strategy
  • The implementation of risk reduction measures can introduce new risks into the system or increase the significance of other existing risks
  • Hence, it might be appropriate to revisit the risk assessment to identify and evaluate any possible change in risk after implementing a risk reduction process
  1. Risk Acceptance
  • Is a decision to accept risk
  • Risk acceptance can be a formal decision to accept the residual risk or it can be a passive decision in which residual risks are not specified
  • For some types of harms, even the best quality risk management practices might not entirely eliminate risk
  • In these circumstances, it might be agreed that an appropriate quality risk management strategy has been applied and that quality risk is reduced to a specified (acceptable) level
  • This (specified) acceptable level will depend on many parameters and should be decided on a case-by-case basis

Risk Communication

  • Is the sharing of information about risk and risk management between the decision makers and others
  • Parties can communicate at any stage of the risk management process
  • The output/result of the quality risk management process should be appropriately communicated and documented
  • Communications might include those among interested parties; e.g., regulators and industry, industry and the patient, within a company, industry or regulatory authority, etc
  • The included information might relate to the existence, nature, form, probability, severity, acceptability, control, treatment, detectability or other aspects of risks to quality

Risk Review

  • Risk management should be an ongoing part of the quality management process and a mechanism to review or monitor events should be implemented
  • The output/results of the risk management process should be reviewed to take into account new knowledge and experience
  • Once a QRM process has been initiated, that process should continue to be utilized for events that might impact the original quality risk management decision
  • These events are planned (e.g., results of product review, inspections, audits, change control) or unplanned (e.g., root cause from failure investigations, recall)
  • The frequency of any review should be based upon the level of risk
  • Risk review might include reconsideration of risk acceptance decisions

Risk management methodology

  • Traditionally, risks to quality have been assessed and managed in a variety of informal ways (empirical and/ or internal procedures) based on, for example, compilation of observations, trends and other information
  • Such approaches continue to provide useful information that might support topics such as handling of complaints, quality defects, deviations and allocation of resources
  • Additionally, the pharmaceutical industry and regulators can assess and manage risk using recognized risk management tools and/ or internal procedures (e.g., standard operating procedures)

Risk management tools

❖ Basic risk management facilitation methods (flowcharts, check sheets etc.)

❖ Failure Mode Effects Analysis (FMEA)

❖ Failure Mode, Effects and Criticality Analysis (FMECA

❖ Fault Tree Analysis (FTA)

❖ Hazard Analysis and Critical Control Points (HACCP)

❖ Hazard Operability Analysis (HAZOP)

❖ Preliminary Hazard Analysis (PHA)

❖ Risk ranking and filtering

❖ Supporting statistical tools

Integration of QRM into industry & regulatory operations

  • Quality risk management is a process that supports science-based and practical decisions when integrated into quality systems
  • Effective QRM can facilitate better and more informed decisions, can provide regulators with greater assurance of a company’s ability to deal with potential risks, and might affect the extent and level of direct regulatory oversight
  • In addition, QRM can facilitate better use of resources by all parties

Departments using QRM

  • Quality management
  • Development
  • Facility, equipment and utilities
  • Materials management
  • Production
  • Laboratory control and stability testing
  • Packaging and labelling
  • Inspection and assessment activities

 For Detailed PDF Notes Click on Download Button