How to Apply Risk Assessment Techniques to Outsourcing - Apply risk management principles to monitor outsourced activities. - BioPharm International


How to Apply Risk Assessment Techniques to Outsourcing
Apply risk management principles to monitor outsourced activities.

BioPharm International
Volume 23, Issue 7


The risk assessment exercises that have been used in determining quality agreement, notification, and oversight requirements also can provide insight into the most meaningful performance metrics to be monitored for a contract organization. For example, a manufacturing activity has been deemed to be high risk given the criticality of the material, degree of detectability of material non-conformance, limited experience with the contract manufacturer, and outstanding audit issues. Given these particular risks, oversight activities should focus on verifying that the batch record has been executed properly, and that issues have been captured and addressed. Oversight requirements for this CMO or activity, at present, have therefore been determined to include a complete review of the batch record and analytical release data before disposition of the batch by the contracting party's quality unit. With these oversight requirements, performance metrics to be monitored for this contractor may include tracking issues noted during batch documentation review, such as missed deviations or any data integrity issues. The focus should be on monitoring things that would indicate whether the systems and controls used by the contract organization are working effectively.

Ideally, the metrics used should be developed and agreed on by both sides. Potential actions resulting from noted trends in the metrics also must be defined. For example, if execution errors are noted, "man-in-plant," oversight may ensue. Conversely, if documentation is of high quality, reviews may be reduced. As work progresses, additional relevant indicators of performance may become evident. A learning curve is to be expected, and adjustments to monitoring tactics should be made.

Monitoring performance metrics serves no purpose if they are not reviewed by the involved parties at some interval. Risk assessment results can help in determining an appropriate review frequency. As with the elements of the first two fundamentals, the frequency of performance reviews should be in balance with the risk associated with the outsourced activities. Given the high risk and an anticipated volume of work of five to six campaigns a year, the site may decide a biannual or quarterly review frequency is appropriate. The outcome of the review process should be shared with the contract organization, whether directly involving the contract organization and personnel, or performed chiefly as an internal exercise. In some cases, requests for formal corrective action may be made. Regardless, the information should be shared so that the contract organization can use it to address any problems. This ideally should be a collaborative exercise so that the contract organization feels free to provide feedback on how the customer might facilitate successful execution of the contracted activities.

The performance metrics reviewed, actions taken, and any other outcome of the review exercise also should feed back into the risk assessment process. The risk assessment process should not be thought of as a one-time exercise to be performed initially. It should be used as a tool, to be repeated at some frequency, because the factors influencing risk continually change. As new information is received regarding elements composing the risk profile for a contract organization, the risk assessment should be revisited. Based on changing risk factors, adjustments in contractual requirements, oversight strategy, review or monitoring frequency, or even qualified status may become necessary.


In recent years, adopting the principles of Quality by Design has shown us that the more we know about the factors that are essential to our process and, therefore, truly impact product quality, the more manageable and flexible control of our process will become. Just as we have used risk assessment and risk management techniques in identifying the critical quality parameters of our products and processes, we can likewise use them in our efforts to identify those factors essential to monitoring and managing outsourced activities. The application of risk assessment principles to these supporting fundamentals will help us realize full benefit of these partnerships, while at the same time ensuring appropriate and adequate oversight of outsourced activities.

Dawn Schofield is a compliance advisor at Safis Solutions, LLC, Indianapolis, IN, 317.777.6200 (ext. 113),

blog comments powered by Disqus



Bristol-Myers Squibb and Five Prime Therapeutics Collaborate on Development of Immunomodulator
November 26, 2014
Merck Enters into Licensing Agreement with NewLink for Investigational Ebola Vaccine
November 25, 2014
FDA Extends Review of Novartis' Investigational Compound for Multiple Myeloma
November 25, 2014
AstraZeneca Expands Biologics Manufacturing in Maryland
November 25, 2014
GSK Leads Big Pharma in Making Its Medicines Accessible
November 24, 2014
Author Guidelines
Source: BioPharm International,
Click here