This approach is in line with the ICH Q9 “Quality Risk Management” and ICH Q10 “Pharmaceutical Quality System” guidelines, which structure the modern principles of pharmaceutical quality. These two texts form a conceptual foundation: ICH Q9 defines how to manage quality risk, and ICH Q10 describes how to maintain risk control over time by integrating it into the quality system. CCS modeling then becomes the concrete expression of these principles applied to contamination control, reflecting scientific rigor, knowledge capitalization, and a culture of risk at the heart of compliance.

1. Risk analysis according to ICH Q9: the cornerstone of contamination control

ICH Q9 describes Quality Risk Management (QRM) as a systematic process for identifying, evaluating, controlling, communicating, and reviewing quality risk. Applied to contamination, it provides an understanding of the complex interactions between processes, products, equipment, environment, and human behavior.

Risk analysis is therefore the first step in any control process. It aims to:

• Identify potential sources of contamination (particulate, microbiological, chemical, cross-contamination, etc.) and the associated failures;
• Assess their criticality (probability × severity × detectability);
• Prioritize actions;
• Define control measures to reduce or eliminate the failure and therefore the risk.

The tools used vary depending on the context: FMEA, HACCP, preliminary risk analyses, cause trees, etc. The important thing is not the method but the quality of the data and the collective thinking involved.

Subjectivity must be reduced in order to assess the risks and the means available to control them. Without a detailed and rated risk analysis, we are relying on subjective data without any numerical verification of that data.

Example of quantified data

Frequency of occurrence of a barrier technology leak over the last 5 years → 1 time from memory, whereas after checking the data in the quality management system, it turns out that there have been 3 non-conformities, anomalies related to this failure

The actions defined are insufficient in relation to the risk. With quantified risk analysis based on a defined rating, the occurrence data is factual, based on a history of occurrences, and therefore allows for a more accurate assessment of the risk.

Analysis with experts from different sectors using historical quantitative data allows for the most accurate assessment of risk.

This risk-based CCS approach can be used in all phases of a process life cycle:

• In the preliminary design phase to justify design choices (use of plans, bibliography, knowledge of other processes, etc.).
• During the project to refine choices and define the action plan to control contamination risks (barrier technologies, choice of organizations and detection methods). Risk analysis and CCS must be reviewed and consolidated regularly (changes in technical and organizational choices, project contingencies).
• Routinely in order to consolidate technical and organizational control elements.

It is not uncommon to discover new risks during routine checks, which shows the importance of keeping risk analyses and CCS up to date.

Example: During the installation of the line on site and the smoke tests, an area of turbulence was discovered in a zone where the containers are open due to the presence of a process gas pipe cover. It is technically impossible to modify this cover. The risk of contamination is significant. A reflector was installed on this cover to redirect the flow and remove the turbulence zone, and a verification was performed using smoke tests. The risk has been eliminated but must be monitored when the line is dismantled to ensure that the reflector is always replaced.

In summary, in accordance with the spirit of ICH Q9, this analysis must be documented, traceable, and reviewable. It underpins the credibility of technical and organizational choices in the eyes of auditors and authorities.

” Sans gestion du risque, la maîtrise de la contamination repose sur des convictions; avec elle, elle repose sur des preuves scientifiques “

2. From risk analysis to CCS strategy: implementation in line with ICH Q10

ICH Q10 defines the Pharmaceutical Quality System (PQS) as an integrated framework for maintaining effective and efficient control throughout the product life cycle. In this context, CCS represents the operational translation of Quality Risk Management (ICH Q9) applied to contamination within the PQS (ICH Q10).

From the design stage of the premises or a new process, risk analysis provides the basis for CCS, enabling the definition of:

• Technical barriers (design of premises, zoning, flow, equipment, ventilation, cleaning/disinfection, sterilization) to be put in place according to the risks identified;
• Organizational barriers (training, authorization, behaviors, documentation framework) to mitigate the identified risk.
• Verification measures (PUPSIT, process and environmental monitoring, alert management, trend reviews) that ensure the robustness of the systems and risk acceptance.

All of this must be integrated into the change management, deviation investigation, and CAPA implementation processes, in accordance with the principles of ICH Q10. The CCS is therefore not an isolated document, but a dynamic subsystem of the QMS, ensuring the consistency, evolution, and traceability of contamination risk management.

3. A dynamic approach: keeping the CCS alive through continuous risk management

Quality Risk Management does not stop once the CCS has been drafted. ICH Q9 emphasizes the need to review risk on an ongoing basis.

This approach is based on:

• Feedback: incidents, deviations, detected contamination, audits;
• Environmental and process trends: particulate and microbiological monitoring data, APS data
• Technical developments: new equipment, materials, analytical methods.
• Regulatory developments

These elements feed into a cycle of continuous improvement in line with the ICH Q10 philosophy (Management Review, CAPA, Change Control). The CCS then becomes a living tool, capable of adapting to operational realities and demonstrating the robustness of the quality system.

4. Risk analysis: a lever for management, quality culture, and sterility assurance

Beyond compliance, quality risk management is a powerful management tool. It allows you to:

• prioritize investments according to the criticality of risks;
• objectify decisions in the face of budgetary or organizational constraints;
• promote a shared understanding between different departments (Production, Quality, Maintenance, Engineering);
• prepare the site for inspections/audits by providing a scientific rationale for the gaps identified.

By embedding CCS in the Quality Risk Management process and the Pharmaceutical Quality System, the company develops an integrated quality culture based on science, transparency, and prevention. This interdisciplinary consistency reinforces the credibility of the system during inspections and audits.

5. Towards an integrated, dynamic, and data-driven CCS strategy

Contamination control can only be sustainable if it is based on structured risk management (ICH Q9) and an integrated quality system (ICH Q10). By combining these two standards, CCS becomes more than just a regulatory document: it is a strategic, proactive, and scalable tool that guarantees compliance, performance, and confidence in the measures put in place.

To further optimize these approaches, data-driven and digital approaches (trend analysis, predictive AI, real-time integration of monitoring data) will offer new perspectives to further strengthen contamination risk control.