QRM Part 4: Sponsor Oversight Risk Assessment Outcomes - What Comes Next?
This final blog in the series will help you to proactively use your risk assessment to facilitate risk reduction and develop an appropriately controlled process, to ensure your product is safe and fit for purpose. For this, we follow a 5-step process:
Step 1: Interpretation
Once you have a risk rating, you need to decide what to do with it. Is the risk rating acceptable? Is mitigation required? Are additional controls required?
LOW RISK = the hazard is adequately controlled, unlikely to happen, and would be detected if it did occur before harm was caused. No additional controls or checks are required.
MEDIUM RISK = there is some level of control and detectability, but additional controls would be beneficial to prevent the hazard from occurring and/or additional checks are required to detect whether the hazard has occurred. Continued conversation with your contracted partner is recommended.
HIGH RISK = further control or mitigating action is required to prevent the hazard from occurring and/or ensuring the hazard is detected if it occurs. Contract Giver and Contract Acceptor should keep these risks under discussion until appropriate mitigation has been identified.
Step 2: Conclusion
Document the outcome of the risk assessment. This could be that the risk is acceptable, or it could detail the next steps required, from all parties, to address the risk.
Step 3: Communication
Feedback to your vendors in a risk assessment format helps to communicate and promote understanding for all parties. The hazards are clearly identified, the current controls and checks associated with the hazard are documented, any gaps in control are easily identified, and the conclusion will clearly present the next course of action.
Step 4: Collaboration
Keep the risk assessment live during discussions with your vendor. Work with your vendors to identify appropriate controls required to reduce the likelihood of the hazard occurring. Provide support and information to help the vendor implement the controls, and bear in mind that action may be required at the Sponsor organisation, as well as the vendor, to address risk.
Step 5: Continuous Improvement
There should be an effectiveness check on any additional controls subsequently introduced by the vendor. This can be incorporated into the next version of the risk assessment to check whether the new controls are effective in reducing the risk of the hazard occurring. It is also a good idea to log any quality events occurring at your vendors so they can be trended - this will indicate if any risk ratings could be increasing, and indicates that a control may be failing. A Risk Register, as discussed in Blog 2 of this series, is a useful tool to monitor quality incident trends.
Overall, this approach to quality risk management is beneficial, especially during product development phases, as it facilitates robust manufacturing process design and promotes continual improvement. It also means you can be confident you have all the appropriate controls and checks in place to ensure your product is safe and fit for purpose, and will continue to be so as you move towards commercialisation.
Hopefully you have found our Quality Risk Management series useful, if you have any questions or need assistance when you want to communicate risk to a contract acceptor, especially when they don’t appear to see your point of view, please don’t hesitate to get in touch with us here, and we will do what we can to help you on your journey.