QS-114
Quality Risk Management
Original Document
Scanned document (image-only PDF)
Extracted Text
Searchable text extracted from PDF
1.0 Purpose The purpose of this procedure is to provide principles and tools for Quality Risk Management, and to identify systems used for Risk Management at Ion Labs, Inc. 2.0 Scope This procedure is applicable to general Risk Management of Ion Nutritional Labs Quality Systems, as well as situational Risk Assessment used to make quality decisions about specific cGMP processes and events. Some procedures specifically reference this procedure and are within scope. This procedure is applicable to all cGMP Risk Management. 3.0 Responsibility 3.1. It is the responsibility of all employees engaged in risk analysis to follow this procedure. 4.0 Definitions 41 CAPA - Corrective and Preventative Action; improvements to processes to eliminate causes of non-conformities or other undesirable situations 4.2. eGMP — Current Good Manufacturing Practices; as defined by regulations associated with the manufacture, testing, holding, etc. of a food, dietary supplement, or pet product manufactured and/or packaged by Ion Nutritional Labs 4.3 Corrective Action (CA) — Action taken to permanently correct and prevent recurrence of nonconforming product and other quality system problems [SOP Standard Operating Procedure SOP No | Rev Risk Management and Risk Analysis QS-114 1 Page 2 of 10 4.4 CQS — Core Quality System; a system (i.e. Standard Operating Procedure or combination of procedures) that handle and manage a quality event and that are within the scope of SOP QS-112 Core Quality Systems and Events. Note: There are quality systems outside the scope of QS-112 Core Quality Systems and Quality Events that handle quality events; however, they do not meet this definition of CQS 4.5 DC — Document Control 4.6 Quality Event — An event that triggers the use of a CQS and that is subject to cGMP regulations 4,7 Detectability — the ability to discover or determine the existence, presence, or fact of a hazard 4.8 Harm — damage to health, including the damage that can occur from loss of product quality or availability 4.9 Hazard — a potential source of harm (product defect, a failing system, an environmental condition, etc.) 4.10 Preventative Action (PA) — Action taken to eliminate the cause of potential nonconformities to prevent occurrence before they happen, which anticipate potential problems and eliminate the most likely causes of the problem so they are less likely to occur in all areas of operation 4.11 Quality — the degree to which a set of inherent properties of a product, system or process fulfills requirements 4.12 Quality Risk Management — A systematic process for the assessment, control, communication and review of risks to the quality of a product across the product lifecycle [SOP Standard Operating Procedure SOP No | Rev Risk Management and Risk Analysis Qs-14' [1 Pages ofl0 4.13 Risk — the combination of the probability of occurrence of harm and the severity of that harm 4.14 Risk Acceptance — The decision to accept risk 4.15 Risk Analysis — The estimation of the risk associated with identified hazards, with qualitative or quantitative results 4.16 Risk Assessment — A systematic process of organizing information to support a risk decision made within a risk management process, consisting of the identification of hazards and the analysis and evaluation of risk(s) associated with exposure to those hazards; results of this process may be qualitative or quantitative 4.17 Risk Assessment Subject — A risk question or problem description 4.18 Risk Communication — The sharing of information about risk management between the decision maker and other stakeholders 4.19 Risk Control — Actions implementing risk management decisions 4.20 Risk Evaluation — The comparison of the estimated risk to given criteria using a quantitative or qualitative scale to determine the significance of the risk 4.21 Risk Identification — The systematic use of information to identify potential sources of harm (hazards) referring to the risk question or problem description 4.22 Risk Management — The systematic application of quality management policies, procedures, and practices to the tasks of assessing, controlling, communicating and reviewing risk 5.0 References Sul QS-114-F1, Form, Quality Risk Management — Risk Assessment Form 3.2 C-105, SOP, Protocol and Report Documentation Requirements [SOP Standard Operating Procedure SOP No Rev QS-114 Page 4 of 10 Risk Management and Risk Analysis 5.3 QS-112, SOP, Core Quality Systems and Quality Events 5.4 QS-111, SOP, Root Cause Analysis Bh) ICH Q9 Quality Risk Management 5.6 A-118, SOP, Management Review of Quality Metrics Sul D-105, SOP, Out of Specification/Out of Trend Investigation 5.8 C-201, SOP, Deviation and Investigation Procedure 5.9 QS-108, SOP, Corrective and Preventative Action (CAPA) 5.10 QS-113, SOP, Effectiveness Checks (EC) 5.11 QS-101, SOP, Complaints 5.12 QS-102, SOP, Adverse Events 5.13 C-403, SOP, Change Control Procedure 5.14 C-501, SOP, Document Control 5.15 C-502, SOP, Record Storage, Retention, and Destruction 6.0 Procedure 6.1 Risk Management is the systematic application of quality management policies, procedures, and practices to the tasks of assessing, controlling, communicating and reviewing risk. See Attachment 1 for an overview of Risk Management. Risk Management occurs in response to exceptions and quality events as well as a proactive process to identify and prevent hazards before they occur. [SOP Standard Operating Procedure SOP No | Rev Risk Management and Risk Analysis QS-114 1 Page 5 of 10 6.2 General Principles 6.2.1 Base quality risk evaluation on scientific knowledge and the protection of the patient / customer / employee. 6.2.2 Adjust the level of effort, formality, and documentation of the risk management process to be commensurate with the level of risk. 6.3 Risk Assessment Documentation 6.3.1 For simple Risk Assessment, document the risk assessment directly in the documentation associated with the risk (see Section 6.4 risk sources) 6.3.2 For complex Risk Assessment, document the risk assessment in a report (see SOP C-105 Protocol and Report Documentation Requirements for report documentation). 6.3.3 Use QS-114-F1 Quality Risk Management — Risk Assessment Form to document all other Risk Assessment. 6.4 Risk Management / Assessment / Analysis Sources 6.4.1 Initiate Risk Management / Assessment / Analysis in response to exception data (i.e. Quality Events that may negatively affect the quality of components, materials, products, procedures or systems). These sources include, but are not limited to: 6.4.1.1 Complaints - SOP QS-101 6.4.1.2 Deviations —- SOP C-201 6.4.1.3 OOS —SOP D-105 6.4.1.4 Changes — SOP C-403 6.4.1.5 Protocols / Reports — SOP C-105 [SOP Standard Operating Procedure SOP No | Rev Risk Management and Risk Analysis QS-114 1 | Page 6 of 10 6.4.1.6 Audits or FDA Inspections 6.4.1.7 Product rejections / non-conformities 6.4.1.8 Recalls 6.4.2 Initiate Risk Management / Assessment / Analysis in response to non-exception data such as: 6.4.2.1 Data trending and holistic data reviews 6.4.2.2 Continuous improvement projects 6.4.2.3 Industry and regulatory surveillance 6.5 Risk Assessment Subject — Before conducting a Risk Assessment, define the subject of the RA. The subject is a problem statement or a risk question. The subject is a result of the RA source defined above. 6.6 Risk Assessment consists of three primary questions followed by evaluation of the answers to those questions. The three primary questions are: 6.6.1 What might go wrong? (Risk Identification) 6.6.2 What is the likelihood (probability) it will go wrong? — (first part of Risk Analysis) 6.6.3 What are the consequences (severity)? — (second part of Risk Analysis) 6.7 Risk Identification is the process of identification of what might go wrong as well as the possible consequences. 6.8 Risk Analysis — is the estimation of the risk associated with identified hazards. 6.8.1 Consider the following as part of risk analysis: [SOP Standard Operating Procedure SOP No | Rev Risk Management and Risk Analysis QS-114 "| 1 | Page? of 10 ° The Likelihood (probability) of Failure o Previous inspection results (i.e. determined failure rates) o Product history and process capability o Production line history and process capability o Skill level of operators e The Impact (severity) of Failure o Customer / Personnel Safety o Regulatory compliance fe) Customer satisfaction 6.8.2 Risk Level / Rank is a combination of Impact and Likelihood evaluations. The results of this process may be qualitative or quantitative. A numerical evaluation is not required, but the table below demonstrates the relationship between these parameters and assigns a level from one to nine with one representing the lowest risk and nine representing the highest risk. The ranking level is obtained by multiplying a value (1 to 3) representing the Likelihood of Failure by a value (1 to 3) representing the Impact of Failure (see table below). on Medium Risk (M) | High Risk (H) High Risk (H) 5 "Sb Level = 3 Level = 6 Level = 9 = BS @i) = | LowRisk (L) Medium Risk (M) _ | High Risk (H) 2» oO soz = $ q| Level = 2 Level = 4 Level = 6 oy ey > ‘ 5 = | Low Risk (L) Low Risk (L) Medium Risk (M) 3 — = E Level = 1 Level = 2 Level = 3 Low (1) Moderate (2) High (3) Likelihood of Failure (Probability) [SOP Standard Operating Procedure SOP No | Rev Risk Management and Risk Analysis OS114.| 1.) Pages oft0 6.8.3 Complex Risk Levels / Ranks are acceptable. Use factors in addition to Severity and Probability as applicable. For example, detectability of a failure may also be considered. Consider any combination of factors as applicable to the situation and define the acceptable ranges and the meaning of those ranges. Multiply values together to get an overall numerical value. Compare values of one risk to another if risks require ranking. 6.9 Risk Evaluation/Control — Compare the identified and analyzed risk against given risk criteria. In many cases, predetermined criteria are not available. In those cases, a subjective determination of the Risk Analysis is required. Each risk must be accepted, rejected, or controlled. 6.9.1 Risk Acceptance — Accept low risks that require no additional control(s). 6.9.2 Risk Rejection — Reject high risks that control is necessary, but acceptable control is not possible. Rejection of a risk does not mean that we ignore a risk. Rejection of a risk means that the risk is not acceptable. A rejected risk to product, materials, process, etc. implies that the materials or situations are not acceptable. 6.9.3. Risk Control — Add control to risks as applicable. Controls (i.e. CAPA) added must mitigate the risk to an acceptable level or else classify the risk as rejected. 6.10 Documentation Maintenance 6.10.1 All completed risk assessment forms will be maintained as outlined in SOP C- 501 Document Control and SOP C-502 Record Storage, Retention, and Destruction. 6.10.2 When applicable, completed risk assessment forms will be filed with the related subject source document (i.e. deviation, OOS, complaint). [SOP Standard Operating Procedure SOP No Rev Risk Management and Risk Analysis QS-114 1 Page 9 of 10 7.0 Revision History | Rev | Date | Description of Changes | CCR # | By | |-----|----------|------------------------|-------|----| | 0 | 12/30/19 | New procedure. N/A K. Burris | - | - | | 1 | 09/19/23 | Scheduled review: updated document format. Added document CC- maintenance requirements and references. | 23-0471 | K. Burris | 8.0 Attachments 8.1 Attachment 1 — General Quality Risk Management Process [SOP Standard Operating Procedure SOP No | Rev Risk Management and Risk Analysis Qs-114: -|-1), | Paee Mohd Attachment 1 — General Quality Risk Management Process ( initiate a Quality Risk Management Process / Risk Assessment ¥ Risk Identification ‘ pe = Risk Analysis ¥ Risk Evaluation unacceptable Risk Control 4 Risk Reduction = y a Risk Acceptance noitacinummoC ksiR yIsy yyeuehawauw )001S 4 ( Output / Result of the “ \ Quality Risk Management Process —_/ Risk Review 1 yas Review Events [SOP ION Quality Risk Management — Risk Assessment Form NLuatbrsi tional Form: QS-114-F1 CCR No. CC-23-0471 Revision: 1 Risk Assessment (RA) Subject — Title / Description / Background (i.e. the risk question or problem description) Subject Source / Reference (i.e. DEV #, INV#, Etc.) Note: For complex RA, write a report instead of using this form (see SOP C-105 for reports). For simple RA, document the RA directly in the source instead of using this form. Adjust the level of effort, formality, and documentation to the level of risk. Risk Identification — Identify hazards (i.e. what might go wrong) and list them in the RA Summary table below. Risk Analysis — Estimate the probability and severity of each risk and summarize in the RA Summary table below. Use available data and scientific knowledge as applicable. Check the risk approach used as listed below: C] Qualitative (low, mid, high) C] Quantitative Value (1-9) = Severity (Low=1 to High=3) times Probability (Low=1 to High=3) C] Quantitative Value (1-100) = Severity (Low=1 to High=10) times Probability (Low=1 to High=10) C) Other (specify): Risk Evaluation/Control — Choose to Accept, Reject, or Correct (i.e. CAPA) each identified risk and summarize decision in the RA Summary table below. Rejection of a risk may require corrective action (e.g. rejecting and destroying product or materials). Risk Assessment Summary table Hazard (Risk) Risk Analysis (Rank) Risk Evaluation / Control C N/A or C Risk (specify) 0 Accept 0 CAPA 0 Reject (N/A or C Risk (specify) 0 Accept 0 CAPA C1 Reject O N/A or CO Risk (specify) 0 Accept Ol CAPA 0) Reject C) N/A or CO Risk (specify) C) Accept O CAPA C1 Reject C2 N/A or O Risk (specify) OD Accept O CAPA CO Reject Approval Signatures Name Title Signature Date Completed By: (Initiator) Approved By: (Quality)