Risk management strategy concept. Businessman Analyzing Risk touchscreen display risk meter, risk management interface with critical strategy. Risky business risk management control and strategy.

Blog

Risk Management in Pharmaceutical Manufacturing

January 29, 2003 started as a typical workday at a pharmaceutical supply production facility in North Carolina. At 1:28 PM, an explosion tore through the facility leading to six fatalities, thirty-eight injuries, roughly $150 million in property damage to the facility, and hundreds of job losses. Subsequent investigations indicated that the explosion was caused by ignition of accumulated combustible polyethylene dust above a suspended ceiling. According to the chairman of the Chemical Safety Board, which was responsible for the incident investigation:

“This tragic accident could have been avoided if the design and operation of the facility had taken into account the hazards of combustible dust. Unfortunately, [the company] lacked an effective understanding of the danger, and regulations did not require adherence to control measures.”

The failure to identify hazards and effectively manage risk can have devastating impacts on workers, first responders, and the larger community. However, in the pharmaceutical industry, failure to address risk can also cause injury or death to the patients that rely on the drugs produced. In 2008, the Centers for Disease Control (CDC) investigated hundreds of adverse reactions to heparin, an anti-coagulant medication used during hemodialysis. Reactions included low blood pressure, nausea, facial edema, and shortness of breath. The CDC investigation confirmed that the adverse effects were linked to heparin lots that had been contaminated with oversulfated chondroitin sulfate (OSCS). The US Food and Drug Administration found that the crude heparin, manufactured in China for use in the US, had been intentionally contaminated with OSCS in an apparent attempt to reduce production costs without a concern for the risk to patients receiving the final drug product.

As these examples demonstrate, in life sciences, failure to understand hazards and address the associated risks can have dire consequences. However, not all hazards and risks are equal. In some scenarios, the risks may even be so low that they are considered acceptable. For a risk to be acceptable, the benefit must clearly outweigh the consequences. So how do we distinguish between acceptable and unacceptable risk?

Before we can answer that question, we first need to take a step back to understand how risk is defined. Understanding risk starts with a simple formula:

Risk = Severity × Likelihood

To put this into context, we can consider the risk of a particular negative scenario (incident) that may occur in a manufacturing facility. We can define severity of the hazard and likelihood of the incident as follows:

  • Severity = extent of potential injury, fatality, damage, negative health effect, regulatory fine, business interruption, environmental damage
  • Likelihood = estimated frequency of occurrence of the incident

Estimated risk can even be quantified to compare against a benchmark. Quantification of risk largely depends on the type of risk. For example:

Business Risk ($/year) = Severity ($/event) × Likelihood (events/year)

or

Safety Risk (injuries/year) = Severity (injuries/event) × Likelihood (events/year)

Based on the last equation, you may be asking if life sciences manufacturers are considering multiple injuries or even fatalities per year to be an acceptable risk. Fortunately, the answer is a definite no—the level of acceptable risk is normally several orders of magnitude less than one event per year when it comes to the safety of employees and patients.

Risk in the manufacturing environment is often assessed in terms of possible incidents leading to loss events. The table below provides some useful definitions of common risk assessment (RA) terminology:

Term Definition
Hazard The potential source of harm [to safety, quality, health, environment, business, etc.] (ISO/IEC Guide 51:2014)
Incident An unplanned event or sequence of events that either resulted in or had the potential to result in adverse impacts [or harm] (CCPS CH157)
Loss Event Point in time in an abnormal situation when an irreversible physical event occurs that has the potential for loss and harm impacts (CCPS CH157)

To put this all together, consider this example incident (also referred to as a scenario) based on a Genesis AEC RA: The client manufactures a cell therapy product that requires processing under aseptic conditions to avoid contamination. Part of the process involves connection of a product bag to a tubing set using a syringe (a “spiking” step). It was recognized that the spiking could easily introduce contamination into the product if the syringe is not properly handled. Contamination that may get introduced onto the syringe before it is inserted into the tube set could be transferred into the product and later introduced into the body of a patient causing potentially serious health effects.

The hazard in this case is contamination from the environment. The incident (also referred to as a scenario) is when the contamination is introduced into the product and then the patient. Unlike process safety incidents when the loss event often occurs within hours, minutes, or even seconds after the incident begins, the loss event in this product quality incident does not become fully realized until days, weeks, or even months after the product is manufactured. Pharmaceutical manufacturers must consider the added risk of potential injury to a patient from a product that is contaminated, adulterated, or even ineffective due to loss of potency. In our example incident, the loss event occurs outside of the manufacturer’s facility. However, the patient typically has no ability to prevent a loss event caused by a manufacturing error. This scenario highlights the need to have controls in place to mitigate risks as close as possible to the source. Understanding, assessing, and addressing risk scenarios is critical to maintaining the safety, identity, strength, purity, and quality (SISPQ) of pharmaceutical products.

While our discussion so far has focused on process safety and product quality risks, there are other risks to be considered in life sciences manufacturing. Potential risk categories include the following:

The Assessment is the Foundation

It is not sufficient to just recognize manufacturing hazards and associated risks. Manufacturers are required to implement a comprehensive approach that is commonly referred to as risk management. The International Committee for Harmonization (ICH) offers up this definition:

Risk Management: The systematic application of quality management policies, procedures, and practices to the tasks of assessing, controlling, communicating and reviewing risk.

While this definition specifically focuses on quality risks, it can be applied to the other risks discussed as well. Regardless of the type of risk, risk assessment is the cornerstone of the entire risk management approach. It is the systematic way we organize information to support a critical risk decision.

The RA process itself can be broken down into three main steps:

  1. Hazard Identification — Use the available documentation and data to answer the question “What can go wrong?”
  2. Risk Analysis — Estimate the components of risk (severity and likelihood) either quantitatively or qualitatively
  3. Risk Evaluation — Determine if the level of risk is acceptable based on a set of criteria.

There are several widely recognized methodologies available to conduct risk assessments. Some methods, such as Hazard and Operability Studies (HAZOPs), are very comprehensive and rigorous in the approach to identifying hazards and assessing risk. Others, such as checklists, are less rigorous, but may still be acceptable for certain applications. So how do we determine the appropriate level of rigor needed for our risk assessment?

There is no hard rule on this, but industry guidelines such as ICH Q9 tell us that the rigor/formality of the RA must match the intended risk management activity. This means the rigor should be appropriate to the level of:

  • Process complexity — Is this a simple and well understood process, a complex and novel process, or something in-between?
  • Uncertainty involved — How much information is available on the hazard(s) and how well developed is the process design?
  • Perceived hazard severity/importance — Are the consequences of process or system failures expected to be minor or could they be catastrophic as in the opening examples?

As complexity, uncertainty, and importance levels increase, a more rigorous risk assessment approach may be required to justify risk-based decisions.

Matching the Tool to the Task

At Genesis AEC, we use specialized tools to conduct RAs, choosing the right method based on our client’s needs and focus—whether it’s process safety, quality, reliability, etc. A summary of commonly used risk assessment tools is given below:

RA Tool Commonly Used For Rigor Pros Cons
What-If Safety and environmental risk assessments Medium
  • Easy to use for inexperienced teams
  • Less time consuming than HAZOP
  • More subjective than other methods
  • Relies on intuition of RA team
HAZOP Safety and environmental risk assessments High
  • Rigorous method that uses guidewords and deviations
  • Well-suited for complex processes
  • Very time-consuming method
  • Scenarios can be repetitive
Fishbone Quality and contamination risk assessments Low
  • Good for documenting brainstorming results
  • Identifies scenarios by cause categories
  • Does not assess risk on its own
  • Best for high level causes — fishbone can get cluttered otherwise
FMECA Quality, contamination, and reliability risk assessments High
  • Includes consideration for detectability of a failure
  • Widely understood method in life-sciences industry
  • Team can miss identification of all failure modes
  • Can be difficult to assess all risk criteria for quality RAs
Checklist Focused assessments such as for facility siting and human factors Low
  • Can be used in conjunction with other methods
  • Easy and quick to complete
  • Does not identify new risk scenarios
  • Limited in scope to what is on the checklist

Genesis makes use of all these risk assessment tools in serving the needs of our clients. In some cases, the best approach may even require the use of multiple tools with different levels of rigor, such as combining a HAZOP with a checklist or a Fishbone with an FMECA. Recent Genesis examples involving the use of these tools include:

  • HAZOP — Used for safety, environmental, and business risk assessment on a complex thermal oxidizer system that served several buildings. The client wanted a very comprehensive approach to assessing process safety and HAZOP was considered the “gold standard.” The HAZOP results identified critical actions which were required prior to system startup.
  • FMECA and Fishbone — Fishbone was used for high-level brainstorming of potential causes for cross contamination between a new vivarium and an existing manufacturing facility in the same building. The analysis was taken a step further using FMECA to develop scenarios and evaluate the risks. This approach allowed the client to identify and manage risks associated with this non-conventional layout with confidence that the design could be defended from regulatory scrutiny.
  • What-If — Used to assess risk of operator exposure to highly potent materials in a proposed oral solid dose packaging operation. This study was supported with technical analysis to understand potential product dust generation and particle settling in the packaging room. The results of the analysis supported the client’s expectation that current process controls limited operator exposure to potent airborne particulate.

Keys to RA Success (The Genesis Advantage)

A successful risk assessment is a team effort. We ensure success by bringing together the right tools and expertise to provide experienced facilitation, SME support, and detailed reporting.

Working with you and your team members, our approach can help you:

  • Assess risks associated with an operational process
  • Assess risks for a proposed design (ours or someone else’s)
  • Support your GMP and Annex 1 compliance
  • Support your process development decisions
  • Identify ways to improve process reliability

Assessing and controlling risk is an ongoing process, not a one-time activity. As facility and process designs evolve or changes are made to an existing design, new scenarios can develop that affect safety, regulatory compliance, security, reliability, and product quality. Genesis can help you evaluate these risks and identify and prioritize concrete actions to address them.

Ready to build a safe, resilient, and compliant system? Contact us for a complimentary consultation.

Related Thought Leadership

Do You Have a Robust CCS Program?

White Paper: How to Establish an Effective CCS Framework

Mastering Room Differential Pressures: Pharma Facility Design Fundamentals

What 200+ FDA CRLs Reveal – and 10 Lessons for Life Sciences Facilities

Webinar: The Impact of Annex 1 & Contamination Control Strategy on Facility Design

Written by David Raab Senior Process Engineer

About Genesis AEC

Genesis AEC – an award-winning consulting, architecture, engineering, and construction management firm – has partnered with life sciences companies for more than 25 years to complement the scientific expertise of our clients as they usher in the next generation of life-saving therapies, treatments, and technologies. Whether it’s providing AE support for existing sites; commissioning, validation, and qualification (CQV) for specific processes or equipment; or turnkey design-build solutions, our team blends sound science and technical expertise with quality assurance and safety measures to deliver unparalleled results.