Quality Risk Management

Advisory Committee of the Office of Pharmaceutical Science

Manufacturing Subcommittee

July 20, 2004

Frederick Razzaghi
ICH Q9 EWG/WSMI/CHPA

1
Agenda

 What is Quality Risk Management

 Background
 Initial steps in guideline development
 The guideline
 Scope
 Process
 Tools
 Integration of Quality Risk management
 Next step

2
Quality Risk Management (Q9)

Process consisting of well-defined steps

which, when taken in sequence, support
better Decision Making by contributing to a
greater insight into risks and their impacts.
It includes elements such as risk
identification, assessment, mitigation,
elimination and communication.

Risk= probability and severity

3
Background

4
Prior dialogue

 Use of Risk Management in Pharmaceutical

Manufacturing
 A Process Risk Assessment Model
 The relationship between risk and
knowledge and how to apply them pre and
post approval (e.g. Regulatory scrutiny, post
approval changes and GMP’s, etc).

5
OPS objective (April AC meeting)

OPS will implement a review quality system and

procedures that will:
Recognize the level of scientific knowledge supporting
product applications, process validation, and process
capability
Apply a risk based regulatory scrutiny that will relate to
 level of scientific understanding of how formulation and
manufacturing process factors affect product performance
 the capability of process control strategies to prevent or
mitigate risk of poor product performance

6
Background of the Q9 working group

 July 2003, Brussels: initial meeting to discuss

topic and merits of moving ahead
 November 2003, Osaka: Developed concept
paper and received approval
 March 2004, London: Drafted outline and
agreed on general approach
 June 2004, Washington: Developed the first
draft of the guideline

7
Approach

8
Considerations for moving ahead in
ICH
 “Develop a harmonized pharmaceutical quality
system applicable across the life cycle of the
product emphasizing an integrated approach to
risk management and science.” July 2003.
 Requiring consensus among all regions and
developing a guideline to be used by all ICH
parties.
 Proceeding with a process oriented, practical,
applicable, predictive, flexible, consistent and
integrated approach in mind.

9
What is the problem being solved
 Product may not be available to patients, when needed
 May increase the potential for the release of unacceptable
product to the market
 New product introductions to the marketplace may be delayed
 Delays may occur during implementation of changes and
improvements to processes
 Safe and effective drugs may be discarded or recalled from the
market
 Manufacturers may be reluctant to implement new technologies
or continuous improvements to the products or processes
 Scarce resources may not be optimally allocated
 Lack of appropriate data to evaluate risk most effectively

10
Benefits

 Enhanced patient confidence in decision making on

pharmaceutical quality
 Promotes more effective use of regulatory agency and
industry resources
 Establishes a systematic, well-informed and thorough
method of decision making which leads to greater
transparency and predictability
 Increased knowledge of exposure to risk
 Fosters quality by design, continuous improvement and
new technology introduction, which generally leads to
enhanced product quality

11
Scope

 This guideline provides a framework that may be

applied to all aspects of pharmaceutical quality
including GMP and submission/review processes
throughout the lifecycle of drug substances (API)
and drug (medicinal) products, biological and
vaccine products, and the use of excipients and
packaging materials.
 This guideline is not intended to apply to risk
management used in a pharmacovigilance setting
involving safety and efficacy.

12
 Process
1. Initiate Process
2. Assess
3. Control
4. Communicate
5. Review

13
Guiding principles
 The evaluation of the risk should ultimately link back to
the potential risk to the patient.
 The extent of the risk management process should be
commensurate with the level of risk associated with the
decision.
 A more robust data set will lead to lower uncertainty.
 It is essential to have a clear delineation of the risk
question.
 Risk management should be an iterative process.
 People who apply risk management should have the
appropriate training, skills and experience.
 The risk management process should be appropriately
documented and verifiable.
14
Guide to initiating risk management
 Defining specifically the risk management problem or
question, including the assumptions leading to the
question.
 Assembling background information and data on the
hazard, harm or human health impact relevant to the
assessment.
 Defining how the assessment information and
conclusions will be used by the decision makers.
 Identifying the necessary resources, members of the
team who have the appropriate expertise, with the
leader clearly identified.
 Asking the right risk assessment question(s)
 Stating clearly the assumptions in the risk assessment
 Assessing the quality and sufficiency of relevant data
 Specifying a timeline and deliverables for the risk
assessment
15
Risk Assessment
 What can go wrong?
 What is the likelihood (probability) it would go
wrong?
 What are the consequences?
 Risk analysis is a systematic use of
information to identify specific sources of
harm (hazards) and to estimate the risk.
 Risk evaluation compares the estimated risk
against given risk criteria using a
quantitative or qualitative scale to determine
the significance of the risk.

16
Risk Control
Risk control describes the actions of implementing risk
management decisions.

 What can be done to mitigate and reduce risks?

 What options for controlling risks are available?
 What are the impacts of current risk management
decisions on future options for risk management?

 Risk mitigation focuses on a reduction of severity of

harm.
 Risk reduction focuses on the reduction of probabilities
of occurrence of harm and detection of harm.
 Risk acceptance is a decision to accept risk, i.e., no
additional risk control activities are necessary at that
time.
17
Risk communication

 Risk communication is the exchange or sharing of

information about risk and risk management
between the decision maker and other stakeholders.
The information can relate to the existence, nature,
form, probability, severity, acceptability, treatment,
detectability or other aspects of risks to quality.
 The communication among stakeholders concerning
quality risk management decisions can be made
through existing channels.

18
Risk monitoring and review

 All risk management processes are

dynamic/iterative. Quality risk management
when applied should benefit from new
knowledge with each decision cycle and used
to enhance future decisions allowing for
continuous improvement.

19
Process flow
Initiate
Risk Management Process

Risk Assessment

Risk Analysis
Risk Management tools & statistic toolbar

Risk Evaluation
(Resources, Interfaces & Line functions)

Risk Control
Risk Mitigation
(incl. elimination and avoidance)
[Severity]

Risk Reduction
[Probability]

Risk Acceptance

Risk Communication

Output / Results of the Review

Risk Management Process (e.g. Inspections/Audits, Complaints)

No additional risk 20
Risk management Tools
1. Process mapping
2. Preliminary Hazard Analysis (PHA)
3. Hazard Analysis of Critical Control Points (HACCP)
4. Hazard Operability Analysis (HAZOP
5. Fault tree analysis (FTA)
6. Failure Mode Effects Analysis (FMEA)
7. Failure Mode, Effects and Criticality Analysis (FMECA)
8. Risk Ranking and Filtering
9. Informal Risk Management
10. Taguchi, variation risk management method

21
Supporting Statistical Tools

 Design of experiments (DOE)

 Process Capability Analysis
 Control charts:
1. acceptance control charts.
2. Shewart control charts.
3. Accumulative sum charts)

22
Integration of Quality Risk Management into
operations
1. Development (e.g. Specification Setting, Test Method Selection
and process development).
2. Regulatory scrutiny during pre and post approval.
3. As a component of Quality systems ( e.g. Auditing,
Deviations/Discrepancies, Complaints & Recall Management,
Change management)
4. Facility systems management ( e.g. Design, Hygiene,
Qualification, environmental control, Preventative
maintenance and Computerized systems)
5. Materials Management (e.g. Supply chain, Assessment and
evaluation of suppliers and contract manufacturers,
procurement and release of material)

23
Integration of Quality Risk Management into
operations (Continued)
6. Production (e.g. PAT, Validation, in-process sampling, testing,
reporting and trending)
7. Laboratory controls (e.g. validation, testing, methods
development, stability).
8. Packaging and labeling (e.g. Selection of container closure system
and label controls).
9. Regulatory Authority Activities

24
Next steps

 June 2004, Draft sent out to the Q9 EWG for

review by constituents
 September 2004, Consolidate comments
 November 2004, Step II document
preparation

25
Organizations represented on the
Expert Working Group
 EU regulators: EMEA (European Medicines Evaluation Agency) and the French Health
Products Safety Agency (AFSSAPS)
 EFPIA: F. Hoffmann-La Roche Ltd. And Eli Lilly &Co.
 Japan regulators: Division of drugs, National Institute of Health Sciences ;and Compliance
and Narcotics Division, Pharmaceutical and Food Safety Bureau, Ministry of Health,
Labour and Welfare.
 Japan Pharmaceutical Manufacturers Association: Eisai Co., Ltd and Mochida
Pharmaceutical Co., Ltd.
 US regulators: Office of Compliance, CDER ;and office of scientific support, CVM, Food
and Drug Administration.
 Pharmaceutical Research and Manufacturers of America: Merck & Co inc. and Centocor,
Inc
 Canada Regulators: Compliance and Enforcement Coordination Division
Health Products and Food Branch Inspectorate Health Canada.
 Swiss regulators (EFTA): Swiss medic, Swiss Agency for Therapeutic Products.
 World regulators: Quality Assurance & Safety: Medicines, World Health Organization.
 Generic Industry: Barr Laboratories, Inc.
 World Self Medication Industry: CHPA Consumer Healthcare Products Association

26
Definitions
 Decision Maker - process owner of risk management process
 Dynamic / Iterative Process - TBD
 Harm – Damage to health, including the damage that can occur from loss of product efficacy, safety,
quality or availability
 Hazard - the source of harm. Can be a chemical, biological or physical substance, or an event that can
cause harm.
 Product Lifecycle – All phases in the life of a product covering both the inherent characteristics of the
product and how these may change over time. The lifecycle is from the initial development through
pre- and post-approval until the product’s discontinuation and includes the associated regulatory
processes.
 Quality – Degree to which a set of inherent characteristics of a product, system or process fulfills
requirements
 Quality System – A formalized system that documents the structure, responsibilities and procedures
required to achieve effective quality management.
 Requirements – Needs or expectations that are stated, generally implied or obligatory by the patients
or their surrogates (e.g. health care professionals, regulators and legislators)
 Risk – Combination of the probability of occurrence of harm and the severity of that harm (from
ISO/IEC Guide 51)
 Risk Management – Process consisting of well-defined steps which, when taken in sequence, support
better Decision Making by contributing to a greater insight into risks and their impacts.
It includes elements such as risk identification, assessment, mitigation, elimination and
communication.
 Severity – Measure of possible consequence of a potential source of harm
 Stakeholder - Any individual, group or organization that can affect, be affected by, or perceive itself to
be affected by a risk. The decision makers might also be stakeholders. For the purposes of this
guideline, the primary stakeholders are the patient, healthcare professional, authority, regulator,
industry, business, customer.

27
References
 Ayyub, B.M. (2002) Elicitation of Expert Opinions for Uncertainty and Risks. Boca Raton, FL: CRC
Press.
 Ayyub, B.M. (2003) Risk Analysis in Engineering and Economics. Boca Raton, FL: Chapman &
Hall/CRC
 Chowdhry, S. (2002). Design for Six Sigma: The Revolutionary Process for Achieving Extraordinary
Profits. Dearborn, MI: Dearborn Trade.
 Davies, J.C. (Ed.), (1996). Comparing Environmental Risks. Tools for Setting Government Priorities.
Washington, DC: Resources for the Future.
 Haimes, Y.Y. (1998). Risk Modeling, Assessment and Management. New York: John Wiley and Sons,
Inc.
 Konisky, D.M. (1999) “Comparative Risk Projects: A Methodology for Cross-Project Analysis of
Human Health Risk Rankings.” Discussion Paper 99-46, August 1999. Washington, DC: Resources
for the Future.
 Morgan, G.M., and Henrion, M.C. (1990) Uncertainty. A Guide to Dealing with Uncertainty in
Quantitative Policy Analysis. Cambridge, England: Oxford University Press.
 Morgan, G.M., Florig, H.K, DeKay, M.L., and Fischbeck, P. (2000) Categorizing risks for risk ranking.
Risk Analysis 2: 49-58.
 National Research Council (1994). Understanding Risk. Informing Decisions in a Democratic Society.
Washington, DC: National Academy Press
 Ross, T. and Sumner, J. (2002). A simple spreadsheet-based food safety risk assessment tool. Int. J.
Food Micro. 77:39-53.
 Sparrow, M.K. (2000) The Regulatory Craft
 Thornton, A. C. (2004). Variation Risk Management. Focusing Quality Improvements in Product
Development and Production. Hoboken, NJ: John Wiley and Sons, Inc.

28
Thank you
29