How to Apply Risk Assessment Techniques to Outsourcing - Apply risk management principles to monitor outsourced activities. - BioPharm International


How to Apply Risk Assessment Techniques to Outsourcing
Apply risk management principles to monitor outsourced activities.

BioPharm International
Volume 23, Issue 7


Numerous recent 483 observations and deficiencies cited in warning letters have emphasized the current FDA expectation that outsourced activities must have the appropriate controls in place, with adequate oversight provided by the contract giver. However, one of the primary benefits of outsourcing work is that it frees internal resources for other purposes. If significant internal resources must be used to verify and double-check everything that happens at a contract site, much of the benefit of outsourcing will be negated. Tactical determination of adequate oversight for the outsourced activities becomes vital. Risk assessment exercises may be used effectively to determine and prioritize appropriate and adequate oversight strategies for the contracted activities. Levels of oversight should be commensurate with the risk associated with a given activity, and additional oversight resources should be directed toward activities with higher risk ratings.

Table 1. Example of a risk assessment tool for outsourced activities (detectability x severity = overall risk factor)
When performing a risk assessment for contract operations or services, the process should take into account (or weigh) factors such as the level of experience with the contract organization, audit, or inspection histories (types of audit findings, status of audit findings, or occurrence of repeat findings), and personnel turnover rates, in addition to the nature and criticality of the contracted activities themselves. The customary elements of visibility or detectability of an event or non-conformance and severity, should be thoughtfully weighted when using risk assessment tools for determining oversight requirements. One simple example of a risk assessment tool is detailed in Table 1. Although not an exhaustive list of all the possible failure modes that might be associated with the subject activity, Table 1 illustrates the process. The severity ratings used may be based on several types of potential impact; regulatory, compliance or quality, patient safety, and development time lines. The site- or organization-specific considerations mentioned previously are accounted for and weighted within the critical inputs factor.

The example in Table 1 is just one of endless possibilities. Each organization must make its own decisions regarding what risk factors it will assess, how it will weight risk factors, and the implications associated with a given risk rating or level. The point is to be able to demonstrate that all risk factors have been taken into consideration when evaluating oversight requirements. Another important benefit of performing a risk assessment as part of the oversight strategy determination is that it provides documented rationale supporting the application of more moderate levels of oversight for lower risk activities, as well as highlighting those activities requiring increased levels. In other words, it guides application of control measures used to appropriately mitigate and manage the identified risks.

blog comments powered by Disqus



Lundbeck CEO Resigns Due to Code of Conduct Breach
November 24, 2014
IMS: Global Spending on Medicines to Rise 30% by 2018
November 24, 2014
Janssen Partners with Transposagen Biopharmaceuticals for CAR-T Therapies
November 24, 2014
Amgen Opens Single-Use Manufacturing Plant in Singapore
November 20, 2014
GPhA Issues Statement on Generic Drug Costs
November 20, 2014
Author Guidelines
Source: BioPharm International,
Click here