Quality Risk Management: Don’t Discard Standard Lab Practices

Showing results for 
Search instead for 
Did you mean: 

Quality Risk Management: Don’t Discard Standard Lab Practices

Team TFS
Team TFS

Editor's note: This is the third in a series of four blog posts on quality risk management. Follow for these and more upcoming regulatory updates in 2023.


Quality Risk Management.jpgStarting a standard practice


Forward planning, for me, typically starts on the “back of a napkin,” where I can see my goals in a physical format and put some real dimensional size around the effort. If you’re like me, starting the implementation process might seem like the hardest part of the mountain climb. 


Once I get going on a process though, I typically adopt a systematic approach and then churn things out. If you’ve been following this blog, then you may have picked up on my system where I start with a review of differences first.


Change is (not) coming


Comparing the body of the ICH Q9 Quality Risk Management (QRM) revision against the original doesn’t reveal a lot of noted differences in the chapters on assessment, control or review, however, it is worth a second look at the recommendations set forth in Section 4.21 Initiating a Quality Risk Management Process. 


As mentioned in Defining Responsibilities, part 2 of this blog, the QRM process has all the hallmarks of Kaizen or typical process improvement initiatives where it starts very plainly with defining the problem followed by impact assessment and resources before it ever mentions deliverables.


  • Define the problem and/or risk question, including pertinent assumptions identifying the potential for risk
  • Assemble background information and/or data on the potential hazard, harm or human health impact relevant to the risk assessment
  • Identify a leader and necessary resources
  • Specify a timeline, deliverables and appropriate level of decision-making for the risk management process


In my opinion, it’s always a trap to try to fix the problem before it’s clearly defined, but also in my experience, I can’t help myself from fixing issues I see right away.  So how do you train yourself to identify everything first?


Building from a foundation


Listing out every action in a complex system is daunting, especially if you are project managing for a system you don’t know well.  Relying on subject matter experts is a given but contributing to a risk assessment is new for everyone, at least the first time.


While it would be nice to have a packaged set of actions from every product vendor, the functions they may have tested during development are most likely not a list of items that the purchaser intends to use frequently or, in some cases, ever.  It is, therefore, much more effective to build user-intended action lists internally, to outline the workflows of intended use.


When building previous risk assessments, I would start by simply listing core actions in a table format and watch it grow from there.



User Steps

Secondary Reviewer Checks

Notes and Cautions

Workflow 1 – Acquiring Data




1.1 – Equilibrating the instrument

1. Open Instrument Controller


1. Sequence accuracy

Manual instrument log needs review

1.2 – Setting up the sequence

1. Open sequence table

2. Add instrument method



Workflow 2 – Creating an Instrument Method




2.1 – Program gradient table





Giving this example a quick look would probably get any lab person started on a workflow-based action list.  I imagine that this brief table would grow many rows and perhaps a few columns in the process.  Having a foundation for consolidating the tasks that require risk assessment is a great way to centralize the information to identify what is a high-risk activity.  


Controlling high-risk activities


In this third blog post in the series on risk management, the feature focus is on the packaging of data for review and the electronic signature tools in Thermo Scientific Chromeleon 7.3.2 Chromatography Data System (CDS).  


Without a structure or context, data is just a bunch of values.  When it is scattered or poorly organized, working with it, summarizing information from it, and reviewing it is very challenging. Laboratories have inherently collated analysis data into run-based packets so that all the associated information was in one place for review and in one folder in the filing cabinet when it was done.


Chromeleon structures the data collected into sequences with all of its associated information, making it familiar to manage and easy to adopt a standard practice for review.


1. Navigate through injection list, instrument method information and more with easy left-panel control. 2. Add and subtract panes for review or customize the pane options altogether with editable ribbons to focus review on what is relevant. 3. Explore each pane deeper with the associated tabs of information.1. Navigate through injection list, instrument method information and more with easy left-panel control. 2. Add and subtract panes for review or customize the pane options altogether with editable ribbons to focus review on what is relevant. 3. Explore each pane deeper with the associated tabs of information.


Data audit trail review can be overwhelming.  Chromeleon audit trail events, once configured for risk-determined actions, will highlight specified data audit trail actions to make it easier to review-by-exception.


Video – For information on configuring audit trail events


Just like with paper-based review systems, once a reviewer is certain that all the associated information is accurate and has all of the required justification for change, they can apply a signature to an entire sequence.


Video – For a walk-through of applying electronic signatures 


Subscribe to the blog so you don’t miss the fourth installment on Quality Risk Management and subsequent posts in the series.


Additional resources


For questions related to utilizing tools in Chromeleon CDS to support your electronic review workflow, Thermo Scientific also offers a complete service offering as well as support plans.  Services and support plans include product updates, technical support, additional resources, and training.


Take-home message


Since the number one finding in a regulatory audit remains that of ”not adhering to written protocol,” it’s important to standardize lab practices in a way that discourages users from ‘working around them’.  To support this, products should be considered for their flexibility to enable users to maintain their typical workflows.


Do you have any sharable tips for streamlining electronic review?  How about pitfalls you’ve experienced in a risk assessment process?  I’d love to connect about your best practices so we can all share and benefit from each other’s observations.




1 ICH resources page. https://www.ema.europa.eu/en/documents/scientific-guideline/international-conference-harmonisation-t.... Accessed March 22, 2023.