Month: August 2024

Inappropriate Uses of Quality Risk Management

Quality Risk Management (QRM) is a vital aspect of pharmaceutical and biotechnology manufacturing, aimed at ensuring product quality and safety. I write a lot about risk management because risk management is so central to what I do. However, inappropriate uses of QRM can lead to significant negative consequences and I think it is a fairly common refrain in my day that an intended use is not an appropriate use of risk management. Let us explore these inappropriate uses, their potential consequences, and provide some examples so folks know what to avoid.

1. Justifying Non-Compliance

Inappropriate Use: Using QRM to justify deviations from Good Practices (GxP) or regulatory standards.

Consequences: This can lead to regulatory non-compliance, resulting in action from regulatory bodies, such as warnings, fines, or even shutdowns. Everytime I read a Warning Letter I imagine that there was some poorly thought out risk assessment. Using risk management this way undermines the integrity of manufacturing processes and can compromise product safety and efficacy.

Example: A company might use risk assessments to justify not adhering to environmental controls, claiming the risk is minimal. This can lead to contamination issues, as seen in cases where inadequate environmental monitoring led to microbial contamination of products.

2. Substituting for Scientific Evidence

Inappropriate Use: Relying on QRM as a substitute for robust scientific data and empirical evidence.

Consequences: Decisions made without scientific backing can lead to ineffective risk mitigation strategies, resulting in product failures or recalls.

Example: A manufacturer might use QRM to decide on process parameters without sufficient scientific validation, leading to inconsistent product quality. For example the inadequate scientific evaluation of raw materials led to variability in cell culture media performance.

3. Supporting Predetermined Conclusions

Inappropriate Use: Manipulating QRM to support conclusions that have already been decided.

Consequences: This biases the risk management process, potentially overlooking significant risks and leading to inadequate risk controls.

Example: In a biopharmaceutical facility, QRM might be used to support the continued use of outdated equipment, despite known risks of cross-contamination, leading to product recalls.

4. Rationalizing Workarounds

Inappropriate Use: Using QRM to justify workarounds that bypass standard procedures or controls.

Consequences: This can introduce new risks into the manufacturing process, potentially leading to product contamination or failure.

Example: A facility might use QRM to justify a temporary fix for a malfunctioning piece of equipment instead of addressing the root cause, leading to repeated equipment failures and production delays.

5. Ignoring Obvious Issues

Inappropriate Use: Conducting risk assessments instead of addressing clear and evident problems directly.

Consequences: This can delay necessary corrective actions, exacerbating the problem and potentially leading to regulatory actions.

Example: A company might conduct a lengthy risk assessment instead of immediately addressing a known contamination source, resulting in multiple batches being compromised.

Inappropriate uses of Quality Risk Management can have severe implications for product quality, regulatory compliance, and patient safety. It is crucial for organizations to apply QRM objectively, supported by scientific evidence, and aligned with regulatory standards to ensure its effectiveness in maintaining high-quality manufacturing processes.

The White Paper in the Quality System

Eventually there will be a thorny topic that needs to be teased out, directed at an audience beyond those involved. This isn’t quite a technical report, or a risk assessment or a program document. It is that chameleon, the white paper.

A white paper can play several important roles in a quality management system:

  1. Establish standards and best practices: White papers can outline recommended procedures, methodologies, and standards for quality within an organization or industry. They can provide detailed guidance on implementing quality processes.
  2. Educating stakeholders: White papers serve as educational tools to inform employees, management, and other stakeholders about quality principles, new technologies, or approaches to improving quality. They help build a shared understanding of quality objectives.
  3. Problem-solving: White papers often follow a problem-solution structure, identifying quality issues and proposing detailed solutions backed by research and data. This can help organizations address specific quality challenges.
  4. Documenting processes: As part of a quality management system, white papers can provide in-depth documentation of complex processes, procedures, or systems. This documentation is crucial for consistency and compliance.
  5. Promoting continuous improvement: By presenting research findings and innovative approaches, white papers can drive continuous improvement efforts in quality management.
  6. Supporting decision-making: The authoritative and data-driven nature of white papers makes them valuable resources for informed decision-making about quality initiatives.
  7. Demonstrating expertise: For organizations, publishing white papers on quality topics can establish thought leadership and demonstrate expertise to clients, partners, and regulatory bodies.
  8. Compliance support: In regulated industries, white papers can help explain how an organization’s quality system meets regulatory requirements or industry standards.
  9. Change management: When implementing new quality processes or technologies, white papers can help communicate the rationale and benefits to stakeholders, supporting change management efforts.
  10. Benchmarking: White papers often include industry data and best practices, allowing organizations to benchmark their quality performance against peers or industry standards.

White Papers and Standards

A standard in a quality system is a documented set of requirements, specifications, or guidelines that define the criteria for quality in processes, products, or services. They offer precise descriptions that serve as an objective basis for organizations and consumers to communicate and conduct business globally. Standards provide organizations with shared procedures, terminology, and expectations to meet stakeholder requirements.

A white paper usually defines what will end up being in a standard, or defends the decision making of the standard. It is a why document.

White Papers and the Program Level

The program is a document that maps requirements to show the various ways to interpret the requirements to specific needs. Program documents, like a validation master plan or contamination control strategy, define the strategic plan that tie the entire program into a pretty package. A white paper then provides more in-depth justification of the rationale.

White Papers are Outward Orientated

When we write a white paper we are usually taking all the decision making a team made and the rationale behind them. It is a place to draw together all those articles and consensus standards we utilized, all the internal technical studies and risk management. White papers are written often aimed for health authorities, auditors, clients and partners.

How to Write a White Paper

Clear goals and target audience

A well-defined purpose is crucial for any white paper. Ask yourself:

  • What do you want to achieve with this document?
  • Who is your primary audience? Common ones are health authorities, clients, other parts of the organization.
  • What action do you want readers to take after reading? Usually it answers questions, but other times there is a translation necessary (e.g. update SOPs)

Concise summary

The executive summary or abstract should:

  • Be no more than 200-250 words
  • Highlight the main problem, solution, and key takeaways
  • Entice the reader to delve into the full document

Strong introduction

A compelling introduction should:

  • Provide context for the topic
  • Establish the relevance and importance of the issue
  • Outline the structure of the paper
  • Hook the reader with an interesting fact, statistic, or scenario

Problem statement

When defining the problem:

  • Use data and real-world examples to illustrate its scope and impact
  • Explain why existing solutions were inadequate
  • Highlight the consequences of not addressing the issue

Well-researched content

To ensure credibility:

  • Use a mix of primary and secondary sources
  • Link to requirements and obligations (i.e. regulatory regulations, consensus standards, industry best practices)
  • Include recent data
  • Reference industry reports and academic studies
  • Conduct original research and risk management as appropriate

Solution(s)

When presenting solutions:

  • Explain the rationale behind each option
  • Discuss pros and cons objectively
  • Provide evidence of effectiveness, such as case studies or pilot results
  • Clearly state why the recommended or chosen solution is superior

Logical flow and structure

Organize your content with:

  • A clear, logical progression of ideas
  • Subheadings and sections for easy navigation
  • Transitional phrases between sections
  • A balance of text, visuals, and white space

Visual elements

Effective visuals can include:

  • Infographics summarizing key data
  • Process diagrams explaining complex concepts
  • Comparison charts for different solutions
  • Relevant photographs or illustrations

Conclusion and call-to-action

A strong conclusion will:

  • Recap the main points without introducing new information
  • Reinforce the urgency of addressing the problem
  • Provide clear, actionable next steps for the reader, as appropriate
  • Include contact information or resources for further engagement

References

Properly cite sources by:

  • Using a consistent citation style (e.g., APA, MLA)
  • Including a bibliography or reference list at the end
  • Using footnotes or endnotes for additional context if necessary

Objective tone

Maintain credibility by:

  • Using a professional, authoritative voice
  • Avoiding overly promotional language
  • Acknowledging potential limitations or challenges
  • Presenting a balanced view of the topic

The Attributes of Good Procedure

Good documentation practices when documenting Work as Prescribed stresses the clarity, accuracy, thoroughness and control of the procedural instruction being written.

Clarity and Accuracy: Documentation should be clear and free from errors, ensuring that instructions are understood and followed correctly. This aligns with the concept of being precise in documentation.

Thoroughness: All relevant activities impacting quality should be recorded and controlled, indicating a need for comprehensive documentation practices.

Control and Integrity: The need for strict control over documentation to maintain integrity, accuracy, and availability throughout its lifecycle.

To meet these requirements we leverage three writing principles of precise, comprehensive and rigid.

Type of InstructionDefinitionAttributesWhen NeededWhyDifferencesExample
Precise Exact and accurate, leaving little room for interpretation.– Specific
– Detailed
– Unambiguous		When accuracy is critical, such as in scientific experiments or programming.Regulatory agencies require precise documentation to ensure tasks are performed consistently and correctlyFocuses on exactness and clarity, ensuring tasks are performed without deviation.Instructions for assembling a computer, specifying exact components and steps.
Comprehensive Complete and covering all necessary aspects of a task.– Thorough
– Inclusive
– Exhaustive		When a task is complex and requires understanding of all components, such as in training manuals.Comprehensive SOPs are crucial for ensuring all aspects of a process are covered, ensuring compliance with regulatory requirements.Provides a full overview, ensuring no part of the task is overlooked.Employee onboarding manual covering company policies, procedures, and culture.
Rigid Strict and inflexible, not allowing for changes.– Fixed
– Inflexible
– Consistent		When safety and compliance are paramount, such as batch recordsRigid instructions ensure compliance with strict regulatory standards.Ensures consistency and adherence to specific protocols, minimizing risks.Safety procedures for operating heavy machinery, with no deviations allowed.

When writing documents based on cognitive principles these three are often excellent for detailed task design but there are significant trade-offs inherent in these attributes when we codify knowledge:

  • The more comprehensive the instructions, the less likely that they can be absorbed, understood, and remembered by those responsible for execution – which is why it is important these instructions are followed at time of execution. Moreover, comprehensive instructions also risk can dilute the sense of responsibility felt by the person executing.
  • The more precise the instructions, the less they allow for customization or the exercise of employee initiative.
  • The more rigid the instructions, the less they will be able to evolve spontaneously as circumstances change. They require rigorous change management.

This means these tools are really good for complicated executions that must follow a specific set of steps. Ideal for equipment operations, testing, batch records. But as we shade into complex processes, which relies on domain knowledge, we start decreasing the rigidity, lowering the degree of precision, and walking a fine line on comprehensiveness.

Where organizations continue to struggle is in this understanding that it is not one size fits all. Every procedure is on a continuum and the level of comprehensiveness, precision and rigidity change as a result. Processes involving human judgement, customization for specific needs, or adaptations for changing circumstances should be written to a different standard than those involving execution of a test. It is also important to remember that a document may require high comprehensiveness, medium precision and low rigidity (for example a validation process).

Remember to use them with other tools for document writing. The goal here is to write documents that are usable to reach the necessary outcome.

Types of Work, an Explainer

The concepts of work-as-imagined, work-as-prescribed, work-as-done, work-as-disclosed, and work-as-reported have been discussed and developed primarily within the field of human factors and ergonomics. These concepts have been elaborated by various experts, including Steven Shorrock, who has written extensively on the topic and I cannot recommend enough.

  • Work-as-Imagined: This concept refers to how people think work should be done or imagine it is done. It is often used by policymakers, regulators, and managers who design work processes without direct involvement in the actual work.
  • Work-as-Prescribed: This involves the formalization of work through rules, procedures, and guidelines. It is how work is officially supposed to be done, often documented in organizational standards.
  • Work-as-Done: This represents the reality of how work is actually performed in practice, including the adaptations and adjustments made by workers to meet real-world demands.
  • Work-as-Disclosed: Also known as work-as-reported or work-as-explained, this is how people describe or report their work, which may differ from both work-as-prescribed and work-as-done due to various factors, including safety and organizational culture[3][4].
  • Work-as-Reported: This term is often used interchangeably with work-as-disclosed and refers to the accounts of work provided by workers, which may be influenced by what they believe should be communicated to others.
  • Work-as-Measured: The quantifiable aspects of work that are tracked and assessed, often focusing on performance metrics and outcomes
AspectWork-as-DoneWork-as-ImaginedWork-as-InstructedWork-as-PrescribedWork-as-ReportedWork-as-Measured
DefinitionActual activities performed in the workplace.How work is thought to be done, based on assumptions and expectation.Direct instructions given to workers on task performance.Formalized work according to rules, policies, and procedures.Description of work as shared verbally or in writing.Quantitative assessment of work performance.
PurposeAchieve objectives in real-world conditions, adapting as necessary.Conceptual understanding and planning of work.Ensure tasks are performed correctly and efficiently.Standardize and control work for compliance and safety.Communicate work processes and outcomes.Evaluate work efficiency and effectiveness.
CharacteristicsAdaptive, context-dependent, often involves improvisation.Based on assumptions, may not align with reality.Clear, direct, and often specific to tasks.Detailed, formal, assumed to be the correct way to work.May not fully reflect reality, influenced by audience and context.Objective, based on metrics and data.
AspectWork-as-MeasuredWork-as-Judged
DefinitionQuantification or classification of aspects of work.Evaluation or assessment of work based on criteria or standards.
PurposeTo assess, understand, and evaluate work performance using metrics and data.To form opinions or make decisions about work quality or effectiveness.
CharacteristicsObjective and subjective measures, often numerical; can lack stability and validity.Subjective, influenced by personal biases, experiences, and expectations.
AgencyConducted by supervisors, managers, or specialists in various fields.Performed by individuals or groups with authority to evaluate work performance.
GranularityCan range from coarse (e.g., overall productivity) to fine (e.g., specific actions).Typically broader, considering overall performance rather than specific details.
InfluenceAffected by technological, social, and regulatory contexts.Affected by preconceived notions and potential biases.

Further Reading

Applying a Layers of Controls Analysis to Contamination Control

Layers of Controls Analysis (LOCA)

Layers of Controls Analysis (LOCA) provides a comprehensive framework for evaluating multiple layers of protection to reduce and manage operational risks. By examining both preventive and mitigative control measures simultaneously, LOCA allows organizations to gain a holistic view of their risk management strategy. This approach is particularly valuable in complex operational environments where multiple safeguards and protective systems are in place.

One of the key strengths of LOCA is its ability to identify gaps in protection. By systematically analyzing each layer of control, from basic process design to emergency response procedures, LOCA can reveal areas where additional safeguards may be necessary. This insight is crucial for guiding decisions on implementing new risk reduction measures or enhancing existing ones. The analysis helps organizations prioritize their risk management efforts and allocate resources more effectively.

Furthermore, LOCA provides a structured way to document and justify risk reduction measures. This documentation is invaluable for regulatory compliance, internal audits, and continuous improvement initiatives. By clearly outlining the rationale behind each protective layer and its contribution to overall risk reduction, organizations can demonstrate due diligence in their safety and risk management practices.

Another significant advantage of LOCA is its promotion of a holistic view of risk control. Rather than evaluating individual safeguards in isolation, LOCA considers the cumulative effect of multiple protective layers. This approach recognizes that risk reduction is often achieved through the interaction of various control measures, ranging from engineered systems to administrative procedures and emergency response capabilities.

By building on other risk assessment techniques, such as Hazard and Operability (HAZOP) studies and Fault Tree Analysis, LOCA provides a more complete picture of protection systems. It allows organizations to assess the effectiveness of their entire risk management strategy, from prevention to mitigation, and ensures that risks are reduced to an acceptable level. This comprehensive approach is particularly valuable in high-hazard industries where the consequences of failures can be severe.

LOCA combines elements of two other methods – Layers of Protection Analysis (LOPA) and Layers of Mitigation Analysis (LOMA).

Layers of Protection Analysis

To execute a Layers of Protection Analysis (LOPA), follow these key steps:

Define the hazardous scenario and consequences:

  • Clearly identify the hazardous event being analyzed
  • Determine the potential consequences if all protection layers fail

Identify initiating events:

  • List events that could trigger the hazardous scenario
  • Estimate the frequency of each initiating event

Identify Independent Protection Layers (IPLs):

  • Determine existing safeguards that can prevent the scenario
  • Evaluate if each safeguard qualifies as an IPL (independent, auditable, effective)
  • Estimate the Probability of Failure on Demand (PFD) for each IPL

Identify Conditional Modifiers:

  • Determine factors that impact scenario probability (e.g. occupancy, ignition probability)
  • Estimate probability for each modifier

Calculate scenario frequency:

  • Multiply initiating event frequency by PFDs of IPLs and conditional modifiers

Compare to risk tolerance criteria:

  • Determine if calculated frequency meets acceptable risk level
  • If not, identify need for additional IPLs

Document results:

  • Record all assumptions, data sources, and calculations
  • Summarize findings and recommendations

Review and validate:

  • Have results reviewed by subject matter experts
  • Validate key assumptions and data inputs

Key aspects for successful LOPA execution

  • Use a multidisciplinary team
  • Ensure independence between IPLs
  • Be conservative in estimates
  • Focus on prevention rather than mitigation
  • Consider human factors in IPL reliability
  • Use consistent data sources and methods

Layers of Mitigation Analysis

LOMA focuses on analyzing reactionary or mitigative measures, as opposed to preventive measures.

A LOCA as part of Contamination Control

A Layers of Controls Analysis (LOCA) can be effectively applied to contamination control in biotech manufacturing by systematically evaluating multiple layers of protection against contamination risks.

To determine potential hazards when conducting a Layer of Controls Analysis (LOCA) for contamination control in biotech, follow these steps:

  1. Form a multidisciplinary team: Include members from manufacturing, quality control, microbiology, engineering, and environmental health & safety to gain diverse perspectives.
  2. Review existing processes and procedures: Examine standard operating procedures, experimental protocols, and equipment manuals to identify potential risks associated with each step.
  3. Consider different hazard types. Focus on categories like:
    • Biological hazards (e.g., microorganisms, cell lines)
    • Chemical hazards (e.g., toxic substances, flammable materials)
    • Physical hazards (e.g., equipment-related risks)
    • Radiological hazards (if applicable)
  4. Analyze specific contamination hazard types for biotech settings:
    • Mix-up: Materials used for the wrong product
    • Mechanical transfer: Cross-contamination via personnel, supplies, or equipment
    • Airborne transfer: Contaminant movement through air/HVAC systems
    • Retention: Inadequate removal of materials from surfaces
    • Proliferation: Potential growth of biological agents
  5. Conduct a process analysis: Break down each laboratory activity into steps and identify potential hazards at each stage.
  6. Consider human factors: Evaluate potential for human error, such as incorrect handling of materials or improper use of equipment.
  7. Assess facility and equipment: Examine the layout, containment measures, and equipment condition for potential hazards.
  8. Review past incidents and near-misses: Analyze previous safety incidents or close calls to identify recurring or potential hazards.
  9. Consult relevant guidelines and regulations: Reference industry standards, biosafety guidelines, and regulatory requirements to ensure comprehensive hazard identification.
  10. Use brainstorming techniques: Encourage team members to think creatively about potential hazards that may not be immediately obvious.
  11. Evaluate hazards at different scales: Consider how hazards might change as processes scale up from research to production levels.
  • Facility Design and Engineering Controls
    • Cleanroom design and classification
    • HVAC systems with HEPA filtration
    • Airlocks and pressure cascades
    • Segregated manufacturing areas
  • Equipment and Process Design
    • Closed processing systems
    • Single-use technologies
    • Sterilization and sanitization systems
    • In-line filtration
  • Operational Controls
    • Aseptic techniques and procedures
    • Environmental monitoring programs
    • Cleaning and disinfection protocols
    • Personnel gowning and hygiene practices
  • Quality Control Measures
    • In-process testing (e.g., bioburden, endotoxin)
    • Final product sterility testing
    • Environmental monitoring data review
    • Batch record review
  • Organizational Controls
    • Training programs
    • Standard operating procedures (SOPs)
    • Quality management systems
    • Change control processes
  1. Evaluate reliability and capability of each control:
    • Review historical performance data for each control measure
    • Assess the control’s ability to prevent or detect contamination
    • Consider the control’s consistency in different operating conditions
  2. Consider potential failure modes:
    • Conduct a Failure Mode and Effects Analysis (FMEA) for each control
    • Identify potential ways the control could fail or be compromised
    • Assess the likelihood and impact of each failure mode
  3. Evaluate human factors:
    • Assess the complexity and potential for human error in each control
    • Review training effectiveness and compliance with procedures
    • Consider ergonomics and usability of equipment and systems
  4. Analyze technology effectiveness:
    • Evaluate the performance of automated systems and equipment
    • Assess the reliability of monitoring and detection technologies
    • Consider the integration of different technological controls
  1. Quantify risk reduction:
    • Assign risk reduction factors to each layer based on its effectiveness
    • Use a consistent scale (e.g., 1-10) to rate each control’s risk reduction capability
    • Calculate the cumulative risk reduction across all layers
  2. Assess interdependencies between layers:
    • Identify any controls that rely on or affect other controls
    • Evaluate how failures in one layer might impact the effectiveness of others
    • Consider potential common mode failures across multiple layers
  3. Review control performance metrics:
    • Analyze trends in environmental monitoring data
    • Examine out-of-specification results and their root causes
    • Assess the frequency and severity of contamination events
  1. Determine acceptable risk levels:
    • Define your organization’s risk tolerance for contamination events
    • Compare current risk levels against these thresholds
  2. Identify gaps:
    • Highlight areas where current controls fall short of required protection
    • Note processes or areas with insufficient redundancy
  3. Propose improvements:
    • Suggest enhancements to existing controls
    • Recommend new control measures to address identified gaps
  4. Prioritize actions:
    • Rank proposed improvements based on risk reduction potential and feasibility
    • Consider cost-benefit analysis for major changes
  5. Seek expert input:
    • Consult with subject matter experts on proposed improvements
    • Consider third-party assessments for critical areas
  6. Plan for implementation:
    • Develop action plans for addressing identified gaps
    • Assign responsibilities and timelines for improvements
  1. Document and review:
  1. Implement continuous monitoring and review:
  2. Develop a holistic CCS document:
    • Describe overall contamination control approach
    • Detail how different controls work together
    • Include risk assessments and rationales
  3. Establish governance and oversight:
    • Create a cross-functional CCS team
    • Define roles and responsibilities
    • Implement a regular review process
  4. Integrate with quality systems:
    • Align CCS with existing quality management processes
    • Ensure change control procedures consider CCS impact
  5. Provide comprehensive training:
    • Train all personnel on CCS principles and practices
    • Implement contamination control ambassador program
  1. Implement regular review cycles:
    • Schedule periodic reviews of the LOCA (e.g., annually or bi-annually)
    • Involve a cross-functional team including quality, manufacturing, and engineering
  2. Analyze trends and data:
    • Review environmental monitoring data
    • Examine out-of-specification results and their root causes
    • Assess the frequency and severity of contamination events
  3. Identify improvement opportunities:
    • Use gap analysis to compare current controls against industry best practices
    • Evaluate new technologies and methodologies for contamination control
    • Consider feedback from contamination control ambassadors and staff
  4. Prioritize improvements:
    • Rank proposed enhancements based on risk reduction potential and feasibility
    • Consider cost-benefit analysis for major changes
  5. Implement changes:
    • Update standard operating procedures (SOPs) as needed
    • Provide training on new or modified control measures
    • Validate changes to ensure effectiveness
  6. Monitor and measure impact:
    • Establish key performance indicators (KPIs) for each layer of control
    • Track improvements in contamination rates and overall control effectiveness
  7. Foster a culture of continuous improvement:
    • Encourage proactive reporting of potential issues
    • Recognize and reward staff contributions to contamination control
  8. Stay updated on regulatory requirements:
    • Regularly review and incorporate changes in regulations (e.g., EU GMP Annex 1)
    • Attend industry conferences and workshops on contamination control
  9. Integrate with overall quality systems:
    • Ensure LOCA improvements align with the site’s Quality Management System
    • Update the Contamination Control Strategy (CCS) document as needed
  10. Leverage technology:
    • Implement digital solutions for environmental monitoring and data analysis
    • Consider advanced technologies like rapid microbial detection methods
  11. Conduct periodic audits:
    • Perform surprise audits to ensure adherence to protocols
    • Use findings to further refine the LOCA and control measures