Risk assessment as a process quality assurance tool in sterile pharmaceutical manufacturing

Environmental contamination control is a crucial part of sterile pharmaceutical manufacturing, and risk management is essential to ensure that appropriate control practices are in place.

The Risk Management process follows a series of steps, such as risk assessment, that enable a greater understanding of the manufacturing environment.

Such assessments may result in the removal, reduction, or monitoring of activities associated with a product or process to mitigate risk. Qualitative risk assessment can help inform the quantitative evaluation by employing contemporary risk analysis tools and procedures.

The following provides a fully documented rationale for the chosen path.

The concept of risk in pharmaceutical production

The released draft of EU GMP Annex 1, Revision 12, highlighted the importance of risk management as a suitable tool for ensuring the quality of a process. The draft clearly states the need for risk management in sterile drug manufacturing and recommends it for other product types as well. In particular, where controlling pyrogen, particle, and microbial contamination is required, for example, in certain creams, ointments, liquids, and low bacterial intermediates.¹

The production and use of a drug (medicine) and its components necessarily entail some risk. It is crucial that product quality is maintained throughout a product's life cycle. This ensures that the attributes necessary for a drug’s quality (Critical Quality Attributes) remain constant throughout its development and production phases.

As per ICH Q6A, drug quality refers to how suitable a drug substance or drug product is for its intended purpose.⁵

Risk management procedures generally focus on analyzing each process in a product life cycle with the intention of performing an assessment, mitigation, and review of the associated dangers over time. As defined in ICH Q9, risk assessment is a systematic means of organizing information to uphold risk decisions made as part of a risk management process.²

When discussing pharmaceutical quality, the term “process” has different meanings. It can refer to each stage of development, production, testing, inspection, distribution, and drug delivery. It can also include the design, qualification, and validation of facilities, instruments, and equipment.

A process, therefore, is any activity that could directly or indirectly impact the final product’s quality. It is immediately evident that pharmaceutical quality risk management is very broad in scope.

Before analyzing different risk management procedures, it is beneficial to reflect on their key distinctions, starting with problems and hazards. Problems are related to a process’s perception or implementation, whereas a hazard is defined as an intrinsic quality or property that could cause damage to the process and, therefore, to the end customer.⁴

Risk is probabilistic, as it combines the probability of a given event occurring and the likelihood that it will cause damage. It is complicated further by the inability to detect risks as they occur.

From a technical standpoint, risk is the product of severity and probability, where detectability – if introduced – should consider the risk of detection system failure.² The concept of risk suggests the existence of a danger source and the possibility of it causing harm.³

At this stage in the Risk Management analysis process, the risk is effectively realized and documented in a scientific format. From this point, the risk assessment’s evaluations and tests must become quantitative and visual so the source of the risk and the ability to manage it can both be externally understood.

The final stage in risk assessment is identifying hazards and scientifically analyzing and evaluating the risks associated with exposure to them. This includes the severity of damage or harm to health, as well as any logistical damage that could arise from a decline in product quality or availability.

It is essential that a robust quality management system and manufacturing practices are in place to reduce the likelihood of risks to patient safety, product quality, and company reputation to an acceptable level.

There are two key ideas that underpin quality risk management:

• The level of commitment, formality, and documentation of the quality risk management process should be proportional to the risk level
• Risk assessments should be driven by patient protection and based on scientific knowledge

Risk assessment

The risk assessment process comprises steps ranging from identifying hazards to analyzing and evaluating the risks associated with their exposure. Figure 1 shows the steps developed during the analysis.

The risk identification step involves systematically using information to identify potential sources of harm (hazards) and their possible consequences (impact/effect). The identification of these harms and consequences is dependent on theoretical analysis, stakeholder concerns, informed opinions, historical data, brainstorming sessions, etc. This information is crucial to developing process comprehension.

These three basic questions can be helpful as an aid to clearly defining risk:

1. What could go differently from expected?
2. What is the probability (likelihood) of it going differently from the expected result?
3. What are the consequences (severity) of this?

Figure 1. Steps for Risk Identification and Analysis. Image Credit: Particle Measuring Systems

Risk analysis is the estimation of the risk associated with identified hazards. It can be both qualitative and quantitative, linking the probability and severity of harm (with severity defined as a measure of a hazard’s possible consequences) by evaluating the design/measures that control their occurrence and detection.²

Analyzing the degree of risk helps to inform the sourcing of the appropriate tools or actions for its management over time. The ability to detect damage (detectability) may also be considered a factor that influences the overall risk estimate in some risk management tools.

Risk assessment then enables the estimated risk to be compared with certain risk criteria. This is performed through either a quantitative or qualitative scale that determines its significance and, later, defines an acceptability threshold.

A numerical probability is used when risk is expressed quantitatively. Alternatively, risk can be expressed using qualitative descriptors, such as "high", "medium", or "low": these should be defined in as much detail as possible. The goal of risk control is to reduce the risk to an acceptable, defined level.

The assessment should therefore either lead to acceptance of the risk (risk control) if the level is acceptable, or to a reduction of the risk if it is not at an acceptable level.

The risk control process may include actions to:

• decrease the likelihood that the identified hazards and risks will occur
• increase the detectability of the identified hazards and risks
• decrease the severity of the identified hazards and risks

It must always be remembered that implementing risk-reduction measures may introduce new risks into the system (induced risk) or increase the significance of pre-existing risks (correlated risk).

Therefore, it is appropriate to review the assessment after a risk-reduction process is implemented to identify and evaluate potential changes. The frequency of conducted reviews should be proportional to the risk level. The risk review may require reconsideration of risk acceptance decisions.^2,4

Acceptance is only possible when it is scientifically proven that the final quality of the process is not critically affected by the identified or residual risk. For some types of damage, even the highest-quality risk management practices may not eliminate all risks. In such cases, applying an appropriate risk management strategy reduces the risk to quality to a specified (acceptable) level.

What is deemed acceptable will vary based on many factors and should be decided on a case-by-case basis. A variety of processes, including a cost-benefit analysis, can be used to determine the optimal risk control level while remaining in compliance with normative and regulatory requirements.²

Risk management and possible approaches

There are currently several scientific methods available for risk analysis. These can be employed independently or in conjunction with other techniques to achieve the most constructive outcomes. For example, combining the HACCP method with FMEA could yield more comprehensive documents than either method alone. The following section explores these opportunities.

HACCP

The HACCP approach is a proactive, systematic, and preventive tool for ensuring the safety, reliability, and quality of products.⁷ Drawing from the development of a ‘Decision Tree’, the HACCP approach enables the identification of critical and non-critical areas of the process under analysis.

FMEA

The FMEA approach systematically analyzes potential failure modes to prevent failures. As a preventive action process, it is implemented before new products, processes, or modifications are introduced.

Ideally, FMEA analysis is conducted in the process/product design or development phases, though it can also be useful when applied to existing products and processes.

This approach is appropriate in many areas, including pharmaceutical manufacturing and assembly.

It is made up of several steps:

• Reviewing the process
• Identifying possible error modes
• Listing the potential impacts of the error modes
• Assigning severity/occurrence and detection to each effect,
• Calculating a Risk Priority Number (RPN) to prioritize mitigating actions that help to eliminate or reduce the risk

Risk Priority Number (RPN)

The Risk Priority Number is calculated from the results obtained following the evaluation of three factors: "Severity" (the severity of the risk), "Detection" (the ability to be able to detect the risk), and "Occurrence" (the probability that the risk could occur and recur within the analyzed process).

For each of these parameters, variables are evaluated and subsequently multiplied to acquire the final evaluation: RPN = Severity x Detection x Occurrence.⁶

After the variables for each parameter are set, the maximum and minimum scores are calculated to define the parameter's range. If the score value falls within the lowest range, a risk value of "low" would be assigned. If it falls in the intermediate range, it would be deemed "medium". It would be considered "high" if the RPN value falls within the highest range.

Establishing and dividing into different risk ranges is necessary for the next risk control step to be completed.

Assigning a risk value to one range rather than another influences the decision-making process for risk reduction or acceptance. If the total identified risk is either medium or high, corrective or preventive risk control actions must be applied to the process to reduce it (i.e., the risk of quality being affected).

When possible, the risk value should be reduced to an acceptable threshold value. Risks in the "low" range are considered acceptable because they fall below the established acceptable threshold and do not require corrective or preventive action, as the risk is already controlled.

Using the filling and finishing of a product as an example, it is essential to have a secure strategy to prevent environmental contamination during the sterile production process to ensure the finished product’s quality.

Risk assessment is, therefore, a fundamental tool for pharmaceutical companies to strengthen their quality assurance processes, combined with their choice of instrumentation, which practically performs what is theoretically assessed. Adequate data representation and good data historicization are potential parameters to be considered to facilitate the risk control and review process.

Appropriate use of quality risk management can facilitate (but does not replace) the industry's obligation to comply with regulatory requirements.²

Conclusions

An effective risk management approach can ensure the delivery of high-quality drugs and medicines to patients by providing a proactive means to identify and control potential quality issues during drug development and manufacturing.

The main goal of any risk management system should be the protection of the product’s end-user: product quality is the definitive measure of the success of a quality risk strategy that identifies and maintains the end customer’s safety. A fully documented Risk Assessment allows pharmaceutical companies to acquire high-quality products and comply with regulatory requirements and guidelines.

Product quality is managed through microbiological and particle control of air and surfaces, in accordance with a defined monitoring plan. It is also crucial to consider the interdependence between risk management and risk assessment methods.

It can be helpful to make use of external organizations for guidance. Such experts can help a company define and manage its risks by sharing the information they have gathered in a clear, systematic way. This communication can take place at any point in the process and the shared information may relate to the likelihood, existence, form, severity, nature, control, acceptability, detectability, treatment, or other aspects of the quality risks as required.

References

1. European Commission (2022). EudraLex - Volume 4 - Good Manufacturing Practice (GMP) guidelines. (online) European Commission. Available at: https://health.ec.europa.eu/medicinal-products/eudralex/eudralex-volume-4_en.
2. Elder, D. and Teasdale, A. (2017). ICH Q9 Quality Risk Management. ICH Quality Guidelines, pp.579–610. DOI: 10.1002/9781118971147.ch21. https://onlinelibrary.wiley.com/doi/10.1002/9781118971147.ch21.
3. Super User (2026). Art. 2 - Definizioni. (online) Tussl. Available at: https://tussl.it/titolo-i-principi-comuni/capo-i-disposizioni-generali/art-2.
4. ISO/IEC Guide 51:1999 - Safety Aspects - Guideline for their inclusion in standards. (online) ISO. Available at: https://www.iso.org/standard/32893.html. 
5. ICH (1999). International Conference on Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use Ich Harmonized Tripartite Guideline Specifications: Test Procedures and Acceptance Criteria for New Drug Substances and New Drug Products: Chemical Substances Q6A. (online) Available at: https://database.ich.org/sites/default/files/Q6A%20Guideline.pdf.
6. Bennett, M.A., McDermott, R. and Beauregard, M. (2017). The Basics of FMEA. Productivity Press. DOI: 10.1201/b16656. https://www.taylorfrancis.com/books/mono/10.1201/b16656/basics-fmea-raymond-mikulak-robin-mcdermott-michael-beauregard.
7. WHO Technical Report Series No 908, 2003 Annex 7

Acknowledgments

Produced using materials originally authored by Marco Castaldo from Particle Measuring Systems.

About Particle Measuring Systems

Particle Measuring Systems has 35 years of experience designing, manufacturing, and servicing microcontamination monitoring instrumentation and software used for detecting particles in air, liquid, and gas streams as well as molecular contamination monitoring.

Specific applications include cleanroom monitoring, parenteral sampling, filter and in-line testing in deionized water and process chemicals, and point-of-use monitoring of inert gases and in-situ particle monitoring. Specialty monitoring includes parts cleanliness testing with a highly automated solution.

Particle measuring systems

Whether you want to protect a product or meet industry requirements, such as ISO 14644, USP 797, or GMP, Particle Measuring Systems has a large variety of particle counters and molecular monitors to meet your needs. With 35 years experience, it has proven reliability to support your application.

Particle counters

Protect your product with our reliable particle counters. PMS has airborne, portable, and liquid particle counters for a wide variety of applications, including DI water, chemicals, and cleanroom monitoring. Compare particle counters or learn how to monitor your cleanroom or product by reading our papers.

Molecular contamination monitors

Molecular contamination causes costly problems for high-value products, production processes, and equipment surfaces. PMS has solutions for both Airborne Molecular contamination (AMC) and Surface Molecular contamination (SMC). With parts-per-trillion limits of detection, real-time sampling, NIST traceable calibrations, and various data analysis packages, you can monitor in confidence.

Gas detectors

If you need gas detectors for process control or continuous emissions monitoring, Particle Monitoring Systems can help. Get real-time, reliable results with its ammonia, hydrogen fluoride, and chlorine detectors for worker protection, CEMs, and pollution monitoring.

Sponsored Content Policy: News-Medical.net publishes articles and related content that may be derived from sources where we have existing commercial relationships, provided such content adds value to the core editorial ethos of News-Medical.net, which is to educate and inform site visitors interested in medical research, science, medical devices, and treatments.