Application of ICH "quality risk management" in GMP management process

(the main reference materials of this paper are from ICH Industry Guide Q9 quality risk management June 2006 ICH.) In 2009, in the new GMP draft of China, we are pleased to see the introduction of the concept of "quality risk management (QRM)", which plays an important role in the identification, assessment, control, communication and review of quality risks throughout the life cycle of drugs, and will ensure that high-quality products are provided for patients The content of "quality risk management" is quoted in the 2006 version of ichq9 and the 2008 version of annex 20 of EU GMP guidelines With the continuous improvement of GMP management level, "quality risk management" will get more and more attention and application in the GMP management process This paper will describe the process and method of quality risk management and its application in the process of drug production quality management 1、 The definition and model of "QRM" figure 1 Definition of quality risk management 1.1 definition of QRM in ichq9: quality risk management is the systematic application of quality management policies, procedures and specifications in risk assessment, control, communication and review 1.2 "risk" is composed of two key factors: ● possibility of hazard occurrence; ● severity of hazard occurrence To manage risk effectively is to control these two factors of risk 1.3 QRM in the pharmaceutical industry should adhere to the following three main principles: ● quality risk management is based on science and technology, and is based on the premise of complying with existing laws and regulations; ● any output results or actions should be based on protecting the interests of patients; ● the complexity of quality risk management process and documents should be consistent with the corresponding risk level 1.4 QRM application scope: ● determine and evaluate the potential impact of product or process deviation and product complaint on quality and drug laws and regulations, including the impact on different markets; ● assess and determine the scope of internal and external quality audit; ● assess the risk of new construction or transformation of plant facilities, building materials, general engineering and preventive maintenance projects or computer systems; ● assess the scope and depth of validation activities; ● assess the quality system, such as material, product release, label or batch audit effect or change, QRM is widely used in all areas of GMP management 2 Quality risk management model chart 2.1 generally, our decision-making procedures are as follows: ● determine the event to be taken or determine what happened; ● collect relevant data and information; ● analyze and find out the cause of the event; ● implement improvement actions The above process is the actions and preventive measures taken for the events that have occurred The evaluation process data is retrospective, i.e focus on the cause analysis and actions of the deviation In contrast, quality risk management (QRM) is to predict the events that may occur in the future by mastering enough knowledge, facts and data, and avoid the occurrence of hazards through risk control The procedures are as follows: ● identify potential risks ● analyze potential risks ● assess potential risks ● control potential risks quality risk management runs through all aspects of drug quality and production management, including a variety of methods and adaptability 2、 Detailed description of quality risk management steps 1 Determine the event and start quality risk management Clearly identify at the initial stage that the risk issue or event has a significant impact on QRM outcomes Generally, the risks that need to be considered include the risks to patients, the risks of products not meeting the requirements of standards, the risks of regulations not meeting, etc At this stage, background information shall be collected and personnel and resource allocation of QRM project team shall be determined 2 Risk assessment a) Risk identification b) analysis of risk (qualitative or quantitative) I possibility of occurrence II Severity of hazard III measurability C) risk assessment In most cases, when we want to make a decision, there are many risk elements that need to be considered or balanced, and these elements are not under our control They have both the possibility of harm and the severity of harm Each risk element should be evaluated to establish preventive measures against possible risks The information used for risk identification can include historical data, theoretical analysis, suggestions and related contact events that affect decision-making Different analysis tools should be selected and applied for different risk projects 3 Risk control a) Risk reduction: take actions to reduce or avoid risks, including taking actions to reduce the severity of risks or the possibility of risks Some methods of risk reduction may introduce new risks to the system or significantly improve other existing risks At this time, risk assessment must be repeated to determine and assess the possible changes of risks b) Risk acceptance: establish the acceptable limit or level of risk The action of risk reduction and the acceptable limit of risk are determined by many parameters, including benefits, risks, resources, etc., but all of them should take the protection of patients' interests as the core 4 Risk communication and documents Once risk control actions are identified, they should be documented as a defined workflow For example: ● risk control actions related to deviation shall be recorded and results shall be communicated with other relevant personnel ● risk decisions related to validation shall be recorded in the validation master plan or validation outline ● all output results of risk management shall be effectively communicated with relevant personnel and QRM file shall be established 5 Review the established QRM results regularly The decision or action of QRM shall be made based on the current conditions The QRM results shall be updated according to the new knowledge and new environment The review frequency shall be determined according to the risk control project and level Thirdly, the selection of quality risk assessment tools may select different risk assessment tools or methods for different risk projects or data A qualitative or quantitative assessment process is applied to determine the likelihood and severity of the risk The results of risk assessment can be expressed as the overall risk value, for example: quantitative expression as specific figures, such as 0 to 100; or qualitative expression as the risk range, such as high, medium and low This paper introduces several common risk assessment tools: 1 Common statistical tools, used to collect or organize data, build project management, etc., including flow chart, graphic analysis, fishbone chart, checklist, etc For example: Pareto Diagram 2 these technical analysis data can be used to summarize data, analyze trends, etc., to help complete risk management of uncomplicated quality deviation, complaint, defect, etc 2 Risk ranking and filtering (RRF) This method is to arrange and compare the risk factors, make multiple quantitative and qualitative evaluation for each risk factor, weigh the factors and determine the risk score The risk assessment can use the classification of "low / medium / high" or "1 / 2 / 3" and simple matrix The matrix RRF is suitable for qualitative and quantitative analysis of events 3 Preliminary hazard analysis (PHA) PHA is used to apply experience and knowledge to analyze hazards and failures before they occur, so as to determine possible hazards or failures in the future This method is based on the development of risk matrix under given conditions, including: ■ definition and arrangement of severity: serious, major, minor, negligible; ■ definition and arrangement of frequency (possibility): frequent, possible, occasional, rare; ■ level and definition of risk: high: this risk must be reduced; Medium: this risk must be appropriately reduced to the lowest possible level; low: consider revenue and expenditure, and reduce to the lowest possible level; small: generally acceptable risk PHA is often used to evaluate potential defects in the early design stage of products, processes, plant facilities, etc 4 Failure mode effect analysis and evaluation of potential failure modes and their impact on product performance or results Once the failure mode is determined, risk reduction can be applied to eliminate, reduce or control potential failures FMEA tools rely on in-depth understanding of products and processes to determine the corresponding risk score for each failure mode Examples of FMEA ranking criteria and failure scores (see table) severity × possibility × measurability = risk score 5 Hazard analysis and critical control points (HACCP) There are seven steps in HACCP, and the application of this tool should be based on a deep understanding of the process or product a) List the potential hazards of each step of the process, conduct hazard analysis and control; b) determine the main control points (CCPs); c) establish acceptable limits for the main control points; d) establish monitoring system for the main control points; E) determine the correct actions in case of deviation; F) establish a system to ensure that the HACCP is effectively implemented; g) determine that the established system is continuously maintained HACCP is used for hazard analysis of physical and chemical properties of products The control points can be correctly determined only when there is a comprehensive understanding of products and processes The output results can be extended to different product life cycle stages 6 Fault tree analysis (FTA) Fat is a method to analyze the possible causes of negligence Fat combined with a variety of possible assumptions of the cause of negligence, based on the understanding of the process to make a correct judgment The basic graph FTA is used to establish the path to find the cause of fault, and it is an effective tool to evaluate multiple factors in the complex process 4、 Case study of quality risk management: applying the method of quality risk management to determine the calibration cycle of instruments and equipment step 1 risk identification to determine the risk problem: according to the situation of instruments and equipment, how to determine the calibration cycle of instruments and equipment? Collect information: historical verification record; current verification cycle; deviation report and other relevant information; whether to affect the released products, etc Step 2 risk analysis select risk assessment tool this case applies failure mode effect analysis (FMEA) to identify potential failure modes and score the frequency, severity and measurability of risk occurrence (see table I, Table II and table III) Table I: frequency of instrument and equipment calibration failure step 3 risk assessment identification, analysis and evaluation of potential risks From the perspective of frequency, severity and measurability, determine the impact of instrument and equipment calibration failure: synthesize and decompose all relevant parameters according to the standards in table I-III above Table IV: quality risk assessment case table V: the level standard of failure mode effect analysis and the level standard and failure assignment of failure mode effect analysis applying the three-point system Use the numbers 1, 2 and 3 to assign low, medium and high risks respectively Each criterion (frequency, severity, measurability) will have a corresponding number as the risk score The failure risk score is the product of each standard score For example: occurrence frequency × severity × measurability = risk score step 4; risk reduction step 5; risk acceptance: the probability, severity and measurability of instrument and equipment calibration failure are evaluated and agreed respectively, that is, the risk acceptance standard can be defined The failure mode effect analysis (FMEA) is used to determine the risk level and complete the comprehensive risk assessment Step 6 risk communication and review ● document and approval: update equipment calibration procedures and obtain approval ● communication: complete the discussion and training of relevant personnel ● risk audit of new cycle: monitor any deviation during equipment calibration and use, if there is deviation or additional equipment