INTERNATIONAL CONFERENCE ON HARMONISATION OF TECHNICAL
REQUIREMENTS FOR REGISTRATION OF PHARMACEUTICALS FOR HUMAN
USE
DRAFT CONSENSUS GUIDELINE
QUALITY RISK MANAGEMENT
Q9
Released for Consultation
at Step 2 of the ICH Process
on 22 March 2005
by the ICH Steering Committee
At Step 2 of the ICH Process, a consensus draft text or guideline, agreed by the
appropriate ICH Expert Working Group, is transmitted by the ICH Steering Committee
to the regulatory authorities of the three ICH regions (the European Union, Japan and
the USA) for internal and external consultation, according to national or regional
procedures.
QUALITY RISK MANAGEMENT
Draft ICH Consensus Guideline
Released for Consultation on 22 March 2005, at Step 2 of the ICH Process
TABLE OF CONTENTS
1. INTRODUCTION .................................................................................................1
2. SCOPE....................................................................................................................2
3. PRINCIPLES OF QUALITY RISK MANAGEMENT.....................................2
4. GENERAL QUALITY RISK MANAGEMENT PROCESS .............................2
4.1 Responsibilities.......................................................................................................3
4.2 Initiating a Quality Risk Management Process....................................................3
4.3 Risk Assessment .....................................................................................................3
4.4 Risk Control ............................................................................................................4
4.5 Risk Communication ..............................................................................................5
4.6 Risk Review.............................................................................................................5
5. RISK MANAGEMENT TOOLS ..........................................................................6
5.1 Basic Risk Management Facilitation Methods .....................................................6
5.2 Informal Risk Management ...................................................................................6
5.3 Hazard Analysis and Critical Control Points (HACCP) .......................................6
5.4 Hazard Operability Analysis (HAZOP) .................................................................7
5.5 Failure Mode Effects Analysis (FMEA).................................................................7
5.6 Failure Mode, Effects and Criticality Analysis (FMECA)....................................8
5.7 Fault Tree Analysis (FTA) .....................................................................................8
5.8 Preliminary Hazard Analysis (PHA) .....................................................................9
5.9 Risk Ranking and Filtering ...................................................................................9
5.10 Supporting Statistical Tools...................................................................................9
6. INTEGRATION OF QUALITY RISK MANAGEMENT INTO
INDUSTRY AND REGULATORY OPERATIONS........................................10
7. DEFINITIONS ....................................................................................................11
8. REFERENCES....................................................................................................13
i
Quality Risk Management
Annex I:
Potential Opportunities for Conducting Quality Risk Management............... 14
I.1 Quality Risk Management as Part of Integrated Quality Management........... 14
I.2 Quality Risk Management as Part of Regulatory Operations ........................... 15
I.3 Quality Risk Management as Part of Development........................................... 15
I.4 Quality Risk Management for Facilities, Equipment and Utilities .................. 16
I.5 Quality Risk Management as Part of Materials Management.......................... 17
I.6 Quality Risk Management as Part of Production............................................... 18
I.7 Quality Risk Management as Part of Laboratory Control
and Stability Studies............................................................................................ 18
I.8 Quality Risk Management as Part of Packaging and Labelling ....................... 18
I.9 Quality Risk Management as Part of Continuous Improvement ...................... 18
ii
QUALITY RISK MANAGEMENT
1. INTRODUCTION
Risk management principles are effectively utilized in many areas of business and
government including finance, insurance, occupational safety, public health,
pharmacovigilance, and by agencies regulating these industries. Although there are
some examples of the use of quality risk management in the pharmaceutical industry
today, they are limited and do not represent the full contributions that risk
management has to offer. In addition, the importance of quality systems has been
recognized in the pharmaceutical industry and it is becoming evident that quality risk
management is a valuable component of an effective quality system.
It is commonly understood that risk is defined as the combination of the probability of
occurrence of harm and the severity of that harm. However, achieving a shared
understanding of the application of risk management among diverse stakeholders is
difficult because each stakeholder might perceive different potential harms, place
different probability on each harm’s occurring and attribute different severities of the
harm. In relation to pharmaceuticals, although there are a variety of stakeholders,
including patients and medical practitioners as well as government and industry, the
protection of the patient by managing the risk to quality should be considered of
prime importance.
The manufacturing and use of a drug (medicinal) product, including its components,
necessarily entail some degree of risk. The risk to its quality is just one component of
the overall risk. It is important to understand that product quality should be
maintained throughout the product lifecycle such that the attributes that are
important to the quality of the drug (medicinal) product remain consistent with those
used in the clinical studies. An effective quality risk management approach can
further ensure the high quality of the drug (medicinal) product to the patient in
providing a proactive means to identify and control potential quality issues during
development and manufacturing. Additionally, use of quality risk management can
improve the decision making if a quality problem arises. Effective quality risk
management can facilitate better and more informed decisions, can provide regulators
with greater assurance of a company’s ability to deal with potential risks and can
beneficially affect the extent and level of direct regulatory oversight.
The purpose of this document is to serve as a foundational or resource document that
is independent yet supports other ICH Quality documents and complements existing
quality practices, requirements, standards, and guidelines within the pharmaceutical
industry and regulatory environment. It will specifically provide guidance on the
principles and some of the tools of quality risk management that can enable more
effective and consistent risk based decisions, both by regulators and industry,
regarding the quality of drug substances and drug (medicinal) products across the
product lifecycle. It is not intended to create any new expectations beyond the current
regulatory requirements.
Although a systematic approach to quality risk management is generally preferred, it
is neither always appropriate nor necessary to use a formal risk management process.
The use of informal risk management processes can also be acceptable. Appropriate
use of quality risk management can facilitate but does not obviate industry’s
obligation to comply with regulatory requirements and does not replace appropriate
communications between industry and regulators.
1
Quality Risk Management
2. SCOPE
This guideline provides principles and examples of tools of quality risk management
that can be applied to all aspects of pharmaceutical quality including development,
manufacturing, distribution, and the inspection and submission/review processes
throughout the lifecycle of drug substances and drug (medicinal) products, biological
and biotechnological products, including the use of raw materials, solvents, excipients,
packaging and labeling materials.
3. PRINCIPLES OF QUALITY RISK MANAGEMENT
Two primary principles of quality risk management are:
•
•
The evaluation of the risk to quality should ultimately link back to the
protection of the patient;
The level of effort, formality and documentation of the quality risk
management process should be commensurate with the level of risk and be
based on scientific knowledge.
4. GENERAL QUALITY RISK MANAGEMENT PROCESS
Quality risk management is a systematic process for the assessment, control,
communication and review of risks to the quality of the drug (medicinal) product
across the product lifecycle. A model for quality risk management is outlined in the
diagram (Figure 1). The emphasis on each component of the framework might differ
from case to case but a robust process will incorporate consideration of all the
elements at an appropriate level of detail.
Figure 1: Overview of quality risk management process
Risk ReviewRisk Communication
Risk Assessment
Risk Evaluation
Initiate
Risk Management Process
unacceptable
Risk Control
Ri
sk
M
an
ag
em
en
t t
oo
ls
Output / Results of the
Risk Management Process
Risk Analysis
Risk Reduction
acceptable
Risk Identification
Risk Communication
Review Events
Risk Acceptance
Risk Acceptance
2
Quality Risk Management
Decision nodes are not shown in the diagram above because decisions can occur at any
point in the process. These decisions might be to return to the previous step and seek
further information, to adjust the risk models or even to terminate the risk
management process based upon information that supports such a decision.
4.1 Responsibilities
Decision makers should take responsibility for coordinating quality risk management
across various functions and departments of their organization. The decision makers
should ensure that a quality risk management process is defined, appropriate
resources are involved and the quality risk management process is reviewed.
Risk management activities are usually, but not always, undertaken by
interdisciplinary teams dedicated to the task. Teams formed for quality risk
management activities should include experts from the appropriate areas involved in
addition to individuals who are knowledgeable of the quality risk management
process.
4.2 Initiating a Quality Risk Management Process
Quality risk management includes systematic processes designed to coordinate,
facilitate and improve science-based decision making with respect to risk. Possible
steps used to initiate and plan a quality risk management process might include the
following:
•
•
•
•
•
Define the problem and/or risk question, including pertinent assumptions
identifying the potential for risk;
Assemble background information and data on the potential hazard, harm or
human health impact relevant to the risk assessment;
Define how decision makers will use the information, assessment and
conclusions;
Identify a leader and necessary resources;
Specify a timeline and deliverables for the risk management process.
4.3 Risk Assessment
Risk assessment consists of the identification of hazards and the analysis and
evaluation of risks associated with exposure to those hazards. The steps include risk
identification, risk analysis and risk evaluation. Quality risk assessments begin with
a well-defined problem description or risk question. When the risk in question is well
defined, an appropriate risk management tool (See Examples in Section 5) and the
types of information needed to address the risk question will be more readily
identifiable. As an aid to clearly defining the risk(s) for risk assessment purposes,
three fundamental questions are often helpful:
1. What might go wrong?
2. What is the likelihood (probability) it will go wrong?
3. What are the consequences (severity)?
Risk identification is a systematic use of information to identify hazards referring
to the risk question or problem description. Information can include historical data,
3
Quality Risk Management
theoretical analysis, informed opinions, and the concerns of stakeholders. Risk
identification addresses the “What might go wrong?” question, including identifying
the possible consequences. This provides the basis for further steps in the quality risk
management process.
Risk analysis is the estimation of the risk associated with the identified hazards. It
is the process that focuses on the second and third questions, seeking the likelihood
that risks identified in risk identification might occur and an ability to detect them.
Risk evaluation compares the identified and analyzed risk against given risk
criteria. A qualitative or quantitative process might be used to assign the probability
and severity of a risk. Risk evaluations consider the strength of evidence for all three
of the fundamental questions.
In doing an effective risk assessment, the robustness of the data set is important
because it determines the quality of the output. Revealing assumptions and
reasonable sources of uncertainty will enhance confidence in this output and/or help
identify its limitations. Typical sources of uncertainty include gaps in knowledge (e.g.,
gaps in pharmaceutical science and process understanding), sources of harm (e.g.,
failure modes of a process, sources of variability), and probability of detection of
problems.
The output of a risk assessment is either a quantitative estimate of risk or a
qualitative description of a range of risk. When risk is expressed quantitatively, a
numerical probability scale from 0 to 1 (0% to 100%) is used. Alternatively, risk can be
expressed using qualitative descriptors, such as “high”, “medium”, or “low”, and they
should be defined in as much detail as possible. In quantitative risk assessments, a
risk estimate provides the likelihood of a specific consequence, given a set of risk-
generating circumstances. Thus, quantitative risk estimation is useful for one
particular consequence at a time. Alternatively, some risk management tools use a
relative risk measure to combine multiple levels of severity and probability into an
overall estimate of relative risk. The intermediate steps within a scoring process can
sometimes employ quantitative risk estimation.
4.4 Risk Control
Risk control includes decision making to reduce and/or accept risks. The purpose of
risk control is to reduce the risk to an acceptable level. The amount of effort used for
risk control should be proportional to the significance of the risk. Decision makers
might use different processes for understanding the optimal level of risk control
including benefit-cost analysis.
Risk control might focus on the following questions:
•
•
•
•
Is the risk above an acceptable level?
What can be done to reduce, control or eliminate risks?
What is the appropriate balance among benefits, risks and resources?
Are new risks introduced as a result of the identified risks being controlled?
Risk reduction focuses on processes for mitigation or avoidance of quality risk when
it exceeds an acceptable level. Risk reduction might include actions taken to mitigate
the severity and probability of harm. Processes that improve the detectability of
4
Quality Risk Management
hazards and quality risks might also be used as part of a risk control strategy. By the
implementation of risk reduction measures, new risks may be introduced into the
system or the significance of other existing risks might be increased. Hence, it might
be appropriate to revisit the risk assessment to identify and evaluate any possible
change in risk.
Risk acceptance is a decision to accept risk. Risk acceptance can be a formal
decision to accept the residual risk or it can be a passive decision in which residual
risks are not specified. For some types of harms, even the best quality risk
management practices might not entirely eliminate risk. In these circumstances, it
might be agreed that the optimal quality risk management strategy has been applied
and that quality risk is reduced to an acceptable level. This acceptable level will
depend on many parameters and should be decided on a case-by-case basis.
4.5 Risk Communication
Risk communication is the exchange or sharing of information about risk and its
management between the decision makers and others. Parties can communicate at
any stage of the risk management process. Sometimes, a formal risk communication
process is developed as a part of risk management. This might include communication
among many interested parties; e.g., regulators and industry, industry and the
patient, within a company, industry or regulatory authority, etc. The included
information might relate to the existence, nature, form, probability, severity,
acceptability, treatment, detectability or other aspects of risks to quality. This
exchange need not be carried out for each and every risk acceptance. In the event that
the communication is between the industry and regulatory authorities concerning
quality risk management decisions, these might be made through existing channels as
specified in regulations and guidances.
The output of the quality risk management process should be documented when a
formal process has been utilized.
4.6 Risk Review
The output/results of the risk management process should be reviewed to take into
account new knowledge and experience. Once a quality risk management process has
been initiated, that process should continue to be utilized for events that might
impact the original quality risk management decision whether these are planned (e.g.,
results of product review, inspections, audits, change control) or unplanned (e.g., root
cause from failure investigations, recall). Risk management should be an ongoing
quality management process and a mechanism to perform periodic review of events
should be implemented. The frequency of the review should be based upon the level
of risk. Risk review might include reconsideration of risk acceptance decisions
(section 4.4).
5
Quality Risk Management
5. RISK MANAGEMENT TOOLS
Quality risk management tools support a scientific and practical approach to decision-
making by providing documented, transparent and reproducible methods to
accomplish steps of the quality risk management process (Chapter 4).
The purpose of this section is to provide a general overview and references of some of
the primary tools that might be used in quality risk management. The references are
included as an aid to gain more knowledge and detail on the particular tool. This is
not an exhaustive list.
Failure Mode Effects Analysis (FMEA); •
•
•
•
•
•
•
•
•
•
•
•
Failure Mode, Effects and Criticality Analysis (FMECA);
Fault Tree Analysis (FTA);
Hazard Analysis and Critical Control Points (HACCP);
Hazard Operability Analysis (HAZOP);
Preliminary Hazard Analysis (PHA);
Risk ranking and filtering;
Supporting statistical tools.
It might be appropriate to adapt these tools for use in specific areas pertaining to drug
substance and drug (medi
本文档为【ICH Q9-Quality Risk Management(英文)】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。