By risk management, we mean the systematic collection, analysis and evaluation of risks and the definition of measures to minimize them. DHC focuses on all risks that could affect product quality. Basically, we see risk management as a key part of an integrated quality management system and all validation and qualification measures. Good risk management helps to reduce the initial and ongoing costs of all QM activities, as measures to avoid risks are only necessary in the case of processes that are actually quality-related.
The FDA first broached the subject of a “Risk-based approach” in 2001, and began requiring a concentration of the validation actions for critical processes. The topics of risk analysis and risk management are also dealt with in other regulations and guidelines, especially GAMP 5, the draft of Annex 11 and ICH Q9 “Quality Risk Management”.
The risk analysis is an element, if not the central one, of the CSV lifecycle. It analyzes whether and to what extent a system must be validated, and which system processes are critical to quality and patient safety. Derived from this are both the existing risk and the definition of appropriate countermeasures.
With the help of the risk analysis, the validation effort and thus the cost can be minimized because only the processes which have an impact on product quality are considered. It determines the scope of testing and the associated test logic of validation.
FMEA, HACCP, fault tree analysis (FTA) and HAZOP are common methods for the risk analysis.