Quality_Systems_Establishment_and_Implementation_-_FINAL

nullnullQuality Systems Establishment and Implementation SFDA inspector workshop 22nd Aug 2009ContentsContents GMP guidelines re-written in Quality system format – Devices GMP guidelines re-written in Quality system format – ICH Q10 System-based approach for pharmaceutical products The Quality Assurance system US FDA – other 5 systems Implementation of a quality assurance system CAPA System (see also Case Study) Quality Risk Management System (see also Case Study) Questions & AnswersnullIntroduction – Quality systemsGMP Guidelines in Quality System FormatGMP Guidelines in Quality System FormatDevices In 1990’s the EU & USA Medical Device GMPs were re-written in a quality system format ISO:9000 and ISO:13485 (EU) 21 CFR 820 and ISO:13485 (USA)GMP Guidelines in Quality System FormatGMP Guidelines in Quality System FormatThe EU and USA GMP Guidelines / Regulations have remained in “Guideline” format until the advent of ICH Q10 in 2008: Stage 4 – recommended for adoption in EC, USA, Japan “Effective quality management system for the pharmaceutical industry”Pharmaceutical Quality SystemPharmaceutical Quality SystemICH Q10 Objectives: Achieve Product Realization Establish & Maintain a State of Control Facilitate Continuous Improvement Pharmaceutical Quality SystemPharmaceutical Quality SystemScope – product life-cycle approach: Pharmaceutical development Technology transfer Commercial manufacture Product discontinuation Pharmaceutical Quality SystemPharmaceutical Quality SystemICH Q10 Enablers: Knowledge Management Quality Risk Management Pharmaceutical Quality SystemPharmaceutical Quality SystemICH Q10 Requirements: MANAGEMENT RESPONSIBILITY CONTINUAL IMPROVEMENT OF PROCESS PERFORMANCE AND PRODUCT QUALITY CONTINUAL IMPROVEMENT OF THE PHARMACEUTICAL QUALITY SYSTEMAPI ManufactureAPI ManufactureQuality system and GMP requirements for API development and manufacture are provided by ICH Q7A “Good Manufacturing Practice for Active Pharmaceutical Ingredients”nullUS FDA Systems Approach to Inspection IntroductionUSA FDA adopted “systems approach” to facility audits in 2002USA FDA adopted “systems approach” to facility audits in 2002Basic strategy: “evaluating through factory inspections, including the collection and analysis of associated samples, the conditions and practices under which drugs and drug products are manufactured, packed, tested and held” The “systems approach” compliance program is designed to provide guidance for implementing the above strategy.Program based on biennial (2 yearly) factory inspections:Program based on biennial (2 yearly) factory inspections:For a pre-approval inspection, FDA is required to evaluate at least 4 systems: Quality system + 3 others For a routine GMP inspection, FDA is required to evaluate at least 2 systems: Quality system + 1 othernullQuality System inspections Quality system audit itemsQuality system audit itemsAudit of quality system is carried out in 2 phases:- Has “QC Unit” fulfilled the responsibility to review and approve all procedures related to production, quality control and quality assurance and assure they are adequate for their intended use? Assess data collected to identify quality problems.Quality system - areas to be covered:Quality system - areas to be covered:Product reviews – at least annually Complaint reviews (quality and medical); documented, evaluated, investigation in a timely manner; includes corrective action where appropriate Discrepancy and failure investigations relating to manufacturing and testing Change control; documented; evaluated; approved; need for revalidation Product Improvement Projects Reprocess/rework; evaluation, review & approval; impact on validation and stability Quality system - areas to be covered: cont’dQuality system - areas to be covered: cont’dReturns/Salvages; assessment; investigation expanded where warranted; disposition Rejects; investigation expanded where warranted; corrective action where appropriate Stability failures; investigation expanded where warranted; need for field alerts evaluated; disposition Quarantine products Validation; status of required validation/revalidation (e.g. computer, manufacturing process, laboratory methods Training/qualification of employees in quality control unit functions nullImplementation of a Quality System Implementation of a Quality SystemImplementation of a Quality SystemVery often, Corporate QA functions have oversight of, or issue specifications for, site Quality systems Elements of the Quality System may be: Derived from Corporate systems/requirements Global or regional in scope Local or site specific Developed and implemented in accordance with Corporate QA-determined schedules Implementation of a Quality SystemImplementation of a Quality SystemDetermine Scope/prepare URS Develop system descriptions and process descriptions “Lean” review Develop electronic systems/processes if necessary URS Develop, test and validate system, train users Change Control Prepare and approve high-level system documentation Prepare and approve System SOPs Train QA/train all other personnel Roll out – go-liveEach sub-system requires a separate process/documentationEach sub-system requires a separate process/documentationSub-systems may be rolled out sequentially: Documentation/control Change Control Deviation system CAPA Complaints OthersOther sub-systems to be developedOther sub-systems to be developedThese require development of SOPs and forms, training of personnel: Management review of quality performance Product annual reviews Process and analytical trend reviews Complaint reviews (product quality and adverse events) Procedure for re-processing / re-work Returns, salvages and rejects Product recall procedure Validation Batch review and release Performance of Quality SystemPerformance of Quality SystemOnce established, monitor the performance of the sub-systems. This is done by collecting and reporting metrics (e.g. monthly): Number of changes/deviations/CAPAs/ complaints etc processed Time to close items Items overdue/extended Objective is to continually improve the systems and performancenullCorrective and Preventative Action - CAPACAPA is -CAPA is - The response to a detected GMP non-compliance. As such, it is considered Urgent. A defined corrective action plan (in Trackwise) A plan which identifies deliverables, owners and due dates A Culture of proactively fixing issues as they arise.CAPA planCAPA planThe CAPA culture depends upon accurate identification of root causes Effective CAPAs depend on successful CAPA planning The CAPA Plan identifies deliverables, owners, and effective due dates Deliverables may be linked to Change Control(s) Due dates must be planned properly, based on available resources, and timelines allocated realisticallyCAPAs may originate from:CAPAs may originate from:Deviations, OOS investigations Internal audit findings Corporate audit findings Regulatory authority findings Other observed discrepanciesCAPA Workflow:CAPA Workflow:Problem Statement Define corrective and preventative actions Identify all Deliverables (individual action items) CAPA plan – items, responsible persons, due timelines GMP evaluation/QA approval Implementation of the CAPA items – monitor progress of Deliverables Effectiveness Check QA review, approval and closure nullCAPA Effectiveness CheckCAPA Effectiveness CheckBuilt in to the CAPA system should be a procedure for ensuring the review of the continued effectiveness of implemented CAPA actions.CAPA cultureCAPA cultureCAPA is more than a system; it is a Culture. A CAPA Culture signifies that any GMP discrepancies will be identified and remedial action will be implemented proactively to correct the discrepancy and prevent re-occurrence. It is an factor in achieving continuous improvement of quality.nullQuality Risk Management QRMRisk – Different uses of the same term to mean different things !Risk – Different uses of the same term to mean different things !What Quality Risk Management IS:What Quality Risk Management IS:Systematic Approach Implementable in a variety of ways with different tools or other procedures A methodology to ensure resources directed to greatest need What Quality Risk Management IS NOT:What Quality Risk Management IS NOT:Not a new Q system – like Change Control, CAPA etc. Not a new set of Regulatory expectations Not a methodology to allow a company avoid existing regulations ICH Q9 Quality Risk ManagementICH Q9 Quality Risk ManagementICH Regional Regulators:- FDA: 21st Century GMP initiative EMEA: Revised EU directives MHLW: Revised Japanese law (rPAL) EU & Japan became involved at ICH GMP Workshop in July 2003: 5 year vision agreed: “Develop a harmonised pharmaceutical quality system applicable across the life cycle of the product emphasizing an integrated approach to quality risk management and science” Consequent ICH Expert Working Groups (EWG): ICH Q8 Pharmaceutical Development, approved 2005 ICH Q9 Quality Risk Management, approved 2005 ICH Q10 Quality Systems, topic accepted 2005 ICH Q9 Link back to patient riskQ10Q8ICH Q9 Link back to patient riskProcessMaterialsDesignManufacturingDistributionPatientFacilitiesOpportunities to impact risk using quality risk managementQ9DefinitionsDefinitionsQualityRiskDegree to which a set of inherent properties of a product, system or process fulfills requirementscombination of the probability of occurrence of harm and the severity of that harm Systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle ManagementQRMICH Q9 – Core pointsICH Q9 – Core pointsSystematic approach No new regulatory expectations beyond current ones Does not allow circumventing of existing regulatory expectations. As with other ICH, not binding, but elements of it are beginning to appear in EU regs (Chap1, Annex 15, …) Process – does not always need to be done via a formal tool ICH Q9 – Core points cont’d…ICH Q9 – Core points cont’d…Primary principles The evaluation of risk should be based on scientific knowledge and ultimately link to the protection of the patient The level of effort, formality and documentation of the quality risk management process should be commensurate with the level of the risk. Note these principles are explicitly adopted in new draft EU GMP Guide Vol. 4 Chapter 1 Quality Management null Quality Risk Management ProcessTeam approachOverview of typical QRM processOverview of typical QRM processPhase 1 -Initiation Define the problem Define an appropriate team Assemble the data Identify the leader & required resources Specify timeline, deliverables, decision making Overview of typical QRM processOverview of typical QRM processPhase 2 Risk Assessment Risk Identification - What might go wrong ? Risk Analysis What is the probability of it going wrong? What are the consequences / severity ? Risk Evaluation – compares the identified and analyzed risks against given risk criteria. Considers the strength of evidence for the three questions above. Output of a risk evaluation is either a number or a qualitative description- e.g. High, Medium, LowOverview of typical QRM processOverview of typical QRM processPhase 3 Risk Control Risk Control Is the risk above an acceptable level What can be done to reduce or eliminate the risk What is the appropriate balance among benefits, risks and resources Are new risks introduced as a result of the identified risks being controlled Risk Reduction - Could severity/probability of the risk be reduced or its detectability increased ? Risk Acceptance – Accept / Reject the risk Overview of typical QRM processOverview of typical QRM processPhase 4 Risk Communication Shares information about the risk and its management between the decision makers and others Can be done at any stage but must be done for final outcome of the QRM process (after Risk Control) Can use existing processes for such communication – e.g. change control process Overview of typical QRM processOverview of typical QRM processPhase 5 Risk Review Risk management should be an ongoing part of the quality management process. A mechanism to review or monitor events should be implemented. Should take account of new developments, knowledge & experience Risk review may involve reconsidering earlier risk acceptance decisionsRisk Management Methodology / ToolsRisk Management Methodology / ToolsBasic e.g. flowchart, check sheet Failure Mode Effects Analysis FMEA Failure Mode Effects Criticality Analysis (FMECA) Fault Tree Analysis Hazard Analysis and Critical Control Points (HACCP) Hazard Operability Analysis (HAZOP) Preliminary hazard Analysis (PHA) Risk Ranking & Filtering Statistical Tools Empirical / Internal Procedures Integration of Quality Risk Management into existing systemsIntegration of Quality Risk Management into existing systemsSome Suggested Examples in ICH Q9 Defining Scope & Frequency of Audits To review current interpretations and application of regulatory expectations Identifying, evaluating and communicating the potential quality impact of a suspected defect To manage changes Product design Extent of Validation Determining calibration / maintenance schedules Etc.Integration of Quality Risk Management into existing systemsIntegration of Quality Risk Management into existing systemsExamples of areas of application quoted in one PDA case study: Audit Program Batch Record Review Change Control RM Testing RM Changes Validation of lab equipment Non-Conformance Handling Environmental Monitoring Animal-Derived Raw materialsWhere to apply a risk management approachWhere to apply a risk management approachTo achieve the quality objective reliably there must be a comprehensively designed and correctly implemented system of Quality Assurance incorporating Good Manufacturing Practice, Quality Control and Quality Risk Management. …. (Draft new EU Vol. 4 Chapter 1 Quality Management) A risk assessment approach should be used to determine the scope & extent of validation. .. The likely impact of changes …should be evaluated including risk analysis. (EU Vol 4 Annex 15 Qualification & Validation) The potential impact of any proposed change on the quality of the intermediate or API should be evaluated. A classification procedure may help in determining the level of testing, validation, and documentation needed to justify changes to a validated process. Changes can be classified (e.g. as minor or major) depending on the nature and extent of the changes, and the effects these changes may impart on the process. Scientific judgment should determine what additional testing and validation studies are appropriate to justify a change in a validated process. (EU Vol 4 Part 2 Section 13) Where to apply a risk management approach cont’d…Where to apply a risk management approach cont’d…A risk analysis of the sterility assurance system focused on an evaluation of possibility of releasing non-sterilised products should be performed. (EU Vol 4 Annex 17 Parametric release) Environmental impact of drugs & biologics in clinical use. (FDA Guidance for industry on environmental Assessment of Human Drugs and Biologics Applications CDER/ CBER 1998) Environmental Risk assessment Report in Module 1 of MAA. Note performed by PCS Biology on behalf of RA (CHMP/SWP/4447/00 draft guideline on environmental risk assessment of medicinal products for human use EMEA 2005) Where to apply a risk management approach cont’d…Where to apply a risk management approach cont’d…Risk assessment should be triggered when:- a) There is new product, process, facility, system, component, material or equipment b) There is a change to product, process, facility, system, component, material or equipment The purpose of implementing risk management is to ensure that for a given process / product the scope and purpose of the risk management activity clearly identifies individual and collective risks against which appropriate mitigating or remedial actions can be implemented to reduce, remove or stabilize the risk Individuals participating in the risk management process must have appropriate documented training in the principles and practices of risk management nullWhen to apply Quality Risk ManagementWhere to apply a risk management approachWhere to apply a risk management approach In many cases risk assessments may be done already informally or undocumented. The expectation is that a systematic approach is to be adopted and documented for decisions such as : Defining audit programs Defining environmental monitoring or QC sampling plans Defining limits and controls for products / processes Selection and use of materials and components Defining residue limits following cleaning Choosing what parameters to include in validation protocols Assessing the impact of change Such quality risk assessments need not always use a ‘formal’ risk assessment tool, but should apply a documented systematic approach to reach a decision Further opportunities to benefit from QRMFurther opportunities to benefit from QRMUse anywhere to decide how best to use finite resources to achieve maximum impact on quality e.g. documentation review, definition of test plans, training plans etc. etc. The process and product quality monitoring system should ... use quality risk management to identify and establish monitoring frequencies of key performance indicators that reflect product quality and/or process capability. The monitoring frequency for each key performance indicator should facilitate timely feedback / feed forward and action, commensurate with the lifecycle stage. (ICH Q10) The above implies that quality indicators being monitored, should be categorized using QRM techniques and then resources deployed proportional to the risk and lifecycle stage. Thus QRM becomes part of a continuous quality improvement process. Typical Approach when applying Risk Assessment forTypical Approach when applying Risk Assessment forSelect the process Assemble multi disciplinary team Define Probability of Occurrence levels Define Severity levels Define risk acceptability table Example of probability of occurrence tableExample of probability of occurrence tableExample of severity tableExample of severity tableRisk Acceptability TableRisk Acceptability TableDefine based on RPN cutoff point Or Define based on qualitative assessment of probability, severity, detectability into Acceptable / Unacceptable Or Division into three qualitative categories acceptable unacceptable (must reduce) intolerable (must eliminate) Typical Approach when applying Risk AssessmentTypical Approach when applying Risk AssessmentSelect the process to be assessed Assemble multi disciplinary team Define Probability of Occurrence levels Define Severity levels Define risk acceptability table Define detection levels Map the process Assess each step in a risk assessment worksheet Implement actions and communicate null Example – Assessment of Risk using FMEAnullnullnullCaution – Qualitative vs QuantitativeCaution – Qualitative vs QuantitativeWhen multiplying probability x severity x detectability to obtain RPN – be cautious. It is inadvisable to place too much faith in precise numbers. For example a severity of 4 is more severe than a severity of 2 but not necessarily twice as severe! Some experts prefer to use words (high, medium, low) to force a good qualitative assessment of RPN rather than a poor quantitative one. This is not an exact science and common sense still needs to apply when defining the RPNnull Examples of Risk Assessment on a system how to apply QRM to audit schedules Example 1Example 1Potential Risk Factors were identified. Product risks Type of material supplied 0 - 3 Amount of material supplied 0 - 3 Control level of material before use 1 - 5 Process / Facility risks Experience with supplier 1 - 5 Certification of supplier 1 -