The Philosophy of Risk in GXP Operations

How should we view risk when operating in a GXP environment? How much risk should we allow or tolerate? Can we ever get comfortable with ANY amount of risk?

We all have probably heard or read about one firm that recently lost several million doses of COVID-19 vaccine due to a manufacturing error. What might in the past have been a simple matter of financial impact to that firm today is an international incident. Not only do several million individuals miss a potential life-saving vaccine injection, but that firm’s past and present GMP issues have now been exposed. Everyone now knows the name of that firm and assumes, based on publicity, that the company’s products are potentially less than desired quality. Though I am not familiar with the circumstances of the manufacturing issues at that firm, it is safe to say that, in retrospect, some may say that too much risk was assumed or inadequately mitigated.

Is there a philosophy we should adopt when it comes to risk in GXP operations? In my book, Pragmatic GXP Compliance (available at Amazon at this link:, I discussed many practical applications of GXP compliance and how we should not simply avoid any risk. However, I think there are some larger, more philosophical, broader concepts on GXP risk that I think deserve some attention.

Allow me to discuss four of these concepts here:


Is is possible to avoid all risks in GXP operations? Certainly, the answer to that question is YES. However, your business may not be able to survive such an approach. For example:

  1. The Quality Unit could eliminate all risk by refusing to release any batch – if you never release a batch, you never incur regulatory or consumer risks
  2. To ensure that every unit is perfect, you could do 100% sampling and testing – sure, you would have no remaining product to sell, but at least you would have eliminated any risk
  3. You could hire an inspector to shadow every manufacturing and quality employee to ensure that every operation was done perfectly

You get the point… there is a balance we must seek in which our goal is not to completely eliminate all risk (too impractical, costly, or impossible), but it is to eliminate or avoid undue risk.

I am certainly not inferring that we must take more risks than necessary. There are situations in which doing more to eliminate risk is warranted. Let me provide an example in the area of Regulatory Affairs. Assume you are working to attain approval for a new product that will generate $365 million in annual revenues. Essentially, for every day of delay in achieving approval, your company loses $1 million in revenue. When assembling your regulatory submission, you always have options relating to more/less testing, additional scenarios, extended studies, more/less clinical participants, etc. In such a case, it may make more financial sense to do more upfront prior to submission to reduce the possibility that you will receive a Deficiency Letter which could delay approval many months. So, the question is, “Do we do more now (either in costs or time) to eliminate the risk of a Deficiency Letter with the assumption that we lose $1 million each day we don’t have approval?”

We must also not take risks when patient safety is potentially compromised. There are simply times when we must do more, spend more, and mitigate more to protect and serve our ultimate consumers. However, it is possible to do more potential consumer harm by striving for zero risk. Speed to market must be a consideration when dealing with life-threatening situations. Gretchen Rubin Voltaire once said: “Don’t let the perfect be the enemy of the good.” All factors must be considered when assessing your tolerance for consumer risk. Balancing the risk with the overall benefit must be a part of these conversations and action.


Many individuals believe that GXP requirements are black or white with no room for alternatives. This is simply not true. Most experienced regulatory investigators understand this and allow for options where GXPs allow. Let’s look at one simple example. What is required by 21 CFR 211.142 (a)? This requirement simply states:

“Written procedures describing the warehousing of drug products shall be established and followed. They shall include: (a) Quarantine of drug products before release by the quality control unit.”

Notice that it does NOT state how these requirements must be met. This is a perfect example of how GXPs allow some flexibility in compliance. Let’s list some of the possible ways you can comply with this:

  1. Physical segregation – this system requires that you have separate physical storage locations for acceptable (released) and unacceptable (unreleased) products. You can only ship product from the physical location with released goods. And, you only store released goods in that location. Individuals constantly verify and monitor what is stored in that area.
  2. Visible indicators – this system requires that you place a visible indicator on each pallet or container of product as to its status (Hold, Released, OK, Not OK, etc.). Individuals shipping products will only select products that have a visible “released” status and this status is reviewed prior to shipment.
  3. Computer systems – this system involves a computerized inventory system that tracks through barcodes or other technology the status of all items. The system will select items to be shipped and verifies the released status of items before it will allow shipment. The system is validated to ensure that it properly functions under all circumstances.
  4. Combination systems – Most firms use a combination of approaches to fulfill this requirement. They may physically segregate and use computer systems. They may only physically segregate failing or non-conforming lots and use computer systems for typical operations.

The point is that GXPs allow us to design systems that fulfill the requirements, yet meet our own system needs.

Have you ever considered the origin of validation? Validation was not specifically discussed in the original GXP regulations issued in the 1970’s. Yet, it has become one of the most important elements of GXP manufacturing and testing. Validation originated because firms and regulators realized that we could never eliminate all risks in producing healthcare products. Thus, we needed a system for verifying that batches were consistent and acceptable beginning to end and from one day to the next. Validation became the means for ensuring that our components, processes, people, systems, testing, and controls all work together to provide consistency throughout the life of a process. Because we cannot test or inspect 100%, validation became the means for ensuring the quality of our products. Though most firms utilize similar approaches to validation, each firm must design its own approach.

My key point here is that there are multiple ways for complying with most elements of GXPs. The design of GXP requirements recognizes that each firm and each product is different. Finding an approach to comply and yet manage associated risks is the key challenge faced by healthcare industries. Someone once said (perhaps it was me) about those managing GXP operations:

“Anyone can make GXP decisions when dealing with black or white. We earn our pay by managing the gray.”

Finding a way to manage the everyday risks we face differentiates the excellent from the mediocre.


If we cannot eliminate all risks, finding means to avoid or mitigate risks becomes our target. What risks are acceptable and which must be avoided? Much has been written about the topic of risk identification, assessment, and mitigation, so it is not my intent here today to restate that. However, I want to make two key points:

  1. We must identify our approach to risk tolerance – the first step in managing risks is to identify which risks we are willing to take, how far we go to mitigate these risks, and the potential impact if we are wrong. One approach is to develop a hierarchy for risk decision-making. When we understand our philosophy or approach to risk, that can guide the actions of every employee. For example, I have seen this hierarchy used:
    • Risk to patient safety – we will take no actions that will pose a risk to patients
    • Compliance to specific GXP requirements – we will always comply with specific GXP requirements
    • Compliance to industry standards or expectations for GXP requirements – we will always comply with requirements we know are expected
    • Internal values, policies, procedures, mores, or requirements – internal requirements are important, but will not take precedence over those above
    • Cost considerations – cost will never trump risks to patients, compliance, or company requirements
    • “Red-face” test – though our actions pose no patient risk, comply with GXPs, and follow internal procedures, would I be embarrassed by my actions if my spouse read about them in the newspaper?
    • Expediency or preferences – My personal preferences always come last
  2. We must communicate and formalize our approach to risk – In my experience, many of the product quality, compliance, and safety issues that have arisen are due to one individual making a decision in the midst or production or testing. Unless that individual understands the risks – and the company philosophy on those risks – undesired outcomes can occur. You cannot overemphasize your approach to risks in communicating to employees and in how you reward actions around those risks. In short, by developing a culture that clearly identifies, articulates, and rewards actions around risks, you enhance the potential for correct decision-making in the midst of problem solving.


Finally, understanding that risks are normal and that GXPs recognize that not all risks can be avoided, we must be willing to design systems and processes that make sense for our operations. AND, we must have the confidence and courage to defend these processes and systems when challenged. Many firms are so risk averse that they will spend any amount of money, take any amount of time, or expend any amount of resources to even avoid having to discuss it during a regulatory inspection (read “An FDA-483 observation is not necessarily the worst thing that can happen” in my book). This approach is not courageous or pragmatic.

“If every decision was black or white, they wouldn’t need you. Anyone can make that kind of decision.”

Be willing to defend what you do. Discuss the science behind your processes and systems. Demonstrate how you comply with GXP requirements and protect consumer safety. If you can do this with confidence, most regulatory investigators will be reasonable and open.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s