Quality Risk Management Plans

Q: I am in the quality assurance department at my company. We are a small start-up, and one of my jobs is to develop a quality risk management plan. Can you give me some advice on what I need to consider when putting this plan together?


A: A well-written and well-implemented quality risk management plan is an integral and valuable element of an effective quality system. During the development and manufacturing of pharmaceutical products, the bottom line is that things can and will go wrong.


The purpose of a quality risk management plan is to help ensure continued compliance with regulatory requirements, such as good manufacturing practices or good laboratory practices, when events occur during manufacturing that potentially impact patient safety and product quality.

International Council for Harmonization (ICH) Q9 states,


“Two primary principles of quality risk management are: the evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient; and, the level of effort, formality, and documentation of the quality risk management process should be commensurate with the level of risk” (1).


As an RCA risk management consultant is developing your company’s plan, we consider all aspects of the operation that impact the product. Managing your company’s risk with a well-defined plan may help reduce the activities associated with poor quality and inefficiencies associated with the product and the process, such as scrap or wasted materials, customer complaints, product yield and fewer deviations.


Risk Evaluation


The best risk advisory firms will tell you to evaluate all aspects of the manufacturing process and identify areas of vulnerability. These vulnerabilities need to be evaluated during the risk assessment for impact on the operation and the potential level of risk they pose. A well-written quality risk management plan is an ongoing process requiring rigorous documentation throughout the product lifecycle.


It provides a solid rationale for how to improve efficiency and spend resources on the important activities to improve product quality rather than on low-risk activities that have little to no impact.


Risk Assessment Audits


The collective risk assessment team will begin the process by evaluating four basic elements that should be included in a quality risk management plan. The first element is to perform an analysis of the identified risk associated with the operations. For example, if your product is being produced using an older manufacturing line, there is a risk that the line will experience frequent breakdowns.


Product Quality


The second step is to evaluate the risk in terms of its impact on your ability to supply a quality product. In this case, frequent shut downs can lead to product rejections, yield loss, and potential drug shortages. Top risk advisory firms will identify the risk and the impact of controls to mitigate the potential situation.


Some of the possible mitigation control strategies might include ensuring there are appropriate change parts for the line in inventory or plans to qualify the product production on a new more modern manufacturing line.


Risk Management Procedure


The last key element needed is data input and risk management procedure design. Conducting a risk assessment audit annually with your internal team can help evaluate your data sources and when you need to employ one of your control strategies.


In this simple scenario, an increase in down time on the line or a steady decrease in yield could be indicators that the manufacturing line is headed for a catastrophic failure and steps need to be taken to prevent a drug shortage situation.


Risk Assessment


The above discussion is only an example of a risk assessment in one area of an operation. Other areas of the process need to be evaluated for potential vulnerabilities and risk. These areas include an evaluation of:


  • the raw material reliability from suppliers,
  • stability and compliance of contractual suppliers (e.g., contract manufacturing organizations, contract test organizations),
  • age and reliability of laboratory test equipment


In other words, a solid, well-written and dynamic quality risk management plan will evaluate the overall organization, identify high-risk vulnerabilities, identify strategies for mitigation of the high-risk vulnerabilities, and rely on data to perform continuous monitoring of the vulnerabilities. And, of course, the plan will provide the appropriate documentation and rationale for the decisions.


Risk Based Monitoring


Implementing a quality risk management plan in an organization can also be challenging. It needs to be introduced and discussed with all applicable function personnel involved in the operations including, but not limited to, finance, manufacturing, regulatory affairs, purchasing, auditing, and senior management. The plan should be dynamic and should be modified as situations change.


Quality System


Let’s say you produce a product and you have a single-source supplier for one of your excipients. You have audited the supplier and have identified some significant gaps in their quality system. You identify this vulnerability in your quality risk management plan and indicate it is a high-risk item because of the lack of compliance of the excipient vendor.


One of your mitigation strategies might be to qualify an alternate supplier for the excipient. Once you have qualified that alternate supplier, you need to update your plan to downgrade the risk because you have taken the appropriate steps to mitigate it and eliminate the identified vulnerability.


Quality Assurance


Quality risk management plans are important because they help improve a company’s ability to provide quality product to patients. They are contingency plans with identified actions that help to ensure a continuous supply of product to the market that meets the expectations of being safe, effective, and available. They are dynamic documents that require integration into and data inputs from all departments in order to be successfully implemented at a company.



Article Details

Pharmaceutical Technology
Volume 43, Issue 8, pgs. 49, 50


About RCA


Regulatory Compliance Associates® (RCA) provides regulatory compliance consulting services to the following industries for resolution of compliance and regulatory challenges:



We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.


As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.


  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021


About Sotera Health


The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.


Sotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.


We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.



To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 



Our website uses cookies to give you the best possible experience.

By continuing to use this site, you agree to the use of cookies.
Privacy Policy