Quality Risk Management (QRM) for Medicinal Products: An Introduction


The purpose of Quality Risk Management (QRM) is to identify, evaluate & mitigate the known risks associated with drugs or medicinal products. An effective Quality Risk Management program can be implemented to mitigate the risk up to an acceptable level and produce the products of quality to protect the health of citizens.

This thesis will illustrate the fundamentals of Quality Risk Management and its practical approach that will aid to develop and produce the quality medicinal products in the pharmaceutical industry. 

To start, quality risk management facilitates to assure that the product’s benefits outweigh its known associated risk.

What is Risk?

Risk is a combination of the probability of occurrence to create harm and the severity of that harm. Types of risk include risk to personnel, risk to products through cross contamination, risks to the patient or public through unfavorable drug side effects or adulterated drugs. Risk also includes risk to the company through product recalls, and risk to the outside environment or atmosphere through pollution.

According to Kaoru Ishikawa, the factors that affect the manufacturing of products are:

a) Manpower

b) Material

c) Machineries

d) Method

e) Measure

f) Environment 

With risk assessment, the question of what can go wrong is assessed, along with the severity of the consequences, the probability of the occurrence, the likelihood of detection, and whether or not the risk is acceptable through risk evaluation and remediation.


To familiarize oneself with the risk process overview, the Plan-Do-Check-Act Model (PDCA) is encouraged.

Plan: Planning the quality risk management process. 


• Identifying risk, analyzing and evaluating against the thresholds.

• Determining the additional actions needed. 

• Developing risk responses (mitigation plans) to reduce the risk with scores above the thresholds to acceptable level.

Check & Act: Monitoring and controlling the risk

The Quality Risk Management Process

(Figure 1)



Evaluation of the risk to quality should be based on scientific knowledge and be ultimately linked to the protection of the patient. The level of effort, formality and documentation of the QRM process should be commensurate with the level of risk. Normally, potential risks in relation to the following should be considered:

  • Materials and ingredients;
  • Physical characteristics and composition of the product;
  • Processing procedures;
  • Microbial limits, where applicable;
  • Premises;
  • Equipment;
  • Packaging;
  • Sanitation and hygiene;
  • Personnel – human error;
  • Utilities;
  • Supply chain.

Risk Assessment Performance

Risk assessments are performed when there is a planned event of defined systems and for quality systems. Quality systems include CAPA (corrective action and preventative action), deviations, change controls, SOP and training development. A laboratory will investigate out of specification (OOS) test results and agree to periodic retesting. Quality departments will look towards environmental monitoring, auditing, and look out for quality defects.

A facility will bear in mind the design, qualification, process validation, and calibration or maintenance of equipment used to produce the medicinal product. 

Process development projects should also include risk assessments with a focus on process design, process scale-up, cleaning validation, and the container closure system. Material management will examine package design, label control, and instructions for use.

Benefits of QRM Execution

First and foremost, QRM execution will help organizations meet regulatory requirements. It is also a proactive measure that prepares organizations to not be reactive by minimizing risk. Being prepared, in turn, creates ongoing risk reduction and helps to reduce overall costs when more qualified decisions making is in the planning stages.

QRM also promotes quality, through increased efficiency and knowledge transfer, with strong potential to reduce catch-up work done to mediate the effects of poor quality (i.e.: non-conformances, deviations/investigations, CAPA, rework, scrap, complaints, etc.). 

It is an interactive and continuous process where prior risks that became problems are either mitigated or recognized and reviewed in a predictive manner for the future. Provides a mechanism for risk communication (formalized vehicle/process) and exposure to management and a framework to better understand processes, what is critical and why?

QRM provides rationale for not spending time on low risk activities, process events, or systems, rather focusing resources and time on the things that are really important. Effective quality risk management can facilitate better and more informed decisions, can provide regulators with greater assurance of a company's ability to deal with potential risks, and can beneficially affect the extent and level of direct regulatory oversight.

QRM application during validation and qualification:

QRM principles can be used to narrow the scope of IQ, OQ and PQ to cover only the essential elements that can affect product quality. It can also be used to determine the optimal schedule for maintenance, monitoring, calibration and requalification.

QRM application can be applied towards commercial manufacturing and targets:

a) Risk assessment and risk control of product quality risks;

b) Adverse impact to patient health based on product quality defects;

c) Product supply interruption to patients;

d) GMP and regulatory compliance risks;

e) Multisite risks;

f) Multiproduct risks;

g) New facility and changes to existing facility, e.g. start-ups, new commercial.

h) Manufacturing processes, technology transfers and product discontinuation.

Beginning an Effective Risk Assessment Process

Selection of appropriate tool to conduct risk assessment. Enough training and knowledge for the team on the tools. Define the roles and responsibilities for risk assessment documentation, risk control implementation and follow up activity. Define the system boundaries and associated process/product to be assessed. Define risk questions. Ensure that all the data needed to support the risk assessment is available, example; process flow, specification, publications, deviation, investigation….).Define the risk criteria for likelihood, severity and detectability. Effective risk review. Consideration for effective and efficient risk review. Determine the effective of the risk control measures.. Adapt to changing condition.. Identify area for further improvement.

 Risk review begins any gathering the data from internal and external source which includes:

  • Change control data, market complaints.
  • Calibration data, work orders and preventive maintenance.
  • Manufacturing system monitoring data and trending.
  • Deviation and investigation data.
  • Internal audits and eternal inspections.

Reviewing the above data against the original risk assessment to determine any assumption that may have changed or change in the risk analysis (likelihood, severity, detectability or RPN (Risk Priority Number)).

  • Effectiveness of risk control to reduce the RPN.
  • Residual risk which still unacceptable.
  • Knowledge should be added in the risk assessment.
  • Addition of more risk control that appear recently.
  • Addition of newly unrecognized risk earlier.

Identification of Risk

The following are suggested approaches that can be taken to begin or continue the process of identifying risk:

  • Utilizing the worksheet to assist in identifying or prompting risk.
  • Pre-mortem or (Pre-Action Reviews). 
  • Historical records/Lessons lesson learned after action reviews.
  • Brainstorming. 
  • Affinity diagrams.
  • Expert interviews (SME).
  • Cause and effect diagram.
  • SWOT Analysis. 
  • Failure Modes and Effects Analysis (FMEA). 

Monitoring and Controlling Risks

To monitor and control risk, there must be a management of any high or significant risk, along with a contingency and fallback plan if necessary. Teams should ensure the risk management plans do not create additional or residual risk and future outcomes should be assessed and followed up on with breakthrough risk examined to determine how the process can be improved. Then, metrics should be reviewed that provide insights on performance, trends, and potential risk. Stakeholders should be communicated with on risk management efforts.

Developing Responses to Risk or Threats

There are number of options that can be used to manage or control risk:

• Avoidance - Avoid the risk/threat by eliminating the cause. 

• Mitigation - Reduce the risk/threat by reducing the probability or impact.

• Substitution – Substitute the risk/threat with a lesser risk.

• Transfer – Shift the risk to another part of the process, someone else or another part of the organization (insurance) if acceptable.

• Acceptance – Decide to do nothing about the risk but be prepared with contingency and fallback plans if the risk occurs. 


Risk is unavoidable with the number of moving parts in a facility or laboratory. A Quality Risk Management (QRM) program can help minimize risk and maintain an acceptable level of risk. Reviewing, identifying, monitoring, and developing responses to risk or threats are important steps towards QRM implementation and each department has its own role towards risk management. 

Product Added Successfully

This product has been added to your account and you can access it from your dashboard. As a member, you are entitled to a total of 0 products.

Do you want access to more of our products? Upgrade your membership now!

Your Product count is over the limit

Do you want access to more of our products? Upgrade your membership now!

Product added to cart successfully.

You can continue shopping or proceed to checkout.

Comments (0)

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Use to create page breaks.
Enter the characters shown in the image.
Validated Cloud logo