Barbara Jeroncic

22 Special edition: A Roadmap to GMP Compliance Part 2

INTRODUCTIONSelf-inspection is a well-established part of the phar-maceutical quality system. Companies have tradi-tionally been using it as a method for monitoring the implementation and compliance with good manu-facturing practice (GMP) principles, as well as for in-troducing appropriate corrective measures. This role of self-inspection is promoted by the current GMP legislation and guidance (1). Development of the In-ternational Conference on Harmonisations (ICH) Q10 guide has expanded the role of self-inspection to that of an important performance indicator used for monitoring the effectiveness of processes and activi-ties within the pharmaceutical quality system. ICH Q10 promotes the use of self-inspection results as an important input for periodic management review performed to manage, evaluate, and continually im-prove the quality systems performance (1, 2).

An interview with a senior GMP inspector at the

Irish Medicines Board (IMB) published in the Journal of GXP Compliance (3) identifies some of the issues with current self-inspection programs of pharma-ceutical manufacturing companies. A major issue discussed was that significant and critical deficien-cies observed during regulatory inspections were not identified and corrected by the companies them-selves via their own self-inspection programs. This could be due to the fact that for many companies self-inspection comprises little more than a review of compliance with current standard operating proce-dures (SOPs). Furthermore, its low priority is coupled with insufficient resources and lack of commitment from senior management. The interview (3) identifies the opportunities for self-inspection to be designed as a formal quality risk management tool capable of identifying and managing risks and driving forward tangible and realistic continual improvement. Self-inspection programs designed in this way can help to demonstrate the effectiveness of the quality system, and thus can play an important role in the achieve-ment of the reduced regulatory oversight in the in-spection area (3).

This article introduces an innovative self-inspec-tion program design, as a part of quality risk man-agement, aimed at risk identification and manage-ment as tools for continual improvement. As a part of the design process, a survey of pharmaceutical manufacturing companies in Ireland was conducted; the findings are reported in this paper. The survey goal was to explore the practical application of qual-ity risk management to self-inspection programs and the pharmaceutical industry interest in seeking re-duced level of direct regulatory oversight in the area of regulatory inspections.

REALIGNING SELF-INSPECTION AS A QUALITY RISK MANAGEMENT TOOLMany parts of the European GMP guide (1) are cur-

Improved Utilization of Self-Inspection Programs within the GMP EnvironmentA Quality Risk Management ApproachBarbara Jeroncic

Self-inspection is a well-established and vital part of the pharmaceutical quality system. The development of the International Conference on Harmonisation (ICH) Q9 and Q10 guidance documents have intro-duced an opportunity to improve the design of the self-inspection program by application of the qual-ity risk management (QRM) principles and concepts. Self-inspection can be designed as a QRM tool used to assess the management of current and potential risks to quality and to drive forward continual improve-ment. The application of QRM also allows more effi-cient inspection workload and resource management focusing on those areas within the quality system that present higher risk to quality. This article provides examples of how QRM could be introduced to main activities within the self-inspection program. The article also explores the application of QRM in the area of self-inspection by pharmaceutical companies based in Ireland.

Barbara Jeroncic

Special edition: A Roadmap to GMP Compliance Part 2 23

rently undergoing revision to incorporate the prin-ciples and concepts of the quality risk management, such as chapters one, three, and five. There is a simi-lar opportunity with respect to chapter nine (Self-inspection). ICH Q9 is already taking initiative in its drive to define the frequency and scope of inspections by taking into account various risk indicators. ICH Q9 also provides guidelines for the application of quality risk management to regulatory inspections aimed to assist with: resource allocation including inspection planning, frequency, and intensity; evaluation of qual-ity defect significance, recalls, and inspection find-ings; assessment of the scope and type of post-inspec-tion follow-up; and identification of risks that should be communicated between inspectors and assessors to facilitate better understanding of risk control (4).

ICH Q9 states, quality risk management is a sys-tematic process comprising of assessment, control, communication, and review of risks impacting the drug (medicinal) product quality across the product lifecycle. Organizations manage risk through identi-fication, analysis, and evaluation of the most suitable risk mitigation strategy. This process further encom-passes risk monitoring and review aided by commu-nication and consultation with stakeholders in order to ensure that no further risk control/treatment is re-quired (4, 5).

There is a potential to apply a quality risk manage-ment approach to the area of self-inspection that can be integrated into the organizations quality risk man-agement framework. The purpose is two-fold as fol-lows:

To design self-inspection as a quality risk manag-ment tool that can provide the objective evidence to the management about whether or not the current and potential risks to quality are effectively man-aged to acceptable levels. Management then can judge the effectiveness of processes and functions within the quality system

Efficient inspection workload and resource man-agement focusing on those areas within the quality system that present higher risk to the quality of medicinal product, with aim of meeting the qual-ity objectives.

Benefits Of The Application Of Quality Risk Management To Self-Inspection ProgramsICH Q9 lists the following main benefits of the ap-plication of an effective quality risk management ap-proach to various processes and activities within the quality system, including self-inspection (4):

Ensuring high quality of the medicinal product by proactively identifying and controlling potential quality issues

Improving decision making if a quality issue arisesFacilitation of better and more informed decisions

that can provide the regulators with greater assur-ance of a companys ability to deal with potential risks and can beneficially affect the extent and level of direct regulatory oversight.

ISO 31000 standard entitled Risk ManagementPrinciples and Guidelines provides even further de-tail of benefits of the application of effective quality risk management (5), as follows:

Increasing the likelihood of achieving quality objectives

Encouraging proactive managementAwareness of the need to identify and treat risks

throughout the organizationImproving the identification of opportunities and

threatsImproving compliance with legal and regulatory

requirements and international normsImproving governanceImproving stakeholders confidence and trustEstablishing a reliable basis for decision making

and planningImproving controlsEffectively allocating and use of resourcesImproving operational effectiveness

and efficiency Improving loss prevention and

incident managementMinimizing losses.

Elements Of Quality Risk ManagementThe following are elements of quality risk management.

Risk assessment. Risk assessment is the process of risk identification, analysis, and evaluation (4, 5). Its application within the self-inspection program can be tailored to the risk assessment output purpose, the de-sired level of detail, and the available information. For example, the estimate of risk associated with an area within the quality system, for the purpose of defin-ing a scope and frequency of self-inspections, can be based on the general evaluation of risk factors, without a detailed risk assessment, as this will be performed during self inspections. ISO 31010 standard describes different methods and tools that could be used when performing risk assessment. Examples of the methods and tools are provided in the following sections.

Risk identification. The purpose of the risk identi-fication process is to identify the causes and sources of hazards, events, situations or circumstances that could have an impact upon the quality of the medicinal prod-uct, the quality objectives, and the nature of that impact (4, 5, 6). There is a variety of tools and techniques that could be chosen for risk identification, such as: reviews of historical data, checklists, theoretical analysis, system-atic team approaches (e.g., structured what-if technique [SWIFT]), primary hazard analysis, hazard operability

Barbara Jeroncic

24 Special edition: A Roadmap to GMP Compliance Part 2

analysis (HAZOP), fault tree analysis (FTA), cause and ef-fect analysis, and supporting techniques (e.g., brainstorm-ing, Delphi method) (4, 6).

Risk analysis. Risk analysis is an estimate of the risk associated with an identified hazard. It consists of linking the consequences and their likelihoods for the identified hazard (can also link detectability of the hazard) to determine the level of risk. The purpose of the risk analysis is to develop risk understanding (4, 6).

The analysis of consequences determines the nature and type of impact that could occur (6).

It can involve the following (6):Relating the consequence to the achievement of

the quality objectivesTaking into consideration existing controls to

mitigate the consequence, together with all rel-evant contributory factors

Considering both immediate consequences and those that may arise after a certain time has elapsed, if this is consistent with the scope of assessment

Considering secondary consequences (i.e., those impacting on associated processes, activities, equipment, etc.).

The examples of methods and tools that are suitable for consequence analysis are: HAZOP, hazard analysis and critical control points (HACCP), failure mode ef-fects analysis (FMEA), cause and consequence analy-sis, cause and effect analysis, etc. (6).

The probability analysis estimates the likelihood of a particular hazard, using one of the following ap-proaches (6):

Use of relevant historical data to extrapolate or predict the probability of occurrence of similar events or situations in the future. It should be noted that if historically there is a very low fre-quency of occurrence, the estimate of probability will be very unreliable

Probability forecasts using predictive techniques such as fault tree analysis and event tree analysis. When historical data are unavailable or inade-quate, the probability can be estimated by analy-sis of a relevant process, activity, equipment, etc. and its associated failure or success states

Expert judgements that can be facilitated by formal methods (i.e., Delphi approach, category ranking, paired comparison, etc.).

The consequence and likelihood can be linked by using a variety of qualitative, semi-quantitative, or quantitative methods to determine the level of risk. The degree of detail depends upon the particular ap-plication, the availability of reliable data, and the decision-making requirements. Examples of methods

and techniques are: consequence-probability matrix, SWIFT, FMEA/FMECA, etc. (6).

Risk evaluation. Risk evaluation involves compar-ing the identified and analyzed risks against estab-lished risk criteria in order to determine their signifi-cance. The purpose of risk evaluation is to assist in making decisions, based on the outcomes of risk anal-ysis, on the requirements and priorities of treatment implementation (4, 5, 6). Risk criteria should reflect the organizations values and objectives, legal, regula-tory, and other requirements (5). ISO 31000 standard suggests consideration of the following factors when defining risk criteria:

The nature and types of causes and consequences of risks that can occur and their measurement

Definition of likelihoodThe timeframe(s) of the likelihood and/or

consequence(s)How the level of risk is to be determinedThe views of stakeholdersThe level at which risk becomes acceptable

or tolerableWhether combinations of multiple risks should

be taken into account, and how and which com-binations should be considered.

Risk control/treatment. Risk control/treatment is the process of decision making in order to reduce and/or accept risks, identify risk control/treatment solu-tions and implement these solutions aiming to reduce the risk to an acceptable level. Decisions can take into account a wider context of the risk and include con-sideration of the risk tolerance borne by stakeholders, cost-benefit analysis and the legal, regulatory, and other requirements (4, 5, 6).

Risk communication. Risk communication refers to information sharing regarding risks and risk manage-ment between stakeholders. It is important that this information is accurately and regularly communicated through reporting channels established by the organi-zation in order to ensure the success and effectiveness of the quality risk management process. This can take place at any stage of the quality risk management pro-cess (4, 5, 6). The communication and reporting mecha-nisms should ensure that key components of the quality risk management approach to self-inspections, and any subsequent modifications, are appropriately and timely communicated to all interested parties; that there is ad-equate reporting of the risk assessment outcomes; that relevant information on the application of quality risk management is available at appropriate levels and times; and that there are established processes for consulta-tion with stakeholders (6). Communication between stakeholders can assist the development of appropriate quality risk management approach to self-inspection and integration of self-inspection into the organiza-

Barbara Jeroncic

Special edition: A Roadmap to GMP Compliance Part 2 25

tions quality risk management framework. It can fur-ther ensure that the interests of stakeholders are under-stood and considered when developing self-inspection programs; bring together different areas of expertise to ensure that the risks are adequately identified and analyzed through the use of risk assessment methods and techniques; ensure that different views are appro-priately considered when defining risk criteria and in evaluating risks; and can help to secure endorsement and support for a mitigation plan (5, 6).

Risk review and monitoring. Regular review of the quality risk management ensures that any new knowl-edge and experience is taken into account (4, 5, 6). For example, it ensures verifying that the assumptions about risks remain valid, obtaining further informa-tion to improve risk assessment, analyzing and learning from events, including near-misses, changes, trends, successes and failures, verifying that risk assessments are properly applied, verifying that risk treatments are effective, detecting changes which could influence risk criteria and upon which risk treatments need to be re-vised, identifying emerging risks, etc. (5, 6).

Application Of Quality Risk Management To The Activi-ties Within The Self-Inspection ProgramThe following sections discuss quality risk manage-ment applications to main activities. Examples of quality risk management within the self-inspection program include the following:

Self-inspection planningdefining the scope (inspection units), frequency, and level of self-inspections, and allocation of the inspectors

Detailed plan preparation for self-inspections of the individual inspection units

Conducting self-inspectionsAdequate response to self-inspection resultsdeter-

mining the type of actions for the issues identified within self-inspections, determining the timeframe for the implementation of actions, and assessing the associated risks.

Planning Of Self-InspectionsRisk management can be applied to self-inspection planning with the intent to direct the inspection effort to the areas within the quality system that represent higher risk to the quality of the medicinal product and the achievement of the quality objectives. The applica-tion of the quality risk management allows the estima-tion of the risk associated with areas within the quality system and determining the scope (inspection units), frequency and level (time, number of inspectors) of self-inspections, and allocation of inspectors to partic-ular self-inspections (considering their experience and skills) based on the estimated levels of risk. This forms the basis for a risk-based inspection planning and en-ables better utilization of available resources.

The risk associated with an area can be estimated by analysis of selected risk factors that indicate or identify the risk. ICH Q9 suggests the following various risk factors that can be used:

Complexity of the site, manufacturing process, and product

The number and significance of quality defectsResults of previous audits/inspectionsThe overall compliance status and history of the

company or facilityRobustness of a companys quality risk manage-

ment activitiesMajor changes of building, equipment, processes,

and key personnelExperience with product manufacturing processExisting legal requirements Official laboratory test results.Some additional factors the companies could con-

sider might be the following:Criticality of an area. This factor considers the

effect of failure of a particular area and the influ-ence of potential or identified issues with this area on areas downstream

Coupling of an area. Tightly-coupled processes or systems could be those having time dependent processes/activities that cannot wait; those hav-ing rigidly ordered processes or activities (i.e., sequence A must follow sequence B); those having only one path to a successful outcome; those hav-ing very little slack in the system, as the system requires precise quantities or specific resources for successful operation, etc. (3)

Adequacy of resources associated with an area.

The risk associated with an area can be estimated by using different risk ranking methods or tools. For example, a simple approach could be assigning a nu-merical descriptive value of 1 (low) to 3 (high) to es-tablished categories for the selected risk factors. An example is provided in Table I.

The estimated values for all risk factors can then be linked together in an appropriate way to yield a risk level associated with an area (e.g., low, medium, and high). The estimated values for risk factors could also be multiplied by significance-weighting factors to give a total. This assessment of risk associated with the ar-eas within the quality system can be seen as a prelimi-nary risk screening with the intention to direct the in-spection effort to those areas that represent higher risk.

It is important that this evaluation of risk is appro-priately communicated to the interested parties (e.g., management, inspectors, etc.). Furthermore, it should be regularly reviewed to take into account any new information including the results of self-inspections and the risk control/treatment process. Based on this information, the frequency of self-inspections can be

Barbara Jeroncic

26 Special edition: A Roadmap to GMP Compliance Part 2

reviewed and adjusted if required.

Preparation And Conduct Of Self-InspectionsPreparation for self-inspections of a particular inspec-tion unit can include preparing detailed plans for in-dividual self-inspections with the intention to direct self-inspection activities. These plans could be based on the risk assessment of the inspection unit with the purpose to focus on those elements that represent higher risk to the quality and the achievement of the quality objectives and can, therefore, have a higher impact on the effectiveness of the activity, process, or function of that unit. The elements with higher asso-ciated risk can be inspected more thoroughly during self-inspections and can be included into future as-sessments more frequently.

Risk assessment performed at this stage can be seen as the initiation of assessment of risks associated with elements of the inspection unit based on the available information. Risk assessment can then be completed during conduct of self-inspections based on the ad-ditional information gathered during self-inspections. Risk assessment of the inspection unit can be continu-ously updated during subsequent inspections of the inspection unit based on new knowledge and experi-ence. The purpose of the risk assessment is to provide an understanding of risks, including their causes, con-sequences, and probabilities, and the understanding of the adequacy and effectiveness of existing controls to mitigate these risks (6). After the conduct of each self-inspection, an objective report can be presented to the management regarding the adequacy and effectiveness of risk management of the inspection unit.

The level of risk depends on the adequacy and effec-tiveness of existing controls, which can be addressed using following criteria (6):

What are the existing controls for a particular risk?

Are those controls suitable for adequate risk mitiga-tion, resulting in a tolerable risk levels?

In practice, are the controls operating in the intend-ed manner and can they be demonstrated to be effective when required?

For example, during the assessment of the inspec-tion unit production process A, it was identified that there were several occasions of the delays in the pro-cess A as the purified water was not available due to out-of-specification test results. Table II provides an example of how risk associated with this hazard could be assessed.

The assessed risk increased from Category 3 to Cat-egory 4 in a given time period, thus it was decided that purified water system would be inspected more fre-quently and new potential controls would be assessed.

The output of the risk assessment performed during the preparation of detailed plans for self-inspections of the inspection unit could include the following elements to help ensure the effectiveness of self-inspections:

A process map of the inspection unit providing vis-ibility of the inspection unit elements and their interac-tion, and the interaction with other areas of the quality system

A list of identified hazards coupled with description of methods and type of data used for hazard identification

An analysis of consequences of those hazards and their likelihood, including a description of methods and type of data used for this analysis

Estimated levels of risk associated with the inspection unit elements

Criteria for risk evaluation based on the management tolerance of risk

Objectives for self-inspections of the inspection unit (or their recommendation) to direct inspection effort to those elements that represent higher risk for the

TABLE I: Example of categories for a risk factor and their numeric values.

Risk factor Category (impact X likelihood) (based on data for a given time period)

Value

Results of previous self-inspections

< 5 minor observations, no major or critical observations 1

< 15 minor observations, no major or critical observations 2

> 15 minor observations or any major or critical observations 3

Number and significance of deviations

< 20 minor deviations not affecting the number of released batches 1

per month. No major deviations affecting batch release

> 20 minor deviations not affecting the number of released batches per month 2

< 10 major deviations resulting in delay of batch release 2

no major deviations resulting in batch reject or reprocessing

> 10 major deviations resulting in delay of batch release 3

Any major deviations resulting in batch reject or reprocessing

Barbara Jeroncic

Special edition: A Roadmap to GMP Compliance Part 2 27

achievement of the quality objectives associated with the unit.

Detailed plans can be prepared just before the indi-vidual self-inspections, or can be prepared periodical-ly, in which case the risk assessment should be revisited just before individual self-inspections to include any relevant new information. It is very important that the relevant information is appropriately communicated to inspectors who are conducting self-inspections (if not the same person) to ensure the effectiveness of the risk assessment.

Based on the outputs of the initial assessment, the inspectors can identify additional information required for efficient completion of risk assessment of the in-spection unit, and identify methods for obtaining this information including various inspection techniques (e.g., interviews, observation, review of documenta-tion, etc.) and approaches. For example, the inspectors could decide to use vertical or horizontal approach to self-inspection, as follows (7) (see Figure 1):

Vertical approach to self-inspection involves an examination of all aspects of the quality system that contribute to the output (result) within a particu-

lar area, function, or department. It examines all inputs and activities required to produce an output. Selection of this approach is useful when performing departmental or functional self-inspections.

Horizontal approach to self-inspection involves examination of an aspect of the quality system that is applied to, or involving, different functions, areas, or departments. This type of approach is useful when performing self-inspections of systems implemented across various areas or processes, involving different areas or functions (e.g., change management sys-tem, deviation investigation, training of personnel, and calibration of equipment). It is also useful for self-inspection of projects and products. Horizontal approach can be a powerful tool to test the interfaces between different parts of an organization involved in the system, process, project, etc.

The inspection unit risk assessment outputs after the conduct of self-inspections could include the following:

The updated list of hazardsThe updated analysis of risk, based on the informa-

tion obtained during the self-inspections, including analysis of risk associated with any identified issues

TABLE II: Example of the initial risk analysis of one of the identified hazards associated with an inspection unit.

Identified hazard: Purified water (PW) not available due to out-of-specification results of conductivity, TOC, microbial content or endotoxin

Impact factors: Number of days PW was out of use in a given time period Impact on batch releasedelay, reject, or reprocessing Impact categories:

1 PW out of use < 2-day intervalsinterruptions and delay in process ANo impact on the number of batches released per month

2 PW out of use >2-day intervals Reduced number of batches released per month for < 2%

3 Reduced number of batches released per month for > 2%Any batch rejects or reprocessing

Likelihood factors: Number of out-of-specification results in a given time periodconductivity, TOC, microbial content, endotoxin

Existing controls: UV disinfection system, series of water filters (purified water system map)

Risk analysis:

Risk category Impact X Likelihood

1 < 15 out of specifications resulting in interruptions and delay in process A but not impacting the number of batches released per month

2 > 15 out of specifications resulting in interruptions and delay in process A but not impacting the number of batches released per month

3 Reduced number of batches released per month for < 2%

4 Reduced number of batches released per month for > 2%< 2 batch rejects or reprocessing

5 > 2 batch rejects or reprocessing

Barbara Jeroncic

28 Special edition: A Roadmap to GMP Compliance Part 2

or non-conformancesEvaluation of risks against established risk criteriaA self-inspection report including the findings and

conclusions that allow the management to judge the adequacy and effectiveness of the inspected unit risk management, recommended actions for identified issues, and identified opportunities for improvement of risk management and efficiency of the inspected unit elements.

The common approach that can be used when evaluat-ing analyzed risks against the established risk criteria is to divide risks into the following tree bands (6):

An upper band, where the level of risk is regarded as intolerable and risk treatment is essential

A middle band, where the management can decide, based on the established treatment criteria (e.g., As low as reasonably practicable [ALARP] criteria system), as to whether or not take any actions

A lower band, where the level of risk is regarded as negligible, or so small that no risk treatment measures are needed.

The results of risk assessment of the inspection unit should be appropriately communicated to the respon-sible management, enabling appropriate actions. They should also be communicated to those responsible for planning of self-inspections to allow review of the risk levels associated with the inspection unit. Risk

assessment of the inspection unit can be revisited, reviewed, and updated before and during each sub-sequent self-inspection. Results of self-inspections are also important input into periodic senior management review as they provide objective evidence of suitabil-ity, adequacy, and effectiveness of the quality system and identification of opportunities for improvement of the quality system and the performance of the organi-zation (2, 8, 9).

Response To The Self-Inspection Results Based on the results of self-inspections, the respon-sible management can make decisions on whether the identified risks can be accepted or reduced and how to reduce the risks. If self-inspection identifies op-portunities for improvement of the inspection unit, these decisions could also include the assessment of the identified opportunities and plans for their realiza-tion. Risk control/treatment process could be seen as a cyclical process involving the following (5):

Review of self-inspection findings, including issues (e.g., a non-conformity or an ineffective control) or identified opportunities for improvement

Risk assessment of the identified issues to facilitate decision on their mitigation, for example:An immediate correction eliminating an existing

non-conformity or undesirable situationsimple tools can be used to investigate the cause for the non-conformity or undesirable situation, such as brainstorming, 5 Whys, etc.

A corrective or preventive action eliminating the cause(s) of an existing or potential non-conformity or undesirable situation in order to prevent recur-rence or occurrence. For corrective actions, tools for root cause analysis can be used to identify the cause(s) of the issue. For the potential issues, the prevention can include FMEA or FTA analysis to determine potential risk associated with the identified issue

A trend that will be monitoredSelection of possible risk control/treatment solu-

tions for the identified issues or improvements in areas where the opportunity has been identified:Identification of possible risk treatment solutions

or improvement solutions (i.e., use of simple tools such as brainstorming, etc.)

Assessment of risks associated with the risk treat-ment solutions or improvement solutions (i.e., residual risks, new introduced risks, etc.)

Determining the criteria for selecting or pri-oritizing a particular risk treatment solution or improvement solution (e.g., risk context, stake-holders concerns, cost-benefit analysis, legal, regulatory, and other requirements)

Solution confirmation providing proof, through objective evidence, that the selected risk treatment

War

ehou

se

Prod

uco

n Pr

oces

s 1

Prod

uco

n Pr

oces

s 2

Prod

uco

n Pr

oces

s 3

QC

depa

rtm

ent 1

QC

depa

rtm

ent 2

Deviaon Invesgaon

Vercal self-inspecon approach: Example, self-inspecon of acvies within a QC department.Horizontal self-inspecon approach: Example, self-inspecon of deviaon invesgaons in the producon area.

Figure 1. Example of vertical and horizontal self-inspection.

Barbara Jeroncic

Special edition: A Roadmap to GMP Compliance Part 2 29

solution will solve the problem, or that improve-ment solution will improve the effectiveness of the inspection unit and will not adversely affect the quality of the medicinal product and achievement of the quality objectives

Defining the project plan for the implementation of the selected risk treatment or improvement solution, including the following:Project goal and responsibilities (e.g., specific, mea-

surable, attainable, relevant, time-specific [SMART] criteria can be used to define a project goal)

Verification. How will the effectiveness of the selected risk treatment solution/improvement solution be verified? How frequently and for how long before the implementation?

Implementation. How will the risk treatment solu-tion or improvement solution be implemented and in what timeframe?

How will the effectiveness of the implemented risk treatment solution or improvement solution be monitored, how frequently and for how long?

Implementation of the selected risk treatment solu-tion/improvement solution

Monitoring and assessment of the risk treatment solution and improvement solution (i.e., including through subsequent self-inspection) effectiveness.

It is important that the outcomes of the risk control/treatment process are appropriately communicated to the interested parties; including those responsible for planning of self-inspections and those responsible for planning and conducting self-inspections of the in-spection unit; as any actions taken can influence the risks associated with the inspection unit. The output of risk control/treatment process should also be input into the periodic senior management review.

SURVEY OF PHARMACEUTICAL MANUFACTURING COMPANIES IN IRELAND ON THE QUALITY RISK MAN-AGEMENT APPLICATION IN SELF-INSPECTIONSA survey was sent to the quality assurance managers or audit managers of 40 pharmaceutical manufactur-ing companies based in Ireland with the intent to ex-plore whether and how the pharmaceutical companies apply quality risk management to their self-inspection programs. The survey also assessed the companies understanding of, and their interest in, reduced level of direct regulatory oversight in the area of regulatory inspections. The survey included drug product manu-facturers and manufacturers of active pharmaceutical ingredients. Eighteen companies responded to the survey(45%),andtheresultsarepresentedasfollows.

The Role Of Self-Inspection Within The Quality SystemIn50%ofthecompanieswhorespondedtothesur-

vey, self-inspection is structured as a stand-alone and independent component of a quality system used to monitor compliance with current GMP regulations and standard operating procedures. In 31% of thecompanies it is structured as a part of quality risk management used to proactively and systematically identify, evaluate, and manage current and potential risks to quality and non-compliances. The structure intheremaining19%isinbetweentheprevioustwo.Themajorityofthecompanies,63%,donotuseself-inspection as one of the main activities for identifying the opportunities for continual improvement.

The Application Of Quality Risk Management To Self-InspectionThe survey tried to establish whether companies apply the quality risk management principles and tools out-lined in ICH Q9 in the various high-level areas of the quality system.According to the survey,44%of thecompanies apply them in the area of self-inspection (see Figure 2).

The most commonly used formal quality risk man-agement tools are failure mode effects analysis (FMEA) and process mapping and cause and effect diagrams, usedby69%ofrespondents.Furthermore,50%oftherespondents use hazard operability analysis (HAZOP) andflowcharts;44%useriskrankingand filtering;38%applyhazardanalysisandcriticalcontrolpoints(HACCP); 31% implement fault tree analysis (FTA);and19%usefailuremode,effectsandcriticalityanaly-sis (FMECA).

Companies were asked to estimate to what extent their self-inspection program was risk based, and the results are presented as follows. The majority of the companies design their self-inspection programs based on assessed risks at least to some extent (see Figure 3).

When planning the frequency and the scope of self-inspections, the results of previous self-inspections and regulatory inspections are the factors most frequently taken into account by the companies who responded tothesurvey(88%).Inaddition,81%ofthecompaniestake into account the number and significance of qual-itydefectsassociatedwithanactivity/process;69%con-sider the specific areas mentioned in chapter nine of the European GMP guide and the complexity of the spe-cificactivitiesandprocesses;and63%ofthesurveyedcompanies take into account major changes in building, equipment,processes,keypersonnel,etc.Only38%ofthe companies consider experience with the activity or processandjust19%takeintoaccountspecificarrange-ments and agreements associated with the activity or process.

Half of companies report that the same amount of time and personnel are typically devoted to all self-inspections included in the annual self-inspection pro-

Barbara Jeroncic

30 Special edition: A Roadmap to GMP Compliance Part 2

gram. Fifty-six percent of the companies who respond-ed to the survey do not have documented guidance for different types of self-inspections (e.g., horizontal, vertical, systems-based, process-based, departmental-based, etc.). Only half of the respondents review results of self-inspection as a part of the periodic management review.

The Potential For Reduced Level Of Direct Regulatory Oversight In The Area Of Regulatory InspectionsICH Q9 and Q10 promote the potential for reduced regulatory oversight. There is an opportunity to in-crease the use of risk-based approaches for regulatory inspections for companies that can demonstrate an ef-fective quality system is being in place, including ef-fective use of quality risk management principles. In the inspection area, reduced regulatory oversight can take a form of less frequent or less intensive regulatory inspections, or inspections where some areas are not inspected or are less thoroughly inspected based on the risk considerations (2, 3).

Of the companies who responded to the survey, 56%arefamiliarwiththepotentialopportunitiesfora reduction in the level of direct regulatory oversight that may be applied as envisaged by the ICH Q8, Q9, and Q10guidelines.Further38%arepartiallyfamiliarandonly6%arenotfamiliaratall.Importantly,44%ofthe companies are interested in seeking some level of reduced regulatory oversight from the Irish Medicines Board, and the same percentage of the companies are notinterested.Theremaining12%oftherespondentshave not answered this question. Asignificantmajority,81%,ofthecompaniesthink

that the best way to demonstrate to the regulatory in-spectors that an effective quality management system is in place within the company is proactive discussion of the companys quality management system elements with theregulatory inspectors.Furthermore,75%ofthe companies consider a good regulatory inspection outcome (e.g., no major or critical deficiencies) an im-portant factor in demonstration of an effective man-agementsystem;50%assignequalsignificancetonorecalls and a low number of complaints over a certain period,whilst44%aresatisfiedwithnofor-causereg-ulatory inspections carried out at their company.Themajorityofrespondents,63%,wouldliketosee

a formal program of communications with regulators with respect to the potential applications of regulatory flexibility and reduced regulatory oversight. A consid-erable31%arenotinterestedinthis,and6%didnotanswer this question. The majority of the respondents, 88%,arewilling toconsideropensharingofself-in-spection reports with a regulatory inspector in some way, in order to demonstrate that an effective quality management system is in place within their company, whilst12%ofthecompanieswouldnotbewillingto

do so.

CONCLUSIONICH Q10 and ISO 9000 standard series view self-inspection as a vital and integral part of the quality system, providing an independent tool for monitor-ing and assessment of the effectiveness of the activities and processes within the quality system, and for driv-ing forward their continual improvement. In order to be efficient and complete, this process should include the evaluation of the risks hindering the achievement of the quality objectives placed on activities and processes potentially affecting the quality of the medicinal prod-uct. There is an opportunity to design self-inspection as a quality risk management tool identifying and as-sessing risks associated with areas of the quality system and providing objective evidence on the effectiveness of their management. Self-inspection designed in this way could potentially identify issues and non-conformanc-es before they occur by allowing the management to take the appropriate risk-reducing actions; and further recognise the opportunities for improvement of risk management and effectiveness of the quality system ar-eas. Application of principles and concepts of quality risk management also enables more efficient organiza-tion and planning of self-inspections by directing the inspection effort to those areas of the quality system that represent higher risk to the quality of the medicinal product and the achievement of the quality objectives. The application of quality risk management in different areas of the pharmaceutical industry, including self-in-spection, is strongly supported by ICH Q9. This article presents innovative approaches to self-inspection as a quality risk management tool, with the potential for in-troduction of a risk-based approach to self-inspection planning in pharmaceutical manufacturing.

The results of the survey of the pharmaceutical man-ufacturing companies in Ireland demonstrate that the companies have started to apply quality risk manage-ment to their self-inspection programs. Whilst half of the companies still view self-inspection as an isolated and independent component of the quality system used to monitor compliance with current GMP regulations and standard operating procedures, the remaining re-spondents have structured it as a part of the quality risk management used to identify and manage current and potential risks to quality and non-compliances, at least to some extent. The majority of the companies es-timated that their self-inspection program was based on the assessed risk at least to some extent. The most frequently used factors for determining the frequency and scope of self-inspections envisaged by ICH Q9 are the results of previous self-inspections and regulatory inspections, and the number and significance of quality defects associated with an activity or process. The sur-vey identified three main areas of self-inspection pro-

Barbara Jeroncic

Special edition: A Roadmap to GMP Compliance Part 2 31

gram improvement within the pharmaceutical companies: struc-turing self-inspection as an integral and vital part of the companys quality system and risk quality management strategy; designing self-inspection in a way it could be used as one of the main activi-ties for identifying the opportunities for continual improvement; and including self-inspection results as an input into periodic man-agement review.

With respect to the potential for reduced level of direct regula-tory oversight in the area of regulatory inspection promoted by ICH Q10, the results of the survey showed that the majority of compa-nies are interested in this idea and would welcome a formal pro-gram of communications with regulators. The surveyed companies consider proactive discussion of the companys quality manage-ment system elements with the regulatory inspectors to be the best way to demonstrate that an effective quality management system is in place within the company. The majority of the companies are willing to consider some form of open sharing of self-inspection reports with regulatory inspectors in order to demonstrate that an effective quality management system is in place. The survey identi-fied a need for further regulatory guidance and recommendation in the area of the reduced regulatory oversight, as envisaged by ICH Q8, Q9, and Q10.

REFERENCES 1. EudraLex, GMP Directive 2003/94/EU, Good Manufacturing Practice

(GMP) Guidelines, Vol. 4, Part I-Basic Requirements for Medicinal Prod-

ucts, Chapter 9-Self-inspection. Retrieved from: http://ec.europa.eu/enter-

prise/sectors/pharmaceuticals/files/eudralex/vol-4/pdfs-en/cap9_en.pdf.

2. ICH Q10 Pharmaceutical Quality System, 2008.

3. ODonnell K., Self-Inspection and its Potential Benefits via ICH Q9, Jour-

nal of GXP Compliance, Summer 2008, Vol.12 No. 4.

4. ICH, Q9 Quality Risk Management, 2005.

5. ISO 31000 Risk ManagementPrinciples and Guidelines, First Edition, No-

vember 13, 2009.

6. ISO 31010 Risk ManagementRisk Assessment Techniques, first edition,

2009-12-01.

7. Wealleans D., The Quality Audit for ISO 9001:2000: A Practical Guide, 2nd

edition, Gower Publishing, 2005.

8. ISO 9001 Quality Management SystemRequirements, Third Edition, De-

cember 15, 2000.

9. ISO 9004 Quality Management SystemsGuidelines for Performance Improve-

ments, Second Edition December 15, 2000. GXP

ARTICLE ACRONYM LISTINGALARP As Low As Reasonably PracticableFMEA Failure Mode and Effects AnalysisFTA Fault Tree AnalysisGMP Good Manufacturing PracticeHACCP Hazard Analysis and Critical Control PointsHAZOP Hazard Operability AnalysisICH International Conference on HarmonisationIMB Irish Medicines Board ISO International Organization for StandardizationQP Qualified PersonQRM Quality Risk ManagementSMART Specific, Measurable, Attainable, Relevant, Time-SpecificSWIFT Structured What-If TechniqueTOC Total Organic Carbon

ABOUT THE AUTHORBarbara Jeroncic has worked in the pharmaceutical industry for several years in different roles, including working in quality departments. She may be reached by e-mail at barbara.jeroncic@imb.ie.

Originally published in the Summer 2011 issue of Journal of GXP Compliance