3 minute read
COS-GMP
By Robert Low, Lead Management System Specialist
Section 4 of COS-GMP is one of the clearest examples of how this standard expands on ISO 22716 rather than simply restating it. Where ISO 22716 addresses risk implicitly across several sections, COS-GMP brings it together into a single, detailed Risk Control section with a formal hazard analysis methodology borrowed conceptually from food safety practice.
This post is part of a series working through COS-GMP section by section. The series summary with links to every section is available at the end.
Product contamination control — general. All practicable steps need taking to identify, eliminate, avoid, or minimise the risk of foreign-body or chemical contamination.
Hazard Analysis Risk Assessment (HARA). This is the section’s centrepiece. A documented procedure needs to ensure all hazards to safety and legality are identified and controlled. A multi-disciplinary team — covering production, technical compliance, engineering, and regulatory expertise — conducts the analysis. The process requires a documented product description, a verified process flow diagram, and a hazard analysis at each process step assessing likelihood, severity, and necessary control measures. The standard then introduces two distinct control point types: Quality Control Points (QCPs) for organisation-specific high-risk aspects, and Critical Control Points (CCPs) for hazards that could create a genuine product safety risk. Each CCP and QCP needs clearly defined control measures, limits, monitoring activities, and corrective actions.
Chemical control. An Approved Materials Register (AMR) needs establishing for chemicals and maintenance materials — cleaning agents, lubricants, greases, oils — documenting risk and usage, with safety data sheets preserved as evidence. The register needs to cover approved chemicals, SDS availability, avoidance of strongly scented products, labelling, and restricted storage access.
Foreign body, glass, and sharps control. Documented procedures need to identify and manage foreign body contamination risk. Glass and brittle materials require a register covering location, quantity, material type, condition, and risk level, with periodic condition checks recorded. Sharp tools need controlled issuance and breakage records, and snap-off blade knives are specifically prohibited.
Personnel risk assessments. A documented Personnel Risk Assessment Programme, reviewed at least annually, needs to evaluate health and hygiene risks, behavioural risks, physical contamination risks from personal items, zoning risks, and training deficiencies — feeding directly into the hygiene programme covered in the Personnel section.
The most significant gap for manufacturers new to this standard is treating HARA as a one-time document rather than a living system. The standard explicitly requires ongoing monitoring of control effectiveness — routine inspection, periodic verification, and review of findings — not just an initial hazard analysis filed away and never revisited.
The second common gap is the chemical Approved Materials Register existing informally, as a loose collection of safety data sheets in a folder, rather than as a genuine register linking each chemical to its approval status, storage location, and access restriction.
COS-GMP’s HARA framework maps closely onto Cornerstone’s risk management features, which support HACCP-style critical control point tracking directly. Glass and brittle material registers and chemical registers both benefit from being connected to nonconformance tracking, since a damaged glass item identified during a routine check should generate a trackable corrective action, not just an informal note to “keep an eye on it.”
This post is part of the Cornerstone COS-GMP series. See the full series summary with links to all 11 sections.