Challenges of implementation of ICH Q 9 a regulatory perspective Jacques Morénas Deputy Director Inspectorate and Companies Department The French Health Products Safety Agency (AFSSAPS) telephone : 33 1 55 87 39 17 fax : 33 1 55 87 39 12 e-mail : jacques.morenas@afssaps.sante.fr sante fr International Conference on Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use
Disclaimer: The information within this presentation is based on the presenter's expertise and experience, and represents the views of the presenter for the purposes of a training workshop.
Quality Risk Management is not a single process Start Risk identification Subprocess Sub-Subprocess Start Feedback procedure Process- step Decision Start Risk analysis Etc. End End End
In front of that.. You could feel lonely
Agenda Principles and environment What is an acceptable risk to quality? Risk management approaches for companies Risk management approaches for regulators Changing periods
Agenda Principles and environment What is an acceptable risk to quality? Risk management approaches for companies Risk management approaches for regulators Changing periods
The hurdles Increasing external requirements for best practice, transparency and compliance Public / Community Governments Regulators Patients Investors / Creditors Increasing efforts and costs for sustainability? Documentation Projects Systems Interfaces Growing complexity and scope of risks Globalisation Multinational Multi-factor approaches Regulatory expectations ti Acceptance of risk and uncertainty
Today
Empowerment & flexibility An appropriate integrated approach help to meet requirements more efficiently i Proactive disclosure, build trust and understanding Quality Risk Management Improve communication through sharing best practice and integrating tools Master complexity and aggregation by providing tools and methodology
Vision of the future science-based & risk-based behavior
Incremental steps Changed Paradigm Pharmaceutical Development (Q8) Past: Data transfer / Variable output Future: Knowledge transfer / Consistent output Quality Risk Management (Q9) Q11 Past: Informal approach Future: Opportunity to use a structure and process thinking Q9 Pharmaceutical Quality Systems (Q10) Past: Large variability on Q-systems Future: Consistency on Q-systems
PAT ICH Q8 ICH Q10 Design space ICH Q11 ICH Q9 How industry will apply the (new) concepts? What will change?
Definitions Quality Risk & Management QRM Degree to which a set of inherent properties of a product, system or process fulfills requirements combination of the probability of occurrence of harm and the severity of that harm Systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle
Product lifecycle for medicinal products Research Preclinical Phase Clinical Phases Launch GLP Safety Manufacturing GCP GMP Efficacy ICH Q9 Quality
Principles of Quality Risk Management Two primary principles: The evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient The level of effort, formality and documentation of the quality risk management process should be commensurate with the level of risk
A General Quality Risk Management Process Risk Comm munication Initiate Quality Risk Management Process Risk Assessment Risk Control Risk Identification Risk Analysis Risk Evaluation Risk Reduction Risk Acceptance unacceptable Risk Manage ementtools Team approach Output / Result of the Quality Risk Management Process Risk Review Review Events
What makes Q9 different? It provides principles p and a framework for decision making Q9 is a quality improvement methodology It is a guidance not an SOP Simple Flexible Not mandatory It supports science-based decision making Facilitates communication and transparency Supports build up trust Q9 is for both industry and competent authorities (CA)
Role of Quality Risk Management Product Development Process Development Conclusions & Tech. Transfer Commercial Manufacturing Product / prior Knowledge Manufacturing Process / prior Knowledge Product and Process Development Knowledge Process History for life cycle mgmt Risk Assessment Risk Assessment Risk Control Risk Review Excipient & Drug Subst. Design Space Manuf. Process Design Space Product quality & control strategy Opportunities to apply Quality Risk Management Continual Improvement Process understanding
Agenda Pi Principles i and environment What is an acceptable risk to quality? Risk management approaches for companies Risk management approaches for regulators Changing periods
What is an acceptable risk to quality? Decision i making activity it by the stakeholders. To be considered: Is the risk on an acceptable level? What can be done to reduce or eliminate risks? What is the appropriate balance between benefits, risks and resources? Do measurements introduce new risks?
What is an acceptable risk to quality? Who has to accept risk? Decision i maker(s) Person (s) with the competence and authority to make appropriate p and timely quality risk management decisions Decision makers might also be stakeholders Stakeholder Any individual, group or organization that can be affected by a risk The primary stakeholders are the patient, healthcare professional, regulatory authority, and industry
What is an acceptable risk to quality? This has to be decided in the context of each specific risk management problem Put in precise and definite data receive a clear answer Enable decision i makers to make good and transparent t decisions Accept risk, if the effort to reduce a risk will solve the specific problem. Keep in view: The protection of the patient It s up to the organization whether they accept risks that meet the principles of QRM
What is an acceptable risk to quality? An event Considerations: Industrial risk could be different from political risk Notion of "risk" could be not the same for industry and competed health authority (CA) CA are often face to face with public opinion and politicians Compromise according to ICH Q9: link back to the protection of the patient
What is a residual risk? Residual risk address hazards that have been assessed and risks that have been accepted that have not yet been identified which have been identified but the risks have not been correctly assessed which are not yet linked Is the risk transferred to an acceptable level? Consider current scientific knowledge & techniques Fulfil all legal and internal obligations As hazards remain zero risk is never possible
Risk acceptance as part of risk control Discuss the appropriate balance among benefits, risks, and resources Be careful to emphasize the principles: the patients interests and good science/data Risk acceptance is not: Inappropriately interpreting ti data and information Hiding risks from the regulators Dodging legal requirements See a possible decision tree in the back-up slides
Agenda Principles and environment What is an acceptable risk to quality? Risk management approaches for companies Risk management approaches for regulators Changing periods
Managing risks in a company Company Strategy risks Operational risks Financial risks Compliance risks Environmental Enterprise risk management Regulatory Quality / GMP
Existing organisation Operations Support Manufacturing Quality Unit Procurement etc Quality Management Quality Assurance Quality Control Validation Risk Management
How can Q9 be implemented? The ICH Q9 document: Main body explains the What? Annex I give ideas on the How? Annex II give ideas on the Where? It can be implemented by industry Pharmaceutical Development (ICH Q8) and Quality Systems (ICH Q10) will indicate the When? It helps prevent ent overly restrictive e and unnecessary requirements being imposed by either industry or regulators (ICH Q9)
How can Q9 be implemented? ICH Q9 Existing internal documentation system Where to be in future? (Mission, Policy) What to do? (e.g. Directives) How to do? (e.g. Guidelines) Detailed instructions (e.g. Standard Operating Procedures) Records Rules & Procedures (internal regulations) Records & Reports
When to use Quality Risk Management? Should risks be assessed? Are there clear rules for decision making? No 1. What might go wrong? 2. What is the likelihood (probability) it will go wrong? 3. What are the consequences (severity)? Yes no RM Can you answer the risk assessment questions? Yes informal RM No formal RM Agreeonateam (small project) Risk assessment not required (No flexibility) Initiate Risk assessment (risk identification, analysis & evaluation) Select a Risk Management tool (e.g. see ICH Q9 Annex I) Follow procedures (e.g. Standard Operating Procedures) Run risk control (select appropriate measures) Carry out on the Risk Management tool Document results, decisions and actions Document the steps
Contributing items to manage quality risks System Risk (facility & people): e.g. interfaces, operators risk, environment, components like: equipment, IT, design elements System Risk (organisation): e.g. quality systems, controls, measurements, documentation, regulatory compliance Process Risk: e.g. process operations and quality parameters Product Risk (safety & efficacy): e.g. quality attributes: measured data according to specifications
Agenda Pi Principles i and environment What is an acceptable risk to quality? Risk management approaches for companies Risk management approaches for regulators Changing periods
Implementation in assessment Evaluation of : Impact of proposed changes Impact of deviations i Impact of out of specification results EMA Process Analytical Technology (PAT) team involving assessors and GMP inspectors
Implementation in assessment Revised documents such as note for guidance for Real Time Release Testing (previously Parametric Release)
Implementation in inspection Three possible areas have been already identified: Planning of inspection Conducting an inspection Management of suspected quality defects
Planning of inspection Inspection frequency and depth should be adapted subject to (and for example) : * Examination of a site master file (if available) * Review of the products manufactured by the company * Review of the reports from previous inspections * Review of the follow-up actions (if any) arising from previous inspections * Review of product recalls initiated since the previous inspection an examination of relevant product defects notified since the previous inspection * Review of the analysis of any samples analyzed by the Competent Authority since the previous inspection Etc
Planning of inspection Categories Description Inspection intervals Poor compliance level The last inspection revealed major or critical deficiencies 6 X - 1 Acceptable compliance level Good compliance level The two last inspections have revealed no critical deficiency and less than 6 major deficiencies 2 The two last inspections have revealed no critical and no major deficiency X (= regulatory interval) X+1
Planning of inspection The objectives of Competent Authorities is to optimize the inspection resources Using both QRM and PQS (Pharmaceutical Quality System which could be ICH Q10), confidence between industry and GMP inspectors should be increased with an impact on inspection frequency and depth
Conducting an inspection How can QRM activity be inspected? If the company explains that ICH Q9 has been used as reference for establishing the QRM, it will be used by inspectors. If not, inspectors might review : Whether the quality risk management performed is integrated in the Quality System of the organization Traceability, transparency How was the decision made? Was a (risk) problem / question defined? Did the process performed answer this question? Were the appropriate functions allocated to all teams? Were the right documents recognized? Was the decision based on scientific knowledge?
Management of suspected quality defects Defining an SOP based on QRM principles for dealing with suspected quality defects
Agenda Pi Principles i and environment What is an acceptable risk to quality? Risk management approaches for companies Risk management approaches for regulators Changing periods
The ultimate goal of QRM Sharing information and ideas
QRM Communication facilitates trust and understanding di Regulators operation - Reviews - Inspections Industry operation - Submissions - Manufacturing
Integration of QRM A common understanding and application of quality risk management principles could facilitate mutual confidence and promote more consistent decisions among regulators on the basis of the same information. This collaboration could be important in the development of policies and guidelines that integrate and support quality risk management practices.
Lessons learned It is easy to use Quality Risk Management in supporting decision making How to prioritise work? What next? Quality Risk Management requires teamwork It seems to be time consuming No one says: It was a waste of time Aid for rationalisation of the decision For a better transparency Increasing transparency is often requested Is this relay the desired state?