Embed Size (px)
Citation preview
1
An Introduction to Risk Management
Moshe Ben Yitzhak, MBA, MSCGMP Solutions, Inc.
2
Learning Objectives
ICH Q9 What are the basics of Risk? Risk Tools Principles of Risk Management
3
Learning Objective #1ICH Q9
4
What is ICH Q9? Developed by the Expert Working Group of ICH
for Technical Requirements for Registration of Pharmaceuticals for Human Use
Issued as a Guidance document June 2006.
5
What is ICH Q9? What does Guidance mean?
Represents FDA's current thinking on a topic. It does not create any rights for a company & does not
bind FDA. An alternative approach can be used if it satisfies the
requirements of the applicable statutes and regulations. If you want to discuss an alternative approach, contact
the FDA staff responsible for implementing the guidance.
6
Why Risk Management?
FDA considers risk management practices to be inadequate.
Effective quality risk management can: Control potential quality issues Improve decision making Facilitate better and more informed decisions Provide regulators with greater assurance of a
company’s ability to deal with potential risks
7
Risk & the perception of Risk
Risk Management is the use of the available information to identify hazards & to estimate risk.
Different stakeholders perceive risk differently. Who are the stakeholders?
Risk = Probability of harm * Severity of harm * Exposure
נזק = * * חשיפת נזק חומרת נזק ההסתברות סיכון
8
Figure 1.1: Stakeholders
ThePatient
The FirmThe MedicalCommunity
FDA
HealthcareIndustry
The Firm’s Partners& Investors
PatientAdvocacy Grps.
Society
Patient’s Family
9
Why Q9, continued Use of a drug product always entails some risk Manufacturing a drug product always entails some risk
FDA expects firms to manage the risks associated with manufacturing
Product quality should be maintained throughout the product life cycle
ICH Q9 uses a life-cycle approach What is a product life cycle?
10
Figure 1.2: Drug Product Lifecycle
Phase of FDASubmissions
Phase ofDevelopment
Time Required(Years)
Early research& preclinical
ChemicalSynthesis
PreclinicalTesting &
Pharmacology
Toxicology
5.8 7.4
Phase IClinical
Phase IIClinical
Phase IIIClinical
Supplementaryreporting &
review
1.5
Approval
Supplementalreporting
Phase III(continued)
Phase IVPost-
marketing
NDASubmission
IND Filing30-day wait
11
ICH Q9, continued
Q9 proposes that firms use a “Systematic Approach” consisting of: Formalized policies, procedures, tools & models Support from senior management
What does this entail? RMP should be used daily for decision-making!
12
ICH Q9, continued
RMP should be used daily for decision-making! Change Control Writing new Master Batch Records (MBRs)
Revising existing MBRs Evaluating CAPAs for Deviation and OOS investigations.
13
Figure 1.3: Risk Management Process(GAMP 5)
Initiate Quality RMP
Risk ID
RiskAnalysis
RiskEvaluation
RiskReduction
RiskAcceptance
Result of Quality RMP
ReviewEvents
Acceptable orUnacceptable
RiskAssessment
Risk Control
Risk Review
Risk CommunicationRisk Management Tools
Unacceptable
14
Learning Objective #2What are the basics of Risk?
15
What is Risk? Potential loss
Outcomes that make us worse-off An outcome that is not as good as another outcome
Chance Quantitative or Qualitative
Exposure How much of the risk am I exposed to? FDA is concerned about patients’ exposure!
Severity What is going to happen if the risk materializes?
הפוטנציאלי ההפסד מהו?שלנו
הסתברות
חשיפה
מדד חומרה
16
Risk Determinants
Control Information Time
Lack of control
Lack of timeLack of information
Figure 1.4: Basic Risk Determinants
17
Risk Determinants, cont.
Lack of control Natural environment Socio-cultural environment Political environment Competitive environment Internal environment Actions of individuals
As a manager, you can only control these
two!
18
Risk Determinants, cont.
Lack of information What do we need information about?
Risk Determinants, cont.What do we need information about?
API & Excipient Suppliers Alternate suppliers Regulatory status
Processing Equipment Types of equipment Capabilities of equipment
Testing instruments Types Sensitivity Calibration
Contract Manufacturing Organizations (CMOs)
Clinical Research Organizations (CROs)
Compendial changes USP EP JP
Regulatory Changes FDA EMA/IMOH
19
20
Risk Determinants, cont.
Lack of time to: Identify sources of information Gather information Analyze information Evaluate
Current operations Planned operations
Formulate information into meaningful controls
Can we “create”
time?
21
Learning Objective #3Some Basic Risk Tools
22
Risk Models Academic models and studies
MacCrimmon & Wehrung, 1986 Finkel & Golding, 1994 Davies, 1996 Haimes, 1998 Konisky, 1999 Morgan, 2002 Ayub, 2003
Industry standards ISO 14971:2007(E) Medical Devices – Application of risk
management GAMP 5 ICH Q9
23
Tools for Risk Management
Cause-&-Effect Analysis
Brainstorming Decision Trees Process Mapping /
Flowcharts Matrices
QFD Quality Function
Deployment FTA FMEA
Failure Mode & Effects Analysis
HACCP
24
Figure 1.5: Cause-and-Effect Diagram EM5 Model
Vessel #1
Approved APIs
Approved Excipients
Approved PKG & LBLQC
Pharm Eningeering
Operations
Validation Policies
Validation SOPs
Validation Approach
Manufacturing
Packaging
Surfaces
Air
Controlled Access In Process
Release
Stability
Water
Vessel #2
25
Figure 1.6:Brainstorming - how do we clean
equipment & facilities?
26
S tart/E n d P roces s
P roces s S u b rou tin es
D ecis ion P oin t
P roces s A ltern ate P roces s
M an u al O p eration
P roces s
D elay
D ecis ionP oin t
O ff-p ag e P roces s
S tart/E n d P roces s
Buy SmartDraw!- purchased copies print this document without a watermark .
Visit www.smartdraw.com or call 1-800-768-3729.
Figure 1.7Basic Flowchart Shapes
27
Table 1.1 Example of a Matrix(using risk rankings or weightings)
Criteria Factors-to-be-considered Points No. of APIs Score
I. Type of product being developed or transferred
A. Non-sterile solutions 1 1 2 ≥3
B. Non-sterile suspensions 2 1 2 ≥3
C. Semi-solids 3 1 2 ≥3
D. Solid dosage (tablets) 4 1 2 ≥3
E. Solid dosage (capsules) 5 1 2 ≥3
F. Solid dosage (lozenges) 6 1 2 ≥3
G. Drug coated patches 7 1 2 ≥3
H. Terminally sterilized products 8 1 2 ≥3
I. Injectable drug (aseptically produced) 9 1 2 ≥3
J. Injectable drug (aseptically produced and lyophilized) 10 1 2 ≥3
K. Implantable device with drug component(s) 11 1 2 ≥3
Criteria Factors-to-be-considered Points Weight Score
II. Non-API-related changes to components & composition
A. Changes are those that are unlikely to have any detectable impact on formulation quality and performance.
1Multiply by score from Section I
B. Changes are those that could have a significant impact on formulation quality and performance.
2 C. Changes are those that are likely to have a significant impact on formulation quality and performance.
3
28
The Problems with Tools
Examples relevant to the BioPharma industry are limited Companies do not publish many studies due to
confidentiality, regulatory risk, legal risk Not everyone knows how to use them Must be adapted to the industry
Some are very complex
Remember: if you only have a hammer, every problem looks like a nail.
29
Table No. 1.2: Failure Severity RatingEffect Severity
RatingCriteria
No effect 1 Failure would have no effect on the customer
Slight effect 2 Customer is dissatisfied; still uses product
Moderate effect 4 Customer complains
Significant effect 6 Customer declines further use
Major effect 8 Adverse event (patient gets sick)
Extreme effect 10 Serious adverse event (patient hospitalized or dies)
30
Table No. 1.3: Failure Occurrence RatingOccurrence Rating Failure
RateCriteria
Remote 1 1 in 10,000 Process deviation very unlikely
Very slight 2 1 in 4,000 Very few process deviations
Slight 3 1 in 2,000 Few process deviations
Low 4 1 in 400 Occasional process deviation
Medium 5 1 in 80 Moderate number of process deviations
Moderately high 6 1 in 20 Frequent process deviations
High 7 1 in 10 High number of process deviations
Very high 8 1 in 5 Very high number of process deviations
31
Table No. 1.5: Detection Rating (for failure modes)
Detection Ability
Rating Criteria for Controls in Place
Almost certain 1 Detection is certain; validated on-line PAT controls
Very high 2 Detection is likely; heavy use of inspection between & during process steps (with some automation)
High 3 Detection is very likely; validated lab methods
Moderately high 4 Moderate likelihood of detection; heavy use of inspection during process steps
Medium 5 Medium likelihood of detection; heavy use of inspection between process steps
Low 6 Low likelihood of detection; low usage of inspection and testing; inspections & tests are not optimal
Slight 7 Controls being concurrently validated
Very slight 8 Controls are experimental
Remote 9 Controls not aligned to critical quality attributes
Impossible 10 No controls in place
Calculating Risk
32
Severity Rating Occurrence Rate Detection RateSlight Effect (2) * Low (4) * Very high (2) = 16Extreme Effect (10) * Very High (5) * No controls (10) =
500
Need to use: flow charts, cause & effect diagrams, brainstorming & other tools to arrive at these ratings!
33
Learning Objective #4Principles of Risk Management
34
Principles of Risk Management
1. Risk management is a process that occurs throughout a product’s lifecycle Risks change as the product moves through the life cycle Our level of understanding increases along a learning
curve The level of control we can achieve varies with technology Who is privy to risk communication changes
35
Principles of RiskManagement, cont.
2. Safety-by-design is the preferred option for managing risks Is the design inherently safe?
Preclinical studies Clinical studies
Protective measures built into the manufacturing process Manufacturing Packaging
36
Principles of RiskManagement, cont.
3. Risk management models & tools must be modified to account for: The patients’ conditions (mild vs. moderate vs. severe) The dosage form (topical vs. tablet vs. injection) Maturity of the firm’s RMS
Have we used RM before? Can I use RM tools without a RM model?
Maturity of the firm’s Quality Management System Can I use a RMS without a QMS?
The firm’s culture Does senior management support it? Do employees need / want fundamental knowledge?
37
Principles of RiskManagement, cont.
4. Risk management is an iterative process. How often does it need to be done?
Annual Product Review? Change? Deviation Investigations? Project basis? sNDA?
How often it is done dictates what part of the organization does it, and the resources available.
Knowledge is transferable from one product to another
38
Principles of RiskManagement, cont.
5. Top management commitment is critical for effective risk management Without adequate resources, RM is ineffective Each company’s top management must also
establish a policy on how “acceptable” risks will be determined
RM is a process requiring periodic review & improvement
39
Principles of RiskManagement, cont.
Policies and procedures document the 5 essential questions: Who What When Where How
Training records
Where does that get documented? RMP for each significant
phase of development Supporting
communications
6. Risk management activities must be documented.
40
Thank you!Thank you!
41
Bibliography Akao, Yoji, ed. Quality Function Deployment Integrating Customer Requirements into Product Design,
Cambridge: Productivity Press, 1990, p. 27. Berry, Ira R. and Nash, Robert A., eds., Pharmaceutical Process Validation, 2nd ed., Marcel Dekker:
New York, 1993. Butler, Shawn A., Fischbeck, Paul, “Multi-Attribute Risk Assessment” Carnegie Mellon University. FDA, Guidance for Industry Q9 Quality Risk Management, GPO, June 2006. FDA, Guidance for Industry Quality Systems Approach to Pharmaceutical CGMP Regulations, GPO,
September 2006. FDA, Risk-Based Method for Prioritizing CGMP Inspections of Pharmaceutical Manufacturing Sites – A
Risk Ranking Model, GPO, September 2004. Frame, J. Davidson, Managing Risk in Organizations A Guide for Managers, Josey-Bass: San
Francisco, 2003. Franceschini, Fiorenzo, Advanced Quality Function Deployment, New York: St. Lucie Press, 2002. Gitlow, Oppenheim & Oppenheim, Quality Management: Tools and Methods for Improvement, 2nd ed.,
Irwin: Boston, 1995. Ishikawa, Kaoru, Guide to Quality Control, Quality Resources: White Plains, New York, 1982. ISPE, GAMP 4 Guide Validation of Automated Systems, ISPE: Orlando, Florida, 2001, Appendix M3,
p. 2. MacCrimmon, Kenneth R. and Wehrung, Donald A., Taking Risks the Management of Uncertainty, The
Free Press: New York, 1986. Project Management Institute, A Guide to the Project Management Body of Knowledge, 3rd edition,
Project Management Institute: Newtown Square, Pennsylvania, 2004. Russell, J.P., The Process Auditing Techniques Guide, Quality Press: Milwaukee, Wisconsin, 2003.
