Category: system lifecycle

Environmental Impact for Risk Assessments

Contamination occurs in two ways:

  • Environmental contamination results from the ingress of contaminants from the surrounding production areas or even from outside environments
  • Cross-contamination is defined as contamination of a starting material, intermediate product or finished product with another starting material or product during production.

Whether performing risk assessments or impact assessments there are six factors to consider in order to determine environmental impact and to inform contamination control.

  1. Amenability of equipment and surfaces to cleaning and sanitization
  2. Personnel presence and flow
  3. Material flow
  4. Proximity to open product or exposed direct product-contact material
  5. Interventions/operations by personnel and their complexity
  6. Frequency of interventions/process operations.

Risk Assessment for Environmental Monitoring

Maybe you’ve been there too, you need to take a risk-based approach to determine environmental monitoring, so you go to a HAACP or FMEA and realize those tools just do not work to provide information to determine how to distribute monitoring to best verify that processes are operating under control.

What you want to do is build a heat map showing the relative probability of contamination in a defined area or room| covering six areas:

  1. Amenability of equipment and surfaces to cleaning and sanitization
  2. Personnel presence and flow
  3. Material flow
  4. Proximity to open product or exposed direct product-contact material
  5. Interventions/operations by personnel and their complexity
  6. Frequency of interventions/process operations.

This approach builds off of the design activities and is part of a set of living risk assessments that inform the environmental monitoring part of your contamination control strategy.

Hope to see you in Bethesda to discuss more!

The Program Level in the Document Hierarchy

A fairly traditional document hierarchy, in line with ISO 9001 and other standards looks like this:

Document hierarchy

This process tends to support best an approach where there is a policy that states requirements to do X, a procedure that gives the who, what, when of X, and work instructions that provide the how of X, which results in a lot of records providing X was done.

But life is complicated, and there are sets of activities that combine the Xs in a wide variety, and in complicated environments there may be multiple ways to bundle the Xs.

This is why I add a layer between policy and procedure, called the program, which is a mapping requirement that shows the various ways to interpret the requirements to specific needs.

Document hierarchy with Programs

The program document level shouldn’t be a stranger to those in the GMP world, ICH Q11 control strategy and the Annex 1 contamination control strategy are two good examples. What this document does is tie together processes and demonstrates the design that went into it.

The beauty of this document is that it helps translate down from the requirements (internal and external) to the process and procedures (including technology), how they interact, and how they are supported by technical assessments, risk management, and other control activities. Think of it as the design document and the connective tissue.

Risk, Hazard and Harm

Risk Is….

The combination of the probability of the occurrence of the harm and the severity of that harm.

The effect of uncertainty on objectives

Often characterized by reference to the potential event and consequences or combination of these

Often expressed in terms of a combination of the consequences of an event (including in changes in circumstances) and the associated likelihood of the occurrence

 

Hazard, harm and risk

HazardHarmRisk
Enabling state that leads to the possibility of harmInjury or damageProbability of harm from a situation triggered by the hazard.
Hazard harm and risk

A hazard is defined in ISO 12100 as “The potential source of harm.” This definition is carried through other ISOs and regulatory guidances. The hazard is what could go wrong, our “What If…”, it is when we start engaging the outcome identification loop to query uncertainty about the future.

Harm are those injuries or damages I should care about.

Every risk assessment is really asking “What could go wrong,” and then answering two questions:

  1. If it did go wrong how bad is it – the Harm
  2. And how likely is it to go wrong – Probability.

Risk is then the combination of those things as a magnitude or priority.

Risk assessment tools break down into two major camps. Those that start with the hazards, asking how something can fail; and those that start with the harms, asking what bad things do we want to avoid.

Work-As-Instructed

As part of his model for Proxies for Work-as-Done, Steven Shorrock covers Work-as-Instructed. I think the entire series is salient to the work of building a quality organization, so please spend the time to read the entire series. You’ll definitely see inspiration in many of the themes I’ve been discussing.

Work-as-Instructed in training and personnel qualification, topics near and dear to my own heart.

Steven provides a few attributes for Work-as-Instructed, three of which fidelity, completeness, and granularity are constant concerns for me.