Assessing and Managing Risks in a GMP Environment - Investing time and resources into conducting a risk assessment on a process or product can have a variety of benefits. Save your firm from


Assessing and Managing Risks in a GMP Environment
Investing time and resources into conducting a risk assessment on a process or product can have a variety of benefits. Save your firm from regulatory headaches by making risk management part of its culture.

BioPharm International

PROCESSES USED IN RISK MANAGEMENT GAMP4 and HACCP are two well-known processes used to manage risk in FDA-regulated industries. They are not specific tools for assessing risks. Rather, they cover the wider set of activities important in risk management. Both GAMP4 and HACCP allow the use of some of the RA tools previously discussed. GAMP4 is an amalgam of HACCP, FMEA, and FTA. For details see the ISPE guidelines.13

Hazard Analysis and Critical Control Points (HACCP) HACCP is the primary risk reduction process used in the food industry, including firms regulated by FDA and USDA. HACCP is defined as a systematic risk management approach to the identification, evaluation, and control of hazards. It is not intended to be a stand-alone program, and it can easily be integrated with a GMP quality system. There are five preliminary steps to prepare for HACCP:

  • Assemble the HACCP team.
  • Describe the product and its distribution.
  • Describe the product's intended use and users.
  • Develop a process flow diagram.
  • Verify the process flow diagram.

Once these steps have been taken, the HACCP program follows seven principles:

  • Conduct a hazard analysis.
  • Determine the Critical Control Points (CCPs).
  • Establish Critical Limits (CLs).
  • Establish monitoring procedures.
  • Establish corrective action.
  • Establish verification plan.
  • Establish record keeping and documentation procedures.

HACCP typically identifies and addresses biological, chemical or physical hazards — that is, those that could cause injury or illness.21 While these hazards are critical to drug products as well, there is no reason why HACCP cannot be expanded to include compliance and regulatory risks (for example, making an uncontrolled change to a process). DeSain and Sutton describe using HACCP in a biopharmaceutical context.22

Figure 5. Conceptual Model Used in Risk Evaluation
EVALUATING RISKS Once hazards and risks have been identified, decisions need to be made as to whether or not the risks must be controlled or mitigated in some way. Risk evaluation uses the information generated by risk assessment, whether it is qualitative or quantitative, and overlays it upon societal, business, regulatory, and financial realities to answer, "How much risk are we prepared to take?" As shown in Figure 5, some risks are simply unacceptable — the probability of a serious outcome is too high and must be modified or the product or process must be abandoned. Other risks are acceptable — either the consequences are so minimal or the chance of them happening are so remote that the risk is negligible.

Other risks, however, may be accepted if the benefits outweigh the risks or if the risks can be controlled or reduced so that the benefit-to-risk ratio is acceptable. Risks that are "as low as reasonably practicable" (ALARP), are evaluated on the basis of technical and economic practicability.

WAYS TO CONTROL OR MITIGATE RISKS After risks are identified, their impact characterized, and the decisions made as to which risks need to be reduced or eliminated, controlling them is often a creative, technological, and economic challenge. Before a change is made, perform an evaluation to assure that the proposed change does not create any new or unexpected risks. Some of the standard ways of reducing or controlling risks include:

  • Substitution — using a safe solvent instead of a potentially toxic one
  • Uncoupling or loosely coupling a process — breaking apart a process so there are inherent stops to prevent a process from "running away" and getting out of control
  • Process simplification — reducing the number of steps or "risk exposures" that could occur
  • Isolation — moving or enclosing an activity so it presents fewer potential risks
  • Elimination — removing a potential risk
  • Changing conditions — modifying the temperature, pressure, or time
  • Providing more information — giving those involved more useful information regarding prevention or response to a problem
  • Decreasing the frequency of an event happening — reducing the number of times a potentially hazardous material is used
  • Decreasing the consequences should an event occur — providing protective equipment to workers or using an assay that tests for the presence of a known potential contaminant
  • Duplicating assets — creating redundancy or increasing inventories
  • Changing the source — using a vendor or material source that is potentially more reliable or consistent
  • Implementing procedures — instituting procedures that prevent an accident or a failure
  • Engineering controls — designing and implementing electronic, mechanical, or other controls to prevent the problem
  • Training — providing personnel with knowledge and skills so they better understand the process and how to effectively mitigate the risk
  • Validation — demonstrating (and documenting) that a process or system consistently performs according to its defined requirements

blog comments powered by Disqus



AbbVie to Acquire Shire for $54.7 Billion
July 18, 2014
AstraZeneca Reveals Design for New Global R&D Center and Corporate Headquarters
July 18, 2014
Particulate Matter Prompts Baxter's Recall of IV Solutions
July 17, 2014
Mylan to Acquire Abbott's Non-US Businesses in $5.3 Billion Stock Deal
July 14, 2014
Shire and AbbVie Discuss Possible Deal
July 14, 2014
Author Guidelines
Source: BioPharm International,
Click here