Validation & Compliance: Using Risk Analysis in Process Validation

Feb 01, 2007


Process validation is used to confirm that the resulting product from a specified process consistently conforms to product requirements. A risk-based approach to process validation provides a rational framework for developing an appropriate scope for validation activities, focusing on processes that have the greatest potential risk to product quality. This article presents a case study in which a risk-based approach was used to evaluate a typical mammalian cell culture and purification process. This risk assessment used a Failure Modes and Effects Analysis (FMEA) to evaluate the impact of potential failures and the likelihood of their occurrence for each unit operation. Unit operations included in the process validation required a risk priority number greater than or equal to a specified threshold value. Unit operations that fell below the threshold were evaluated for secondary criteria such as regulatory expectations or historical commitments. The risk assessment covered the entire process and a portion of the assessment is reviewed here.

Process validation is a requirement defined in the ICH Q7A guideline, Good Manufacturing Practice Guidance for Active Pharmaceutical Ingredients as "the documented evidence that the process, operated within established parameters, can perform effectively and reproducibly to produce an intermediate or API meeting its predetermined specifications and quality attributes."1 A similar requirement is specified in The Code of Federal Regulations, Title 21—Food and Drugs; Part 820: Quality Systems regulation, which states that a "process shall be validated with a high degree of assurance."2

Because these requirements focus on ensuring safe and effective product for use, validating processes or unit operations that have direct effect on product quality is critical. For processes or unit operations that do not directly affect product quality, there is an opportunity to apply risk management principles to make risk-based decisions about whether to include non-critical processes in a formal validation package. This risk-based approach is supported in the FDA's concept paper, "Pharmaceutical cGMPs for the Twenty-First Century: A Risk-Based Approach."3

To make risk-based decisions, a systematic approach is essential. The ICH Q9 guideline, Quality Risk Management, provides a structure to initiate and follow a risk management process.4 Although alternative acceptable approaches are presented in Vesper5 and Chan,6 the structure suggested in Q9 will be followed here.

Figure 1. Overview of a risk management process, from the ICH Q9 guidance, Quality Risk Management.4
The basic flow (Figure 1) for a risk management program consists of four major components: risk assessment, risk control, risk review, and risk communication.4 All four components are essential. For this process validation case study, the focus will be on the risk assessment and the activities leading up to the risk assessment.


Various activities must be carried out before initiating the risk assessment phase of a risk management program. These activities are common to all types of risk analysis tools and include, but are not limited to: defining the scope of the assessment; team selection; establishing action thresholds for making decisions; and defining the types of decisions to be made when the assessment is complete.

Defining the Scope

For the new product process validation described in this case study, the scope was confined to the primary unit operations of a mammalian cell culture and purification process. Defining the scope focuses the team's effort and ensures that all team members have the same level of understanding for the analysis phase. For example, failures that could result in an environmental spill were out of scope of this assessment.