100%(1)Il 100% ha trovato utile questo documento (1 voto)
210 visualizzazioni52 pagine
This document discusses risk assessment and management. It defines key terms like hazard, risk, quality, and provides definitions for concepts in risk assessment like risk acceptance, analysis, assessment, communication, evaluation, identification, management, reduction, review, and severity. It outlines the risk management process as establishing goals and teams, defining scope, identifying hazards, expressing and evaluating risk, determining if risk is acceptable, controlling risks if needed, reevaluating, implementing controls, and communicating. Steps in the process like hazard identification, risk estimation, evaluation, and control are also explained.
This document discusses risk assessment and management. It defines key terms like hazard, risk, quality, and provides definitions for concepts in risk assessment like risk acceptance, analysis, assessment, communication, evaluation, identification, management, reduction, review, and severity. It outlines the risk management process as establishing goals and teams, defining scope, identifying hazards, expressing and evaluating risk, determining if risk is acceptable, controlling risks if needed, reevaluating, implementing controls, and communicating. Steps in the process like hazard identification, risk estimation, evaluation, and control are also explained.
This document discusses risk assessment and management. It defines key terms like hazard, risk, quality, and provides definitions for concepts in risk assessment like risk acceptance, analysis, assessment, communication, evaluation, identification, management, reduction, review, and severity. It outlines the risk management process as establishing goals and teams, defining scope, identifying hazards, expressing and evaluating risk, determining if risk is acceptable, controlling risks if needed, reevaluating, implementing controls, and communicating. Steps in the process like hazard identification, risk estimation, evaluation, and control are also explained.
Management Management Allen L. Burgenson Allen L. Burgenson Manager, Regulatory Affairs Manager, Regulatory Affairs Lonza Walkersville Inc. Lonza Walkersville Inc. Standard Disclaimer Standard Disclaimer Standard Disclaimer Standard Disclaimer : : This presentation is the opinion of the presenter, This presentation is the opinion of the presenter, and does not necessarily represent the opinions and does not necessarily represent the opinions or practices of Lonza Inc. or its subsidiaries. or practices of Lonza Inc. or its subsidiaries. Overview Overview
Concepts Concepts
Definitions Definitions
Specific Applications Specific Applications What is Risk What is Risk Risk and Consequences Risk and Consequences Definitions Definitions Hazard: Hazard: The potential source of harm (ISO/IEC Guide 51) The potential source of harm (ISO/IEC Guide 51) Risk: Risk: The combination of the probability of occurrence of harm, The combination of the probability of occurrence of harm, and the severity of that harm (ISO/IEC Guide 51) and the severity of that harm (ISO/IEC Guide 51) Quality: Quality: The degree to which a set of inherent properties of a The degree to which a set of inherent properties of a product, system, or process fulfills requirements. (ICH Q9) product, system, or process fulfills requirements. (ICH Q9) Definitions Definitions Risk Risk Acceptence Acceptence: : The decision to accept risk (ISO Guide 73) The decision to accept risk (ISO Guide 73) Risk Analysis: Risk Analysis: The estimation of the risk associated with the identified The estimation of the risk associated with the identified hazards (ICH Q9) hazards (ICH Q9) Risk Assessment: Risk Assessment: A systematic process of organizing information to support a A systematic process of organizing information to support a risk decision to be made within a risk management risk decision to be made within a risk management process. It consists of the identification of the hazards, and process. It consists of the identification of the hazards, and the analysis and evaluation of risks associated with the the analysis and evaluation of risks associated with the exposure to these hazards (ICH O9) exposure to these hazards (ICH O9) Definitions Definitions Risk Communication: Risk Communication: The sharing of information about risk and risk The sharing of information about risk and risk management between the decision maker and the management between the decision maker and the stakeholder stakeholder Risk evaluation: Risk evaluation: The comparison of the estimated risk to given risk criteria The comparison of the estimated risk to given risk criteria using a quantitative or qualitative scale to determine the using a quantitative or qualitative scale to determine the significance of the risk significance of the risk Risk identification: Risk identification: The systematic use of The systematic use of informaton informaton to identify potential to identify potential sources of harm (hazards) referring to the risk question or sources of harm (hazards) referring to the risk question or problem description. problem description. Definitions Definitions Risk management: Risk management: The systematic application of quality management policies, The systematic application of quality management policies, procedures and practices to the tasks of assessing, procedures and practices to the tasks of assessing, controlling, communicating, and reviewing risk. controlling, communicating, and reviewing risk. Risk reduction: Risk reduction: Actions taken to lessen the probability of occurrence of Actions taken to lessen the probability of occurrence of harm and the severity of that harm. harm and the severity of that harm. Risk review: Risk review: Review or monitoring of output/results of the risk Review or monitoring of output/results of the risk management process considering (if appropriate) new management process considering (if appropriate) new knowledge and experience about the risk. knowledge and experience about the risk. Definitions Definitions Severity: Severity: A measure of the possible consequences of a hazard A measure of the possible consequences of a hazard Stakeholder: Stakeholder: Any individual, group, or organization that can affect, be Any individual, group, or organization that can affect, be affected by, or perceive itself to be affected by a risk. affected by, or perceive itself to be affected by a risk. Decision makers might also be stakeholders. Decision makers might also be stakeholders. Hazard Hazard
A real or potential condition, situation, or agent A real or potential condition, situation, or agent that could cause immediate or long that could cause immediate or long - - term harm term harm to people or an organization; damage or loss of to people or an organization; damage or loss of a system, equipment, property, or the a system, equipment, property, or the environment, or other things of value environment, or other things of value James L. Vesper James L. Vesper Risk Assessment and Risk Management in Risk Assessment and Risk Management in the Pharmaceutical Industry (2006) PDA/DHI the Pharmaceutical Industry (2006) PDA/DHI Risk Risk
Risk is the possibility that human activities or Risk is the possibility that human activities or natural events will lead to consequences that natural events will lead to consequences that affect what people value. It is a measure of the affect what people value. It is a measure of the potential ability to achieve overall program potential ability to achieve overall program objectives within defined costs, schedule, and objectives within defined costs, schedule, and performance criteria. Risk has three performance criteria. Risk has three components: components: What could go wrong? What could go wrong? What is the What is the probability probability of failing to achieve a of failing to achieve a particular outcome? particular outcome? What is the What is the impact impact of failing to achieve a particular of failing to achieve a particular outcome? outcome? The Risk Management Process The Risk Management Process
System Definition System Definition
Hazard Identification Hazard Identification
Risk Estimation Risk Estimation
Risk Evaluation Risk Evaluation
Risk Control Risk Control
Risk Monitoring and Re Risk Monitoring and Re - - evaluation evaluation
Risk Communication Risk Communication The Risk Management Process The Risk Management Process System, Product, or Process Definition Hazard Identification Risk Estimation Monitoring and Re-evaluation Risk Acceptable? Control and Mitigation YES NO Risk Management Risk Analysis Tools: - PRA - FMEA - FTA - HAZOPS - HACCP - ETC. Communication Vesper, 2006 S y s t e m D e s c r i p t i o n R i s k
A n a l y s i s R i s k
A s s e s s m e n t Risk Management Process Risk Management Process
Define the scope for the process/product Define the scope for the process/product
Identify the potential hazards Identify the potential hazards
Identify how risk can be expressed and criticality Identify how risk can be expressed and criticality
Determine if the risk is acceptable Determine if the risk is acceptable
If risk is to be controlled, identify appropriate If risk is to be controlled, identify appropriate methods methods Risk Management Process Risk Management Process
Re Re - - evaluate the controlled risk to determine if evaluate the controlled risk to determine if risk is now acceptable risk is now acceptable
Implement risk control methods Implement risk control methods
Compile records to document activities Compile records to document activities
Monitor the process for effectiveness Monitor the process for effectiveness
Actively communicate with stakeholders Actively communicate with stakeholders throughout the process! throughout the process! System Definition System Definition
What is to be evaluated? What is to be evaluated?
What stage of production is being evaluated? What stage of production is being evaluated?
Why is this being evaluated? Why is this being evaluated?
Assemble cross Assemble cross - - functional team for assessment functional team for assessment Hazard Identification Hazard Identification
Is there an intrinsic hazard? Is there an intrinsic hazard?
Are there multiple hazards? Are there multiple hazards?
Are the hazards immediately detectable, or are Are the hazards immediately detectable, or are they long they long - - term? term?
Does the hazard trigger a chain reaction of Does the hazard trigger a chain reaction of events? events?
Who or what do the hazards effect? Who or what do the hazards effect? Risk Estimation Risk Estimation
What is the probability that the risk is What is the probability that the risk is expressed? expressed?
Qualitative Qualitative
Semi Semi - - quantitative quantitative
Quantitative Quantitative
What is the impact of the resulting effects? What is the impact of the resulting effects?
Local effects Local effects
End effects End effects Risk Evaluation Risk Evaluation
Is the risk acceptable? Is the risk acceptable?
Do the risks need to be mitigated or controlled? Do the risks need to be mitigated or controlled?
ALARA ALARA
As Low As Reasonably Achievable
As Low As Reasonably Achievable
ALARP ALARP
As low As Reasonably Practicable
As low As Reasonably Practicable Risk Control Risk Control
How can the risk be controlled? How can the risk be controlled?
Substitution Substitution
Uncoupling Uncoupling
Process simplification Process simplification
Isolation Isolation
Elimination Elimination
Changing conditions Changing conditions
Providing more information Providing more information Risk Control Risk Control
How can the risk be controlled? How can the risk be controlled?
Decreasing the frequency of an event happening Decreasing the frequency of an event happening
Decreasing the consequences Decreasing the consequences
Duplicating assets Duplicating assets
Changing the source Changing the source
Implementing standard procedures Implementing standard procedures
Engineering controls Engineering controls
Training and preparedness Training and preparedness Risk Monitoring and Re Risk Monitoring and Re - - evaluation evaluation
Collect data on the process Collect data on the process
Have any unpredicted risks appeared? Have any unpredicted risks appeared?
Risk environment changes Risk environment changes
Company expectations Company expectations
Regulatory environment Regulatory environment
Societal expectations Societal expectations Risk Communication Risk Communication
Effective communication should take place Effective communication should take place throughout the entire risk management process. throughout the entire risk management process.
Include ALL stakeholders! Include ALL stakeholders! Risk Assessment Tools Risk Assessment Tools
Adds criticality analysis to FMEA Adds criticality analysis to FMEA
Structured inductive tools to identify known or Structured inductive tools to identify known or potential failure modes potential failure modes FMEA and FMECA FMEA and FMECA
Benefits: Benefits:
Used to examine high Used to examine high - - level systems or small level systems or small components components
Scalable Scalable
Quantitative or semi Quantitative or semi - - quantitative quantitative
Limitations Limitations
Each event is a separate occurrence Each event is a separate occurrence
Does not show interactions Does not show interactions FMEA and FMECA FMEA and FMECA 1. 1. Define what is being analyzed Define what is being analyzed 2. 2. Identify the potential failure modes Identify the potential failure modes 3. 3. Identify the effects of each failure mode Identify the effects of each failure mode 4. 4. Rate each effect for: Rate each effect for:
Probability of occurrence Probability of occurrence
Severity Severity
Detectability Detectability
Calculate Risk Priority Number Calculate Risk Priority Number RPN = probability x severity x detectability* RPN = probability x severity x detectability* FMEA and FMECA FMEA and FMECA 5. 5. Prioritize the effects based on RPN and Prioritize the effects based on RPN and determine risk acceptability determine risk acceptability 6. 6. If risk acceptable, continue monitoring If risk acceptable, continue monitoring 7. 7. If risk must be modified or eliminated, If risk must be modified or eliminated, consider appropriate control or mitigation consider appropriate control or mitigation strategies strategies 8. 8. Prepare report and retain documentation Prepare report and retain documentation The PROBABILITY of Occurrence near certain significant data on similar activities 10 significant likelihood limited prior data on similar activities 9 good likelihood no prior data on similar activities 8 good likelihood limited data on dissimilar activities 7 fair likelihood significant data on dissimilar activities 6 fair likelihood limited data on similar activities 5 fair likelihood significant data on similar activities 4 low likelihood limited data on similar activities 3 very low likelihood significant data on similar activities 2 virtually no likelihood significant data on the same activity 1 Probability of Occurrence Probability of Occurrence of Adverse Event of Adverse Event Amount of Data Amount of Data Probability Probability Rating Rating IMPACT OF RISK ON THE PERFORMANCE OF THE PRODUCT OR SERVICE there is no alternative or solution critically negative impact 10 even the work-arounds present significant risk critically negative impact 9 extensive work-arounds are necessary significant, negative impact 8 extensive work-arounds may be necessary significant, negative impact 7 requires work-arounds to meet acceptable tolerances significant, negative impact 6 requires modest changes in production impact negatively 5 requires very minor changes in production impact negatively 4 remains within acceptable tolerances some negative impact 3 remains well within acceptable tolerances some negative impact 2 none no measurable impact 1 Process Changes Product or Service Quality Impact Impact Rating Impact and Probability The Severity Index Highest Impact of the Risk Event P r o b a b I l I t y Severity 10 10 20 30 40 50 60 70 80 90 100 9 9 18 27 36 45 54 63 72 81 90 8 8 16 24 32 40 48 56 64 72 80 7 7 14 21 28 35 42 48 56 63 70 6 6 12 18 24 30 36 42 48 54 60 5 5 10 15 20 25 30 35 40 45 50 4 4 8 12 16 20 24 28 32 36 40 3 3 6 9 12 15 18 21 24 27 30 2 2 4 6 8 10 12 14 16 18 20 1 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 Risk Level Definition High 60 & above Because concerted and continual emphasis and coordination may not be sufficient to overcome major difficulties, these events must be placed in the program and fully funded. They are likely to cause significant disruption in the schedule, increase in cost (relative to the total production cost of the product), and/or degradation of technical performance. Medium 20 - 59 Special emphasis and close coordination will be required to mitigate this risk. Should this risk occur significant disruption of schedule, increase in cost (relative to the production cost of the product) and/or degradation of technical performance is likely. Low Below 20 Normal emphasis and close coordination should be sufficient to mitigate major difficulties. However, should this risk occur, there is potential for disruption of schedule, increase in cost (relative to the production cost of the product), and/or degradation of technical performance. Fund at the risk-adjusted value. Risk in Project Management Risk in Project Management When everything everything is a priority, nothing nothing is a priority! The PROBABILITY of Occurrence near certain significant data on similar activities 10 significant likelihood limited prior data on similar activities 9 good likelihood no prior data on similar activities 8 good likelihood limited data on dissimilar activities 7 fair likelihood significant data on dissimilar activities 6 fair likelihood limited data on similar activities 5 fair likelihood significant data on similar activities 4 low likelihood limited data on similar activities 3 very low likelihood significant data on similar activities 2 virtually no likelihood significant data on the same activity 1 Probability of Occurrence Probability of Occurrence of Adverse Event of Adverse Event Amount of Data Amount of Data Probability Probability Rating Rating 1. A risk event occurs, and has a small, immeasurable impact on the activity under assessment. 2. A risk event occurs, and the time to complete the activity under assessment has been extended by 1 month. 3. A risk event occurs, extending the activity schedule by 2 to 3 months. 4. A risk event occurs, extending the activity schedule by 3 to 6 months. 5. A risk event occurs and extends the activity schedule by 6 to 9 months. 6. A risk event occurs and extends the activity schedule by 9 to 12 months. 7. A risk event occurs and extends the activity schedule by 12 to 18 months. 8. A risk event occurs and extends the activity schedule by 18 to 24 months. 9. A risk event occurs and delays the activity schedule by more than two years. 10. A risk event occurs and it stops the program! IMPACT ON THE ACTIVITY SCHEDULE SHOULD A RISK EVENT OCCUR Risk Effects on Timelines Risk Effects on Timelines Proj ect " A" Ti mel i nes Pessi mi sti c Real i sti c Optomi sti c 0 2 4 6 8 10 12 14 16 18 20 1 HACCP HACCP
Hazard Analysis and Critical Control Points Hazard Analysis and Critical Control Points
Originally established for use in the food Originally established for use in the food industry industry
A system of hazard control pioneered by the A system of hazard control pioneered by the Pillsbury Co. Pillsbury Co.
Now accepted internationally as a system of Now accepted internationally as a system of food risk assessment. food risk assessment.
Can easily be adapted to other industries Can easily be adapted to other industries HACCP Preliminary Activities HACCP Preliminary Activities 1. Assemble the HACCP team 2. Describe the product and its distribution 3. Describe the intended use and consumers of the product 4. Develop a process flow diagram 5. Verify the flow diagram HACCP Principles HACCP Principles 1. 1. Conduct a Hazard Analysis Conduct a Hazard Analysis 2. 2. Identify the Critical Control Points in the Identify the Critical Control Points in the Process Process 3. 3. Establish critical limits associated with each Establish critical limits associated with each identified control point identified control point 4. 4. Establish CCP monitoring requirements Establish CCP monitoring requirements HACCP Principles HACCP Principles 5. 5. Establish corrective action when deviation Establish corrective action when deviation occurs occurs 6. 6. Establish effective recordkeeping to document Establish effective recordkeeping to document HACCP system HACCP system 7. 7. Establish procedures to verify HACCP system Establish procedures to verify HACCP system is working is working 8. 8. Establish procedures to verify HACCP system Establish procedures to verify HACCP system is working is working Conduct a Hazard Analysis Conduct a Hazard Analysis
Team uses the process flow diagram to identify Team uses the process flow diagram to identify any risks that may occur at a given process step. any risks that may occur at a given process step.
Assess the risks for probability of occurrence Assess the risks for probability of occurrence and impact and impact
Assess potential preventative measures Assess potential preventative measures Identify the Critical Control Points in the Identify the Critical Control Points in the Process Process
A critical Control Point is a step or procedure A critical Control Point is a step or procedure that can be applied, and a food hazard that can be applied, and a food hazard prevented, eliminated, or reduced to an prevented, eliminated, or reduced to an acceptable level. acceptable level.
Example: a specified heat process, at a given Example: a specified heat process, at a given time and temperature to destroy a specified time and temperature to destroy a specified microbial pathogen, is a CCP. microbial pathogen, is a CCP. Establish Critical Limits Associated Establish Critical Limits Associated With Each Identified Control Point With Each Identified Control Point
A critical limit is defined as a criterion that must A critical limit is defined as a criterion that must be met for each preventative measure associated be met for each preventative measure associated with a CCP. with a CCP.
Each CCP may have one or more preventative Each CCP may have one or more preventative measures for the CCP measures for the CCP Establish CCP Monitoring Establish CCP Monitoring Requirements Requirements
Monitoring is a planned sequence of Monitoring is a planned sequence of observations to assess if a CCP is under control, observations to assess if a CCP is under control, and produce an accurate record. and produce an accurate record.
If monitoring shows the process to begin to lose If monitoring shows the process to begin to lose control, the process can be modified to bring it control, the process can be modified to bring it into control. into control. Establish Corrective Action When Establish Corrective Action When Deviation Occurs Deviation Occurs
Develop a plan to: Develop a plan to:
Dispose of non Dispose of non - - compliant product compliant product
fix or correct the cause of the deviation fix or correct the cause of the deviation
maintain records documenting the corrective actions maintain records documenting the corrective actions
The data must demonstrate that the CCP can be The data must demonstrate that the CCP can be brought into control brought into control Establish Effective Recordkeeping Establish Effective Recordkeeping To Document HACCP System To Document HACCP System
The HACCP records should: The HACCP records should: List the HACCP team and responsibilities List the HACCP team and responsibilities Describe the product and intended use Describe the product and intended use Contain a flow diagram indicating the Contain a flow diagram indicating the CCPs CCPs Identify hazards associated with each CCP and Identify hazards associated with each CCP and preventative measures preventative measures Critical limits Critical limits Describe the monitoring system Describe the monitoring system Describe corrective action plans Describe corrective action plans Describe recordkeeping procedures Describe recordkeeping procedures Describe procedures for verification of HACCP system Describe procedures for verification of HACCP system HACCP Flowchart HACCP Flowchart Risk and Consequences Risk and Consequences Risk and Consequences Risk and Consequences "Red on yellow, kill a fellow. Red on black, won't hurt Jack." For Additional Information For Additional Information Vesper, James Risk Assessment and Risk Management in Vesper, James Risk Assessment and Risk Management in the Pharmaceutical Industry Clear and Simple. 2006. the Pharmaceutical Industry Clear and Simple. 2006. PDA/DHI PDA/DHI ICH Q9 Quality Risk Management (2006) U.S. Food & ICH Q9 Quality Risk Management (2006) U.S. Food & Drug Administration. Drug Administration. HACCP: Establishing Hazard Analysis Critical Control HACCP: Establishing Hazard Analysis Critical Control Point Programs (1993) Food Processors Institute Point Programs (1993) Food Processors Institute ISO/IEC Guide 73:2002 ISO/IEC Guide 73:2002 Risk Management Risk Management Vocabulary Vocabulary- - Guidelines for use in standards Guidelines for use in standards Stamatis, D.H. Failure Mode and Effect Analysis (1995) Stamatis, D.H. Failure Mode and Effect Analysis (1995) ASQ Quality Press ASQ Quality Press Thank You! Thank You!