Barbara Jeroncic
Improved Utilization of Self-Inspection
Programs within the GMP Environment–A
Quality Risk Management Approach
Barbara Jeroncic
Self-inspection is a well-established and vital part of
the pharmaceutical quality system. The development
of the International Conference on Harmonisation
(ICH) Q9 and Q10 guidance documents have intro-
duced an opportunity to improve the design of the
self-inspection program by application of the qual-
ity risk management (QRM) principles and concepts.
Self-inspection can be designed as a QRM tool used
to assess the management of current and potential
risks to quality and to drive forward continual improve-
ment. The application of QRM also allows more effi-
cient inspection workload and resource management
focusing on those areas within the quality system that
present higher risk to quality. This article provides
examples of how QRM could be introduced to main
activities within the self-inspection program. The
article also explores the application of QRM in the
area of self-inspection by pharmaceutical companies
based in Ireland.
INTRODUCTION
Self-inspection is a well-established part of the phar-
maceutical quality system. Companies have tradi-
tionally been using it as a method for monitoring the
implementation and compliance with good manu-
facturing practice (GMP) principles, as well as for in-
troducing appropriate corrective measures. This role
of self-inspection is promoted by the current GMP
legislation and guidance (1). Development of the In-
ternational Conference on Harmonisation’s (ICH)
Q10 guide has expanded the role of self-inspection to
that of an important performance indicator used for
monitoring the effectiveness of processes and activi-
ties within the pharmaceutical quality system. ICH
Q10 promotes the use of self-inspection results as
an important input for periodic management review
performed to manage, evaluate, and continually im-
prove the quality system’s performance (1, 2).
An interview with a senior GMP inspector at the
22  Special Edition: A Roadmap to GMP Compliance Part 2
Irish Medicines Board (IMB) published in the Journal
of GXP Compliance (3) identifies some of the issues
with current self-inspection programs of pharma-
ceutical manufacturing companies. A major issue
discussed was that significant and critical deficien-
cies observed during regulatory inspections were
not identified and corrected by the companies them-
selves via their own self-inspection programs. This
could be due to the fact that for many companies
self-inspection comprises little more than a review of
compliance with current standard operating proce-
dures (SOPs). Furthermore, its low priority is coupled
with insufficient resources and lack of commitment
from senior management. The interview (3) identifies
the opportunities for self-inspection to be designed
as a formal quality risk management tool capable of
identifying and managing risks and driving forward
tangible and realistic continual improvement. Self-
inspection programs designed in this way can help to
demonstrate the effectiveness of the quality system,
and thus can play an important role in the achieve-
ment of the reduced regulatory oversight in the in-
spection area (3).
This article introduces an innovative self-inspec-
tion program design, as a part of quality risk man-
agement, aimed at risk identification and manage-
ment as tools for continual improvement. As a part
of the design process, a survey of pharmaceutical
manufacturing companies in Ireland was conducted;
the findings are reported in this paper. The survey
goal was to explore the practical application of qual-
ity risk management to self-inspection programs and
the pharmaceutical industry interest in seeking re-
duced level of direct regulatory oversight in the area
of regulatory inspections.
REALIGNING SELF-INSPECTION AS A QUALITY RISK
MANAGEMENT TOOL
Many parts of the European GMP guide (1) are cur-

rently undergoing revision to incorporate the prin-
ciples and concepts of the quality risk management,
such as chapters one, three, and five. There is a simi-
lar opportunity with respect to chapter nine (“Self-
inspection”). ICH Q9 is already taking initiative in its
drive to define the frequency and scope of inspections
by taking into account various risk indicators. ICH Q9
also provides guidelines for the application of quality
risk management to regulatory inspections aimed to
assist with: resource allocation including inspection
planning, frequency, and intensity; evaluation of qual-
ity defect significance, recalls, and inspection find-
ings; assessment of the scope and type of post-inspec-
tion follow-up; and identification of risks that should
be communicated between inspectors and assessors to
facilitate better understanding of risk control (4).
ICH Q9 states, “quality risk management is a sys-
tematic process comprising of assessment, control,
communication, and review of risks impacting the
drug (medicinal) product quality across the product
lifecycle.” Organizations manage risk through identi-
fication, analysis, and evaluation of the most suitable
risk mitigation strategy. This process further encom-
passes risk monitoring and review aided by commu-
nication and consultation with stakeholders in order
to ensure that no further risk control/treatment is re-
quired (4, 5).
There is a potential to apply a quality risk manage-
ment approach to the area of self-inspection that can
be integrated into the organization’s quality risk man-
agement framework. The purpose is two-fold as fol-
lows:
• To design self-inspection as a quality risk manag-
ment tool that can provide the objective evidence to
the management about whether or not the current
and potential risks to quality are effectively man-
aged to acceptable levels. Management then can
judge the effectiveness of processes and functions
within the quality system
• Efficient inspection workload and resource man-
agement focusing on those areas within the quality
system that present higher risk to the quality of
medicinal product, with aim of meeting the qual-
ity objectives.
Benefits Of The Application Of Quality Risk
Management To Self-Inspection Programs
ICH Q9 lists the following main benefits of the ap-
plication of an effective quality risk management ap-
proach to various processes and activities within the
quality system, including self-inspection (4):
• Ensuring high quality of the medicinal product by
proactively identifying and controlling potential
quality issues
• Improving decision making if a quality issue arises
• Facilitation of better and more informed decisions
Barbara Jeroncic
that can provide the regulators with greater assur-
ance of a company’s ability to deal with potential
risks and can beneficially affect the extent and level
of direct regulatory oversight.
ISO 31000 standard entitled “Risk Management–
Principles and Guidelines” provides even further de-
tail of benefits of the application of effective quality
risk management (5), as follows:
• Increasing the likelihood of achieving quality
objectives
• Encouraging proactive management
• Awareness of the need to identify and treat risks
throughout the organization
• Improving the identification of opportunities and
threats
• Improving compliance with legal and regulatory
requirements and international norms
• Improving governance
• Improving stakeholders confidence and trust
• Establishing a reliable basis for decision making
and planning
• Improving controls
• Effectively allocating and use of resources
• Improving operational effectiveness
and efficiency
• Improving loss prevention and
incident management
• Minimizing losses.
Elements Of Quality Risk Management
The following are elements of quality risk management.
Risk assessment. Risk assessment is the process of
risk identification, analysis, and evaluation (4, 5). Its
application within the self-inspection program can be
tailored to the risk assessment output purpose, the de-
sired level of detail, and the available information. For
example, the estimate of risk associated with an area
within the quality system, for the purpose of defin-
ing a scope and frequency of self-inspections, can be
based on the general evaluation of risk factors, without
a detailed risk assessment, as this will be performed
during self inspections. ISO 31010 standard describes
different methods and tools that could be used when
performing risk assessment. Examples of the methods
and tools are provided in the following sections.
Risk identification. The purpose of the risk identi-
fication process is to identify the causes and sources of
hazards, events, situations or circumstances that could
have an impact upon the quality of the medicinal prod-
uct, the quality objectives, and the nature of that impact
(4, 5, 6). There is a variety of tools and techniques that
could be chosen for risk identification, such as: reviews
of historical data, checklists, theoretical analysis, system-
atic team approaches (e.g., structured “what-if” technique
[SWIFT]), primary hazard analysis, hazard operability
Special Edition: A Roadmap to GMP Compliance Part 2 23
Barbara Jeroncic
analysis (HAZOP), fault tree analysis (FTA), cause and ef-
fect analysis, and supporting techniques (e.g., brainstorm-
ing, Delphi method) (4, 6).
Risk analysis. Risk analysis is an estimate of the
risk associated with an identified hazard. It consists
of linking the consequences and their likelihoods for
the identified hazard (can also link detectability of the
hazard) to determine the level of risk. The purpose
of the risk analysis is to develop risk understanding
(4, 6).
The analysis of consequences determines the nature
and type of impact that could occur (6).
It can involve the following (6):
• Relating the consequence to the achievement of
the quality objectives
• Taking into consideration existing controls to
mitigate the consequence, together with all rel-
evant contributory factors
• Considering both immediate consequences and
those that may arise after a certain time has
elapsed, if this is consistent with the scope of
assessment
• Considering secondary consequences (i.e., those
impacting on associated processes, activities,
equipment, etc.).
The examples of methods and tools that are suitable
for consequence analysis are: HAZOP, hazard analysis
and critical control points (HACCP), failure mode ef-
fects analysis (FMEA), cause and consequence analy-
sis, cause and effect analysis, etc. (6).
The probability analysis estimates the likelihood
of a particular hazard, using one of the following ap-
proaches (6):
• Use of relevant historical data to extrapolate or
predict the probability of occurrence of similar
events or situations in the future. It should be
noted that if historically there is a very low fre-
quency of occurrence, the estimate of probability
will be very unreliable
• Probability forecasts using predictive techniques
such as fault tree analysis and event tree analysis.
When historical data are unavailable or inade-
quate, the probability can be estimated by analy-
sis of a relevant process, activity, equipment, etc.
and its associated failure or success states
• Expert judgements that can be facilitated by
formal methods (i.e., Delphi approach, category
ranking, paired comparison, etc.).
The consequence and likelihood can be linked by
using a variety of qualitative, semi-quantitative, or
quantitative methods to determine the level of risk.
The degree of detail depends upon the particular ap-
plication, the availability of reliable data, and the
decision-making requirements. Examples of methods
24  Special Edition: A Roadmap to GMP Compliance Part 2
and techniques are: consequence-probability matrix,
SWIFT, FMEA/FMECA, etc. (6).
Risk evaluation. Risk evaluation involves compar-
ing the identified and analyzed risks against estab-
lished risk criteria in order to determine their signifi-
cance. The purpose of risk evaluation is to assist in
making decisions, based on the outcomes of risk anal-
ysis, on the requirements and priorities of treatment
implementation (4, 5, 6). Risk criteria should reflect
the organization’s values and objectives, legal, regula-
tory, and other requirements (5). ISO 31000 standard
suggests consideration of the following factors when
defining risk criteria:
• The nature and types of causes and consequences
of risks that can occur and their measurement
• Definition of likelihood
• The timeframe(s) of the likelihood and/or
consequence(s)
• How the level of risk is to be determined
• The views of stakeholders
• The level at which risk becomes acceptable
or tolerable
• Whether combinations of multiple risks should
be taken into account, and how and which com-
binations should be considered.
Risk control/treatment. Risk control/treatment is
the process of decision making in order to reduce and/
or accept risks, identify risk control/treatment solu-
tions and implement these solutions aiming to reduce
the risk to an acceptable level. Decisions can take into
account a wider context of the risk and include con-
sideration of the risk tolerance borne by stakeholders,
cost-benefit analysis and the legal, regulatory, and other
requirements (4, 5, 6).
Risk communication. Risk communication refers to
information sharing regarding risks and risk manage-
ment between stakeholders. It is important that this
information is accurately and regularly communicated
through reporting channels established by the organi-
zation in order to ensure the success and effectiveness
of the quality risk management process. This can take
place at any stage of the quality risk management pro-
cess (4, 5, 6). The communication and reporting mecha-
nisms should ensure that key components of the quality
risk management approach to self-inspections, and any
subsequent modifications, are appropriately and timely
communicated to all interested parties; that there is ad-
equate reporting of the risk assessment outcomes; that
relevant information on the application of quality risk
management is available at appropriate levels and times;
and that there are established processes for consulta-
tion with stakeholders (6). Communication between
stakeholders can assist the development of appropriate
quality risk management approach to self-inspection
and integration of self-inspection into the organiza-

tion’s quality risk management framework. It can fur-
ther ensure that the interests of stakeholders are under-
stood and considered when developing self-inspection
programs; bring together different areas of expertise
to ensure that the risks are adequately identified and
analyzed through the use of risk assessment methods
and techniques; ensure that different views are appro-
priately considered when defining risk criteria and in
evaluating risks; and can help to secure endorsement
and support for a mitigation plan (5, 6).
Risk review and monitoring. Regular review of the
quality risk management ensures that any new knowl-
edge and experience is taken into account (4, 5, 6).
For example, it ensures verifying that the assumptions
about risks remain valid, obtaining further informa-
tion to improve risk assessment, analyzing and learning
from events, including near-misses, changes, trends,
successes and failures, verifying that risk assessments
are properly applied, verifying that risk treatments are
effective, detecting changes which could influence risk
criteria and upon which risk treatments need to be re-
vised, identifying emerging risks, etc. (5, 6).
Application Of Quality Risk Management To The Activi-
ties Within The Self-Inspection Program
The following sections discuss quality risk manage-
ment applications to main activities. Examples of
quality risk management within the self-inspection
program include the following:
• Self-inspection planning—defining the scope
(inspection units), frequency, and level of self-
inspections, and allocation of the inspectors
• Detailed plan preparation for self-inspections of the
individual inspection units
• Conducting self-inspections
• Adequate response to self-inspection results—deter-
mining the type of actions for the issues identified
within self-inspections, determining the timeframe
for the implementation of actions, and assessing the
associated risks.
Planning Of Self-Inspections
Risk management can be applied to self-inspection
planning with the intent to direct the inspection effort
to the areas within the quality system that represent
higher risk to the quality of the medicinal product and
the achievement of the quality objectives. The applica-
tion of the quality risk management allows the estima-
tion of the risk associated with areas within the quality
system and determining the scope (inspection units),
frequency and level (time, number of inspectors) of
self-inspections, and allocation of inspectors to partic-
ular self-inspections (considering their experience and
skills) based on the estimated levels of risk. This forms
the basis for a risk-based inspection planning and en-
ables better utilization of available resources.
Barbara Jeroncic
The risk associated with an area can be estimated by
analysis of selected risk factors that indicate or identify
the risk. ICH Q9 suggests the following various risk
factors that can be used:
• Complexity of the site, manufacturing process,
and product
• The number and significance of quality defects
• Results of previous audits/inspections
• The overall compliance status and history of the
company or facility
• Robustness of a company’s quality risk manage-
ment activities
• Major changes of building, equipment, processes,
and key personnel
• Experience with product manufacturing process
• Existing legal requirements
• Official laboratory test results.
Some additional factors the companies could con-
sider might be the following:
• Criticality of an area. This factor considers the
effect of failure of a particular area and the influ-
ence of potential or identified issues with this
area on areas downstream
• Coupling of an area. Tightly-coupled processes
or systems could be those having time dependent
processes/activities that cannot wait; those hav-
ing rigidly ordered processes or activities (i.e.,
sequence A must follow sequence B); those having
only one path to a successful outcome; those hav-
ing very little slack in the system, as the system
requires precise quantities or specific resources
for successful operation, etc. (3)
• Adequacy of resources associated with an area.
The risk associated with an area can be estimated
by using different risk ranking methods or tools. For
example, a simple approach could be assigning a nu-
merical descriptive value of 1 (low) to 3 (high) to es-
tablished categories for the selected risk factors. An
example is provided in Table I.
The estimated values for all risk factors can then be
linked together in an appropriate way to yield a risk
level associated with an area (e.g., low, medium, and
high). The estimated values for risk factors could also
be multiplied by significance-weighting factors to give
a total. This assessment of risk associated with the ar-
eas within the quality system can be seen as a prelimi-
nary risk screening with the intention to direct the in-
spection effort to those areas that represent higher risk.
It is important that this evaluation of risk is appro-
priately communicated to the interested parties (e.g.,
management, inspectors, etc.). Furthermore, it should
be regularly reviewed to take into account any new
information including the results of self-inspections
and the risk control/treatment process. Based on this
information, the frequency of self-inspections can be
Special Edition: A Roadmap to GMP Compliance Part 2 25
Barbara Jeroncic

Table I: Example of categories for a risk factor and their numeric values.
Risk factor
Results of previous
self-inspections
Number and significance
of deviations
Category (impact X likelihood) Value
(based on data for a given time period)
< 5 minor observations, no major or critical observations 1
< 15 minor observations, no major or critical observations 2
> 15 minor observations or any major or critical observations 3
< 20 minor deviations not affecting the number of released batches 1
per month. No major deviations affecting batch release
> 20 minor deviations not affecting the number of released batches per month 2
< 10 major deviations resulting in delay of batch release 2
no major deviations resulting in batch reject or reprocessing
> 10 major deviations resulting in delay of batch release 3
Any major deviations resulting in batch reject or reprocessing

reviewed and adjusted if required.
Preparation And Conduct Of Self-Inspections
Preparation for self-inspections of a particular inspec-
tion unit can include preparing detailed plans for in-
dividual self-inspections with the intention to direct
self-inspection activities. These plans could be based
on the risk assessment of the inspection unit with the
purpose to focus on those elements that represent
higher risk to the quality and the achievement of the
quality objectives and can, therefore, have a higher
impact on the effectiveness of the activity, process, or
function of that unit. The elements with higher asso-
ciated risk can be inspected more thoroughly during
self-inspections and can be included into future as-
sessments more frequently.
Risk assessment performed at this stage can be seen
as the initiation of assessment of risks associated with
elements of the inspection unit based on the available
information. Risk assessment can then be completed
during conduct of self-inspections based on the ad-
ditional information gathered during self-inspections.
Risk assessment of the inspection unit can be continu-
ously updated during subsequent inspections of the
inspection unit based on new knowledge and experi-
ence. The purpose of the risk assessment is to provide
an understanding of risks, including their causes, con-
sequences, and probabilities, and the understanding of
the adequacy and effectiveness of existing controls to
mitigate these risks (6). After the conduct of each self-
inspection, an objective report can be presented to the
management regarding the adequacy and effectiveness
of risk management of the inspection unit.
The level of risk depends on the adequacy and effec-
tiveness of existing controls, which can be addressed
using following criteria (6):
• What are the existing controls for a particular risk?
• Are those controls suitable for adequate risk mitiga-
tion, resulting in a tolerable risk levels?
• In practice, are the controls operating in the intend-
ed manner and can they be demonstrated to be
effective when required?
For example, during the assessment of the inspec-
tion unit production process A, it was identified that
there were several occasions of the delays in the pro-
cess A as the purified water was not available due to
out-of-specification test results. Table II provides an
example of how risk associated with this hazard could
be assessed.
The assessed risk increased from Category 3 to Cat-
egory 4 in a given time period, thus it was decided that
purified water system would be inspected more fre-
quently and new potential controls would be assessed.
The output of the risk assessment performed during
the preparation of detailed plans for self-inspections of the
inspection unit could include the following elements to
help ensure the effectiveness of self-inspections:
• A process map of the inspection unit providing vis-
ibility of the inspection unit elements and their interac-
tion, and the interaction with other areas of the quality
system
• A list of identified hazards coupled with description of
methods and type of data used for hazard identification
• An analysis of consequences of those hazards and their
likelihood, including a description of methods and
type of data used for this analysis
• Estimated levels of risk associated with the inspection
unit elements
• Criteria for risk evaluation based on the management
tolerance of risk
• Objectives for self-inspections of the inspection unit
(or their recommendation) to direct inspection effort
to those elements that represent higher risk for the

26  Special Edition: A Roadmap to GMP Compliance Part 2

 Barbara Jeroncic

Table II: Example of the initial risk analysis of one of the identified hazards associated with an inspection unit.
Identified hazard: Purified water (PW) not available due to out-of-specification
results of conductivity, TOC, microbial content or endotoxin
Impact factors:
• Number of days PW was out of use in a given time period
• Impact on batch release—delay, reject, or reprocessing
Impact categories:
1 PW out of use < 2-day intervals—interruptions and delay in process A
No impact on the number of batches released per month
2 PW out of use >2-day intervals
Reduced number of batches released per month for < 2%
3 Reduced number of batches released per month for > 2%
Any batch rejects or reprocessing
Likelihood factors:
• Number of out-of-specification results in a given time period–conductivity, TOC, microbial content, endotoxin
Existing controls: UV disinfection system, series of water filters (purified water system map)
Risk analysis:
Risk category Impact X Likelihood
1 < 15 out of specifications resulting in interruptions and delay in process A
but not impacting the number of batches released per month
2 > 15 out of specifications resulting in interruptions and delay in process A
but not impacting the number of batches released per month
3 Reduced number of batches released per month for < 2%
4 Reduced number of batches released per month for > 2%
< 2 batch rejects or reprocessing
5 > 2 batch rejects or reprocessing

achievement of the quality objectives associated with
the unit.
Detailed plans can be prepared just before the indi-
vidual self-inspections, or can be prepared periodical-
ly, in which case the risk assessment should be revisited
just before individual self-inspections to include any
relevant new information. It is very important that the
relevant information is appropriately communicated to
inspectors who are conducting self-inspections (if not
the same person) to ensure the effectiveness of the risk
assessment.
Based on the outputs of the initial assessment, the
inspectors can identify additional information required
for efficient completion of risk assessment of the in-
spection unit, and identify methods for obtaining this
information including various inspection techniques
(e.g., interviews, observation, review of documenta-
tion, etc.) and approaches. For example, the inspectors
could decide to use vertical or horizontal approach to
self-inspection, as follows (7) (see Figure 1):
• Vertical approach to self-inspection involves an
examination of all aspects of the quality system that
contribute to the output (result) within a particu-
lar area, function, or department. It examines all
inputs and activities required to produce an output.
Selection of this approach is useful when performing
departmental or functional self-inspections.
• Horizontal approach to self-inspection involves
examination of an aspect of the quality system that
is applied to, or involving, different functions, areas,
or departments. This type of approach is useful when
performing self-inspections of systems implemented
across various areas or processes, involving different
areas or functions (e.g., change management sys-
tem, deviation investigation, training of personnel,
and calibration of equipment). It is also useful for
self-inspection of projects and products. Horizontal
approach can be a powerful tool to test the interfaces
between different parts of an organization involved
in the system, process, project, etc.
The inspection unit risk assessment outputs after the
conduct of self-inspections could include the following:
• The updated list of hazards
• The updated analysis of risk, based on the informa-
tion obtained during the self-inspections, including
analysis of risk associated with any identified issues

Special Edition: A Roadmap to GMP Compliance Part 2 27

Barbara Jeroncic

Figure 1. assessment of the inspection unit can be revisited,

Example of vertical and horizontal self-inspection.
reviewed, and updated before and during each sub-
sequent self-inspection. Results of self-inspections are
also important input into periodic senior management
review as they provide objective evidence of suitabil-
ity, adequacy, and effectiveness of the quality system
and identification of opportunities for improvement of
the quality system and the performance of the organi-
zation (2, 8, 9).
Producon Process 1

Producon Process 2

Producon Process 3

QC department 1

QC department 2
Response To The Self-Inspection Results
Warehouse

Based on the results of self-inspections, the respon-

sible management can make decisions on whether the
identified risks can be accepted or reduced and how
to reduce the risks. If self-inspection identifies op-
portunities for improvement of the inspection unit,
these decisions could also include the assessment of
the identified opportunities and plans for their realiza-
Deviaon
tion. Risk control/treatment process could be seen as a
Invesgaon
cyclical process involving the following (5):
• Review of self-inspection findings, including issues
Vercal self-inspecon approach: Example, (e.g., a non-conformity or an ineffective control) or
self-inspecon of acvies within a QC department. identified opportunities for improvement
Horizontal self-inspecon approach: Example, • Risk assessment of the identified issues to facilitate
self-inspecon of deviaon invesgaons in the decision on their mitigation, for example:
producon area. • An immediate correction eliminating an existing
non-conformity or undesirable situation—simple
or non-conformances tools can be used to investigate the cause for the
• Evaluation of risks against established risk criteria non-conformity or undesirable situation, such as
• A self-inspection report including the findings and brainstorming, 5 Whys, etc.
conclusions that allow the management to judge the • A corrective or preventive action eliminating the
adequacy and effectiveness of the inspected unit risk cause(s) of an existing or potential non-conformity
management, recommended actions for identified or undesirable situation in order to prevent recur-
issues, and identified opportunities for improvement rence or occurrence. For corrective actions, tools
of risk management and efficiency of the inspected for root cause analysis can be used to identify the
unit elements. cause(s) of the issue. For the potential issues, the
prevention can include FMEA or FTA analysis
The common approach that can be used when evaluat- to determine potential risk associated with the
ing analyzed risks against the established risk criteria is to identified issue
divide risks into the following tree bands (6): • A trend that will be monitored
• An upper band, where the level of risk is regarded • Selection of possible risk control/treatment solu-
as intolerable and risk treatment is essential tions for the identified issues or improvements in
• A middle band, where the management can decide, areas where the opportunity has been identified:
based on the established treatment criteria (e.g., • Identification of possible risk treatment solutions
“As low as reasonably practicable” [ALARP] criteria or improvement solutions (i.e., use of simple tools
system), as to whether or not take any actions such as brainstorming, etc.)
• A lower band, where the level of risk is regarded • Assessment of risks associated with the risk treat-
as negligible, or so small that no risk treatment ment solutions or improvement solutions (i.e.,
measures are needed. residual risks, new introduced risks, etc.)
• Determining the criteria for selecting or pri-
The results of risk assessment of the inspection unit oritizing a particular risk treatment solution or
should be appropriately communicated to the respon- improvement solution (e.g., risk context, stake-
sible management, enabling appropriate actions. They holders concerns, cost-benefit analysis, legal,
should also be communicated to those responsible regulatory, and other requirements)
for planning of self-inspections to allow review of the • Solution confirmation providing proof, through
risk levels associated with the inspection unit. Risk objective evidence, that the selected risk treatment

28  Special Edition: A Roadmap to GMP Compliance Part 2


solution will solve the problem, or that improve-
ment solution will improve the effectiveness of the
inspection unit and will not adversely affect the
quality of the medicinal product and achievement
of the quality objectives
• Defining the project plan for the implementation of
the selected risk treatment or improvement solution,
including the following:
• Project goal and responsibilities (e.g., “specific, mea-
surable, attainable, relevant, time-specific” [SMART]
criteria can be used to define a project goal)
• Verification. How will the effectiveness of the selected
risk treatment solution/improvement solution be
verified? How frequently and for how long before
the implementation?
• Implementation. How will the risk treatment solu-
tion or improvement solution be implemented and
in what timeframe?
• How will the effectiveness of the implemented
risk treatment solution or improvement solution
be monitored, how frequently and for how long?
• Implementation of the selected risk treatment solu-
tion/improvement solution
• Monitoring and assessment of the risk treatment
solution and improvement solution (i.e., including
through subsequent self-inspection) effectiveness.
It is important that the outcomes of the risk control/
treatment process are appropriately communicated to
the interested parties; including those responsible for
planning of self-inspections and those responsible for
planning and conducting self-inspections of the in-
spection unit; as any actions taken can influence the
risks associated with the inspection unit. The output
of risk control/treatment process should also be input
into the periodic senior management review.
SURVEY OF PHARMACEUTICAL MANUFACTURING
COMPANIES IN IRELAND ON THE QUALITY RISK MAN-
AGEMENT APPLICATION IN SELF-INSPECTIONS
A survey was sent to the quality assurance managers
or audit managers of 40 pharmaceutical manufactur-
ing companies based in Ireland with the intent to ex-
plore whether and how the pharmaceutical companies
apply quality risk management to their self-inspection
programs. The survey also assessed the companies’
understanding of, and their interest in, reduced level
of direct regulatory oversight in the area of regulatory
inspections. The survey included drug product manu-
facturers and manufacturers of active pharmaceutical
ingredients. Eighteen companies responded to the
survey (45%), and the results are presented as follows.
The Role Of Self-Inspection Within The Quality
System
In 50% of the companies who responded to the sur-
Barbara Jeroncic
vey, self-inspection is structured as a stand-alone and
independent component of a quality system used to
monitor compliance with current GMP regulations
and standard operating procedures. In 31% of the
companies it is structured as a part of quality risk
management used to proactively and systematically
identify, evaluate, and manage current and potential
risks to quality and non-compliances. The structure
in the remaining 19% is in between the previous two.
The majority of the companies, 63%, do not use self-
inspection as one of the main activities for identifying
the opportunities for continual improvement.
The Application Of Quality Risk Management To
Self-Inspection
The survey tried to establish whether companies apply
the quality risk management principles and tools out-
lined in ICH Q9 in the various high-level areas of the
quality system. According to the survey, 44% of the
companies apply them in the area of self-inspection
(see Figure 2).
The most commonly used formal quality risk man-
agement tools are failure mode effects analysis (FMEA)
and process mapping and cause and effect diagrams,
used by 69% of respondents. Furthermore, 50% of the
respondents use hazard operability analysis (HAZOP)
and flow charts; 44% use risk ranking and filtering;
38% apply hazard analysis and critical control points
(HACCP); 31% implement fault tree analysis (FTA);
and 19% use failure mode, effects and criticality analy-
sis (FMECA).
Companies were asked to estimate to what extent
their self-inspection program was risk based, and
the results are presented as follows. The majority of
the companies design their self-inspection programs
based on assessed risks at least to some extent (see
Figure 3).
When planning the frequency and the scope of self-
inspections, the results of previous self-inspections and
regulatory inspections are the factors most frequently
taken into account by the companies who responded
to the survey (88%). In addition, 81% of the companies
take into account the number and significance of qual-
ity defects associated with an activity/process; 69% con-
sider the specific areas mentioned in chapter nine of the
European GMP guide and the complexity of the spe-
cific activities and processes; and 63% of the surveyed
companies take into account major changes in building,
equipment, processes, key personnel, etc. Only 38% of
the companies consider experience with the activity or
process and just 19% take into account specific arrange-
ments and agreements associated with the activity or
process.
Half of companies report that the same amount of
time and personnel are typically devoted to all self-
inspections included in the annual self-inspection pro-
Special Edition: A Roadmap to GMP Compliance Part 2 29
Barbara Jeroncic
gram. Fifty-six percent of the companies who respond-
ed to the survey do not have documented guidance
for different types of self-inspections (e.g., horizontal,
vertical, systems-based, process-based, departmental-
based, etc.). Only half of the respondents review results
of self-inspection as a part of the periodic management
review.
The Potential For Reduced Level Of Direct Regulatory
Oversight In The Area Of Regulatory Inspections
ICH Q9 and Q10 promote the potential for reduced
regulatory oversight. There is an opportunity to in-
crease the use of risk-based approaches for regulatory
inspections for companies that can demonstrate an ef-
fective quality system is being in place, including ef-
fective use of quality risk management principles. In
the inspection area, reduced regulatory oversight can
take a form of less frequent or less intensive regulatory
inspections, or inspections where some areas are not
inspected or are less thoroughly inspected based on
the risk considerations (2, 3).
Of the companies who responded to the survey,
56% are familiar with the potential opportunities for
a reduction in the level of direct regulatory oversight
that may be applied as envisaged by the ICH Q8, Q9,
and Q10 guidelines. Further 38% are partially familiar
and only 6% are not familiar at all. Importantly, 44% of
the companies are interested in seeking some level of
reduced regulatory oversight from the Irish Medicines
Board, and the same percentage of the companies are
not interested. The remaining 12% of the respondents
have not answered this question.
A significant majority, 81%, of the companies think
that the best way to demonstrate to the regulatory in-
spectors that an effective quality management system
is in place within the company is proactive discussion
of the company’s quality management system elements
with the regulatory inspectors. Furthermore, 75% of
the companies consider a good regulatory inspection
outcome (e.g., no major or critical deficiencies) an im-
portant factor in demonstration of an effective man-
agement system; 50% assign equal significance to no
recalls and a low number of complaints over a certain
period, whilst 44% are satisfied with no for-cause reg-
ulatory inspections carried out at their company.
The majority of respondents, 63%, would like to see
a formal program of communications with regulators
with respect to the potential applications of regulatory
flexibility and reduced regulatory oversight. A consid-
erable 31% are not interested in this, and 6% did not
answer this question. The majority of the respondents,
88%, are willing to consider open sharing of self-in-
spection reports with a regulatory inspector in some
way, in order to demonstrate that an effective quality
management system is in place within their company,
whilst 12% of the companies would not be willing to
30  Special Edition: A Roadmap to GMP Compliance Part 2
do so.
CONCLUSION
ICH Q10 and ISO 9000 standard series view self-
inspection as a vital and integral part of the quality
system, providing an independent tool for monitor-
ing and assessment of the effectiveness of the activities
and processes within the quality system, and for driv-
ing forward their continual improvement. In order to
be efficient and complete, this process should include
the evaluation of the risks hindering the achievement of
the quality objectives placed on activities and processes
potentially affecting the quality of the medicinal prod-
uct. There is an opportunity to design self-inspection
as a quality risk management tool identifying and as-
sessing risks associated with areas of the quality system
and providing objective evidence on the effectiveness of
their management. Self-inspection designed in this way
could potentially identify issues and non-conformanc-
es before they occur by allowing the management to
take the appropriate risk-reducing actions; and further
recognise the opportunities for improvement of risk
management and effectiveness of the quality system ar-
eas. Application of principles and concepts of quality
risk management also enables more efficient organiza-
tion and planning of self-inspections by directing the
inspection effort to those areas of the quality system
that represent higher risk to the quality of the medicinal
product and the achievement of the quality objectives.
The application of quality risk management in different
areas of the pharmaceutical industry, including self-in-
spection, is strongly supported by ICH Q9. This article
presents innovative approaches to self-inspection as a
quality risk management tool, with the potential for in-
troduction of a risk-based approach to self-inspection
planning in pharmaceutical manufacturing.
The results of the survey of the pharmaceutical man-
ufacturing companies in Ireland demonstrate that the
companies have started to apply quality risk manage-
ment to their self-inspection programs. Whilst half of
the companies still view self-inspection as an isolated
and independent component of the quality system used
to monitor compliance with current GMP regulations
and standard operating procedures, the remaining re-
spondents have structured it as a part of the quality
risk management used to identify and manage current
and potential risks to quality and non-compliances, at
least to some extent. The majority of the companies es-
timated that their self-inspection program was based
on the assessed risk at least to some extent. The most
frequently used factors for determining the frequency
and scope of self-inspections envisaged by ICH Q9 are
the results of previous self-inspections and regulatory
inspections, and the number and significance of quality
defects associated with an activity or process. The sur-
vey identified three main areas of self-inspection pro-
 Barbara Jeroncic

gram improvement within the pharmaceutical companies: struc- 4. ICH, Q9 Quality Risk Management, 2005.
turing self-inspection as an integral and vital part of the company’s 5. ISO 31000 Risk Management—Principles and Guidelines, First Edition, No-
quality system and risk quality management strategy; designing vember 13, 2009.
self-inspection in a way it could be used as one of the main activi- 6. ISO 31010 Risk Management–Risk Assessment Techniques, first edition,
ties for identifying the opportunities for continual improvement; 2009-12-01.
and including self-inspection results as an input into periodic man- 7. Wealleans D., The Quality Audit for ISO 9001:2000: A Practical Guide, 2nd
agement review. edition, Gower Publishing, 2005.
With respect to the potential for reduced level of direct regula- 8. ISO 9001 Quality Management System—Requirements, Third Edition, De-
tory oversight in the area of regulatory inspection promoted by ICH cember 15, 2000.
Q10, the results of the survey showed that the majority of compa- 9. ISO 9004 Quality Management Systems—Guidelines for Performance Improve-
nies are interested in this idea and would welcome a formal pro- ments, Second Edition December 15, 2000. GXP
gram of communications with regulators. The surveyed companies
consider proactive discussion of the company’s quality manage- ARTICLE ACRONYM LISTING
ment system elements with the regulatory inspectors to be the best ALARP As Low As Reasonably Practicable
way to demonstrate that an effective quality management system FMEA Failure Mode and Effects Analysis
is in place within the company. The majority of the companies are FTA Fault Tree Analysis
willing to consider some form of open sharing of self-inspection GMP Good Manufacturing Practice
reports with regulatory inspectors in order to demonstrate that an HACCP Hazard Analysis and Critical Control Points
effective quality management system is in place. The survey identi- HAZOP Hazard Operability Analysis
fied a need for further regulatory guidance and recommendation in ICH International Conference on Harmonisation
the area of the reduced regulatory oversight, as envisaged by ICH IMB Irish Medicines Board
Q8, Q9, and Q10. ISO International Organization for Standardization
QP Qualified Person
QRM Quality Risk Management
REFERENCES SMART Specific, Measurable, Attainable, Relevant, Time-Specific
1. EudraLex, GMP Directive 2003/94/EU, Good Manufacturing Practice SWIFT Structured “What-If” Technique
(GMP) Guidelines, Vol. 4, Part I-Basic Requirements for Medicinal Prod- TOC Total Organic Carbon
ucts, Chapter 9-Self-inspection. Retrieved from: http://ec.europa.eu/enter-
prise/sectors/pharmaceuticals/files/eudralex/vol-4/pdfs-en/cap9_en.pdf. ABOUT THE AUTHOR
2. ICH Q10 Pharmaceutical Quality System, 2008. Barbara Jeroncic has worked in the pharmaceutical industry for several years in
different roles, including working in quality departments. She may be reached
3. O’Donnell K., “Self-Inspection and its Potential Benefits via ICH Q9,” Jour-
by e-mail at barbara.jeroncic@imb.ie.
nal of GXP Compliance, Summer 2008, Vol.12 No. 4.

Originally published in the Summer 2011 issue of Journal of GXP Compliance

Special Edition: A Roadmap to GMP Compliance Part 2 31