RISK BASED INSPECTION [SCHEDULE M & WHO TRS 986-POINT (10.6-10.12)]

Risk-Based Inspection (RBI) is a GMP inspection planning method that rates a manufacturing site by the risk it may pose to patients and to product quality, so regulators can decide the frequency, depth and breadth of inspection using Quality Risk Management (QRM). cdsco.gov.in

Schedule M + WHO TRS 986 focus: Points 10.6–10.12 (practically: CAPA follow-up, audits, suppliers)

In Revised Schedule M, the cluster most often linked to “10.6 onwards” sits under Self-inspection / Quality audit / Supplier audits:

• 10.6 Follow-up action: after self-inspection, there must be an effective follow-up program, and management must evaluate both the report and corrective actions.
• 10.7 Quality audit: quality audits may supplement self-inspections; they are structured reviews of all/part of the quality system to improve it, and can extend to suppliers/contractors.
• 10.8 Supplier audits & approval: QC (with relevant departments) approves suppliers; suppliers are evaluated considering history and material criticality; where needed, an audit verifies ability to meet GMP expectations.

In WHO TRS 986 (Annex 2: main principles), the same expectations are present but numbered 8.6–8.9 (follow-up, quality audit, supplier approval/evaluation/audit).
Also, TRS 986 highlights competence control for non-employees: consultant/contract staff must be qualified and evidence kept in training records (TRS 10.6).

What RBI checks on-site for these clauses (high-impact evidence)

Under RBI, these areas become “risk multipliers” because weak internal oversight predicts repeat deviations:

1. Self-inspection effectiveness: scope covers GMP systems; observations are risk-ranked; CAPA has root cause, timelines, and verified effectiveness, not just closure.
2. Management oversight: documented management review of audit/self-inspection outcomes and escalation of critical trends.
3. Supplier risk management: supplier classification (critical vs noncritical), approved supplier list control, change notification, periodic re-evaluation, and incoming testing aligned to supplier performance.
4. Contractor/consultant control: qualification, access control, training, and supervision—especially in high-risk areas (maintenance, cleaning, sterile/aseptic, data-critical activities).

These controls directly support Schedule M’s requirement for a robust PQS integrating GMP and QRM—the backbone of RBI readiness.