2.5 Approaching Risk Assessment Tools and Methods

GBPR, Inc.
February 2012 Newsletter Evelyn Heitman, Editor

Approaching Risk Assessment: Tools and Methods

By Dr.Tim Sandle
(Email: timsandle@btinternet.com or tim.sandle@bpl.co.uk)

Introduction

The current environment in the pharmaceutical industry and within the healthcare
sector is influenced by the challenge of an appropriate balance between increased
compliance requirements with GMP/GDP, regulatory guidance and legal
enforcements, versus the use of risk assessment. Quality Risk Management allows
process and products, and in some cases personnel, to be better protected, and it can
be used to help meet regulatory expectations and meet cost demands, or to seek
process efficiencies (Phoenix and Andrews, 2003).

Risk management is not a one-off activity, and whilst it is useful as a tool for
responding to problems, it is best seen as a proactive tool for avoiding risks from
occurring. Risk management is integral to Quality by Design and Product Life Cycle
philosophies.

The aim of risk management is to systematically assess, control, and review
manufacturing processes in terms of priorities, and subsequently develop appropriate
measures to control risks. For this, there are a variety of different ways with which to
undertake risk assessment. The use of more systematic tools represents the shift away
from tick-box approaches to more scientific assessments of risk, such as those
encouraged in the US FDA document, Pharmaceutical cGMPs for the 21st Century:
A Risk-Based Approach" and in the ICH Q9 Quality Risk Management guideline
1
.

The approaches to risk assessment normally center on identifying a risk, and then
assessing the extent to which the risk would be a problem (the severity of the risk),
and secondly, by calculating how likely it is that the risk would occur (the
probability). Following this, attempts are made to mitigate the risk (ideally eliminate
the source or take measures to reduce the likelihood of it happening). Where the
possibility of the risk occurring can be reduced no further, steps should be taken to

1
Other similar approaches are: ISO/IEC Guide 73:2002 - Risk Management - Vocabulary - Guidelines
for Use in Standards; ISO/IEC Guide 51:1999 - Safety Aspects - Guideline for their Inclusion in
Standards; AS/NZS 4360:2004 - Risk Management; WHO Technical Report Series No. 908, 2003,
Annex 7 Application of Hazard Analysis and Critical Control Point (HACCP) Methodology to
Pharmaceuticals; EN ISO 14971: Application of Risk Management to Medical Devices;
Pharmaceutical Development (ICH Q8) and Annex (ICH Q8(R1); FDA Guidance for Industry PAT - A
Framework for Innovative Pharmaceutical Development, Manufacturing and Quality Assurance;
Pharmaceutical Quality Systems (ICH Q10); and FDA Guidance for Industry Quality Systems
Approach to Pharmaceutical cGMP Regulations.

GBPR, Inc. February 2012 Newsletter Evelyn Heitman, Editor

monitor the risk (detection), preferably as an early warning, so that action can be
taken.

The above constitutes a proactive approach to risk assessment. Risk assessment can
also be reactive in terms of formulating a response should an event which appears to
represent a risk occur. In terms of pharmaceutical processing, this could be the failure
of an HVAC system during processing. Here, a variety of scenarios could be adopted,
from additional testing through to batch rejection.

The final parts of the approach to risk assessment are documenting the risk
assessment activity and communicating the findings. The latter is important for risk
assessments and are of little value should they reside on shelves gathering dust. They
need to be used and regularly reviewed and updated as necessary.

This paper focuses on risk assessment and explores some of the different tools and
techniques available for conducting risk assessments. Whilst the examples relate to
the pharmaceutical and healthcare sectors, none of the techniques originate from these
sectors. Instead, they were devised and developed long before in the engineering
industry (much centered on the post-World War II Total Quality movement) and from
food and beverages (as initiatives to prevent costly rejections through microbial
contamination). Furthermore, much of the terminology commonplace with risk
assessment (such as "hazard") is derived from industrial health and safety legislation.

Approaching Risk Assessment

There are two groups of approaches to the risk analysis process. These are qualitative
and quantitative methods. Of these, the qualitative approach is the more simple and
involves the identification of risks to which a process or a procedure is exposed. For
the process, the optimal approach is to gather the relevant experts together, come up
with a list of risks, and then qualify which risks are worth acting upon. This process is
more intuitive and is enhanced by answering three basic questions:

What could happen?
How likely is it to occur?
What is the impact?

The downside with the qualitative approach is that it is difficult to rank risks relative
to each other or to place the risks in context. It is also difficult to assess the
effectiveness of an action or to measure if a risk previously assessed at a 'high level,'
for example, has decreased to a lower level.

Quantitative approaches normally involve the use of numbers, so that one risk can be
ranked or measured against another and compared to a predetermined scale. Such an


approach allows a decision to be taken about the cost/benefits of investing in a risk-
reduction strategy and to allow the costs of monitoring risks relative to the likelihood
of the risk occurring to be taken.

The methods of risk management outlined in ICH Q9, Annex 1 are:

1. Basic risk management facilitation methods
2. Failure Mode Effects Analysis (FMEA)
3. Failure Mode Effects and Criticality Analysis (FMECA)
4. Fault Tree Analysis (FTA)
5. Hazard Analysis and Critical Control Points (HACCP)
6. Hazard Operability Analysis (HAZOP)
7. Preliminary Hazard Analysis (PHA)
8. Risk ranking and filtering
9. Supporting statistic tools

Both qualitative and quantitative approaches to risk assessment involve the
identification of hazards. A hazard is a situation that poses a level of threat (in the
pharmaceutical and healthcare context, a hazard is any biological, chemical,
mechanical, or physical agent). Generally, most hazards are dormant, with only a
theoretical risk of causing 'harm' to people, product, process, or to the environment.
Hazards and risks mean different things. A hazard is an ever-present property. The
definition of risk is a combination of consequences (severity) and their probability.
When hazard and vulnerability interact together, this creates risk, and when
something occurs, this is often described as an incident or event (with
pharmaceutical processing, this could be the 'deviation,' out-of-specification result of
microbiological data deviation). This relationship between hazards and risks is
commonly summarized in the formula:

Risk = Likelihood of Occurrence x Seriousness if Incident Occurred

In pharmaceuticals and healthcare, the main risks fall into the following groups:

Risks from facilities, e.g., HVAC systems
Risk from personnel, particularly contamination
System risks, such as new regulatory compliance
Process risks, such as contamination affecting the process
Product risks, based on the failure to meet specifications

Once a hazard has been identified, it needs to be assessed. This involves weighing up
how significant the risk is. The assessment should center on eliminating the hazard,
reducing the potential for harm (risk control) and / or monitoring it. The monitoring
aspect is a fundamental part of risk management. Reducing the potential for harm


involve strategies like the redesign of equipment, a change to personnel, clothing, or
changing a work flow (risk management should be seen as part of the Quality by
Design approach).The introduction of PAT (Process Analytical Technologies) in the
2000s has introduced technologies that enable more process parameters during
manufacturing to be monitored whilst the process is underway (Tan et al, 2005).The
most important aspects of risk management, as defined by ICH Q9, are:

Identification
Analysis
Evaluation
Control by Reduction Measures and Risk Acceptance
Communication, and
Monitoring/Review

The most effective risk assessment tools allow these key aspects to be captured,
processed and examined.

Simple Risk Assessment Tools

There are a host of risk assessment tools available. Many overlap, and some are more
useful for different situations than others. This paper focuses on some of the most
common (and easy-to-use) approaches.

Although this section is entitled "Simple Risk Assessment Tools," this does not mean
inferior, but in recognition that some situations require more sophisticated risk tools
than others. In some situations, a simple checklist, for example, will suffice.

Checklists

A check sheet is a structured, prepared form for collecting and analyzing data. This is
a generic tool that can be adapted for a wide variety of purposes. A tally chart for
observing events is an example.

Fishbone Diagrams

Cause and Effect Diagrams, tools for quality improvement, are also known as
Fishbone Diagrams, because a completed diagram can look like the skeleton of a
fish, and sometimes because of Ishikawa Diagrams (named after Professor Kaoru
Ishikawa (1915-1989), a pioneer of quality management, devised them in the 1960s).

The first cause-and-effect diagrams were applied to industrial situations and were
based on five Ms: Manpower, Methods, Materials, Machinery, and Milieu (the
physical or social setting in which something occurs or develops, sometimes referred


to in text books as 'Mother Nature') and were used to observe and visualize
cause/effect relationships. The 'Ms' can be used or replaced by other factors applicable
to the area being investigated. An example is shown in the diagram below:

The fishbone diagram begins with a horizontal arrow pointing to the right,
representing the backbone of the fish. The problem is formulated as concisely as
possible at the head. The cause groups (which can be the five Ms, or related 'causes')
then extend upwards and downwards along this main spine. A variety of creative
techniques are used to identify the cause of the individual problems. Thus the
fishbone analysis provides a structured way to help the users think through all
possible causes of a problem and carry out a thorough analysis of a situation. This is
undertaken through the following steps:

1. Identify the problem:

For Step 1, the specific problem should be defined in detail. At this stage, it is useful
to identify who is involved, what the problem is, and when and where it occurred.
Write the problem in a box on the left-hand side of a large sheet of paper. Draw a line
across the paper horizontally from the box. This arrangement, looking like the head
and spine of a fish, gives the space to develop ideas.


2. Work out the major factors involved:

For Step 2, identify the factors that may contribute to the problem. Draw lines off the
spine for each factor, and label them. These may be people involved with the

problem, systems, equipment, materials, contamination sources, and so on. It is good
practice to draw out as many possible factors as possible (these can always be
eliminated later on). Many of the best thoughts and ideas arise from group discussion
('brainstorming').

3. Using the 'Fishbone' analogy, the factors found should be drawn like the
bones of the fish.

4. Identify possible causes:

For each of the factors considered in Step 2, all of the possible causes of the problem
should be considered. These are shown as smaller lines coming off the 'bones' of the
fish. Where a cause is large or complex, it may be best to break it down into
subcauses. Show these as lines coming off each cause line.

5. Analyze your diagram:

By Stage 5, there should be a diagram showing all the possible causes of the problem.
Depending on the complexity and importance of the problem, the most likely causes
can be investigated further. This may involve setting up investigations, carrying out
audits, discussing specific issues with staff and undertaking additional testing. Many
of these should be designed to test whether your assessments are correct. In some
cases, it is a good idea to have a predefined protocol drawn up to avoid reacting to the
findings in a biased way. For example, if additional testing is carried out and the
results are positive or negative, the responses to these should ideally have been
considered before the testing is undertaken.

Some useful areas to examine when using Fishbone diagrams for problem solving are:

A possible start can be to answer the question, "Which factors can influence the
quality of the product?" as the bases for the main branches, which can be formed as
follows:

Personnel, e.g., employees approach to contamination control, basic hygiene,
areas where manual operations are required or open processing occurs
Machinery, e.g., equipment in direct contact with the product, likely
equipment breakdowns, and malfunctions (such as equipment-generating
particles)


Materials, e.g., starting materials, packaging materials, raw materials
Methods, e.g., manufacturing process, test methods and results
Environment, e.g., failure to meet operational parameters such as HVAC
failure
Management, e.g., inadequate procedures

The main advantage of the Fishbone diagram is that all influencing variables are
displayed, systematically, on one page. The main disadvantage is when studying more
complex systems, fishbone diagrams are more effective for analyzing a single step
rather than complex processes.

Contradiction Matrix

A contradiction matrix can be used either as a standalone problem-solving tool or in
conjunction with the Fishbone diagram (Ingram, 2009). The contradiction matrix
allows facts and causes to be examined to see if they are relevant.

For example:

Established Facts
Potential Causes Fact 1 Fact 2 Fact 3 Fact 4
Cause 1 O O X A
Cause 2 N/A X O O
Cause 3 X O O X
Cause 4 X N/A O N/A

Where:

O = Cause is supported
X = Cause is contradicted
A = Cause is supported with assumptions
N/A = No relationship exists between cause and effect.

Is / Is Not Method

Similar to the contradiction matrix is the Is / Is Not method. This provides a formal
means for capturing the process of elimination and is useful in showing regulators or
audits so that the audit question of "Did you think of x?" can be simply answered,
"Yes we did, but we did not think it was important."


The process of elimination involves considering experience and knowledge, weighing
up events and timelines, and considering circumstances and alternatives. This
documentation normally includes:

A description of the circumstances and the conditions outlined, as well as a
question (formulated as concisely as possible)
A brief list of possible alternatives or solutions

An assessment of the possible risk ("What could happen, if ..." or "What could
happen, if not...")

A good way to capture this is by using an IS/IS NOT table for looking at each cause
or fact. Things which fall in the IS NOT column need not be examined, whereas,
things that fall into the 'IS' column are suspect and should be explored further.

An example template is:

Potential Cause or Fact IS IS NOT
What
When
Where
Extent (occurrence)
Severity

An IS/IS NOT table is designed to help establish facts. It can be expanded or
contracted as required.

Applying the Contradiction Matrix or Is / Is Not Method

In order to gather information for the contradiction matrix or Is / Is Not table, the
following methods are useful:

Trend analysis, including SPC and control charts (of which Shewhart, cumulative
sum, and the exponentially weighted moving average are useful). With all trend
charts, data distribution and data transformation should be considered.

Process flowcharts, e.g., how a product is made and how people or material move.
These are useful for creating process maps.

Flowcharts

A flowchart is a diagram that represents a process (the idea is to visualize what is
going on). The chart displays the steps as boxes of various kinds and their order by
connecting these with arrows. This diagrammatic representation can give a step-by-


step solution to a given problem. Process operations are represented in these boxes,
and arrows connecting them represent flow of control.

An example flowchart is:

The process flow method (above) shows how actions are interrelated and is able to
also integrate interfaces into the flow. It provides a clear and simple visual
representation of involved steps. Therefore, this method facilitates understanding,
explaining and systematically analyzing complex processes and associated risks.

For the flowchart, standard 'flowchart symbols' are used. Although a range is
available, it is best that these are limited; otherwise there is a risk of obfuscating the
overall picture. For example, a processing step, usually called an activity, and denoted
as a rectangular box and a decision, is usually denoted as a diamond.


Examples of flowchart symbols are shown below:



Advanced Risk Assessment Tools

More advanced risk assessment tools are useful for looking at more complex
problems. Although such tools can prove to be very useful, they take time to construct
and should not automatically be the default option, for a simple flowchart or fishbone
diagram can sometimes be just as effective.

The common risk assessment approaches each have advantages and disadvantages,
which are summarized in the table below:

Focus Methods FTA FMEA HACCP Statistical
Methods
Risk
assessment
Risk
identification
+ o o +
Risk analysis o + o +
Risk evaluation - + o +
Controlling
risks
Risk reduction - + + -
Risk acceptance - + + -
Risk review A single method may or may not be ideal;
sometimes different approaches need to be
combined.
Risk
communication
(+ = very suitable; o = limited suitability; - = not suitable)

Key:

FTA: Fault Tree Analysis
FMEA: Failure Mode and Effects Analysis
HACCP: Hazard Analysis and Critical Control Points

Advanced risk assessment techniques involve the assembly of problem-solving teams
for the risk assessment process. The objectives of the team should be to:

Define the scope
Describe the interfaces affected by the defined scope, e.g., on system, process,
environment, facility or products
Have a clear description of problems or questions, which the risk management
should answer
Select the risk assessment method(s)
Define the acceptance criteria
Define a team, including roles and responsibilities
Collect all relevant data, e.g., internal knowledge and regulatory requirements


Fault Tree Analysis

Fault Tree Analysis (FTA) is an established technique
2
(see, for example, CEI IEC
61025 and DIN 25424),and it is widely used in the engineering industry, particularly
for safety management. Essentially, a fault tree is a logical diagram which shows the
relation between system failure, that is, a specific undesirable event in the system, as
well as failures of the components of the system. Thus, FTA provides a graphical
depiction of all causal chains of failure of a system or subsystem.

FTA is often termed a 'top-down' approach and works well if the correct failure has
been identified, for FTA assumes failures follow from logical combinations of causes
that occur with known probability.

The five steps for undertaking FTA are:

1. Define the problem

Here, the event should be outlined and agreed upon. At this stage, brainstorming is
useful, based around the question, "Why has this event happened?"

2. Define fault criteria

This step involves defining what has caused the event to occur, such as a deviation
from a specification.

3. Define the specification

Here, the specification and the reliability of the measure should be reviewed to ensure
that they were satisfactory.

4. Evaluate causes

At this step, the different causes should be considered. These should be categorized
into similar types, such as technical faults, human error, equipment failure, loss of
environmental control, and so on.

5: Draw the fault tree

The fault tree should start with the event, followed by any other events, and then the
possible causes (casual relationships of the failures leading to the event). The fault
tree can be 'top-down' or of a 'left-right' design.

2
It was originated by Bell Telephone Laboratories in 1962 as a technique with which to perform a
safety evaluation of the Minutemen Intercontinental Ballistic Missile Launch Control System.


An example of a fault tree is:

A second example is:

At each level in the tree, combinations of fault modes are described with logical
operators (AND, OR, etc.). Each established cause is investigated until no more

Fault
Cause 1
Cause 1.1
Cause 1.2 Cause 2.2
Cause 2.1
Cause 2


answers can be found. This method results in a fault tree with a varying number of
branches and subbranches, depending on its complexity.

Where FTA can go wrong is if the wrong cause is selected and the subbranches fail to
detect the actual issue. Furthermore, FTA is a better retrospective analytical tool,
rather than as a preventative measure.

Hazard and Operability Studies (HAZOP)

The HAZOP (Hazard and Operability) studies technique was also developed in the
engineering sector
3
. HAZOP involves a formal systematic critical examination of
process in order to assess the hazard potential that arises from deviation in design
specifications and the consequential effects on the facilities or system as a whole.
HAZOP is based on a theory that assumes risk events are caused by deviations from
design or operating intentions.

This technique is usually performed using a set of guidewords, such as:

NO/NOT
MORE OR/LESS OF
AS WELL AS
PART OF
REVERSE
OTHER THAN

From these guidewords, scenarios that may result in a hazard or an operational
problem are identified. For this, the consequences of the hazard and measures to
reduce the frequency with which the hazard will occur can be discussed.

Many HAZOP approaches utilize process flow diagrams (similar to the type discussed
above). From this, a HAZOP table is constructed, deploying some or variants of the
guidewords above. For example (BSI, 2002):

3
In the early 1970s by Imperial Chemical Industries Ltd.


The advantage of HAZOP is that it can be good to add detecting and handling hazards
which are difficult to quantify, such as hazards rooted in human performance and
behaviors or hazards that are difficult to detect. The disadvantage is that there is no
means to assess hazards involving interactions between different parts of a system or
process, and there is no option for risk ranking or prioritization.

Failure Mode and Effects Analysis (FMEA/FMECA)

Failure Mode and Effects Analysis (FMEA) is a further technique which originated
from the engineering sector
4
. FMEA is a process whereby each potential failure mode
in a system is analyzed to determine its effect on the system and to classify it
according to its severity. Failure modes mean the ways, or modes, in which
something might fail. Failures are any errors or defects, especially ones that affect the
customer, and can be potential or actual (Tague, 2004).

FMEA is a preventative method that provides a quantitative evaluation (through
numerical scoring) of potential failures (faults) and their potential causes in terms of:

Severity of the failure (S)
Probability of occurrence (P)
Probability of detection (D)

4
This method was developed in the 1950s by reliability engineers to determine problems that could
arise from malfunctions of military systems.

Guideword

More

Less

None

Reverse

As Well As

Part Of

Other
Than
Flow high flow low flow no flow reverse
flow
deviating
concentration
contamination deviating
material
Pressure high
pressure
low
pressure
vacuum delta-p explosion
Temperature high
temperature
low
temperature

Time too long /
too late
too short /
too soon
sequence
step
skipped
backwards missing
actions
extra actions wrong
time
Utility
failure
(instrument
air, power)
failure


These three factors are normally multiplied together to give a risk priority number.
The bigger the number, the bigger the potential risk and, it follows, the greater the
priority and resources required to address the risk.

Not all FMEA models use detection. Detection is, however, more often a valuable
tool when considering probability.

Each potential failure mode is separately assessed.

Before undertaking an FMEA, the scoring system must be decided in advance. This is
normally a scale of 1 - 5 or 1 - 10 for each of the three causes above. Based on this,
with a scale of 1 - 5, a high severity event (such as a product contaminated with
endotoxin) would be given a score of 5, whereas a low severity event (such as minor
reduction in temperature for a very short period of time) would be given a score of 1.
With probability, if something were very certain to happen (such as processing
without a HEPA filter running), then a score of 5 would be given, whereas if
something were very unlikely to happen (such as forgetting to filter a process step
when this is stated on a batch record step), then a score of 1 would be given. With
detection, if there is a good detection system in place, a score of 1 is given (as this
weights the final score downwards), whereas a nonexistent detection system would be
given a score of 5 (to weight the final risk priority number upwards).

With the calculated risk priority number, there is often some kind of cut-off value,
whereby each FMEA above the value must be addressed as a potential major risk,
whereas FMEA outcomes below are a lower risk and do not require immediate action.
For example, using the 1-5 scale, the selected cut-off value might be 27 [based on 3
(medium severity) x 3 (medium probability) x 3 (medium detection)]. Instead of a
numerical system, some elect to use decision trees with categories of low medium
high.

The primary steps are:

1. Collect basic data
2. Describe process conditions
3. Identify hazards, e.g., possible failures and the consequences and causes of the
failures
4. Assess hazards (Risk Analysis)
5. Evaluate the failures and determine the risk priority number (RPN)
6. Define reduction measures
7. Be aware of the residual risks
8. Summarize the results
9. Document the performed process
10. Follow up and implement the measures


When the FMEA is extended by a criticality analysis, the technique is then called
failure mode and effects criticality analysis (FMECA).

FMEA can be very effective, and it works well as a preventative risk assessment tool.
One main advantage is that it allows risks to be ranked and actions prioritized.
However, the identification of possible failures is a time-consuming task.

Hazard Analysis Critical Control Points (HACCP)

Hazard Analysis Critical Control Points (HACCP) is a management system in which
product or process safety can be addressed through the analysis and control of
biological, chemical, and physical hazards from raw material production to
manufacturing, distribution, and use of the finished product. HACCP was developed
by the food industry.

The HACCP systemidentifies specific hazards and measures for their control.
Examples of hazards within the pharmaceutical setting are: environmental aspects of
the facility (environmental conditions, hygiene aspects); material flow; manufacturing
steps; personnel hygiene and gowning; and technical aspects relating to process
design. HACCP is a tool which is used to focus more on prevention and can be used
to reduce the reliance upon in-process monitoring or end product testing. HACCP
systems are generally useful for examining changes, such as advances in equipment
design, processing procedures, or technological developments.

The HACCP system consists of the following seven principles:

PRINCIPLE 1: Conduct a hazard analysis.
PRINCIPLE 2: Determine the Critical Control Points (CCPs).
PRINCIPLE 3: Establish critical limit(s).
PRINCIPLE 4: Establish a system to monitor control of the CCPs.
PRINCIPLE 5: Establish the corrective action to be taken when monitoring
indicates that a particular CCP is not under control.
PRINCIPLE 6: Establish procedures for verification to confirm that the
HACCP system is working effectively.
PRINCIPLE 7: Establish documentation concerning all procedures and records
appropriate to these principles and their application.

An approach to conducting an HACCP risk assessment is through 12 steps, which
relate to the seven principles outlined above:

1. Assemble HACCP team


As with any risk assessment tool, the team involved in undertaking the risk
assessment should be knowledgeable about the process under examination (that is, a
multidisciplinary team). From the outset, the scope of the HACCP plan should be
identified. The scope should describe what is to be looked at and the general classes
of hazards to be addressed (e.g., microbiological).

2. Describe the productor process

A full description of the product or process should be drawn up, including relevant
operational parameters relating to the environment.

3. Identify process stage and subsequent processing

The process stage at which the hazard occurs or could occur should be examined.
Consideration should be given to the next stage of processing so that the relative risk
can be evaluated (e.g., if the product is filtered at the next stage, the risk might be
lesser than if the product were placed into an open vessel).

4. Construct flow diagram

The flow diagram should be constructed by the HACCP team. The flow diagram
should cover all steps in the operation. When applying HACCP to a given operation,
consideration should be given to steps preceding and following the specified
operation.

5. Confirmation of flow diagram

The HACCP team should confirm the processing operation against the flow diagram
during all stages and hours of operation and should amend the flow diagram where
appropriate.

6. List all potential hazards associated with each step, conduct a hazard analysis, and
consider any measures to control identified hazards

This relates to Principle 1 listed above. For this, the HACCP team should list all of the
hazards that may be reasonably expected to occur at each step, from primary
production, processing, manufacturing, and distribution until the point of
consumption.

The HACCP team should next conduct a hazard analysis to identify for the HACCP
plan which hazards are of such a nature that their elimination or reduction to
acceptable levels is essential to the production of aclean product.


In conducting the hazard analysis, the following should be included (where
applicable):

the likely occurrence of hazards and the severity of their adverse health
effects;
the qualitative and/or quantitative evaluation of the presence of hazards;
the survival or multiplication of microorganisms of concern;
the production or persistence in foods of toxins, chemicals or physical agents;
and,
conditions leading to the above

The HACCP team must then consider what control measures, if any, exist which can
be applied for each hazard (more than one control measure may be required to control
a specific hazard(s), and more than one hazard may be controlled by a specified
control measure).

7. Determine critical control points

This connects with the second principle described above. At each step, there may be
more than one critical control point (CCP) at which controls need to be applied to
address the same hazard (this can also include places to monitor--indeed HACCP is
quite an effective tool to use when selecting locations for microbiological
environmental monitoring). Sometimes decision trees can be useful when deciding
which controls are of relevance. If a hazard has been identified, and it is decided that
control is necessary, and where no control measure exists, a control measure should
be adopted.

8. Establish critical limits for each CCP

Critical limits, in connection to the third principle, must be specified and validated for
each CCP. In some cases, more than one critical limit will be required at a particular
step. Criteria often used include measurements of temperature, time, moisture level,
pH, water activity microbial bioburden, and endotoxin.

9. Establish a monitoring system for each CCP

Monitoring is the scheduled measurement or observation of a CCP relative to its
critical limits (as set out in principle four). The monitoring procedures must be able to
detect loss of control at the CCP (for this, short-term or long-term data analysis may
be required). Where possible, process adjustments should be made when monitoring
results indicate a trend towards loss of control at a CCP. Normally, physical and
chemical measurements can be undertaken in 'real time' or shortly after a sample is
taken, allowing some actions to be considered for risk situations (such as a rise in


temperature which might trigger microbial growth). Although rapid microbiological
methods are becoming more commonplace, microbiological results are often available
sometime after the event has happened.

10. Establish corrective actions

In line with the fifth principle, specific corrective actions must be developed for each
CCP in the HACCP system in order to deal with deviations when they occur. The
actions must ensure that the CCP has been brought under control. Actions taken must
also include a product risk assessment.

11. Establish verification procedures

Establishing procedures for verification forms part of the sixth principle. For this, test
results (often as trend reports) and auditing records are particularly useful. In addition,
deviation reports and a review of the effectiveness of corrective and preventative
actions can provide valuable information.

12. Establish documentation and record keeping

Efficient and accurate record keeping is essential to the application of an HACCP
system and is the core of the seventh principle. HACCP procedures should be
documented. Documentation examples are:

Hazard analysis;
CCP determination;
Critical limit determination

Record examples are:
CCP monitoring activities;
Deviations and associated corrective actions;
Modifications to the HACCP system

These 12 steps are summarized in the diagram below:


Assemble HACCP Team
Describe product or
process
Identify process steps and
next steps
Construct flow diagram
Review and confirm flow
diagram
List potential hazards
Conduct hazard analysis
Consider control
measures
Determine CCPs
Establish limits for each
CCP
Set monitoring system for
each CCP
Establish corrective
actions
Verify findings
Document


The advantages of the HACCP approach are that it allows for a systematic overview
of the process for the evaluation of each processing step; allows each step to examine
the possible risks; and allows for the specification of the measures required for
controlling each risk. The primary disadvantage is that, unlike FMEA, HACCP cannot
be used to rank or prioritize risks. HACCP is also less effective for focusing on an
aspect for the process, for the objective of HACCP is to map out an entire process.

Summary

This paper has presented an overview of risk management and has focused on some of
the primary tools for conducting risk assessment. In doing so, the differences between
the risk tools have been outlined, together with some of the strengths and weaknesses
of each approach.

The paper has also highlighted that in undertaking risk assessments, it is important to
attempt risk mitigation and to attempt to lower the risk until the risk can be lowered
no further. This involves identifying actions to reduce the probability of an event and
to reduce the severity of an event. When this can be taken no further, the focus should
move towards providing a more reliable detection method designed to initiate a
reliable response to a risk event. A further important consideration is that risk-
assuming actions should be periodically reassessed.

References and Further Reading

British Standard BS: IEC61882:2002 Hazard and Operability Studies (HAZOP
studies)-Application Guide British Standards Institution.

Ingram, D (2009). Technical Problem Solving.Journal of Validation Technology,
Winter 2009, pp. 64 70.

Phoenix, K. and Andrews, J. (2003). Adopting a Risk - Based Approach to 21 CFR
Part 11 Assessments.Pharmaceutical Engineering, July/August 2003, Volume 23,
Number 4.

Tague, N.R. (2004).The Quality Toolbox, Second Edition, ASQ Quality Press, pp.
236-240.

Tran, N.L., Hasselbalch, B., Morgan, K., Claycamp, G. Elicitation of Expert
Knowledge About Risks Associated with Pharmaceutical Manufacturing Process.
Pharmaceutical Engineering, July/August 2005: 24-38.

2.5 Approaching Risk Assessment Tools and Methods

Uploaded by

Copyright:

Available Formats

2.5 Approaching Risk Assessment Tools and Methods

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2.5 Approaching Risk Assessment Tools and Methods

Uploaded by

Copyright:

Available Formats

GBPR, Inc.

February 2012 Newsletter Evelyn Heitman, Editor

You might also like