Quality Risk Management
Introduction
• Identification and management of risk in the
pharmaceutical industry are vital to understanding pharmaceutical products and
processes to minimize potential negative impacts on patients
• In the highly regulated pharmaceutical industry, it is important that significant risks be formally identified, reduced, controlled, and effectively communicated throughout the supply chain and the product lifecycle
Quality
Risk Management (QRM)
• Quality risk
management is a systematic process for the assessment, control,
communication and review of risks to the quality of the drug (medicinal)
product across the product lifecycle
• Risk management
principles are effectively utilized in many areas of business and
government including finance, insurance, occupational safety, public health,
pharmacovigilance, and by agencies regulating these industries
• It is commonly understood that risk is defined as the
combination of the probability of occurrence of harm and the severity of that
harm
• The manufacturing and use of a drug (medicinal) product,
including its components, necessarily entail some degree of risk
• The risk to its quality is just one component of the
overall risk
• It is important to understand that product quality should
be maintained throughout the product lifecycle such that the attributes that
are important to the quality of the drug (medicinal) product remain consistent
with those used in the clinical studies
• An effective quality risk management approach can further
ensure the high quality of the drug (medicinal) product to the patient by
providing a proactive means to identify and control potential quality issues
during development and manufacturing
• Additionally, use of quality risk management can improve
the decision making if a quality problem arises
• Effective quality risk management can facilitate better
and more informed decisions, can provide regulators with greater assurance of a
company’s ability to deal with potential risks and can beneficially affect the
extent and level of direct regulatory oversight
Scope of
QRM according to ICH Guidelines
• ICH Quality
Guideline Q9: Quality Risk Management presents general principles of risk
management and examples of various risk management tools that can be applied to
different aspects of pharmaceutical quality
• These aspects include development, manufacturing,
distribution, and the inspection and submission/review processes throughout the
lifecycle of drug substances, drug (medicinal) products, biological and biotechnological
products (including the use of raw materials, solvents, excipients, packaging
and labelling materials in drug (medicinal) products, biological and
biotechnological products)
Principles
of QRM
Two primary principles of quality risk management are:
1. The evaluation of the risk to quality should be based on
scientific knowledge and ultimately link to the protection of the patient; and
2. The level of effort, formality and documentation of the quality risk management process should be commensurate with the level of risk
Responsibilities
• QRM activities are usually, but not always, undertaken by
interdisciplinary teams
• When teams are formed, they should include experts from
the appropriate areas (e.g., quality unit, business development, engineering,
regulatory affairs, production operations, sales and marketing, legal,
statistics and clinical) in addition to individuals who are knowledgeable about
the quality risk management process
Decision makers should
• Take responsibility for coordinating quality risk
management across various functions and departments of their organization; and
• Assure that a quality risk management process is defined,
deployed and reviewed and that adequate resources are available
Risk
assessment
1. Risk
assessment
• Risk assessment consists of the identification of hazards
and the analysis and evaluation of risks associated with exposure to those
hazards
• Quality risk assessments begin with a well-defined problem
description or risk question
• As an aid to clearly defining the risk(s) for risk
assessment purposes, three fundamental questions are often helpful:
1. What might go wrong?
2. What is the likelihood (probability) it will go wrong?
3. What are the consequences (severity)?
2. Risk
identification
• Is a systematic use of information to identify hazards
referring to the risk question or problem description
• Information can include historical data, theoretical
analysis, informed opinions, and the concerns of stakeholders
• Risk identification addresses the “What might go wrong?”
question, including identifying the possible consequences
• This provides the basis for further steps in the QRM
process
3. Risk
analysis
• Is the estimation of the risk associated with the
identified hazards
• It is the qualitative or quantitative process of linking
the likelihood of occurrence and severity of harms
• In some risk management tools, the ability to detect the
harm (detectability) also factors in the estimation of risk
4. Risk
evaluation
• Compares the identified and analyzed risk against given
risk criteria
• Risk evaluations consider the strength of evidence for all three of the fundamental questions
Output of
Risk
• The output of a risk assessment is either a quantitative
estimate of risk or a qualitative description of a range of risk
• When risk is expressed quantitatively, a numerical
probability is used
• Alternatively, risk can be expressed using qualitative descriptors, such as “high”, “medium”, or “low”, which should be defined in as much detail as possible
• Determination of the Critical Quality Attributes (CQAs) of
the drug substance, raw materials (components), in-process materials, and drug
product that have an impact on product quality through use of prior knowledge
and experimentation.
• Identifying which attributes are critical to meeting
product quality and ensuring patient safety are key to the risk assessment
process
• Once the significant material attributes and process
parameters are identified, they can be studied further to gain a higher level
of understanding on the impact on product quality.
• Along with the drug substance and raw material attributes risk assessment, the selection of an appropriate manufacturing process that links material attributes and process parameters to CQAs should be evaluated using a risk assessment tool
Risk
Control
1. Risk Control
• Includes decision making to reduce and/or accept risks
• The purpose of risk control is to reduce the risk to an
acceptable level
• The amount of effort used for risk control should be
proportional to the significance of the risk
• Decision makers might use different processes, including
benefit - cost analysis, for understanding the optimal level of risk control
2. Risk Reduction
• Focuses on processes for mitigation or avoidance of
quality risk when it exceeds a specified (acceptable) level
• Risk reduction might include actions taken to mitigate the
severity and probability of harm
• Processes that improve the detectability of hazards and
quality risks might also be used as part of a risk control strategy
• The implementation of risk reduction measures can
introduce new risks into the system or increase the significance of other
existing risks
• Hence, it might be appropriate to revisit the risk
assessment to identify and evaluate any possible change in risk after
implementing a risk reduction process
3. Risk Acceptance
• Is a decision to accept risk
• Risk acceptance can be a formal decision to accept the
residual risk or it can be a passive decision in which residual risks are not
specified
• For some types of harms, even the best quality risk
management practices might not entirely eliminate risk
• In these circumstances, it might be agreed that an
appropriate quality risk management strategy has been applied and that quality
risk is reduced to a specified (acceptable) level
• This (specified) acceptable level will depend on many
parameters and should be decided on a case-by-case basis
Risk
Communication
• Is the sharing of information about risk and risk
management between the decision makers and others
• Parties can communicate at any stage of the risk
management process
• The output/result of the quality risk management process
should be appropriately communicated and documented
• Communications might include those among interested
parties; e.g., regulators and industry, industry and the patient, within a
company, industry or regulatory authority, etc
• The included information might relate to the existence, nature, form, probability, severity, acceptability, control, treatment, detectability or other aspects of risks to quality
Risk Review
• Risk management should be an ongoing part of the quality
management process and a mechanism to review or monitor events should be
implemented
• The output/results of the risk management process should
be reviewed to take into account new knowledge and experience
• Once a QRM process has been initiated, that process should
continue to be utilized for events that might impact the original quality risk
management decision
• These events are planned (e.g., results of product review,
inspections, audits, change control) or unplanned (e.g., root cause from
failure investigations, recall)
• The frequency of any review should be based upon the level
of risk
• Risk review might include reconsideration of risk
acceptance decisions
Risk
management methodology
• Traditionally, risks to quality have been assessed and
managed in a variety of informal ways (empirical and/ or internal procedures)
based on, for example, compilation of observations, trends and other
information
• Such approaches continue to provide useful information
that might support topics such as handling of complaints, quality defects,
deviations and allocation of resources
• Additionally, the pharmaceutical industry and regulators
can assess and manage risk using recognized risk management tools and/ or
internal procedures (e.g., standard operating procedures)
Risk
management tools
❖ Basic risk management
facilitation methods (flowcharts, check sheets etc.)
❖ Failure Mode Effects Analysis
(FMEA)
❖ Failure Mode, Effects and
Criticality Analysis (FMECA
❖ Fault Tree Analysis (FTA)
❖ Hazard Analysis and Critical
Control Points (HACCP)
❖ Hazard Operability Analysis
(HAZOP)
❖ Preliminary Hazard Analysis
(PHA)
❖ Risk ranking and filtering
❖ Supporting statistical tools
Integration
of QRM into industry & regulatory operations
• Quality risk management is a process that supports
science-based and practical decisions when integrated into quality systems
• Effective QRM can facilitate better and more informed
decisions, can provide regulators with greater assurance of a company’s ability
to deal with potential risks, and might affect the extent and level of direct
regulatory oversight
• In addition, QRM can facilitate better use of resources by
all parties
Departments
using QRM
• Quality management
• Development
• Facility, equipment and utilities
• Materials management
• Production
• Laboratory control and stability testing
• Packaging and labelling
• Inspection and assessment activities
Posts
0 Comments