Validation & Compliance: Using Risk Analysis in Process Validation

Published on: 
BioPharm International, BioPharm International-02-01-2007, Volume 20, Issue 2

All of the primary unit operations for cell culture and purification had scores greater than the action threshold.


Process validation is used to confirm that the resulting product from a specified process consistently conforms to product requirements. A risk-based approach to process validation provides a rational framework for developing an appropriate scope for validation activities, focusing on processes that have the greatest potential risk to product quality. This article presents a case study in which a risk-based approach was used to evaluate a typical mammalian cell culture and purification process. This risk assessment used a Failure Modes and Effects Analysis (FMEA) to evaluate the impact of potential failures and the likelihood of their occurrence for each unit operation. Unit operations included in the process validation required a risk priority number greater than or equal to a specified threshold value. Unit operations that fell below the threshold were evaluated for secondary criteria such as regulatory expectations or historical commitments. The risk assessment covered the entire process and a portion of the assessment is reviewed here.

Process validation is a requirement defined in the ICH Q7A guideline, Good Manufacturing Practice Guidance for Active Pharmaceutical Ingredients as "the documented evidence that the process, operated within established parameters, can perform effectively and reproducibly to produce an intermediate or API meeting its predetermined specifications and quality attributes."1 A similar requirement is specified in The Code of Federal Regulations, Title 21—Food and Drugs; Part 820: Quality Systems regulation, which states that a "process shall be validated with a high degree of assurance."2

Because these requirements focus on ensuring safe and effective product for use, validating processes or unit operations that have direct effect on product quality is critical. For processes or unit operations that do not directly affect product quality, there is an opportunity to apply risk management principles to make risk-based decisions about whether to include non-critical processes in a formal validation package. This risk-based approach is supported in the FDA's concept paper, "Pharmaceutical cGMPs for the Twenty-First Century: A Risk-Based Approach."3

To make risk-based decisions, a systematic approach is essential. The ICH Q9 guideline, Quality Risk Management, provides a structure to initiate and follow a risk management process.4 Although alternative acceptable approaches are presented in Vesper5 and Chan,6 the structure suggested in Q9 will be followed here.

The basic flow (Figure 1) for a risk management program consists of four major components: risk assessment, risk control, risk review, and risk communication.4 All four components are essential. For this process validation case study, the focus will be on the risk assessment and the activities leading up to the risk assessment.

Figure 1. Overview of a risk management process, from the ICH Q9 guidance, Quality Risk Management.4


Various activities must be carried out before initiating the risk assessment phase of a risk management program. These activities are common to all types of risk analysis tools and include, but are not limited to: defining the scope of the assessment; team selection; establishing action thresholds for making decisions; and defining the types of decisions to be made when the assessment is complete.

Defining the Scope

For the new product process validation described in this case study, the scope was confined to the primary unit operations of a mammalian cell culture and purification process. Defining the scope focuses the team's effort and ensures that all team members have the same level of understanding for the analysis phase. For example, failures that could result in an environmental spill were out of scope of this assessment.

Team Selection


Team selection is also key to the success of a risk assessment. The team must be crossfunctional and represent the appropriate areas as defined by the scope. The team used for the process validation case study included individuals from four departments: validation, process development, quality, and manufacturing. This provided the necessary subject matter expertise to understand the details of running the manufacturing equipment and the design of the process.

Selecting a Risk Analysis Tool

One of the final items defined in the initiation phase is selecting a risk analysis tool. The tool will dictate the structure used throughout the risk assessment phase. The choice of tool depends on the logic of the tool and the amount of information and data are available.

The logic of the tool relates to how failure is viewed in the context of time. If the logic of a tool is designed to look forward in time, the tool will be designed to answer the question, "What would happen if this failure occurred?" This type of reasoning is inductive, and examples of inductive risk analysis tools include Preliminary Hazard Analysis, Failure Mode Effect Analysis, and Event Trees.

If the logic of the tool is to look back in time, the question being answered is, "What caused this issue or failure to happen?" This is deductive reasoning and a tool that supports this type of logic is a Fault Tree Analysis. In this process validation case study, a tool that looks forward in time was the best choice. The goal was to look at the types of failures that could occur and list the product quality consequences of each potential failure's occurrence.

Once a tool with an inductive reasoning approach has been chosen for the risk assessment, the amount of available information and data must be considered. If the risk assessment will be performed on a process that has not been well defined, or if only limited information is available, a tool that requires a lot of detail for execution would not be appropriate. In such a case, a Preliminary Hazard Analysis, which only requires limited information, may be the most appropriate tool.

Such a tool would not make sense, however, for evaluating a process validation protocol. At the point a validation protocol is written, a very detailed level of understanding is assumed to exist through extensive process characterization work and large scale shake-down runs of the process equipment. Therefore, an inductive risk analysis tool that is designed to handle a well-defined process is needed. In addition, the tool must be able to capture the known or potential failures for the process as defined in the scope and identify the impact of failure. A number of tools fit this description. One such tool is a Failure Mode Effect Analysis (FMEA). More in-depth comparisons of available risk analysis tools appear in the literature. 5,7,9,10


A process FMEA begins by defining the scope of the process to be evaluated. This can be done easily by using a process map. As noted in the discussion of the initiation phase, the scope is narrowed further by listing items that do not fall within the analysis, according to the assumptions made for the analysis. For example, raw materials were not part of this risk analysis, and it was assumed that the raw materials met established specifications. This in-scope–out-of-scope exercise typically is completed by the leader of the risk assessment process and is shared with the team. It is helpful to complete an "FMEA start up worksheet" to organize the pre-work. McDermott, et al., propose an example of such a sheet.8 Additional pre-work required for an FMEA is developing the scales to be used in the analysis and the action threshold to be used for the gap analysis or risk evaluation component of the risk assessment phase.

Table 1. Steps to execute a Failure Mode Effect Analysis.

Steps for Conducting an FMEA

Executing an FMEA is a highly structured process, and the basic steps for execution are listed in Table 1. The first two steps are "Scope Definition" and "Defining Problem of Interest." This work, which is common to all risk assessments, is completed in the initiation of the risk management process. The next step is to define the scales that will determine relative risk and ultimately provide a mechanism to prioritize work, or, in the context of this case study, to determine whether a system should be included in the process validation protocol. The impact or relative risk is measured using the product of three different scales: severity, occurrence, and detection:8

  • Severity measures the consequence of the failure, should it occur.

  • Occurrence describes the likelihood or frequency of failure.

  • Detection is the ability to measure or recognize the potential failure before the consequence is observed.

FMEA scales. FMEA scales typically are developed using a 10-point scale. Ideally, the scales are populated with information from the actual process such as process alarm logs, historical investigations, or actual process performance data. If these data are not available, the scales must be populated with descriptions that remove as much subjectivity as possible.

Another aspect of developing the scale is selecting the numerical values. Whether the team defines a scale using all 10 values of a ten-point scale, or only a subset of the values, depends on the level of resolution needed to make appropriate risk-based decisions at the end of the exercise. When the scales are qualitative—in other words, when there are no historical data to describe the observed failure rates—it can be difficult to develop descriptions for all 10 values. The spacing is only relative, so a one-unit difference in a scale value is not as important as agreement that a value of 5 indicates more severe consequences or more frequent occurrence than an item assigned a value of 4. Finally, with text descriptions for every value in the 10-point scale, it can be difficult to provide sufficient descriptions to clearly distinguish each value from the next. This could slow the team down with excessive discussion about a one-unit difference in the assigned scale value.

The three scales for this process validation FMEA were developed using a conventional 10-point scale with four different levels (Table 2). By selecting an even number of levels, a mid-point to the scale is eliminated, thus forcing the team away from the center of the scale.

Table 2. Severity, occurrence, and detection scales used to populate the FMEA

For the case study, the severity scale was designed to describe the consequences related to product quality, as defined by actions resulting from exceeding limits of relative importance. The consequences are at their greatest when there is the potential to compromise patient safety. Therefore, the highest severity rating (10), which was assigned the most serious consequence (a rejected lot), and the lowest severity rating (1), had no consequences because there was no quality impact and no investigation would be required.

The occurrence scale was based on the percentage of time the failure mode was expected to occur. The highest value (10) had a high likelihood of occurrence and the lowest value (1) had a low possibility of occurrence.

The detection scale was defined by the ability to detect each of the failure modes or the effect of the failure before it actually occurred. For the detection scale, the reverse logic is used. If a potential failure mode is easy to detect or has a very high likelihood of detection, the value of the detection scale is low. The converse is true for failure modes or their effects that are difficult or impossible to detect. These modes receive a high value on the detection scale. The detection scale for this process validation FMEA had a high value of 10 ("impossible to detect before the next process step") to the lowest value of 1 ("almost certain to detect the failure before the next process step").


Per Q9, risk identification is defined as identifying the hazards. Essentially, identifying the hazards answers the question, "What can go wrong?" This is a brainstorming activity with the team. This activity should generate many known and potential failure modes. The goal is to make this list as exhaustive as possible. Once the team completes the list, the failures are organized into an FMEA worksheet (Table 3). This worksheet will contain all of the information required to complete the analysis. The various failure modes are organized into the sheet according to which part of the process they related to, as outlined in the process flow diagram.

Table 3. Process FMEA table for cell culture bioreactor, buffer preparation, and ultrafiltration (UF) installation

Since identifying all potential failures can be an enormous task when considering an entire manufacturing process, the process map generated during the initiation phase of the risk management process is a valuable tool to generate the logical breaks that organize and focus the brainstorming. In this study, the team generated a list of potential failure modes and the list was organized by the various unit operations identified in a process flow diagram. For this discussion, a subset of the failure modes for the cell culture production bioreactor, ultrafiltration (UF) installation, and buffer preparation were considered (Table 3).


The next step in the risk assessment phase is risk analysis. Risk analysis involves using the actual tool. Per Q9, the qualitative or quantitative estimation of severity or the consequence, and the likelihood and the ability to detect the failure, are determined during the risk analysis. Within the context of the FMEA, the potential effects of the various failure modes are identified and the scales for severity, occurrence, and detection are applied.

For each failure mode, there may be multiple effects. For that reason, the scales are applied to each effect. For example, one of the effects of incorrect buffer composition is that the buffer pH could fall outside operating limits. In this example, a severity value of 7 was assigned, because an excursion outside the operating range for buffer pH would result in an investigation tied to the disposition of a batch of product. The remaining potential effects of failure and the assigned severity, occurrence, and detection values are summarized in Table 3.

Next, the occurrence scale is applied to the failure modes. Referring back to Table 3, the occurrence value for the failure mode, "buffer composition incorrect," is a 4. According to the scale, this potential failure mode is expected to occur between >1% and <10% of the time.

The final scale value to assign is detection. The detection scale is applied to the failure mode or the effect. The detection value assigned to detecting an incorrect buffer composition is 1. Because the current controls can easily identify the failure mode or the effects of this failure mode (pH or conductivity measurements out of range during buffer preparation), the problem would be observed before the buffer were needed in the process.


The final step in the risk assessment is the risk evaluation. The risk evaluation is the gap analysis of the calculated risk relative to the acceptable level of risk (the action threshold). To perform the gap analysis, a risk priority number (RPN) is calculated. The RPN is calculated by multiplying the severity, occurrence, and detection values for each row in the FMEA table.

For the chosen scales in the analysis, the highest possible score would result in an RPN of 1,000 and the lowest possible score is an RPN of 1. The highest value observed in Table 3 was 280 and the lowest value was 28. The calculated RPNs from the actual process validation FMEA are plotted in Figure 2. Unit operations that had RPNs greater than or equal to the action threshold of 30 were included in the scope of the process validation protocol. From Table 3, this included the cell culture production bioreactor. Although not presented in the FMEA table, all of the primary unit operations for the cell culture and purification process had RPN scores greater than the action threshold and were included as part of process validation.

Figure 2. The calculated risk priority numbers (RPNs) from the actual process validation failure modes effects analysis.

For unit operations with RPNs below the threshold, a secondary evaluation was performed. From Table 3, the buffer preparation and UF installation underwent the secondary evaluation. The secondary evaluation may include whether there are procedural requirements, regulatory commitments, industry expectations, or other requirements that would necessitate the adjustment of the actual protocol. Of the two unit operations listed, the team agreed that the buffer preparation unit operation should be included as part of process validation. Buffer preparation operations were added to the scope of process validation activities based on past regulatory experiences. No such experiences necessitated the inclusion of UF membrane installation. Note that UF membrane installation or other processes with RPN values below 30 that were not included as part of process validation are controlled through manufacturing and standard operating procedures. This approach ensures that all operations are appropriately controlled, and those operations with the greatest potential risk to product quality are controlled and validated.

At this point, the risk assessment phase ends. The risk management process would continue through the steps of risk control, risk review, and communication. This implies that over the course of the product's lifecycle, the risk assessment is reviewed. This review includes adjustments to regulatory requirements or to additional information related to the new process.


This case study represents a risk-based approach to evaluating the scope of process validation activities. Through the use of a process FMEA, an objective assessment of the potential uncertainties and their effect on product quality were evaluated and organized to make the most optimal decisions. The use of a risk-based approach also provided a consistent method for decision making which was easily aligned with business goals such as resource allocation and ensuring patient safety. Ultimately, applying such a risk-based approach to process validation should reduce the number of surprises or minimize their impact through the consistent use of the tools, proper communication and periodic review. Finally, the risk assessment phase does not replace the role or importance of the decision-maker. The output of the risk assessment should only support and objectively outline the tradeoffs and the uncertainties relative to the meeting the goals of the company or the functional area.

Leslie Sidor is director of quality engineering and improvement at Amgen, 303.401.2285, lsidor@amgen.comPaul Lewus is a principal validation engineer at Amgen, 303.401.7421,


1. International Conference on Harmonization. Q7A, Good manufacturing practice guidance for active pharmaceutical ingredients. Geneva, Switzerland.; 2001 Aug.

2. Code of Federal Regulations, Title 21, Food and Drugs. Part 820, Quality System Regulation, 820.75 (a).

3. US Food and Drug Administration. Pharmaceutical CGMPs for the 21st Century—A Risk-Based Approach. Final Report. Rockville, MD; 2004 Sept.

4. International Conference on Harmonization. Q9, Quality Risk Management; 2006 June.

5. Vesper JL. Risk assessment and risk management in the pharmaceutical industry clear and simple. Baltimore, MD: Parenteral Drug Association; 2006;74–76.

6. Chan TC. A HACCP framework for risk management in bio/pharmaceutical processes. PDA Letter. 2005 Mar; XLI(3): 1, 14–19.

7. Juran JM, Gruna FM. Quality planning and analysis from product development through use. New York, NY: McGraw-Hill Book Company; 1980; 167–200.

8. McDermott RE, Mikulak RJ, Beauregard MR. The Basics of FMEA. Waitsfield, VT; Resource Engineering, Inc.; 1996.

9. O'Donnell K, Greene A. A risk management solution designed to facilitate risk-based qualification, validation, and change control activities within GMP and pharmaceutical regulatory compliance environments in the EU. Part I, fundamental principles, design criteria, outline of process. J GXP Compl. 2006 July;10 (4):12–25.

10. O'Donnell K, Greene A. A risk management solution designed to facilitate risk-based qualification, validation, and change control activities within GMP and pharmaceutical regulatory compliance environments in the EU. Part II, tool scope, structure, limitation, principle findings, and novel elements. J GXP Compl. 2006 Jul;10(4):27–35.