Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (8sS1')
Version No: 4.0
Page 1 of 15

Application Area(s):
roche pharma

Prepared by
Patel Jayesh B. bs - ptq
F. Hoffmann-La Roche Ltd
CH-4070 Basel - Switzerland

Electronic Signatures for Approval

Name Firstname Reason for signing and Location Date and Time
DD.MM.YYYY hh:mi:ss (BsST')

Patel Jayesh B. Author Approval signed in ConDoR 01.04.200814:52:06

Zumbihl Hubert Approval signed in ConDoR 01.04.2008 18:08:23
Kissel Ulrich QA Approval signed in ConDoR 08.04.200814:51 :26

This document supersedes:

Reference number(s) of the attached document(s):

for010230

, BsST = Basel Server Time

'.c." .• ",,,,,,,/,,,_,'.,,-,<-,,,"=_'~:,,,~~---'-"~
.. _W/P~-" "X.Yl"'," :••• m

The official version is available on the Web (http://pms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing ~//N "'", .<'" x,'.w,,,..-_,,,,,,//..,:w_-"'«/. ."';=:'-
 Status of the Document: Effective
. ' ..

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

Version No: 4.0 DD.MM.YYYY hh:mi:ss (BsSr)

Page 2 of 15

Table of Contents

1. Purpose 3

2. Scope 3

3. Responsibil ity 3

4. The tool - a formal approach 3

4.1. Step 1: Basic Data 4
4.2. Step 2: Process Conditions 4
4.3. Step 3: Risk Identification 5
4.3.1. Probability 5
4.4. Step 4: Risk Assessment 6
4.5. Step 5: Risk Analysis and Evaluation 6
4.5.1. Severity 6
4.5.2. Detectability 11
4.5.3. Risk Protection level to select where actions are needed 11
4.6. Step 6: Risk Reduction Measures - A guide to define actions 12
4.7. Step 7: Residual Risk 12
4.8. Step 8: Risk management report 13
4.9. Step 9: Docu mentation 13

5. Action report and follow up 14

6. Change History 14

---------------....-....-....-....-....-=== ..
,....,.~,....,..."
..
,...
,....,-
The official
~,...
......-....--....--------------
version is available on the Web (htlp:/Ipms.roche.com)
ConDoR Web Publishing Date of Publishing: 26 Apr 2008
-~
__
W""/"_'_'. _"''''''=,,»»~. ~_
.._'w~"*'~
_ __ ._,"":w.,
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (BsSr)
Version No: 4.0
Page 3 of 15

1. Purpose
This document describes the methodology to be used for execution of a formalised risk
assessment of manufacturing and control activities and associated GMP systems as
initiated by the QuaSaR 2007 program. The focus is on quality risks and patient safety
risks.

The instructions are compliant with requirements addressed in the directive dir000029
referring to ICH Q9 and specified in spt014923.

2. Scope
Initiated by the QuaSaR program 2007 the SOP applies to the risk management for all
Roche Pharma manufacturing sites including API and drug product sites. All
manufacturing and control processes for all products are challenged on a defined
product prioritization schedule.

3. Responsibility
Each team conducting the risk management is responsible to conduct the study, propose
and prioritize risk mitigating actions. Implementation of corrective and preventive
measures are monitored by the site CAPA plan, with periodic reporting to the QuaSaR
core team. Final decisions for corrective and preventive measures of risks are made by
the site line management, or if escalated, by the QuaSaR Steering Committee.

4. The tool - a formal approach

The general instructions provided by spt014923 have to be followed:
• Step 1 Basic Data
• Step 2 Process Conditions
• Step 3 Risk Identification
• Step 4 Risk Assessment
• Step 5 Risk Evaluation
• Step 6 Risk Reduction Measures
• Step 7 Residual Risk
• Step 8 Risk management summary
• Step 9 Documentation

,,,,,,,,,,,"""'>:.:,,:.:.:.:,'<'< -., .. ,

The official version is available on the Web (http://pms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (BsST")
Version No: 4.0
Page 4 of 15

To perform these steps an interdisciplinary team of subject matter experts of the relevant
functions of the process to be assessed and controlled is formed.
Members from every level of hierarchy should be included in the team, as appropriate
(e.g. operators, shift leader, production manager, QA, QC-Iab technician, plant engineer,
... ). The moderator should be an independent person with good facilitating skills in risk
management.
Process flow for FMEA execution in the context of QuaSaR is described in Appendix 1

4.1. Step 1: Basic Data

The scope of the risk assessment has to be precisely defined. All necessary basic
information about the systems in the defined scope has to be collected, for example;
• Specifications and properties of raw materials, intermediates, products and by-
products e.g. chemical and physical properties, toxicity, stability
• Description of process e.g. technical transfer report, validation documentation
• Description of buildings, installations and infrastructure e.g. equipment
qualification
• Availability of infrastructure e.g. electricity, cooling energy, nitrogen, raw
materials, installations
• Quality influences e.g. equipment, process parameters, process controls,
environment, transport
• Other documentation e.g. Investigation Reports, Deviation Reports, complaints,
etc.
The risk analysis team is responsible that all information available is used to carry out
the risk analysis effectively.

4.2. Step 2: Process Conditions

Based on the basic data and the validation requirements, the desired quality of the
product has to be defined. Information required for this step of the analysis could include:
• Data from development
• Process descriptions (e.g. Master Batch Records, process flow charts)
• Standard operating procedures (SOPs)
• Guidelines and directives
• Maintenance schedules
• Batch documentation
The first two steps, basic data and process conditions, build the foundation for any risk
analysis and, as a result, need to be completed very thoroughly.

The official version is available on the Web (http://pms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (BsSr)
Version No: 4.0
Page 5 of 15

4.3. Step 3: Risk Identification

The reviewing of the potential risks begins by identification of potential failure modes
(ask the question: "What can go wrong for a specific process step?") The tools used
are:
• Failure Mode and Effects Analysis (FMEA)
• Where appropriate, Cause Effect analysis (OPEX-approach) can be applied to
provide more depth in a priority area.
The following steps have to be individually assessed:
• Break down into unit operations (according to Master Batch Record)
• Unit operations:
1) Production and Packaging Operations
2) Cleaning and Line Clearance Operations

Comprising of:
a) Facilities, Utilities and Equipment related GMP-Systems
b) Materials management
c) Laboratory control
d) Quality Management/Systems elements
e) The possibility of Human errors in all manual operations
Probability should be evaluated at this point:

4.3.1. Probability
What is the likelihood that the "Event" (failure mode) will occur? Each individual "Event"
(failure mode) identified during the risk analysis must be assigned to one of the classes
defined in Table 1.
Table 1: Rating of Probability:
Class Rating Examples of probabilities Score

Frequent once in a week or more 7

A
Moderate once in 1 month 6
B
occasional once in 1 year 5
C
0 Rare once in 10 years (e.g. once in life cycle of the system) 3

Unlikely once in 100 years (e.g. once in life cycle of a site) 2

E
F very unlikely once in 1'000 years or less (e.g. once in life cycle of Roche or 1
less)

The official version is available on the Web (htlp:/Ipms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing or""", " ""''---
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.200800:00:00

DD.MM.YYYY hh:mi:ss (BsST*)
Version No: 4.0
Page 6 of 15

4.4. Step 4: Risk Assessment

Each event (failure mode) identified has to be assessed for potential risk. Therefore, the
potential effects on customers/patient, product quality and patient safety issues have to
be described and evaluated in terms of:
• the probability of occurrence of an event (failure mode) and
• the magnitude or severity of the effects
• the probability of detecting a potential event
The probability, severity and detectability should be ranked as per Table 1, Table 2 and
Table 3 described in this sop.

4.5. Step 5: Risk Analysis and Evaluation

The areas that should be considered are Severity and Detectability

4.5.1. Severity
The "Severity" is an assessment of the seriousness of the "Effect" of the potential
"Event" (failure mode) to the patient, quality and/or compliance of the product e.g. What
are the consequences if the potential "Event" (failure mode) occurs?
Each individual "Effect" identified during the risk analysis process must be assigned to
one of the four classes defined in table 2. If there are multiple "Effects" for one identified
"Event" (failure mode), the one of highest "Severity" must be taken for the evaluation.
Make sure you have recorded the alternative "Effects" as well, so they are not missed.

",~_",,"X"""'="'--"~"W"="'-''''''-'----''--''_--'---'-_'~/.
The official version is available on the Web (htlp:/lpms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing
 :to- ••• ,.. ••

Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (6sS1')
Version No: 4.0
Page 7 of 15

Table 2: Rating of Severity

Considerations Examples of Severity Score
Class Rating
I Critical Patient safety Effects which are potentially life-threatening 10
class 1 or could cause a serious risk to health or a
(catastrophic) temporary health problem (e.g. death, illness
or mistreatment, fatalities, irreversible side
effects) caused by:

• Examples:
a) Wrong product (label and contents are
different).
b) Correct product but wrong strength with
serious medical consequences.
c) Microbial contamination of sterile injectable
product or ophthalmic product.
d) Chemical contamination with serious
medical consequences.
e) Mix up of some products ("rogues") with
more than one container involved.
f} Wrong active ingredient in a multi-
component product with serious medical
consequences.
Availability for the interruption:permanent stock-out (> 12 weeks) or
patient life saving drug; drug not available (no
alternatives)
GMP systems & Effects that affect quality and regulatory
regulatory compliance
compliance Examples:
a.) Close down of site or drug shortage
b.) Withdrawal of product or loss of marketing
authorisation

--------------~~~~~.~ ..
_=========:=.==~~--------------
Date of Publishing: 26 Apr 2008
The official version is available on the Web (htlp:/Ipms.roche.com)
ConDoR Web Publishing ";<-x",."",.~,,..,,,.,,.,,.,,,,,,,,,-.
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Valid as of: 21.04.2008 00:00:00

Document Ref.: sop024713
DD.MM.YYYY hh:mi:ss (BsST')
Version No: 4.0
Page 8 of 15

Table 2: Rating of Severity (continue.)

Considerations Examples of Severity Score
Class Rating
Critical Patient safety Effects, which could cause illness or 6
II
class 2&3 mistreatment but are not covered by
(critical) equivalent examples of "rating catastrophic".
Examples:
a) Reversible side effects
b) Mislabelling, e.g. wrong or missing text or
figures.
c) Missing or incorrect information - leaflets or
inserts or labels (excluded price labels).
d) Microbial contamination of non-injectable
product, non-ophthalmic sterile product with
medical consequences.
e) Chemical/physical contamination (significant
impurities, cross-contamination, particulates).
f) Mix up of products in a container ("rogues").
g) Non-compliance with specifications (e.g.
assay, fill/ weight, stability).
h) Insecure/defective closure of container with
serious medical consequences (e.g.
cytotoxics, child-resistant containers, potent
products). Faulty packaging e.g. wrong or
missing batch number or expiry date
i) Faulty closure
j) Contamination (e.g. microbial spoilage, dirt or
detritus or particulate matter!
GMP systems & Effects which indicate systematic errors GMP
regulatory systems or product registration
compliance Examples:
a) Recall, process interruption, unable to get new
products approved etc.
b) Consequences do affect regulatory
compliance for a product.

--------------- ..•••..•••.....
••.
_,••..••..••..
,.
.••....••.••.••..••.
=.==.=".===== ••.••.••.••.
-------------
The official version Is available on the Web (hltp:/Ipms.roche.com) Dale of Publishing: 26 Apr 2008
ConDoR Web Publishing
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ret: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (BsST")
Version No: 4.0
Page 9 of 15

Table 2: Rating of Severity (continue)

Class Rating Considerations Examples of Severity Score

III Major Patient safety Effects, which do not cause a serious risk to 3
(marginal) health; no side effects, but patient can
observe the defect.
Examples:
a) Effects do not have direct impact on the
quality of a product but which might question
the integrity of product.
b) Consequences, which are easily noticed by
the customer and the product is not saleable.
c) Broken tablets/capsules. This defect should
be considered as critical when the product
contain a high potent product
d) Organoleptic problem (e.g. untypical bitter
taste)
GMP systems & Effects which indicate systematic problems of
regulatory process/ handling and/or which might impact also
compliance other batches and/or products.
Examples:
a) Issue, investigation reports, market
complaints etc.
b) Empty or incomplete (blister, foil or bottle),
but double tablet in a hole may be
considered as critical
c) Incomplete number of sales unit in shipping
box
d) Primary seals missing but secondary security
and identification in place
e) Inconsistent shipping documentation
f) Damaged drums with all security seals
g) intact but material not exposed to the
environment
h) Consequences indicate individual gaps of
parts of GMP systems

,''''-0 ... .,...

The official version is available on the Web (htlp:/Ipms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing -U'F_~_""""""''''''-"""",*,'/"'/'''''-' _+,_~. _~_" __
,,,,_~ __
m.""*",,,_o<_,_,_,_,.,,-pd.m_.,C'_" _
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (BsSr)
Version No: 4.0
Page 10 of 15

Table 2: Rating of Severity (continue)

Class Rating Considerations Examples of Severity Score

IV Not critical Patient safety Effects, which do not cause a risk to health. 1
(Minor, Examples:
Negligible) a) No medical side effects
b) Consequences, which are not easily noticed
by the customer and which have no negative
influence of the usability of the product and
the risk of withdrawallrecall can be
neglected.
c) Consequences do neither affect quality nor
regulatory compliance of a product.
d) Consequences, which indicate
process/handling problems which do not
affect other batches and/or products
GMP systems & Effects which affect local daily operations
regulatory Examples:
compliance a) Corrective actions possible, deviation report
etc.
b) Material of the same not high potent product
(granules or dust) present e.g. in the blister
or bottle
c) Chipped tablets (with cracked edges)
d) Defective secondary packaging
e) Secondary package with external dirt or
marks
f) Missing price label
Minor damage of drums
~~ Certificate of analysis (CoA) is not on time

The official version is available on the Web (htlp:/Ipms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

DocumentRef.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MMYYYY hh:mi:ss (BsST")
Version No: 4.0
Page 11 of 15

4.5.2. Detectability
The detectabiliti is an assessment of the likelihood that the current process controls
will detect the "Event" (failure mode) before the product is released to the customer.

Note: Where applicable, specify and document prevention controls also in addition to
detection controls in FMEA Excel sheet.
Table 3: Rating of Detectability of an event (failure mode):

Class Rating Examples of detectability of an event Score

Failure very likely to be overlooked, hence not 5

Z
Normally not detected detected
(no technical control, no manual or visual control)
y Failure may be detected 4
Likely not detected (e.g. spot check, audit, self inspection)
Failure detected by procedure in place 2
X Regularly detected (e.g. monitoring)
Failure immediately identified 1
W Always detected

4.5.3. Risk Protection level to select where actions are needed

Consider prioritization of actions and allocation of resources according to the Risk
Priority Number (RPN). (Internal threshold for Risk protection levels - Table 4)

Table 4: Risk protection levels

Calculation based on
Risk Priority weighting of scores
Level Indicates threshold:
Number (RPN)
=
RPN S x P X 0
2

Red action required ~ 200 10 x 5 x 4

Yellow action to be considered 72 to 199 -

Green No actions <72 6x3x4

1 Definition on detectability: the ability to discover or determine the existence, presence or fact of a
hazard. The hazard is related to the event not the effect. (ICH 09)
2 i.e. action required, if severity is catastrophic (10, probability is occasional/repeated (5) and
detectability is "normally not detected" (4)

The official version is available on the Web (http://pms.roche.com) Dale of Publishing: 26 Apr 2008
ConDoR Web Publishing "<0"' '_',",<0'''',"' ,
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (Bs51')
Version No: 4.0
Page 12 of 15

As an exception: In case the Severity is ranked in class I (= critical class 1 -

catastrophic, Score 10) an action has always to be evaluated. However based on the
action the consequence may not get affected and remains critical class I. This is
regarded as residual risk.
The risk protection level is set to RPN ;:: 200.
The determination of the risk protection level (RPN ;:: 200) is been done by evaluating
the individual ratings for severity, probability and detectability. A potential non-
acceptable risk for severity is the "critical class 1 (catastrophic)" ranking. This
represents the risk factor =
10. For the probability scale, more than "occasional failure"
should lead to an action (factor =
5). For the detectability scale this threshold is with
"Normally not detected" (factor =
4). Multiplying these factors where actions should be
considered results in a threshold value of 200.

4.6. Step 6: Risk Reduction Measures - A guide to define actions

Risk reduction measures or "Corrective and preventive actions" (CAPA), should be
considered:
• technical measures
• organisational measures
• personnel measures (e.g. training)
• procedural measures
The remaining risk, (residual risk) after the implementation of the risk reducing
measure has to be estimated. Finally, any potential impact has to be evaluated to
determine whether new potential risks are created by applying the proposed risk
reduction measures.
Having decided the appropriate risk reduction measures, the risk (probability, severity
and detectability) will have to be re-assessed.

4.7. Step 7: Residual Risk

The residual risk is acceptable if a satisfactory risk protection level is achieved (if below
the defined risk acceptance level- see Table 4), and all legal and internal obligations are
fulfilled or if the residual risk is accepted by the local management responsible for the
manufacturing and business process.
If - in exceptional cases
_ the residual risk cannot be reduced below the risk protection level (RPN ;:: 200),
a written justification approved by the local management responsible for the
manufacturing and business processes must be available.
_ event (failure mode) with a severity of 10 must also be identified as high priority
regardless of the RPN and if no actions are identified than justification for the
acceptance of residual risk should be clearly documented in FMEA excel
spreadsheet.

_"_»,-,,._, "'_0",,,-0
The official version is available on the Web (http://pms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (BsSr)
Version No: 4.0
Page 13 of 15

4.8. Step 8: Risk management report

The risk assessment report should contain a summary. It should provide the reader with
a good overview that risk is managed and controlled.
The executive summary report should include the following items. This list is not
considered a comprehensive full list:
• Scope (e.g. product, steps assessed)
• People involved in the Risk Management discussions, tool(s) used and number of
failure modes identified
• Short description of all risks beyond the threshold and how they were assessed
and are/should be controlled
• Mapping the results of the risk evaluation prior versus after the defined corrective
measures implemented.
• Decisions that have been performed (incl. actions, rational, accepted residual
risks, if appropriate)
• Responsibilities for the follow-up procedure
The QuaSaR FMEA Summary Report is considered a GMP document. The team should
agree who acts as author of the report.
The report has to be signed off at least by Head of production and the responsible Head
of QA function, Head of Quality assurance, Site/Technical manager. In addition EU-QP
signs off in case of risks ~ 200, and also the risks are related to a product sold to the EU
market. (e.g. "QuaSaR FMEA Summary Report").
The standard excel tables provided (see for01 0230) have to be used in order to
consolidate information in the team.
4.9. Step 9: Documentation
The risk assessments have to be documented locally and updated as required.
Necessary elements of the documentation are scope and results of the risk assessment
and control activities such as:
Scope (e.g. graphical process flow, list of products and/or technologies)
Technique used & people involved in the discussions and decisions
Completed for01 0230, where failure modes are identified
Key areas where "potential high risks" were identified
Short description of all risks beyond the threshold (see Table 4) and how
they were assessed and are/should be controlled
Decisions that have been performed
(e.g. actions, rational, accepted residual risks)
Short summary of the responsibilities for the follow-up procedure
This information should be available for inspection by authorities if required.

The official version is available on the Web (hltp:/Ipms.roche.com) Date of Pubiishing: 26 Apr 2008
ConDoR Web Publishing
 Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (6sST")
Version No: 4.0
Page 14 of 15

5. Action report and follow up

This risk management studies have been initiated with the QuaSaR program. Decided
CAPA's (risk reducing measures) are to be implemented and monitored by the process
owner (sites).

6. Change History
Version Changes
1 • First version
2 Update after the input from the QuaSaR workshops:
- specify residual risk
_ Change "Summary report" to "Risk Management report"
- Update documentation section for better understanding
- Editorials
_ include FMEA template (for010232) into the QuaSaR reporting sheet
(for010230)
3 _ Re-wording in chapter 4.5.3 to provide a better understanding and
consistency with for01 0230
4 _ Re-wording in chapter 1, 2, 3, 4, 4.1, 4.3, 4.4, 4.5.1, 4.5.2, 4.5.4, 4.5.5,
4.8, 5 and 7 to provide a better understanding and consistency with
for010230

--------------.......,.......,.......,.......,.......,"""".......,="".=~.="".~."" ....
_""
..........,-"""._""
.....
""
.........,.......,.......,-------------
Date of Publishing: 26 Apr 2008
The official version is available on the Web (http://pms.roche.com)
ConDoR Web Publishing
 l
Status of the Document: Effective

Global Quality
Quality Risk Management approach for manufacturing and control processes and
associated GMP systems

Document Ref.: sop024713 Valid as of: 21.04.2008 00:00:00

DD.MM.YYYY hh:mi:ss (BsST')
Version No: 4.0
Page 15 of 15

Appendix 1
QuaSaR - Process Failure Mode and Effects Analysis
The description of the process or operation being analyzed.
Indicate as concisely as possible the purposelrequirernents of the
process step being analyzed.

TtlC manner in which the process could potentially fail to meet the process
requirements and/or design intent. II is a descriplion of non~conforrnance at
that specific operation. List each Event (potential failure mode) for the
particular operation or process step.

Probability is how frequently the Event (failure mode) is projected to occur.

Estimate or calculate (historical data) the likelitlOoc or the occurrence on a
"1, 2, 3,5. 6, <md T SC<'.lle.

The ef"fects or consequences (wittiout considering current controls)

of H,e Event (failure mode) on the customm(s). The custorner(s)
in this contEJXr is PF.Jtif.~ntamJior end (.•sec

Is an assessrnent of the seriousness of the effect of the potential Event

(failure mode) to the pc'ltient andlor end user. .s..e.v.~.r:Lty'..a.p.p..H.~.$..iQJh..0
flJfflj,lsm!Y.. S~1Verity Sllould be estimated on ~J "1,3,6 and 10" scale.

As hmv the failure could occur. and should be described in a mode

that can be corrected or can be controlled. Causes may be
Process and/or Supplier related.

Current Process Controls are descriptions of the controls lhat either

p.r.eyf1.D.t.
the potential Event (failure mode) ~ "prevention control", from
occurring or .g.f;.t.~.QLtheEvent (failure mode) should it occur - "detection
control"

Is an assessment of the probability that the current process controls will

dett:;ct tile Event (failure mode) before the product is rl'.l!ease to customer.
A "1.2,4 and 5" scale is used

The Risk Priority Number is the product of Severity (S), Probability (P),
,,,nd Detectlon {OJ rankings. RPN -:;;(5)'" (P) * (0)

When the Event (failure mode) h.ave been rank ordered by RPN,
corrective action should be first direc1eej at the RPN's > 200 and all oU'u:!r
events witt, a severity of "10".

Aft(;;lr corrective .actions Illwe been identifieejfimplementeej, estimate and

record the resultin~J severity, probability and detection ran kings. Calculate
and record the resulting RPN.

For each risk reduction strategy, complete global impact column (If
applicable) t.md implementation column.

The official version is available on the Web (http://pms.roche.com) Date of Publishing: 26 Apr 2008
ConDoR Web Publishing