How to Apply Risk Assessment Techniques to Outsourcing - Apply risk management principles to monitor outsourced activities. - BioPharm International

ADVERTISEMENT

How to Apply Risk Assessment Techniques to Outsourcing
Apply risk management principles to monitor outsourced activities.


BioPharm International
Volume 23, Issue 7

FUNDAMENTAL #2: DETERMINING OVERSIGHT STRATEGY FOR CONTRACTED ACTIVITIES

Numerous recent 483 observations and deficiencies cited in warning letters have emphasized the current FDA expectation that outsourced activities must have the appropriate controls in place, with adequate oversight provided by the contract giver. However, one of the primary benefits of outsourcing work is that it frees internal resources for other purposes. If significant internal resources must be used to verify and double-check everything that happens at a contract site, much of the benefit of outsourcing will be negated. Tactical determination of adequate oversight for the outsourced activities becomes vital. Risk assessment exercises may be used effectively to determine and prioritize appropriate and adequate oversight strategies for the contracted activities. Levels of oversight should be commensurate with the risk associated with a given activity, and additional oversight resources should be directed toward activities with higher risk ratings.


Table 1. Example of a risk assessment tool for outsourced activities (detectability x severity = overall risk factor)
When performing a risk assessment for contract operations or services, the process should take into account (or weigh) factors such as the level of experience with the contract organization, audit, or inspection histories (types of audit findings, status of audit findings, or occurrence of repeat findings), and personnel turnover rates, in addition to the nature and criticality of the contracted activities themselves. The customary elements of visibility or detectability of an event or non-conformance and severity, should be thoughtfully weighted when using risk assessment tools for determining oversight requirements. One simple example of a risk assessment tool is detailed in Table 1. Although not an exhaustive list of all the possible failure modes that might be associated with the subject activity, Table 1 illustrates the process. The severity ratings used may be based on several types of potential impact; regulatory, compliance or quality, patient safety, and development time lines. The site- or organization-specific considerations mentioned previously are accounted for and weighted within the critical inputs factor.

The example in Table 1 is just one of endless possibilities. Each organization must make its own decisions regarding what risk factors it will assess, how it will weight risk factors, and the implications associated with a given risk rating or level. The point is to be able to demonstrate that all risk factors have been taken into consideration when evaluating oversight requirements. Another important benefit of performing a risk assessment as part of the oversight strategy determination is that it provides documented rationale supporting the application of more moderate levels of oversight for lower risk activities, as well as highlighting those activities requiring increased levels. In other words, it guides application of control measures used to appropriately mitigate and manage the identified risks.


blog comments powered by Disqus

ADVERTISEMENT

ADVERTISEMENT

GPhA Issues Statement on Generic Drug Costs
November 20, 2014
Amgen Opens Single-Use Manufacturing Plant in Singapore
November 20, 2014
Manufacturing Issues Crucial to Combating Ebola
November 20, 2014
FDA Requests Comments on Generic Drug Submission Criteria
November 20, 2014
USP Joins Chinese Pharmacopoeia Commission for Annual Science Meeting
November 20, 2014
Author Guidelines
Source: BioPharm International,
Click here