Deviation Handling and Quality Risk Management
The aim is to contribute to the understanding of a quality risk management approach in the handling of deviations from a practical perspective as per WHO expectations.
The intent is to support effective and timely implementation of tools related to deviation management encountered during vaccine and biologicals manufacturing.
This note for guidance provides vaccine and biologicals manufacturers with non-binding information concerning the criteria currently used by WHO regarding deviation management as part of the assessment of pre-qualified human vaccines.
Among the essential elements of a well established Quality Management System (QMS), deviation handling plays a key role in assuring quality in products and by contributing to continuous improvement.
Manufacturers are expected to “establish processes and define appropriate controls for measurement and analysis to identify non-conformities and potential non-conformities; defining when and how corrections, corrective actions, or preventive actions should be undertaken.
These actions should be commensurate with the significance or risk of the non-conformity or potential nonconformity”.
As part of a comprehensive Corrective and Preventive Actions (CAPA) program, once a deviation is detected, it needs to be contained with immediate actions (i.e., corrections), the root causes identified as necessary, and systemic actions implemented (i.e., corrective actions) as applicable in order to prevent future same or similar non conformances.
GMPs have evolved as a consequence and of the inherent risks to the product during manufacturing operations in order to prevent significant deviations.
Quality Risk Management (QRM) has been proposed as a strategy to manage risk in a systematic and documented manner, and has become a requirement of modern GMPs as recommended by international standards like WHO or ICH Q9.
An efficient deviation handling system, should implement a mechanism to discriminate events based on their relevance and to objectively categorize them, concentrating resources and efforts in good quality investigations of the root causes of relevant deviations.
A strong CAPA system requires this efficient deviation handling system which evaluates the event according to the associated risk, categorizes it and acts accordingly in a timely manner, and verifies the effectiveness of the actions taken.
As a formal or informal tool, Quality Risk Management (QRM) has always been part of the analysis process linked to the handling of events and deviations in pharmaceutical operations.
This guidance proposes a possible strategy to differentiate non-significant events which actually do not affect the product’s quality or violate any norm or defined procedure, from actual deviations which could impact on the product´s quality.
Quality Risk Management was mainly designed to be used prospectively when manufacturing operations are defined and validated. Therefore, potential deviations are identified and avoided by implementing risk control measures and preventive actions.
QRM is based on the identification of product attributes and operational parameters which are critical to manufacturing operations in order to identify in advance their associated risks and describes how this information may be used as criteria for the categorization and treatment of events, and eventually, deviations.
The risk management in dealing with deviations is not only practical but provides a framework for a decision-making process based on a scientifically sound and objective approach, while also enabling decisions to be confidently upheld before the regulatory authorities.
Under this approach, a sequence of steps may be identified when handling events and possible deviations:
- Event Detection
- Decision Making Process / Deviation Categorization
- Deviation Treatment
- Root cause investigation
The manner on how personnel react when in presence of an event is the first challenge to the system, and it largely depends on their level of training, qualification, commitment, and support form upper management.
As a basic requirement, personnel are expected to be alert and aware of possible undesirable events and clearly know what to do in terms of documenting and communicating them.
The way personnel react and make decisions can be systemized and improved by the use of a decision tree to initially screen events based on their risk and impact on the product in order to categorize, record, and investigate them as needed.
The decision tree described in Diagram 1 is a simplified risk assessment that answers the following questions when an event is encountered:
a. Can the event affect a product attribute, manufacturing operational parameter or the product’s quality?
b. Does the event contradict or omit a requirement or instruction contemplated in any kind of approved written procedure or specification?
Should the answer be NO for questions a. and b. above, the event may be considered an Incident (irrelevant event, not impacting product´s quality).
It nevertheless needs to be documented (e.g.: recorded in batch record or logbook, as appropriate) in case it needs to be retrieved later as part of an investigation as applicable.
The following are possible examples of incidents. It is noted that each event needs to be analyzed as described above developing an objective and justified criteria avoiding the natural bias from different people or groups.
The examples below should be considered as that only, and they could be categorized differently with proper justification:
– Temporary power failure in a warehouse where no temperature sensitive materials are stored, with no temperature excursion from the established range.
– Production process parameters or environmental monitoring data reach alert levels but are still within acceptable range.
On the otherhand, should the answer be YES for questions a. and b. above (or there is a degree of doubt), and based on the decision tree, the event shall follow the path towards a deviation category.
Deviations should require a higher level of analysis and documentation, and are usually covered by a deviation handling procedure.
A decision needs to be made to categorize the deviation as Minor, Major or Critical.
This decision process should be based as applicable and as possible on the impact (or hazard) and risk on the process and product quality by the use of any QRM tool.
When the deviation does not affect any quality attribute, a critical process parameter, or an equipment or instrument critical for process or control, it would be categorized as Minor, and treated as such by the applicable procedure.
Possible examples of minor deviations are given below:
– Skip of FEFO principle (first expired-first out) in raw material handling.
– Balance out of tolerance used to determine gross weight of raw materials upon reception.
– Pressure differential out of established limits in class D washing area.
– Inadequately trained personnel to perform warehouse cleaning activities.
When the deviation affects a quality attribute, a critical process parameter, an equipment or instrument critical for process or control, of which the impact to patients (or personnel/ environment) is unlikely, the deviation is categorized as Major requiring immediate action, investigation, and documented as such by the appropriate SOP.
Possible examples of major deviations are given below:
– Use of unapproved reference standard to test an API or drug product.
– Inadequately trained personnel to perform sterility tests.
– Production started without line clearance.
– Filter integrity test has been carried out using equipment with no documented installation qualification completed.
– Gross misbehavior of staff in a critical aseptic process.
– Pressure differential out of established limits in aseptic fill areas.
– Operational parameter out of range for a parameter defined as non-critical.
– Untrained personnel responsible for segregating the approved and rejected raw material in the warehouse
When the deviation affects a quality attribute, a critical process parameter, an equipment or instrument critical for process or control, of which the impact to patients (or personnel or environment) is highly probable, including life threatening situation, the deviation is categorized as Critical requiring immediate action, investigated, and documented as such by the appropriate SOP.
Possible examples of critical deviations are given below:
– Expired or rejected API component used.
– Sterilization record of product-contact material used in aseptic filling process not available or unacceptable.
– Incomplete inactivation stage of fermentation.
– Temperature out of control limit during detoxification stage.
Deviations need to be analyzed based on objective and justified criteria avoiding the natural bias from different people or groups. Therefore, the examples of minor, major and critical deviations given above should be considered as that only, and they could be categorized differently with proper justification.
A pre-existent QRM will always help answering these questions and categorizing the events. When a QRM information is not available, all process parameters are potentially critical until there is sufficient data (process and/or developmental) to justify the contrary.
For More Updates Visit –http://pharmaguidances.com
Referance: WHO (Deviation Handling and Quality Risk Management)