How to prepare a Risk Management Plan (RMP): An essential guide


Nare Simonyan, freelance regulatory affairs specialist at Kolabtree, provides a comprehensive guide to preparing a Risk Management Plan (RMP).


  • RMP – Risk Management Plan
  • aPV – additional Pharmacovigilance
  • eCTD – electronic Common Technical Document
  • PSUR- Periodic Safety Update Report
  • PASS – Post-Authorization Safety Studies
  • PAES – Plans Post-authorization Efficacy Studies
  • RA- Regulatory Authority
  • QRMP – Quality Risk Management Process
  • RMCs – Risk Management Committees
  • MAA -Marketing Authorization Application
  • ADR-Adverse Drug Reactions

Purpose & Scope of a Risk Management Plan

A document summarizing the risks and pharmacovigilance/risk minimization activities for a medicinal product with a well-established safety profile, used often to support a submission in a country/region and when the summary format is accepted.

The RMP is internally approved document that represents the company medical position designed to document risk management activities (risk minimization measures and pharmacovigilance) considered necessary to identify, characterize, or mitigate the safety concerns associated with a medicinal product. It serves as a reference risk management document for a given product and is used to communicate company position to appropriate stakeholders worldwide for inclusion in local risk management plans (RMPs). When an approved core RMP (cRMP) is available, the cRMP serves as the reference RMP (rRMP).

Requirements of an RMP

The product RMPs must:

  • Be consistent with the product safety information and data sources used in their creation
  • Reflect the company’s position with regard to:
  1. The characterization of safety risks, including safety concerns, likely to have an impact on the benefit-risk balance for a medicinal product (i.e., important risks and missing information) to necessitate additional pharmacovigilance (aPV) activities or non-routine risk minimization activities
  2. The details of aPV activities or non-routine risk minimization activities.
  • Comply with regulations, including regulated format or timing, applicable to the country/region for which the RMP is being prepared.

When an RA insists that elements of the RMP be different from the company position, thoseelements must be consistent with the specifications provided by or agreed with the RA.

European Risk Management Plan Model

According to the EMA guideline definition, the risk management plan (RMP) presented as a document for a risk management system. RMP is a document to identify, indicate, and reduce the risks of the medicines.

The RMP model is created based on the relevant points:

  • Species of safety- authentication of the safety profile of a medicinal product and stress on major identified and major potential risks and not present information, along with safety matter necessary to be addressed in furtherance
  • Plan of pharmacovigilance – it is an arrangement of pharmacovigilance action which is intended to find clinically appropriate risks and to verify new adverse drug reactions (ADR)
  • Risk mitigation plan – this about planning and execution of risk mitigation

This document must be prepared on the basis of scientific knowledge and must not contain any advertising elements. RMP professionals should focus on what information can be important for the readers to realize the safety outline of the medicines.

The MA holder is considered as a responsible person for adding references to the appropriate section of the required documents in eCTD or PSUR, as necessary.

Triggers for the creation or revision of the RMP may include, but are not limited to:

  • Receipt of a request from a RA
  • Receipt of a request from Risk Management Committees (RMCs) based on a new or revised product RM strategy
  • A new or updated marketing authorization application (MAA)
  • Obtaining and Maintaining Product Marketing Authorizations or license renewal

List for writing or evaluating an RMP

The listed overall parts intended for writing or evaluating the RMP for medicines:

Species of safety

  • The relevant parts of the safety profiles should be included
  • The relevant data should be considered when drawing up the safety data sheet
  • In the event that all parts of the target group have not been studied, it is necessary to include relevant security concerns in relation to potential risks and missing information
  • Consideration should be given to the limitations in the safety database and the consequences of limitations on the safety profile of the medicinal product
  • For Reference Medicine applications, all safety issues from the latest RPM must be provided

Plan of Pharmacovigilance

  • Wole safety issues identified in the safety data sheet must be addressed in the pharmacovigilance plan
  • Regular pharmacovigilance actions should be sufficient and additional pharmacovigilance actions should be regarded if needed
  • The actions in the pharmacovigilance plan should be obviously specified, outlined, and appropriate to identify the risks or provide the missing information
  • Safety studies that have been inflicted by the agency the conditions should be clearly defined
  • For existed safety considerations related to medication mistakes, the RPM should include appropriate offers for monitoring the correct utilization of the medicine
  • The offered additional research must be necessary, attainable, non-advertisable and able of provide the necessary additional specification of the risk and answering scientific questions
  • Deadlines and milestonesshould be relevant for the proposed action, including the presentation of results

Post-authorization efficacy studies plan

  • All PAES, either as terms of the approved marketing or as special responsibilities, must be included.

Risk mitigation plan

  • Regular risk mitigation measures should be enough, or additional risk mitigation measures should be identified when applicable
  • If additional measures have been proposed to minimize the risk, they should be adequatelyjustified and proportionate to the risk. Consideration should be given to implementation in all Member States
  • The criteria for the effectiveness of additional measures to minimize risks must be determined a priori
  • Methods for assessing the effectiveness of risk mitigation actions should be well described and relevant

Summary for Risk management plan

  • RMP submission must be correct
  • The facts must be presented in an appropriate manner without any advertising elements

United State (FDA) General quality Risk Management Process

Quality risk management is a systematic process for the assessment, control, communication and review of risks to the quality of the drug product across the product lifecycle.

Main Responsibilities

Quality risk management activities are usually, but not always, undertaken by interdisciplinary teams. When teams are formed, theexperts from the appropriate areas such as quality unit, business development, engineering, regulatory affairs, production operations, sales and marketing, legal, statistics, and clinical must be included in addition to individuals who are knowledgeable about the quality risk management process.

Decision makers should:

  • take responsibility for coordinating quality risk management across various functions and departments of their organization
  • ensure that a quality risk management process is defined, deployed, and reviewed and that adequate resources are available

Initiating a Quality Risk Management Process (QRMP)

Quality risk management process should include systematic processes designed to coordinate, facilitate and improve science-based decision making with respect to risk. Relevant steps used to initiate and plan a quality risk management process might include the following:

  • Define the problem and/or risk question, including pertinent assumptions identifying the potential for risk
  • Assemble background information and/or data on the potential hazard, harm or human health impact relevant to the risk assessment
  • Identify a leader and critical resources
  • Specify a timeline, deliverables, and appropriate level of decision making for the risk management process

Assessment for Risk

The main role of conducting risk assessment is to identify the risks and assay and evaluate the relevant associated with exposure to those risks. The initiation risk of quality assessments should be started with a clear-cut problem description or question of risk. When the risk in question is clear-cut, an appropriate risk management tool and the types of information that will address the risk question will be in a right away recognizable. As an aid to clearly determining the risk(s) for risk assessment objectives, three basic points are proposed:

  1. To consider what can go in not the right way
  2. Take into consideration the possibility of what can go in not the right way
  3. To monitor the repercussions

Identification for Risk is considered as systematic use of information which may help to identify risksthat are referred to the risk question or problem description. Information can include historical data, theoretical analysis, informed opinions, and the concerns of stakeholders. Risk identification addresses the “What might go in not the right way?” question, with including the possible consequences that can be identified. This offers the basis for further steps in the quality risk management process.

Analysis for Risk is the qualitative or quantitative process for linking the likelihood of an incident and the strictness of damages. In other words, it is the estimation of the risk associated with the identified hazards.

Evaluation for Risk compares the identified and analyzed risk against given risk criteria. Risk evaluations consider the strength of evidence for all three of the fundamental questions.

Control for Risk

The aim of risk control is to make decisions which may reduce and/or accept identified risks. By conducting risk control ideally, the level of identified risk should be reduced to an acceptable level. The amount of effort used for risk control should be proportional to the significance of the risk. Different processes, such as benefit-cost analysis, must be used by decision makers for understanding the optimal level of risk control. For risk control the key points are:

  • Take into consideration if the risk is above an acceptable level
  • Actions to reduce or eliminate risks
  • Identify appropriate balance among benefits, risks and resources
  • Decide whether new risks are introduced as a result of the identified risks being controlled

Communication for Risk

Risk communication is about sharing of the information related to risk and risk management between the decision makers and others. Communication can be at any stage of the risk management process. The output/result of the quality risk management process should be appropriately communicated and documented. Communications might include those among interested parties (e.g., regulators and industry; industry and the patient; within a company, industry, or regulatory authority). The included information might relate to the existence, nature, form, probability, severity, acceptability, control, treatment, detectability, or other aspects of risks to quality. Communication need not be carried out for each and every risk acceptance. Between the industry and regulatory authorities, communication concerning quality risk management decisions might be affected through existing channels as specified in regulations and guidance’s.

Review for Risk

A mechanism to review or monitor events should be implemented. The output/results of the risk management process should be reviewed to take into account new knowledge and experience.The frequency of any review should be based upon the level of risk. Risk review might include reconsideration of risk acceptance decisions.

Management methodology of risk

Basically, quality risk management supports a scientific and practical approach to decision making. It provides documented, transparent, and reproducible methods to accomplish steps of the quality risk management process based on current knowledge about assessing the probability, severity, and, sometimes, detectability of the risk. Traditionally, risks to quality have been assessed and managed in a variety of informal ways (empirical and/or internal procedures) based on, for example, compilation of observations, trends, and other information.

In addition, the pharmaceutical industry and regulators can assess and manage risk using recognized risk management tools and/or internal procedures (e.g., standard operating procedures).

Management methods and tools of risk

This section included as an aid to gain more knowledge and detail about the particular tool. Important to note that no single tool or toolbox is applicable to every situation in which a quality risk management procedure is used.Each company-specific requirement can be provided in the format.

Basic Risk Management Facilitation Methods

Here are some of the simple techniques commonly used to structure risk management by organizing data and facilitating decision making:

  • Flowcharts
  • Check Sheets
  • Process Mapping
  • Cause and Effect Diagrams (also called an Ishikawa diagram or fish bone diagram).

Need help to prepare a risk management plan? Consult regulatory affairs experts and medical writers on Kolabtree.


Kolabtree helps businesses worldwide hire freelance scientists and industry experts on demand. Our freelancers have helped companies publish research papers, develop products, analyze data, and more. It only takes a minute to tell us what you need done and get quotes from experts for free.

Unlock Corporate Benefits

• Secure Payment Assistance
• Onboarding Support
• Dedicated Account Manager

Sign up with your professional email to avail special advances offered against purchase orders, seamless multi-channel payments, and extended support for agreements.


About Author

Ramya Sriram manages digital content and communications at Kolabtree (, the world's largest freelancing platform for scientists. She has over a decade of experience in publishing, advertising and digital content creation.

Leave A Reply