Risk Management Plan Configuration: Process Risk Assessments (Part 6)

Editor’s Note: This is part 6 of a 7 part series on Process Risk Assessments.

Last week, we discussed the importance of considering your people in the design and structure of your risk management process. We showed how applying their skills to a structured and data-driven approach can accelerate and maximize risk understanding. Furthermore, we discussed that while designing that structure, it is important to advocate for a strong foundation that produces easily understandable assessments to guide future work.

This week, we’re going to put the pieces together and review the structure of risk configuration in QbDVision that bring these concepts to life.

Let’s review!

Risk Management Plan Configuration

QbDVision provides significant flexibility in defining your risk management plan (RMP) because there is no consistent prescription for these plans. As a result, pharma organizations have myriad different designs for their plans in terms of the number of levels, terminology, definitions, etc. The QbDVision RMP object focuses on an FMEA/FMECA approach allowing you to define the following discrete and calculated layers.

  • Impact/Severity of Harm (Discrete)
  • Uncertainty/Likelihood of Harm (Discrete)
  • Criticality (Calculated)
  • Capability Risk/Occurrence (Discrete)
  • Process Risk (Calculated)
  • Detectability Risk (Discrete)
  • Risk Priority Number (Calculated)

For each Discrete layer, the user can define the number of levels and for each level they can define:

  • Score and Score Label (e.g. 5 – Medium)
  • Color
  • Description

For each Calculated Layer, the user can define the number of levels and for each level they can define:

  • Range of calculated values (e.g. 1% – 10%)
  • Score Label for the Range (e.g. Low)
  • Color
  • Risk Label (e.g. Not Critical, Possibly Critical, Critical)
  • Development Activity
  • Control Strategy

The Criticality layer has a unique column labeled Critical with checkboxes. Any variable having a Criticality value in the range where the box is checked will be marked as Critical. This is how quality attributes and process parameters get designated as CQAs and CPPs in the QbDVision system.

Always Critical

The Impact layer also has a special override function to handle the assignment of Criticality when the impact can be catastrophic. As an example, let’s say that you are evaluating a final quality attribute and you decide that the Impact of this variable being out of specification is catastrophic to patient safety. Given the seriousness of the impact, the prudent decision is to make this variable Critical regardless of the Uncertainty or Likelihood of it happening. To enable this functionality, the Impact layer has an Always Critical checkbox for each layer. If a layer has this box checked, then any variable with an Impact value corresponding to this level will automatically be categorized as Critical.

Normalized Values

The RMP structure in QbDVision has four discrete layers and three calculated layers. The Criticality layer is calculated by taking the product of Impact and Uncertainty. The Process Risk layer is calculated by taking the product of Criticality and Capability Risk. And, the RPN layer is calculated by taking the product of Process Risk and Detectability Risk. Let’s take an example where the max value for each Discrete layer is 5. For the calculated layers, you can calculate the raw values as shown in the table below.

Assigned ValueCalculated Raw Value
Impact = 5
Uncertainty = 5
Criticality = 25
Capability Risk = 2Process Risk = 50
Detectability Risk = 1RPN = 50

It is interesting that even though the Capability Risk and Detectability Risk are relatively low, the overall risk-based on raw value seems to be going up which doesn’t make sense. Even though the Criticality is high, a well-controlled process that has low detectability risk should lower the overall risk. The focus on raw values is misleading because it does not take into account the scale of each layer. Let’s take the scale into account and use the scale of each layer to normalize the raw value between 0 and 100%.

Assigned ValueCalculated Raw ValueMax Value of Calculated LayerNormalized Value
Impact = 5
Uncertainty = 5
Criticality = 2525100%
Capability Risk = 2Process Risk = 5012540%
Detectability Risk = 1RPN = 506258%

Using the Normalized Value, which takes the scale of the calculated layer into account, makes more sense and correctly shows the overall risk dropping because of a well-controlled process and low detectability risk. For this reason, the RMP configuration in QbDVision works with normalized ranges for the Criticality, Process Risk, and RPN layers.

Pretty powerful, right?

Now that you’ve seen some of the capabilities to implement the structures discussed, we will wrap up our series and bring it all together in one final post next week. Stay tuned!

This post is part of 7 in a series on practical risk management for pharmaceutical process development.