SOP For Risk Management

SOP For Risk Management.

Objective :-

The purpose of this SOP is to lay out the procedure for Risk Management (risk identification, analysis, evaluation, reduction / mitigation, communication and conclusion of risk in order to ensure the quality, safety, integrity and purity of the drug product by using FMEA (Failure Mode Effect Analysis).


The scope of this SOP is to Identify the quality risk involved in any activity Manufacturing site.

Responsibility :-

QA Officer/Executive is responsible for assigning FMEA Documents Number.

QA Head shall be responsible for Quality Risk Management (QRM) Team and team leader. Responsible for review, approval of documents after analysis and conclusion and Responsible for effective implementation of this SOP.

QA Head & Plant Head shall prepare action plan for Higher Risk Priority Number (RPN).

All departments shall be Responsible for identification of risk and communication of risk to QRM team.



  • Head – QA shall form a QRM Team and team leader.
  • Quality risk management team shall be a cross functional teams from various departments such as Quality Assurance, Quality Control, Production, packaging, Stores, microbiology, IT and Engineering departments.
  • RISK: Combination of the probability of occurrence of harm and severity of the harm.
  • Risk identification may be based on knowledge, experience and understanding of the product and process.
  • Once the risk is identified, it shall be immediately communicated to QRM Team Identification and Communication of risk.
  • QRM Team leader shall write comments on identified risk.
  • QRM Team shall initiate the process of risk assessment.
  • QRM Team shall evaluate and analyze the risk.
  • Any perceived risk, which evaluated as not being a risk or does not require correction, shall not be documented as a risk.
  • All other perceived risk required to be evaluated by QRM Team.
  • The tool which is used for risk management is Failure Mode Effects Analysis (FMEA). FMEA is a systematic method of identifying and preventing product and process problems before they occur.
  • FMEA shall document as per Annexure-I “Risk assessment document” and a document no. shall be assigned by QA.
  • Log of different type of risk assessment shall be maintained in Annexure-III FMEA Log.
  • The numbering pattern for document shall be as mentioned below:


Where – FMEA – Failure Mode Effects Analysis

XXX – Document no. starting from 001

YY – Last two digit of current calendar year

E.g. FMEA/001/19

  • Identify all potential failure modes associated with the product component or process step.
  • List all perceived failure modes for each item (product component or process step), potential effect, potential cause, current control measures shall be mentioned in Annexure-I.
  • Describe the effects of each of listed failure modes and assess the severity of each of these effects on the product or process. Rating of severity / probability and detectability shall be categorize as mentioned below and shall be mentioned in the Annexure-I against each perceive failure mode of respective risk assessment.
      • Severity is defined as a measure of the possible consequences of a hazard. Severity assesses the effect of failure on the product or process. The effect of the severity criteria shown in the table no. 1.

Table No. 1

Value Description Criteria
Low Irrelevant No impact on product quality and process robustness.
High Important Noticeable impact to product quality, but can be recovered by reprocessing.
Higher Disastrous Batch failure, not recoverable by rework.


  • Identify the possible causes of each failure mode.
  • Quantify the probability of occurrence of each of the causes of a failure mode.
    • The probability of occurrence evaluates the frequency that potential risk will occur for a given system or situation. The probability score is rated against the probability that the effect occurs as a result of a failure mode. Refer table no. 2.

Table No. 2

Value Description Criteria
Low An unlikely probability of occurrence Failure has never been seen but it is theoretically possible
High An occasional probability of occurrence Failure potential has been noted. If procedures are followed the failure potential is minimal
Higher A high probability of occurrence Failure potential has been noted. An active non-standard feedback control loop may be required


  • Identify all existing controls (current controls) that contribute to the prevention of the occurrence of each of the causes of a failure mode
  • Determine the ability of each of listed controls in preventing or detecting the failure mode or its cause. Assign a ranking score to indicate the detection effectiveness of each control.
    • The ability to discover or determine the existence, presence or fact of a hazard. The detectability score is rated against the ability to detect the effect of the failure mode or the ability to detect the failure mode itself. Refer table no. 3.

Table No. 3

Value Description Criteria
Low High degree of delectability A. Validated automatic system that is a direct measure of failure

B. Two or more manual operated validated detection systems, direct or indirect

High Likely to detect Single manually operated validated detection system that is not a direct measure of failure
 Higher Low or no detectability No ability to detect the failure


  • Calculate the risk priority number (RPN)


The composite risk for each unit operation step is the product of its three individual component ratings: severity, probability and detectability. This composite risk is called as risk priority number (RPN).

RPN = S x P x D

  • Identify actions to address perceived failure modes that have a high RPN.
Sr. No. RPN rating Category
1 Higher Critical
3 High Major
5 Low Minor


 Acceptance Criteria: In case the calculated RPN rating is greater than 25 that particular failures are not acceptable and necessary controls and procedures shall be implemented based on the area to reduce the severity of risk. The procedure and control shall be defined based on the outcome of risk assessment evaluation by respective Risk assessment team.
 If RPN is up , action plan is required based on review of risk assessment team and if require necessary controls shall be applied for appropriate area.
  • Detailed action plans to be drawn with responsibility and target date as per Annexure-III (FMEA action plan sheet) based on the acceptance Criteria.
  • If RPN is high, then priority should be given to such items and based on the current control measures, action plan for additional measures required shall be made in Annexure-III .Priority shall also be given to items with high severity rate.
  • Priority shall also be given to items with high severity rate ( means major) and if required automation, controls and procedural control shall be applied. If RPN is Higher then immediate action shall be taken to remediate the risk.
  • Log of FMEA shall be maintained as per format by QA department.

After assessment of risk, it shall be concluded and communicated to concerned department head or person as per Annexure-V , Risk conclusion and communication.

Annexure :- 

Annexure – I                  : Risk assessment document

Annexure – II                : Identification and communication of risk

Annexure – III              : FMEA action plan sheet

Annexure – IV              : FMEA Log

Annexure – V               : Risk conclusion and communication



ICH Q9 Guideline – Nov 2005.

18 thoughts on “SOP For Risk Management”

  1. Dilini Samarajeewa

    Thank you so much for the information. Could you please share the above mentioned annexures (Annexure-I to annexure-V)

Leave a Reply