In the highly regulated world of pharmaceuticals and life sciences, risk isn’t just a numerical score — it’s a story of what might happen. Regulatory frameworks like ICH Q9 and ISO 31000 anchor our approaches to quality risk management (QRM), but even with all this guidance, a silent disruptor often creeps in: subjectivity.

 

在高度监管的制药和生命科学领域，风险不仅仅是一个数字分数——它是一个可能发生的故事。如ICH Q9和ISO 31000这样的监管框架为我们的质量风险管理（QRM）方法奠定了基础，但即使有了所有这些指导，一个无声的破坏者经常潜入：主观性。

 

Subjectivity is both a threat and an opportunity. If unchecked, it clouds judgement, introduces bias, and can lead to decisions that fail to prevent harm to patients. But when understood and managed properly, subjectivity becomes a source of creativity, revealing hidden hazards and unlocking more effective risk controls. The delicate balance of subjectivity management has been acknowledged in the recent FDA and ICH Q9 R1 updates, which bring subjectivity into the spotlight as a factor that can undermine the effectiveness of QRM if not properly addressed.

 

主观性既是威胁，也是机遇。如果不加以控制，它会使判断变得模糊，引入偏见，并可能导致无法防止对患者造成伤害的决定。但是，如果理解和管理得当，主观性就会成为创造力的源泉，揭示隐藏的危害并解锁更有效的风险控制。主观性管理的微妙平衡在最近的 FDA 和 ICH Q9 R1 更新中得到了认可，这些更新将主观性作为一项因素成为人们关注的焦点，如果处理不当，可能会破坏 QRM 的有效性。

 

How Subjectivity Can Lead To Catastrophe

 

主观性如何导致灾难

 

In life sciences, risk management is about anticipating and preventing harm to the patient. Here are some challenges we often face:

 

在生命科学中，风险管理涉及预测和预防对患者的伤害。以下是我们经常面临的一些挑战：

 

Risk is abstract. We are trying to imagine what might happen in      the future.

风险是抽象的。我们要试图想象未来会发生什么。

Subjectivity thrives in the absence of hard data, especially in      novel or complex systems.

主观性在缺乏硬数据的情况下蓬勃发展，特别是在新颖或复杂的系统中。

Group collaboration, while necessary, often amplifies rather      than mitigates this subjectivity.

团队合作是必要的，但有时会放大而不是减轻这种主观性。

 

Ultimately, a failure to imagine what can go wrong may lead to a catastrophe when something does go wrong. And imagination is a subjective process by nature.

 

最终，无法想象当事情出了问题时，什么可能会出错，什么会导致灾难。想象本质上是一个主观的过程。

 

Some Common Subjectivity Pitfalls During Risk Assessment

 

风险评估过程中一些常见的主观性陷阱

 

In theory, risk assessments should be rational and evidence-based but in reality, they are often subjective and shaped by our biases. Let’s look at some examples of how these cognitive bias traps show up in risk assessment:

 

理论上，风险评估应该是理性的、基于证据的，但实际上，它们往往是主观的，受到偏见的影响。让我们来看一些例子，看看这些认知偏见的陷阱是如何在风险评估中出现的：

 

Anchoring bias

 

锚定偏见（一种认知偏差，指在做决策时过度依赖或受到先前获得的信息（锚定点）的影响，而忽视其他相关信息。）

 

“We’ve always done it this way.”

 

“我们一直都是这么做的。”

 

Imagine a risk assessment session for a new lab information management system (LIMS). A participant immediately brings the supplier qualification assessment to the table, and this becomes the focal point. Even if the need for customization is actually the more pressing risk to discuss, the discussion never drifts far from that first anchor. As a result, mitigations are focused on the frequency of supplier requalification instead of addressing deeper issues like system configuration or customization errors.

 

想象一个新的实验室信息管理系统（LIMS）的风险评估会议。参与者立即将供应商资质评估带到桌面上，这成为焦点。即使定制化需求实际上是需要讨论的更紧迫的风险，讨论也不会偏离第一个锚点。因此，风险控制措施集中在供应商再确认的频率上，而不是解决更深层次的问题，如系统配置或定制错误。

 

Groupthink

 

从众思维

 

“Nobody wanted to challenge the plan.”

 

“没有人想去挑战这个计划。”

 

A team is evaluating a cloud-based eQMS implementation. Everyone agrees it's low risk because the vendor is reputable in other industries. One junior IT analyst hesitates but stays quiet — the group seems united. Later, the company experiences a regulatory citation due to inadequate audit trail capabilities, which the analyst had noticed but didn’t flag. The desire to avoid conflict trumped risk identification.

 

一个团队正在评估基于云的QMS系统的实施。每个人都认为这是低风险的，因为供应商在其他行业有信誉。一位初级IT分析师犹豫了一下，但然后保持沉默——整个团队似乎很团结。后来，由于审计追踪能力缺陷，该公司受到了监管部门的处罚，那个分析师注意到了这一点，但没有指出。避免冲突的愿望压倒了风险识别。 

 

Loudest voice bias

 

最大声偏差

 

“Mandy said it was fine, so we moved on.”

 

“QA主管说没关系，所以我们就继续了。”

 

During a supplier qualification session, Mandy — the head of site quality — dominates. She focuses on GMP documentation compliance, pushing aside logistics risks raised by a new supply chain team member. The result? Supplier delivery failures that impact production timelines — risks that were overlooked because one voice overpowered the rest.

 

在一次供应商确认会议上，现场质量主管占了主导地位。她专注于GMP文件合规性，而不顾新供应链团队成员带来的物流风险。结果呢? 该供应商交货失败影响了生产进度——由于一种声音压倒了其他声音从而风险被忽视。

 

Confirmation bias

 

证真偏差（证真偏差是一种认知倾向，指人们在信息处理过程中更倾向于关注、解释和记忆与自身原有观点一致的信息，而忽视或排斥相悖信息。）

 

“We found what we were looking for.”

 

“我看到了我想要的东西。”

 

A team assesses a legacy system and starts with the assumption that it’s still compliant. They selectively reference older validation reports and skip over emerging vulnerabilities like obsolete encryption protocols. The risk assessment validates their starting belief rather than challenging it. Meanwhile, new vulnerabilities remain unaddressed.

 

一个团队评估一个遗留系统，并首先假设它仍然合规。它们有选择地引用较旧的验证报告，而跳过新出现的漏洞，例如过时的加密协议。风险评估验证了他们的初始信念，而不是挑战它。与此同时，新的漏洞仍未得到解决。

 

Conjunction fallacy

 

连词谬误（是指人们在判断事件发生概率时，错误地认为两个事件同时发生的概率大于其中任何一个事件单独发生的概率）

 

“It’ll only fail if A, B, and C happen, so it's low risk.”

 

“只有当 A、B 和 C 同时发生时才会失败，所以风险很低。”

 

During a data migration project, the team assumes that system failure would require a cascade: the new system crashing, backups failing, and the restore process being misconfigured. They rate the risk as negligible. But in reality, even one of these failure points would severely disrupt operations. The illusion of complexity makes the risk seem less likely than it is.

 

在数据迁移项目期间，团队假设系统故障需要一个级联：新系统崩溃、备份失败以及还原过程配置错误。他们将风险评为可以忽略不计。但实际上，即使是这些故障中的一个也会严重中断运营。复杂性的错觉使风险看起来比实际可能性要小。

 

Sunk-cost fallacy

 

沉没成本谬误（在决策过程中，由于考虑到之前已经投入且无法收回的成本（即沉没成本），而继续坚持某一决策或行动，即使这一决策或行动在逻辑上或经济上已不再合理。简单来说，就是由于“不甘心”已经付出的努力或金钱，而继续投入更多资源，即便这些投入可能带来更大的损失。）

 

“We’ve already invested so much — let’s keep going.”

 

“我们已经投入了大量资金——我们要继续前进。”

 

Biases are everyday barriers to effective decision-making, and they usually operate silently. When these biases go unchecked, risk assessments can fail to uncover the real hazards that could compromise product quality or patient safety. Without structure and awareness, teams don’t realize they’ve been swayed by bias until something goes wrong.

 

偏见是有效决策的日常障碍，它们通常悄无声息。如果这些偏见得不到约束，风险评估可能无法发现可能危及产品质量或患者安全的真正危害。如果没有组织和意识，团队不会意识到他们已经被偏见所左右，直到出现问题。

 

Promoting Creative Hazard Identification

 

促进创造性的危害识别

 

The revised ICH Q9 R1 highlights that organizations are vulnerable to human bias. But instead of eliminating subjectivity, the opportunity lies in harnessing creativity by using methodological collaboration. We use “working together alone,” a structured approach built around deliberate collaboration cycles.

 

ICH Q9 R1 强调组织容易受到人为偏见的影响。但是，与其消除主观性，不如通过使用方法合作来利用创造力。我们使用“独立工作”，这是一种围绕深思熟虑的协作周期构建的结构化方法。

 

Diverge – Individuals think independently to generate a wide      range of hazards.

发散 – 个人独立思考以广泛地识别危害。

Converge – The team brings those ideas together to align and      make sense of them.

聚合 – 团队将这些思考聚集在一起，以协调和理解它们。

Decide – The group prioritizes and selects which hazards to      carry forward for full risk assessment.

决定 – 团队确定优先级并选择要推进以进行全面风险评估的危害。

 

1. Diverge – Think Independently

 

发散 – 独立思考

 

Each team member begins by identifying potential hazards alone, drawing from their own experience. Without influence from colleagues, everyone is encouraged to tap into their own domain expertise, surface concerns others might not see, and consider risks without fear of being wrong or dismissed.

 

每个团队成员首先从自己的经验中单独识别潜在的危害。在没有同事影响的情况下，我们鼓励每个人利用自己的领域专业知识，提出其他人可能看不到的问题，并考虑风险，而不必担心出错或被忽视。

 

This prevents anchoring, groupthink, or the dominance of senior voices. A QA lead might identify risks related to audit trail integrity in violation of 21 CFR Part 11, while an IT specialist might flag risks around privileged access that go beyond GAMP5 category expectations. Everyone contributes equally, regardless of role or seniority.

 

这可以防止锚定、从众思维或最大声偏差的主导地位。QA 主管可能会识别出违反GMP的审计追踪完整性相关风险，而 IT 专家可能会识别出超 GAMP5 类别预期的特权访问风险。无论角色或资历如何，每个人都有平等的贡献。

 

2. Converge – Align And Analyze As A Team

 

聚合 – 作为一个团队进行协调和分析

 

The group reconvenes to share, group, and clarify their hazards. Common themes emerge, gaps are revealed, and insights compound. This step creates shared understanding while preserving the diversity of thought generated during divergence. The group collectively decides which hazards are most relevant for further analysis.

 

团队再次召开会议，分享、分组和澄清所识别的危害。共同的主题出现，差距被揭示，洞察力不断复杂。这一步创造了共同的理解，同时保留了发散过程中产生的思维多样性。团队共同决定哪些危害与进一步分析最相关。

 

3. Decide – Prioritize And Move Forward

 

决策 – 确定优先级并向前迈进

 

Finally, the team selects which hazards to assess further — based on potential impact, relevance, and urgency. The decision is made through structured facilitation, sometimes using techniques like dot voting or assigning a decider, ensuring bias doesn’t derail consensus.

 

最后，团队根据潜在影响、相关性和紧迫性选择要进一步评估的危害。决策是通过结构化的促进做出的，有时使用点投票或分配决策者等技术，确保偏见不会破坏共识。

 

This cycle helps teams imagine what could go wrong before it does go wrong, while reducing the noise and bias that can dominate traditional group discussions.

 

这个流程有助于团队在问题出现之前想象哪里可能出错，同时减少可能主导团队讨论的噪音和偏见。