Principles of contamination control
Ensure you understand the principles of contamination control before attempting a risk assessment.
Performing a process risk assessment
A significant requirement of Annex 1 and of any CCS is a Process Risk Assessment. There are a number of ways this can be carried out and ICH Q9 contains a number of tools which may be used.
When performing Process Risk Assessments (PRA), it is important to realise that a single process may be used to manufacture or prepare several products. Section ix of your CCS should describe your approach to PRA, the methodology you will use, and how you will manage the output of these risk assessments.
One acceptable approach would be to use Failure Modes Effects and Criticality Analysis (FMECA) The scope of the PRA is to establish risks to VIABLE, NON-VIABLE PARTICULATE and ENDOTOXIN/PYROGEN contamination only. The purpose is to establish if current processes are sufficient, to identify areas where additional controls may be implemented to mitigate identified risks and finally to assess the impact of these changes on those risks.
After completing the PRA, you will have a list of mitigated process steps that must be used to ensure your Process Validation (media fills) is sufficiently robust and adequately challenges the established processes.
Failure Modes Effects and Criticality Analysis
The steps required to perform a PRA using the FMECA model are described below.
Define the risk assessment process
Consider your product profile, and determine how many processes you will need to assess to cover all of the products prepared or manufactured. It is likely that several products will be prepared using the same process, which will be qualified by an Aseptic Process Simulation (APS) or media fill. This may be a good starting point to establish how many processes will require a PRA.
Decide where in the process you will start your PRA, being mindful of the purpose of these assessments. The PRA must consider all elements which contribute to the control of viable, non-viable and endotoxin / pyrogen contamination, so the process must start at the first stage which aims to control these factors.
List the process steps
Taking advice from appropriate team members who are familiar with the process, list all steps involved in the process under assessment.
Risk assess steps
For each step, consider:
- What would the outcome be if that step failed (the hazard)?
- What controls are already in place to prevent that step failing?
Based on the above information, using a scoring system, assign each of the following scores:
- likelihood of failure
- detectability
- severity of consequence
Scores for each may be any scale (1 to 5 or 1 to 100, for example), do not have to be linear (e.g. 1,2,5,6,7), and could be different for each step but the overall approach should be defined in section ix of your CCS.
Evaluate process risks
Once a risk has been assessed, multiply all scores together to determine the overall risk score for each process step. Compare this score with the limits you have defined in section ix of your CCS, depending on the thresholds you have assigned you may take a number of actions:
- accept risk without mitigation
- require risk mitigation
- reject risk as unacceptable
Accept risk without mitigation
Where the risk is sufficiently controlled (risk score lower than your defined threshold) it may be accepted with no mitigation.
Require risk mitigation
Where risk scores are above the threshold required for mitigation, additional risk-reduction measures should be suggested. There may be a number of different ways of mitigating the risk; record each of them within the risk assessment and re-score based on the assumption they have been implemented. This will indicate which option is the best in terms of risk management, and which will result in acceptable risk control.
Reject risk
Where a risk score is so high it is rejected (judged unacceptable) you must consider the suitability of continuing with that process until the risk can be controlled to acceptable levels. Again, mitigation should be considered and re-scored.
Repeat the above with all process steps until all steps have been reviewed and all risk scores have been reduced to acceptable levels.
Generate action plan
When all risks have been assessed and mitigation agreed for unacceptable risks, use the risk assessment to populate an action plan that will implement all required risk mitigation. These should feed into the Pharmaceutical Quality System (PQS) and may require one or more change controls to implement. As with any change control, there should be an assessment of the success of the change, and assurance that there have been no unintended deleterious consequences.
Where changes are made to processes, methods or materials, your change control should also consider the impact on validation of your existing processes. For example, is your APS (media fill) still valid? Do you need to repeat it before accepting the changes?
Review
In addition to the actions required to control risks to acceptable levels, the risk assessment will also identify a number of risks that have been accepted without mitigation. These risks should be reviewed periodically to assess if any new technology, methods or materials could further reduce risks.
Where changes are made to processes, these should also be considered in the context of the already accepted risks, with risk assessments repeated where necessary.