1	Quality Risk Management Advisory Committee of the Office of Pharmaceutical Science Manufacturing Subcommittee July 20, 2004 Frederick Razzaghi ICH Q9 EWG/WSMI/CHPA
2	Agenda What is Quality Risk Management Background Initial steps in guideline development The guideline Scope Process Tools Integration of Quality Risk management Next step
3	Quality Risk Management (Q9) Process consisting of well-defined steps which, when taken in sequence, support better Decision Making by contributing to a greater insight into risks and their impacts. It includes elements such as risk identification, assessment, mitigation, elimination and communication. Risk= probability and severity
4	Background
5	Prior dialogue Use of Risk Management in Pharmaceutical Manufacturing A Process Risk Assessment Model The relationship between risk and knowledge and how to apply them pre and post approval (e.g. Regulatory scrutiny, post approval changes and GMP’s, etc).
6	OPS objective (April AC meeting) OPS will implement a review quality system and procedures that will: Recognize the level of scientific knowledge supporting product applications, process validation, and process capability Apply a risk based regulatory scrutiny that will relate to level of scientific understanding of how formulation and manufacturing process factors affect product performance the capability of process control strategies to prevent or mitigate risk of poor product performance
7	Background of the Q9 working group July 2003, Brussels: initial meeting to discuss topic and merits of moving ahead November 2003, Osaka: Developed concept paper and received approval March 2004, London: Drafted outline and agreed on general approach June 2004, Washington: Developed the first draft of the guideline
8	Approach
9	Considerations for moving ahead in ICH “Develop a harmonized pharmaceutical quality system applicable across the life cycle of the product emphasizing an integrated approach to risk management and science.” July 2003. Requiring consensus among all regions and developing a guideline to be used by all ICH parties. Proceeding with a process oriented, practical, applicable, predictive, flexible, consistent and integrated approach in mind.
10	What is the problem being solved Product may not be available to patients, when needed May increase the potential for the release of unacceptable product to the market New product introductions to the marketplace may be delayed Delays may occur during implementation of changes and improvements to processes Safe and effective drugs may be discarded or recalled from the market Manufacturers may be reluctant to implement new technologies or continuous improvements to the products or processes Scarce resources may not be optimally allocated Lack of appropriate data to evaluate risk most effectively
11	Benefits Enhanced patient confidence in decision making on pharmaceutical quality Promotes more effective use of regulatory agency and industry resources Establishes a systematic, well-informed and thorough method of decision making which leads to greater transparency and predictability Increased knowledge of exposure to risk Fosters quality by design, continuous improvement and new technology introduction, which generally leads to enhanced product quality
12	Scope This guideline provides a framework that may be applied to all aspects of pharmaceutical quality including GMP and submission/review processes throughout the lifecycle of drug substances (API) and drug (medicinal) products, biological and vaccine products, and the use of excipients and packaging materials. This guideline is not intended to apply to risk management used in a pharmacovigilance setting involving safety and efficacy.
13	Process Initiate Process Assess Control Communicate Review
14	Guiding principles The evaluation of the risk should ultimately link back to the potential risk to the patient. The extent of the risk management process should be commensurate with the level of risk associated with the decision. A more robust data set will lead to lower uncertainty. It is essential to have a clear delineation of the risk question. Risk management should be an iterative process. People who apply risk management should have the appropriate training, skills and experience. The risk management process should be appropriately documented and verifiable.
15	Guide to initiating risk management Defining specifically the risk management problem or question, including the assumptions leading to the question. Assembling background information and data on the hazard, harm or human health impact relevant to the assessment. Defining how the assessment information and conclusions will be used by the decision makers. Identifying the necessary resources, members of the team who have the appropriate expertise, with the leader clearly identified. Asking the right risk assessment question(s) Stating clearly the assumptions in the risk assessment Assessing the quality and sufficiency of relevant data Specifying a timeline and deliverables for the risk assessment
16	Risk Assessment What can go wrong? What is the likelihood (probability) it would go wrong? What are the consequences? Risk analysis is a systematic use of information to identify specific sources of harm (hazards) and to estimate the risk. Risk evaluation compares the estimated risk against given risk criteria using a quantitative or qualitative scale to determine the significance of the risk.
17	Risk Control Risk control describes the actions of implementing risk management decisions. What can be done to mitigate and reduce risks? What options for controlling risks are available? What are the impacts of current risk management decisions on future options for risk management? Risk mitigation focuses on a reduction of severity of harm. Risk reduction focuses on the reduction of probabilities of occurrence of harm and detection of harm. Risk acceptance is a decision to accept risk, i.e., no additional risk control activities are necessary at that time.
18	Risk communication Risk communication is the exchange or sharing of information about risk and risk management between the decision maker and other stakeholders. The information can relate to the existence, nature, form, probability, severity, acceptability, treatment, detectability or other aspects of risks to quality. The communication among stakeholders concerning quality risk management decisions can be made through existing channels.
19	Risk monitoring and review All risk management processes are dynamic/iterative. Quality risk management when applied should benefit from new knowledge with each decision cycle and used to enhance future decisions allowing for continuous improvement.
20	Process flow
21	Risk management Tools Process mapping Preliminary Hazard Analysis (PHA) Hazard Analysis of Critical Control Points (HACCP) Hazard Operability Analysis (HAZOP Fault tree analysis (FTA) Failure Mode Effects Analysis (FMEA) Failure Mode, Effects and Criticality Analysis (FMECA) Risk Ranking and Filtering Informal Risk Management Taguchi, variation risk management method
22	Supporting Statistical Tools Design of experiments (DOE) Process Capability Analysis Control charts: acceptance control charts. Shewart control charts. Accumulative sum charts)
23	Integration of Quality Risk Management into operations Development (e.g. Specification Setting, Test Method Selection and process development). Regulatory scrutiny during pre and post approval. As a component of Quality systems ( e.g. Auditing, Deviations/Discrepancies, Complaints & Recall Management, Change management) Facility systems management ( e.g. Design, Hygiene, Qualification, environmental control, Preventative maintenance and Computerized systems) Materials Management (e.g. Supply chain, Assessment and evaluation of suppliers and contract manufacturers, procurement and release of material)
24	Integration of Quality Risk Management into operations (Continued) 6. Production (e.g. PAT, Validation, in-process sampling, testing, reporting and trending) Laboratory controls (e.g. validation, testing, methods development, stability). Packaging and labeling (e.g. Selection of container closure system and label controls). Regulatory Authority Activities
25	Next steps June 2004, Draft sent out to the Q9 EWG for review by constituents September 2004, Consolidate comments November 2004, Step II document preparation
26	Organizations represented on the Expert Working Group EU regulators: EMEA (European Medicines Evaluation Agency) and the French Health Products Safety Agency (AFSSAPS) EFPIA: F. Hoffmann-La Roche Ltd. And Eli Lilly &Co. Japan regulators: Division of drugs, National Institute of Health Sciences ;and Compliance and Narcotics Division, Pharmaceutical and Food Safety Bureau, Ministry of Health, Labour and Welfare. Japan Pharmaceutical Manufacturers Association: Eisai Co., Ltd and Mochida Pharmaceutical Co., Ltd. US regulators: Office of Compliance, CDER ;and office of scientific support, CVM, Food and Drug Administration. Pharmaceutical Research and Manufacturers of America: Merck & Co inc. and Centocor, Inc Canada Regulators: Compliance and Enforcement Coordination Division Health Products and Food Branch Inspectorate Health Canada. Swiss regulators (EFTA): Swiss medic, Swiss Agency for Therapeutic Products. World regulators: Quality Assurance & Safety: Medicines, World Health Organization. Generic Industry: Barr Laboratories, Inc. World Self Medication Industry: CHPA Consumer Healthcare Products Association
27	Definitions Decision Maker - process owner of risk management process Dynamic / Iterative Process - TBD Harm – Damage to health, including the damage that can occur from loss of product efficacy, safety, quality or availability Hazard - the source of harm. Can be a chemical, biological or physical substance, or an event that can cause harm. Product Lifecycle – All phases in the life of a product covering both the inherent characteristics of the product and how these may change over time. The lifecycle is from the initial development through pre- and post-approval until the product’s discontinuation and includes the associated regulatory processes. Quality – Degree to which a set of inherent characteristics of a product, system or process fulfills requirements Quality System – A formalized system that documents the structure, responsibilities and procedures required to achieve effective quality management. Requirements – Needs or expectations that are stated, generally implied or obligatory by the patients or their surrogates (e.g. health care professionals, regulators and legislators) Risk – Combination of the probability of occurrence of harm and the severity of that harm (from ISO/IEC Guide 51) Risk Management – Process consisting of well-defined steps which, when taken in sequence, support better Decision Making by contributing to a greater insight into risks and their impacts. It includes elements such as risk identification, assessment, mitigation, elimination and communication. Severity – Measure of possible consequence of a potential source of harm Stakeholder - Any individual, group or organization that can affect, be affected by, or perceive itself to be affected by a risk. The decision makers might also be stakeholders. For the purposes of this guideline, the primary stakeholders are the patient, healthcare professional, authority, regulator, industry, business, customer.
28	References Ayyub, B.M. (2002) Elicitation of Expert Opinions for Uncertainty and Risks. Boca Raton, FL: CRC Press. Ayyub, B.M. (2003) Risk Analysis in Engineering and Economics. Boca Raton, FL: Chapman & Hall/CRC Chowdhry, S. (2002). Design for Six Sigma: The Revolutionary Process for Achieving Extraordinary Profits. Dearborn, MI: Dearborn Trade. Davies, J.C. (Ed.), (1996). Comparing Environmental Risks. Tools for Setting Government Priorities. Washington, DC: Resources for the Future. Haimes, Y.Y. (1998). Risk Modeling, Assessment and Management. New York: John Wiley and Sons, Inc. Konisky, D.M. (1999) “Comparative Risk Projects: A Methodology for Cross-Project Analysis of Human Health Risk Rankings.” Discussion Paper 99-46, August 1999. Washington, DC: Resources for the Future. Morgan, G.M., and Henrion, M.C. (1990) Uncertainty. A Guide to Dealing with Uncertainty in Quantitative Policy Analysis. Cambridge, England: Oxford University Press. Morgan, G.M., Florig, H.K, DeKay, M.L., and Fischbeck, P. (2000) Categorizing risks for risk ranking. Risk Analysis 2: 49-58. National Research Council (1994). Understanding Risk. Informing Decisions in a Democratic Society. Washington, DC: National Academy Press Ross, T. and Sumner, J. (2002). A simple spreadsheet-based food safety risk assessment tool. Int. J. Food Micro. 77:39-53. Sparrow, M.K. (2000) The Regulatory Craft Thornton, A. C. (2004). Variation Risk Management. Focusing Quality Improvements in Product Development and Production. Hoboken, NJ: John Wiley and Sons, Inc.
29	Thank you