How to Use Risk Management for PAT Implementation

Agenda

Risk Analysis Background

Various Protocols

FTA, FMEA/FMECA, HACCP, GAMP 4, ISO 14791, ISO 17799

Risk Analysis and PAT

Understanding & controlling variability

Summary

Why Do Risk Analysis?

For Regulatory Compliance….

Measure and rank of compliance effort

Regulatory submissions checklists (PMA and 510k) used by the FDA now call for inclusion of risk analysis

FDA Requires risk analysis for software within medical devices

Determine Extent of Validation

ID Process Weaknesses Early to Reduce Cost

Reduce Product Liability

Identification of device design problems prior to distribution eliminates costs associated with recalls

It is the Right Thing to Do!

Methodologies

Risk Management Protocols

FTA

– Fault Tree Analysis

Use first FMEA

– Failure Mode Effects Analysis

What could go wrongFMECA-

Failure Mode Effects & Criticality Analysis

Adds probability of occurrence and severity of failure to the FMEA process

HACCP – Hazard Analysis and Critical Control Points

How to keep the ‘wrong’ from happeningISO 14971GAMP (appendix M3)BS/ISO 17799

Risk Management is a ProcessID Processes

ID Use and Potential Misuse

ID Potential Hazards

Quantify Consequences and Probabilities

Determine Risk Index

Risk Acceptable?

Develop Controls for Risk

ReductionDoc Eval

and Resulting Risk

StopNO YES

Impact on Cost and

ComplianceTeam & Defs

Fault Tree Analysis Steps

Top Down Approach to Risk Analysis

Look at Hazards and Work Back to Failures that Cause Hazards

List the Possible Hazards

What Failures, or Combination of Failures, Will Lead to the Named Hazards?

Diagram the Fault Tree

Tool to Intercept or Design Out Unacceptable Consequences

Process Fault Tree Analysis

FMECA or FMEA Approaches

Bottom Up Approach to Risk Analysis

Look at Hazards of System Components

Process Pre-Production Possible Component Defects

Determine Undesired Events

Corrective Actions

FMEA

There are Two Main Types of FMEA:

Design FMEA which focuses on what could go wrong with a product in both manufacturing operation and in service as a result of a weakness in the design

Process FMEA which concentrates on the reasons for potential failure during manufacturing and in service

This is a result of non-compliance to specification and/or design intent

FMEA Protocol

Define the Product Function(s)

ID All Potential Failures

Determine Failure Causes

Determine Failure Effects

Assign a Risk Index to Each Failure Type

Develop Appropriate CAPA

Ensure that the CAPA Has the Desired Effect

Format for FMEA Table

Function or Component

Failure Mode

Effect on System

Possible Hazard

Risk Index

User Detection Means

Acceptable Controls

Filter; T1 Valve; Pump

Plugge d Filter;Short circuit

Dilute water;Concentrat e solute

Dirty water;Contami nated product;Bad conc.

5 Alarm;Warnin g Light;Flow Meter

Surge Tank

Hazard Analysis & Critical Control Points

A Comprehensive, Methodical, Systematic Review

from Design to Development, Manufacture and Use

for Identifying, Evaluating and Controlling Hazards.

HACCP

Based on the Following Seven Principles:

Principle 1: Conduct a hazard analysis

Principle 2: Determine the critical control points (CCPs)

Principle 3: Establish critical limits

Principle 4: Establish monitoring procedures

Principle 5: Establish corrective actions

Principle 6: Establish verification procedures

Principle 7: Establish record-keeping and documentation procedures

Critical Control Points

A Point, Step or Procedure at Which a Control Can be Applied to Eliminate or Reduce a Hazard to an Acceptable Level

Set a Max/Min Value of Risk to Which a Safety Parameter Must Be Controlled at a CCP

Established by:

Regulatory standards

Scientific publications

Industry standards

Experts

Experimental studies

ISO 14971

Defines Risk Management as a 13-Step Process:

State intended use and ID characteristics of safety of product

ID known foreseeable hazards

Estimate the risks for each hazard

Evaluate risk

Analyze options

Implement risk control measures

Evaluate residual risk

Analyze risk/benefit

ID other generated hazards

Complete risk evaluation

Evaluate overall residual risk

Complete risk management report

Provide post-production data

GAMP 4 Functional Risk Assessment Methodology

Mechanism for Assessing and Ranking the Risks Arising from Computerized Systems

Links Degree of Validation to Overall System Vulnerability to Develop Risk- appropriate Validation Strategies

First, ID the Functional Criticality of an Automated System

Second, Analyze the System’s Vulnerability to Deficient Operation

Third, Determine a Validation Strategy

Validation must address any e-record/signature requirements

GAMP Risk ClassificationsLikelihood

Low Med High

High

Med

Seve

rity

of Im

pact

Low

Infr

astr

uctu

re

CO

TS

Cus

tom

Softw

are

Key:GAMP Risk Level 1 SystemGAMP Risk Level 2 SystemGAMP Risk Level 3 System

Risk and PAT

What is PAT?

A System

to…..

Design, analyze, and control a process…..

….based on timely measurements of

….critical quality parameters

and…

….performance attributes….

….of raw and in-process materials

Processes to Assure End Product Quality

“Analytical“ Includes:

Chemical, physical, microbiological, mathematical and risk analysis….

…..conducted in an integrated

manner

PAT Approach: Quality by Design

Focus on Process Understanding

What Parameters are Critical to Product Quality?

How Do We Assess these Parameters?

Risk Assessment / Risk Management

How Do We Control these Parameters Throughout the Process?

Increased amount of in-process testing

Verification and residual risk control

Integrate Multi-variate Data

‘Reactive’ to ‘Proactive’

PAT = Process Understanding

Process Understanding…..

Inversely proportional to risk

of poor product quality

Facilitates risk-managed

regulatory decisions and innovation

A Process is Well Understood When:

Identify all critical sources of variability

Manage variability by the process

Predict product quality attributes accurately and reliably

Process Understanding Controlling Variability → Less Restrictive Regulatory

Approaches to Manage Change

PAT Guidance (September 29, 2004)

Scientific Principles and Tools Supporting Innovation

PAT Tools:

Multivariate data acquisition & analysis tools

Process analyzers

Process control systems

Process Understanding

Risk-Based Approach

Integrated Approach

FDA Strategy for Innovation

PAT Team approach to Review and Inspection

Joint training/certification of staff

PAT: Risk-Managed Approach to Regulatory Scrutiny

Use a Risk Management Protocol to Determine the PAT Implementation Points

Use a Risk Management Protocol to Select a PAT Technology

Use Risk Management to ID and Control Parameters that Impact Product Quality

Well Understood Process Less Restrictive Regulatory Approaches to Manage Change

Process Understanding Facilitates Risk-managed Regulatory Decisions and Innovation

Tying It All Together

Real Time Release

Integrated Systems Approach

Risk-Based Approach

Process Understanding

PAT Elements

Process Optimization

Process Analysis

Process Understanding

Risk Management

PAT Strategy

Real-Time Release

Integrated Systems Approach

Risk-Based Approach

Process Understanding

• Multivariate Data Acqu & Anal Tools

• Continuous Improvement & KM

•

• Modern Process Analyzers

•

• Process & Endpoint Monitoring & Control Tools

•

•

PAT Tools Process Optimization

Process Analysis

Process Understanding

Risk Management

PAT Strategy

• Identify Critical Attributes

• Define Mitigation Strategy

•

Strategies

Implement Test

•

• Optimize Process

•

Implement Optimization Points

•

Apply Technology

•

•

ID Automation Attributes •

Identify Monitoring & Control Elements

•

Obtain Knowledge of Product & Process Requirements

•

Understand QS Interfaces•

Analyze Risk Process& QS Perspective

•

•

• Provide Risk Based Decisions

•

•

•

-

Provide Framework to Execute RiskBased Strategies

•

• Rationale on Where to Apply Technology

• Framework to Facilitate Process Understanding & Decision Making

•

-

PAT, cGMP, and the Critical Path

Process Analytical

Technology

Encourage Innovation

New TechnologiescGMP’s for the 21st Century

Critical Path Initiative

Risk-Management

Broad Cooperation:Industry, Academia, FDA

Summary

Develop an SOP

for Risk Assessment

Risk Management as Part of Quality System

PAT Implementation Requires Deep Process Understanding

‘RM’ and PAT Assures Quality

Use ‘RM’ and ‘PU’ to Develop Meaningful Specifications

Use RM and PAT to Replace Existing Methods with Predictive / Proactive

Ones

References

GAMP 4 (2001) Appendix M3- Guideline for Risk Assessment

ISO 14971 – Application of Risk Management to Medical Devices

ISO 17799 (BS 7799) – Guide to Risk Assessment and Risk Management

ISPE White Paper – www.ispe.org

February 2003, FDA Draft Guidance for Industry: Part 11, ERES – Scope and Application”

GAMP Forum (2003), “Risk Assessment for Use of Automated Systems Supporting Manufacturing”, Part 1&2, Pharmaceutical Engineering

Computer Systems Validation: Quality Assurance, Risk Management & Regulatory Compliance, CRC Press (2003)

FDA Concept Paper – Draft Pre-marketing Risk Assessment (3/3/03)

NIST Computer Security Document

Thank You For Your Attention!

Questions……………………?