Risk management protocols like FMEA, FMECA, HACCP, and ISO 14971 are important for PAT implementation to understand and control process variability. Conducting a risk analysis identifies potential hazards and failures in the process, which helps determine the extent of validation needed and reduce costs. It is also important for regulatory compliance. PAT uses a risk-based approach where understanding critical process parameters and their variability allows for more flexible regulatory approaches. Risk management provides a framework for decision making in PAT implementation and facilitates process understanding.

1. How to Use Risk
Management
for PAT Implementation

2. Agenda
 Risk Analysis Background
 Various Protocols
 FTA, FMEA/FMECA, HACCP, GAMP 4, ISO
14791, ISO 17799
 Risk Analysis and PAT
 Understanding & controlling variability
 Summary

3. Why Do Risk Analysis?
 For Regulatory Compliance….
 Measure and rank of compliance effort
 Regulatory submissions checklists (PMA and 510k) used
by the FDA now call for inclusion of risk analysis
 FDA Requires risk analysis for software within medical
devices
 Determine Extent of Validation
 ID Process Weaknesses Early to Reduce Cost
 Reduce Product Liability
 Identification of device design problems prior to
distribution eliminates costs associated with recalls
 It is the Right Thing to Do!

4. Methodologies

5. Risk Management Protocols
 FTA – Fault Tree Analysis
 Use first
 FMEA – Failure Mode Effects Analysis
 What could go wrong
 FMECA- Failure Mode Effects & Criticality Analysis
 Adds probability of occurrence and severity of failure to the FMEA
process
 HACCP – Hazard Analysis and Critical Control Points
 How to keep the ‘wrong’ from happening
 ISO 14971
 GAMP (appendix M3)
 BS/ISO 17799

6. Impact on
Risk Management is a Process Cost and
Compliance
Team & Defs ID Processes
ID Use and Potential Misuse
ID Potential Hazards
Develop Quantify Consequences and
Controls Probabilities Doc Eval
for Risk
and
Reduction Resulting
Determine Risk Index Risk
Risk Acceptable? Stop
NO YES

7. Fault Tree Analysis Steps
Process Fault Tree Analysis
 Top Down Approach to
Risk Analysis
 Look at Hazards and Work
Back to Failures that Cause
Hazards
 List the Possible Hazards
 What Failures, or
Combination of Failures,
Will Lead to the Named
Hazards?
 Diagram the Fault Tree
 Tool to Intercept or Design
Out Unacceptable
Consequences

8. FMECA or FMEA Approaches
 Bottom Up Approach to Risk Analysis
 Look at Hazards of System Components
Process Pre-Production Possible Component Defects
Determine Undesired Events
Corrective Actions

9. FMEA
 There are Two Main Types of FMEA:
 Design FMEA which focuses on what could go
wrong with a product in both manufacturing
operation and in service as a result of a
weakness in the design
 Process FMEA which concentrates on the
reasons for potential failure during
manufacturing and in service
 This is a result of non-compliance to specification
and/or design intent

10. FMEA Protocol
 Define the Product Function(s)
 ID All Potential Failures
 Determine Failure Causes
 Determine Failure Effects
 Assign a Risk Index to Each Failure Type
 Develop Appropriate CAPA
 Ensure that the CAPA Has the Desired
Effect

11. Format for FMEA Table
Function or Failure Effect on Possible Risk User Acceptable
Component Mode System Hazard Index Detection Controls
Means
Filter; Plugge Dilute Dirty 5 Alarm; Surge
T1 d Filter; water; water; Warnin Tank
Concentrat
Valve; Short e solute
Contami g Light;
Pump circuit nated Flow
product; Meter
Bad
conc.

12. Hazard Analysis & Critical Control Points
 A Comprehensive, Methodical, Systematic
Review
from Design to Development, Manufacture and Use
for Identifying, Evaluating and Controlling Hazards.

13. HACCP
 Based on the Following Seven Principles:
 Principle 1: Conduct a hazard analysis
 Principle 2: Determine the critical control points
(CCPs)
 Principle 3: Establish critical limits
 Principle 4: Establish monitoring procedures
 Principle 5: Establish corrective actions
 Principle 6: Establish verification procedures
 Principle 7: Establish record-keeping and
documentation procedures

14. Critical Control Points
 A Point, Step or Procedure at Which a Control Can
be Applied to Eliminate or Reduce a Hazard to an
Acceptable Level
 Set a Max/Min Value of Risk to Which a Safety
Parameter Must Be Controlled at a CCP
 Established by:
 Regulatory standards
 Scientific publications
 Industry standards
 Experts
 Experimental studies

15. ISO 14971
 Defines Risk Management as a 13-Step Process:
 State intended use and ID characteristics of safety of product
 ID known foreseeable hazards
 Estimate the risks for each hazard
 Evaluate risk
 Analyze options
 Implement risk control measures
 Evaluate residual risk
 Analyze risk/benefit
 ID other generated hazards
 Complete risk evaluation
 Evaluate overall residual risk
 Complete risk management report
 Provide post-production data

16. GAMP 4 Functional Risk
Assessment Methodology
 Mechanism for Assessing and Ranking the
Risks Arising from Computerized Systems
 Links Degree of Validation to Overall
System Vulnerability to Develop Risk-
appropriate Validation Strategies
 First, ID the Functional Criticality of an
Automated System
 Second, Analyze the System’s Vulnerability to
Deficient Operation
 Third, Determine a Validation Strategy
 Validation must address any e-record/signature
requirements

17. GAMP Risk Classifications
Likelihood
Low Med High
Severity of Impact
High
Infrastructure
Software
Custom
COTS
Med
Low
Key:
GAMP Risk Level 1 System
GAMP Risk Level 2 System
GAMP Risk Level 3 System

18. Risk and PAT

19. What is PAT?
 A System to…..
 Design, analyze, and control a process…..
 ….based on timely measurements of
 ….critical quality parameters and…
 ….performance attributes….
 ….of raw and in-process materials
 Processes to Assure End Product Quality
 “Analytical“ Includes:
 Chemical, physical, microbiological, mathematical
and risk analysis….
 …..conducted in an integrated manner

20. PAT Approach: Quality by Design
 Focus on Process Understanding
 What Parameters are Critical to Product Quality?
 How Do We Assess these Parameters?
 Risk Assessment / Risk Management
 How Do We Control these Parameters Throughout
the Process?
 Increased amount of in-process testing
 Verification and residual risk control
 Integrate Multi-variate Data
 ‘Reactive’ to ‘Proactive’

21. PAT = Process Understanding
 Process Understanding…..
 Inversely proportional to risk of poor product quality
 Facilitates risk-managed regulatory decisions and innovation
 A Process is Well Understood When:
 Identify all critical sources of variability
 Manage variability by the process
 Predict product quality attributes accurately and reliably
Process Understanding  Controlling
Variability → Less Restrictive Regulatory
Approaches to Manage Change

22. PAT Guidance (September 29, 2004)
 Scientific Principles and Tools
Supporting Innovation
 PAT Tools:
 Multivariate data acquisition
& analysis tools
 Process analyzers
 Process control systems
 Process Understanding
 Risk-Based Approach
 Integrated Approach
 FDA Strategy for Innovation
 PAT Team approach to
Review and Inspection
 Joint training/certification of
staff

23. PAT: Risk-Managed Approach to
Regulatory Scrutiny
 Use a Risk Management Protocol to Determine the
PAT Implementation Points
 Use a Risk Management Protocol to Select a PAT
Technology
 Use Risk Management to ID and Control
Parameters that Impact Product Quality
 Well Understood Process  Less Restrictive
Regulatory Approaches to Manage Change
 Process Understanding Facilitates Risk-managed
Regulatory Decisions and Innovation

24. Tying It All Together
PAT Elements PAT Strategy
Strategy
PAT Tools Risk Management
Risk Process
Process Process Process
Management Understanding
Understanding
Analysis Optimization
• Multivariate Data • Provide Risk • Identify Critical Attributes • Implement
Acqu & Anal Tools Based Decisions Test
• ID Automation Attributes Strategies
• Modern Process • Rationale on
Analyzers Where to Apply • Identify Monitoring &
Control Elements • Optimize
Technology
Process
• Process & Endpoint • Obtain Knowledge of
Monitoring & Control • Framework to Product & Process
Facilitate Process • Implement
Tools Requirements
Understanding & Optimization
Decision Making Points
• Continuous • Understand QS Interfaces
Improvement & KM
• Analyze Risk Process • Apply
Process Understanding • Provide & QS Perspective Technology
Framework to
Risk-Based Approach Execute Risk- • Define Mitigation Strategy
Integrated Systems Based Strategies
Approach
Real-Time
Real Time Release

25. PAT, cGMP, and the Critical Path
Encourage Innovation Critical Path
Initiative
Process
Risk-Management
Analytical
Technology
cGMP’s for the
New Technologies 21st Century
Broad Cooperation:
Industry, Academia, FDA

26. Summary
 Develop an SOP for Risk Assessment
 Risk Management as Part of Quality System
 PAT Implementation Requires Deep Process
Understanding
 ‘RM’ and PAT Assures Quality
 Use ‘RM’ and ‘PU’ to Develop Meaningful
Specifications
 Use RM and PAT to Replace Existing Methods
with Predictive / Proactive Ones

27. References
 GAMP 4 (2001) Appendix M3- Guideline for Risk Assessment
 ISO 14971 – Application of Risk Management to Medical Devices
 ISO 17799 (BS 7799) – Guide to Risk Assessment and Risk
Management
 ISPE White Paper – www.ispe.org
 February 2003, FDA Draft Guidance for Industry: Part 11, ERES –
Scope and Application”
 GAMP Forum (2003), “Risk Assessment for Use of Automated
Systems Supporting Manufacturing”, Part 1&2, Pharmaceutical
Engineering
 Computer Systems Validation: Quality Assurance, Risk Management
& Regulatory Compliance, CRC Press (2003)
 FDA Concept Paper – Draft Pre-marketing Risk Assessment (3/3/03)
 NIST Computer Security Document

28. Thank You For Your Attention!
Questions……………………?