Deviations, often referred to as non-conformances, errors, discrepancies, failures, or problems, are defined as unexpected or unplanned departures from current good manufacturing practices (cGMPs), regulations, standards, procedures, or specifications that may affect a product’s safety, quality, identity, potency, or purity (SQIPP). For compliance to cGMPs and the sake of continuous improvement, these deviations are typically recorded in a deviation within a deviation management (DM) system. It is the role of the DM system to provide the platform for investigating deviations in order to determine actual impact to the product and identify root cause or causes. The DM system sets the stage for the next steps; planning, tracking, and implementing corrective actions and preventive actions, often referred to as a CAPA system, intended to ensure deviation reoccurrence has been eliminated or reduced in frequency.
When developing your DM system, it is important to keep in mind that not all deviations are created equal. Some deviations are more significant than others as it relates to product impact. Some deviations have simple root cause(s) which are easily identified compared to others. In realizing these differences it is important that your DM system incorporates a risk management approach.
Risk management is the identification, assessment, and prioritization of deviations. For simplicity in assessing risk, any deviation can be classified into one of three levels, as an example: Minor, Major and Critical, usually based on the magnitude and seriousness of the deviation.
Critical – A deviation that provides immediate and significant risk to the product’s SQIPP and represents marketed product, or a combination/repetition of major deficiencies that indicate a critical failure of system(s).
Major – A deviation that provides significant risk to the product’s SQIPP, but does not represent marketed product, or could potentially result in significant observations from a regulatory agency, or a combination/repetition of minor deficiencies that indicate a failure of system(s).
Minor – a deviation that does not impact the product’s SQIPP and is of a less serious or isolated nature that may require correction.
The key to implementing a risk management approach is developing the electronic deviation system to capture the Quality Assurance unit’s assessment (rationale / logic), which in turn determines the risk level of the deviation. This assessment should be based on pre-set, defined criteria, which should also be captured within the electronic deviation system, in order to establish consistency, at least consistency in the criteria for determining the risk level. Consistency with the rationale / logic from the Quality Assurance unit will come from experience and how well the training program is developed / implemented.
The Quality Assurance unit’s assessment of the deviation should also be performed within a reasonable amount of time so that the appropriate action can be taken: allocating resources, placing batche(s) on hold until final disposition, determining trends, communication to upper management, forming cross functional teams to determine root cause, etc. . . All of this demonstrates your control over your process for deviation management and therefore control over your deviations.
The benefits from using a risk management approach within a electronic deviation system is that the allocation of time, money and resources can be applied respectively to the level of risk the deviation represents, while eliminating redundancies for investigating deviations, promoting comprehensive and permanent preventive actions, strengthening management's oversight capability, reducing the probability of regulatory body agency observations and/or product recall, and lastly enhancing the company’s bottom line.