Risk management protocols like FMEA, FMECA, HACCP, and ISO 14971 are important for PAT implementation to understand and control process variability. Conducting a risk analysis identifies potential hazards and failures in the process, which helps determine the extent of validation needed and reduce costs. It is also important for regulatory compliance. PAT uses a risk-based approach where understanding critical process parameters and their variability allows for more flexible regulatory approaches. Risk management provides a framework for decision making in PAT implementation and facilitates process understanding.
1. How to Use Risk
Management
for PAT Implementation
2. Agenda
Risk Analysis Background
Various Protocols
FTA, FMEA/FMECA, HACCP, GAMP 4, ISO
14791, ISO 17799
Risk Analysis and PAT
Understanding & controlling variability
Summary
3. Why Do Risk Analysis?
For Regulatory Compliance….
Measure and rank of compliance effort
Regulatory submissions checklists (PMA and 510k) used
by the FDA now call for inclusion of risk analysis
FDA Requires risk analysis for software within medical
devices
Determine Extent of Validation
ID Process Weaknesses Early to Reduce Cost
Reduce Product Liability
Identification of device design problems prior to
distribution eliminates costs associated with recalls
It is the Right Thing to Do!
5. Risk Management Protocols
FTA – Fault Tree Analysis
Use first
FMEA – Failure Mode Effects Analysis
What could go wrong
FMECA- Failure Mode Effects & Criticality Analysis
Adds probability of occurrence and severity of failure to the FMEA
process
HACCP – Hazard Analysis and Critical Control Points
How to keep the ‘wrong’ from happening
ISO 14971
GAMP (appendix M3)
BS/ISO 17799
6. Impact on
Risk Management is a Process Cost and
Compliance
Team & Defs ID Processes
ID Use and Potential Misuse
ID Potential Hazards
Develop Quantify Consequences and
Controls Probabilities Doc Eval
for Risk
and
Reduction Resulting
Determine Risk Index Risk
Risk Acceptable? Stop
NO YES
7. Fault Tree Analysis Steps
Process Fault Tree Analysis
Top Down Approach to
Risk Analysis
Look at Hazards and Work
Back to Failures that Cause
Hazards
List the Possible Hazards
What Failures, or
Combination of Failures,
Will Lead to the Named
Hazards?
Diagram the Fault Tree
Tool to Intercept or Design
Out Unacceptable
Consequences
8. FMECA or FMEA Approaches
Bottom Up Approach to Risk Analysis
Look at Hazards of System Components
Process Pre-Production Possible Component Defects
Determine Undesired Events
Corrective Actions
9. FMEA
There are Two Main Types of FMEA:
Design FMEA which focuses on what could go
wrong with a product in both manufacturing
operation and in service as a result of a
weakness in the design
Process FMEA which concentrates on the
reasons for potential failure during
manufacturing and in service
This is a result of non-compliance to specification
and/or design intent
10. FMEA Protocol
Define the Product Function(s)
ID All Potential Failures
Determine Failure Causes
Determine Failure Effects
Assign a Risk Index to Each Failure Type
Develop Appropriate CAPA
Ensure that the CAPA Has the Desired
Effect
11. Format for FMEA Table
Function or Failure Effect on Possible Risk User Acceptable
Component Mode System Hazard Index Detection Controls
Means
Filter; Plugge Dilute Dirty 5 Alarm; Surge
T1 d Filter; water; water; Warnin Tank
Concentrat
Valve; Short e solute
Contami g Light;
Pump circuit nated Flow
product; Meter
Bad
conc.
12. Hazard Analysis & Critical Control Points
A Comprehensive, Methodical, Systematic
Review
from Design to Development, Manufacture and Use
for Identifying, Evaluating and Controlling Hazards.
13. HACCP
Based on the Following Seven Principles:
Principle 1: Conduct a hazard analysis
Principle 2: Determine the critical control points
(CCPs)
Principle 3: Establish critical limits
Principle 4: Establish monitoring procedures
Principle 5: Establish corrective actions
Principle 6: Establish verification procedures
Principle 7: Establish record-keeping and
documentation procedures
14. Critical Control Points
A Point, Step or Procedure at Which a Control Can
be Applied to Eliminate or Reduce a Hazard to an
Acceptable Level
Set a Max/Min Value of Risk to Which a Safety
Parameter Must Be Controlled at a CCP
Established by:
Regulatory standards
Scientific publications
Industry standards
Experts
Experimental studies
15. ISO 14971
Defines Risk Management as a 13-Step Process:
State intended use and ID characteristics of safety of product
ID known foreseeable hazards
Estimate the risks for each hazard
Evaluate risk
Analyze options
Implement risk control measures
Evaluate residual risk
Analyze risk/benefit
ID other generated hazards
Complete risk evaluation
Evaluate overall residual risk
Complete risk management report
Provide post-production data
16. GAMP 4 Functional Risk
Assessment Methodology
Mechanism for Assessing and Ranking the
Risks Arising from Computerized Systems
Links Degree of Validation to Overall
System Vulnerability to Develop Risk-
appropriate Validation Strategies
First, ID the Functional Criticality of an
Automated System
Second, Analyze the System’s Vulnerability to
Deficient Operation
Third, Determine a Validation Strategy
Validation must address any e-record/signature
requirements
17. GAMP Risk Classifications
Likelihood
Low Med High
Severity of Impact
High
Infrastructure
Software
Custom
COTS
Med
Low
Key:
GAMP Risk Level 1 System
GAMP Risk Level 2 System
GAMP Risk Level 3 System
19. What is PAT?
A System to…..
Design, analyze, and control a process…..
….based on timely measurements of
….critical quality parameters and…
….performance attributes….
….of raw and in-process materials
Processes to Assure End Product Quality
“Analytical“ Includes:
Chemical, physical, microbiological, mathematical
and risk analysis….
…..conducted in an integrated manner
20. PAT Approach: Quality by Design
Focus on Process Understanding
What Parameters are Critical to Product Quality?
How Do We Assess these Parameters?
Risk Assessment / Risk Management
How Do We Control these Parameters Throughout
the Process?
Increased amount of in-process testing
Verification and residual risk control
Integrate Multi-variate Data
‘Reactive’ to ‘Proactive’
21. PAT = Process Understanding
Process Understanding…..
Inversely proportional to risk of poor product quality
Facilitates risk-managed regulatory decisions and innovation
A Process is Well Understood When:
Identify all critical sources of variability
Manage variability by the process
Predict product quality attributes accurately and reliably
Process Understanding Controlling
Variability → Less Restrictive Regulatory
Approaches to Manage Change
22. PAT Guidance (September 29, 2004)
Scientific Principles and Tools
Supporting Innovation
PAT Tools:
Multivariate data acquisition
& analysis tools
Process analyzers
Process control systems
Process Understanding
Risk-Based Approach
Integrated Approach
FDA Strategy for Innovation
PAT Team approach to
Review and Inspection
Joint training/certification of
staff
23. PAT: Risk-Managed Approach to
Regulatory Scrutiny
Use a Risk Management Protocol to Determine the
PAT Implementation Points
Use a Risk Management Protocol to Select a PAT
Technology
Use Risk Management to ID and Control
Parameters that Impact Product Quality
Well Understood Process Less Restrictive
Regulatory Approaches to Manage Change
Process Understanding Facilitates Risk-managed
Regulatory Decisions and Innovation
24. Tying It All Together
PAT Elements PAT Strategy
Strategy
PAT Tools Risk Management
Risk Process
Process Process Process
Management Understanding
Understanding
Analysis Optimization
• Multivariate Data • Provide Risk • Identify Critical Attributes • Implement
Acqu & Anal Tools Based Decisions Test
• ID Automation Attributes Strategies
• Modern Process • Rationale on
Analyzers Where to Apply • Identify Monitoring &
Control Elements • Optimize
Technology
Process
• Process & Endpoint • Obtain Knowledge of
Monitoring & Control • Framework to Product & Process
Facilitate Process • Implement
Tools Requirements
Understanding & Optimization
Decision Making Points
• Continuous • Understand QS Interfaces
Improvement & KM
• Analyze Risk Process • Apply
Process Understanding • Provide & QS Perspective Technology
Framework to
Risk-Based Approach Execute Risk- • Define Mitigation Strategy
Integrated Systems Based Strategies
Approach
Real-Time
Real Time Release
25. PAT, cGMP, and the Critical Path
Encourage Innovation Critical Path
Initiative
Process
Risk-Management
Analytical
Technology
cGMP’s for the
New Technologies 21st Century
Broad Cooperation:
Industry, Academia, FDA
26. Summary
Develop an SOP for Risk Assessment
Risk Management as Part of Quality System
PAT Implementation Requires Deep Process
Understanding
‘RM’ and PAT Assures Quality
Use ‘RM’ and ‘PU’ to Develop Meaningful
Specifications
Use RM and PAT to Replace Existing Methods
with Predictive / Proactive Ones
27. References
GAMP 4 (2001) Appendix M3- Guideline for Risk Assessment
ISO 14971 – Application of Risk Management to Medical Devices
ISO 17799 (BS 7799) – Guide to Risk Assessment and Risk
Management
ISPE White Paper – www.ispe.org
February 2003, FDA Draft Guidance for Industry: Part 11, ERES –
Scope and Application”
GAMP Forum (2003), “Risk Assessment for Use of Automated
Systems Supporting Manufacturing”, Part 1&2, Pharmaceutical
Engineering
Computer Systems Validation: Quality Assurance, Risk Management
& Regulatory Compliance, CRC Press (2003)
FDA Concept Paper – Draft Pre-marketing Risk Assessment (3/3/03)
NIST Computer Security Document