Courtesy of Getty Images
Fundamental Principles, Design Criteria, Outline of Process
Note: The views expressed in this paper are those of the authors, and should not be taken to represent the views of the Irish Medicines Board.
Risk-based Qualification, Validation, and Change Control - Opportunities for Improvement
In the European Union (EU), the Good Manufacturing Practice (GMP) requirements place specific obligations on manufacturers of medicinal products to implement risk-based qualification, validation, and change control programmes. 1, 2, 3
Annex 15 to the EU Guide to GMP titled, “Qualification and Validation,” requires:
- That a risk assessment approach be used to determine the scope and extent of validation. (Note: Within the EU GMP and others, the term, ‘validation,’ is generally understood to encompass qualification as well as validation activities.)
- That risk analysis be employed when assessing the likely impact of changes.
How these GMP requirements are met has been the subject of much discussion between Regulators and Industry in recent years, and as a Regulatory Agency, the Irish Medicines Board has received numerous requests from Industry for guidance in this area.
From the authors’ experience as a GMP Inspector, it is evident that risk factors are often taken into account when designing qualification and validation programmes, and when processing change control proposals. However, as mentioned in the International Conference on Harmonization (ICH) Guideline on Quality Risk Management, ICH Q9,4 the use of risk management in the Pharmaceutical Industry has, to date, been limited, and the full benefits of risk management, as a valuable component within a quality system, have yet to be realised.
Despite ever-increasing qualification and validation costs, as described in publications of the International Society of Pharmaceutical Engineering (ISPE) and others,5-7 there is evidence that defective and non-compliant medicinal products continue to be manufactured and released. These often result in product recalls being required to protect patients and users of medicinal products.8, 9 As discussed in ISPE’s White Paper on Risk-Based Qualification for the 21st Century,5 current qualification practices, for example, are often document-intensive, expensive, and time-consuming, but do not necessarily add value, or lead to clear patient risk-mitigation strategies or process understanding. Likewise, validation activities sometimes do not adequately address the critical aspects of processes.10 In the area of change control, proposed changes often involve substantial capital expenditure and large project teams, but sometimes important risks introduced by the change are not identified. Therefore, it is likely that the use of more formalised and scientific approaches to risk management may prove beneficial within GMP environments.
A Risk Management Solution for GMP and Regulatory Compliance Environments
There are many formal risk management tools available, such as Fault Tree Analysis,11 Failure Modes and Effects Analysis (FMEA),12 and Hazard Analysis and Critical Control Points (HACCP).13 However, most were not specifically designed for GMP applications, much less as solutions for facilitating risk-based qualification, validation, and change control activities within GMP environments. As a result, a degree of design modification is often required before an existing tool may be used for these activities. Of the tools which are GMP-specific, such as the approaches developed by ISPE14 and GAMP,15 their focus tends to be somewhat narrow, being tailored for equipment and systems qualification and computerised systems validation, respectively. As a result, the day-to-day practicalities of how to apply GMP risk management more broadly remain somewhat under-developed.
In addition, few if any, of the available tools were designed as complete, documented, and ready-to-use risk management methodologies that address all of the components of risk management and have been accepted via ICH Q9 as important. These are as follows: risk assessment, risk control, risk communication and risk review. As a result, a further degree of modification is often required before any of the existing risk management tools may be used as a complete risk management solution.
In response to the requests received by the Irish Medicines Board from Industry for guidance in the interpretation of the risk-related requirements of Annex 15 to the EU GMP Guide, and as part of our efforts to better understand how risk management may be used in practice, the Irish Medicines Board has developed a practical risk management methodology, or tool, designed specifically as a means of addressing those Annex 15 requirements. As part of this work, a series of practical case studies have been developed on the use of this tool, in order to show how the tool works in practice. This risk management solution is designed so that it provides a complete and documented means of addressing all of the aforementioned components of risk management.
In this series of papers, in two parts, this risk management methodology is described. In Part I, the principles underlying this approach are given, and the design criteria used for development of the risk management tool are outlined. The tool uses a documented ten-step process, also described in Part I. In Part II, the scope and structure of the risk management tool are described, and some of the limitations of this tool are given. An outline of some of the principle findings made to date with this tool is also given in Part II. (It is emphasised that this work is not intended to place any specific regulatory obligations on manufacturers, nor is the risk management solution presented here being promoted in any way as a tool that should be used by Industry. This work simply demonstrates how GMP risk management may be applied in practice.)
Is this Risk Management Solution Intended to Replace other Available Tools?
It is not the intent of this work to replace other available tools; existing tools are valuable in their own right. The risk management methodology described here was designed for a specific purpose - to facilitate risk-based and patient-focused qualification, validation, and change control activities. This tool focuses on evaluating how GMP controls, both current and proposed, lead to mitigation and control of the risks identified, and on the qualification and validation status of such controls.
Importantly, this work does not seek to “reinvent the wheel,” and during the technical development of this risk management solution, some of the useful features and concepts behind other risk management tools and approaches were adopted or taken into account. For example:
- FMEA and FMECA
This risk management solution draws upon some features of FMEA and FMECA,16 in that it recognises the value in assigning Probability, Severity, and Detection ratings during risk asssessment work, and in re-assessing these ratings following risk control strategies. It also recognises the value in breaking down the item under study into manageable components for individual assessment.
However, the approach developed here handles risk detection in a markedly different way. Here, detection controls are considered and evaluated after the risk has been estimated, not before, and significantly, this tool requires a formal and critical evaluation of any detection controls that are in place, in order to determine whether these controls actually give assurance that the risk is adequately controlled and that no further controls are required.
This approach also classifies GMP controls differently, and this impacts upon how risks are generally estimated and controlled. This tool requires one to address qualification and validation issues for current controls as well as for new controls, even when the related risk is deemed acceptable with current controls. Also, this approach does not make use of FMEA’s ‘Risk Priority Number’ concept, and ‘Failure Mode’ terminology is not used.
This risk management solution draws upon some concepts of HACCP, in that it recognises the value in prevention rather than detection, and the value in determining critical control points, their related limits, and target levels. HACCP also provides a comprehensive and documented approach for practical risk management exercises.
However, HACCP-based applications do not normally offer a clear, formal process for characterising or differentiating (by either qualitative or quantitative means) the risks posed by a potential hazard, and the HACCP requirement to pre-define corrective actions for situations when Critical Control Points (CCP) limits have been exceeded is not used here. Rather, this solution provides a formal means of assessing individual risks, and it focuses on identifying and implementing GMP controls which give assurance, via qualification and validation, that such risks are either reduced to an acceptable level or controlled to an acceptable level.
- The GAMP 4 Risk Assessment Process
This risk management solution draws upon some features of the GAMP 4 Risk Assessment process, in that it recognises the value in estimating risks on the basis of likelihood and severity considerations only, not on detection factors, and the value in using the risk assessment process to help focus validation activities and to assess change control proposals. Also, the GAMP process considers the complexity and degree of customisation of the item under study when determining how much rigor to apply during the risk management process.
However, the approach described here deals with risk detection in a different way, as it does not allow users to automatically assign risk priorities simply on the basis of detection ratings.
- The ISPE Impact Assessment Process
This risk management solution draws upon some features of the ISPE Impact Assessment process, as described in ISPE’s Baseline Guide on Commissioning and Validation, in that it recognises the value in using structured and systematic techniques to determine critical components of systems on an “impact” basis, with respect to product quality. It also recognises the value in focusing qualification activities on those critical components.
However, the approach described here addresses additional items, such as the risks presented when equipment and system faults occur, as well as risk control, communication, and review activities.
The Fundamental Principles Underlying this Risk Management Solution
A number of key principles underlie the design of this risk management solution. These were considered fundamental to this application of risk management in GMP and Regulatory Compliance environments, and are shown in Figure 1.
Figure 1: Principles Underlying this Risk Management Solution
|1.||That the scope and extent of qualification and validation, and the likely impact of changes, should be determined and managed on a risk basis.|
|2.||That risk is the combination of the probability of ocurrence of harm and the severity of that harm, and that harm is considered to be damage to health, including the damage that can occur from loss of product quality or availability.|
|3.||That as a minimum, risk management contains the following four components: risk assessment, risk control, risk communication, and risk review, as defined and described in ICH Q9.|
|4.||That a consideration of “what might go wrong” is fundamental to the risk management exercise.|
|5.||That there may be some risks that cannot be eliminated or reduced to an acceptable level with current or realistic controls or resources, but that may be controlled to an acceptable level with improved detection or other measures, as determined on a case-by-case basis.|
|6.||That risk management is not an exact science and, while a scientific approach should form the basis of the risk management process, there may be uncertainties associated with the outcome of the risk management exercise.|
|7.||That risk may be assessed qualitatively as well as quantitatively, and that a good qualitative assessment of risk may be more valid than a poor quantitative assessment.|
|8.||That the main stakeholders associated with the application of risk management within GMP and Regulatory Compliance environments are patients and users of medicines, including healthcare professionals, as well as Industry and Regulators, and that, while the concerns of all involved stakeholders should be taken into account in any risk management exercise, protection of the patient is of prime importance, and therefore, risk management should ultimately link to the protection of the patient.|
|9.||That, in GMP environments, a high detectability of risk does not necessarily mean that the risk is eliminated or adequately controlled.|
|10.||That the implementation of risk control measures could, in itself, inadvertently introduce new risks, which will need to be managed.|
|11.||That performing risk management exercises can be improved through the use of multi-disciplinary teams.|
|12.||That a formal risk management process may not always be necessary or appropriate in all situations, and that the level of effort, rigor, formality, and documentation associated with the risk management process should be commensurate with the complexity and/or criticality of the issue being addressed.|
These principles were based primarily upon the guidance of ICH Q9, on the current EU GMP requirements, and on the ISO 14971:2000 Standard, on the application of risk management for medical devices.17 The authors’ own experiences in using other risk management tools, and a broad review of risk management-related publications also provided insight on key issues.
As is evident, the Principles noted in Figure 1 are largely self-explanatory. The following notes provide some background and explanatory information relating to each:
- Principle 1 is based on Annex 15 (Qualification and Validation) to the EU GMP Guide.1 It implies that, before validation master plans and qualification and validation protocols are finalised, risks associated with the items under study should be considered, resulting in the identification of risk-based critical parameters requiring qualification or validation. This Principle also implies that, before change control proposals are approved, the potential risks presented by the change should be identified and a strategy determined for managing such risks.
- Principles 2, 3, and 4 reflect the guidance presented in ICH Q9 and other publications, such as ISO/IEC Guide No. 73, titled, “Risk Management - Vocabulary - Guidelines for Use in Standards.” 18 The inclusion of loss of product availability in the definition of harm is considered important in GMP risk management activities, because the loss of product availability may adversely impact not only business, but also patients and users of medicinal products.
- Principle 5 reflects the author’s experience in applying risk management principles and tools to GMP situations - that sometimes, the probability of occurrence of harm, or the severity of that harm, just cannot be reduced to levels that render the risk acceptable with current or realistic resources, but that such risks can be controlled to an acceptable level by means of detection or other risk-control measures.
- Principles 6 and 7 recognise that risk can be difficult to quantify, and that there may be uncertainties in the outcome of any risk management exercise. As discussed in ICH Q9, for example, different stakeholders may perceive different potential harms, or place a different probability on the occurrence of each harm, or assign different severities to each harm, and this can lead to uncertainty. This principle implies that the risk management solution should be able to address such difficulties and uncertainties. (The papers 19-22, detailed in the References section, provide useful information in this regard.)
- Principle 8 requires that the risk management solution should help to formally identify who the stakeholders are for the item under study. This enables the concerns of those stakeholders to be taken into account and for appropriate definitions of severity to then be determined.
- Principle 9 is far reaching, and it renders this solution somewhat different to other risk management tools with respect to dealing with risk detectability. Here, users may not automatically conclude that a high detectability for a negative event or its effects means that a risk is acceptable or adequately controlled. For example, the ability to detect glass in filled and stoppered vials may sometimes be high, but this detection control does not mean that the vial filling and sealing process is under adequate GMP control if the incidence of glass in vials is relatively high.
- Principle 10, also based on ICH Q9, means that the risk management solution must formally be able to identify and manage any new risks that may be introduced as part of Risk Control activities. New risks can be introduced, for example, when a new Process Analytical Technology (PAT)-based sensor is installed in a drying vessel to monitor a parameter such as water content. The material housing the sensor may be incompatible with the contents of the dryer, or it may not be adequately robust, giving rise to a risk of product contamination.
- Principle 11 recognises the benefit of using multi-disciplinary teamwork when performing risk management, and is certainly not a new concept. Well established tools such as HACCP, as outlined by the Codex Alimentarius Commission, 23 require the use of multi-disciplinary teams.
- Finally, Principle 12, again reflecting ICH Q9, recognises that much of what we do within GMP environments is risk-based, even if we do not call it that. This is important, because often, there may be no need to use a formal risk management tool, when existing procedures may be adequate. This principle, in a subtle way, also recognises the fact that risk events can have multiple causes, with multiple associated risks, some less important that others. This can result in formal risk management activities becoming costly and quite labour-intensive exercises, and should, therefore, be targeted at the most complex or critical issues.
Design Criteria for this Risk Management Solution
During the design stage for this risk management solution, it was determined that the tool had to meet certain pre-defined criteria if it was going to serve its intended purpose: to facilitate risk-based qualification, validation, and change control activities.
These pre-defined criteria were as follows:
- That the tool should offer GMP and Regulatory Compliance environments a documented, scientific, practical, systematic, transparent and flexible solution for determining and managing, on a risk basis, the scope and extent of qualification and validation, and the likely impact of changes.
- That the tool should allow for the highest risks to be identified and prioritised for action.
- That the tool should be a readily usable and complete risk management solution, without requiring extensive modification before it may be used to address all of the required elements of risk management.
- That the tool should have wide applicability across GMP and Regulatory Compliance environments.
- That the tool should directly conform to each of the twelve aforementioned principles which were defined as being important for facilitating risk-based qualification, validation, and change control activities within GMP and Regulatory Compliance environments.
With the above design criteria in mind, a structured and systematic risk management process was developed. This comprises of ten discrete process steps, as outlined in Figure 2. A detailed, instructional worksheet has been developed, which facilitates each of the ten steps.This worksheet is used to document the risk management exercise, and to guide users through the actual risk management process. Detailed guidance on carrying out each of these ten steps is available in the Tool’s User Manual.
Figure 2: A Ten-Step Risk Management Process.
Step 1: Document Specific Information on the Risk Management Exercise Being Undertaken:
Step 2: Who's Who?- Define the Risk Management Team:
Step 3: Review the Default Definitions Provided for Negative Event Probability, Severity, and Detection:
Step 4: What Might Go Wrong? - Identify Potential Negative Events:
Step 5: Risk Evaluation - Is the Risk Acceptable, Unacceptable, or Intolerable?
Step 6: Risk Evaluation - Is the Risk Adequately Controlled
Step 7: Risk Control:
Step 8: Qualification and Validation:
Step 9: Action Items:
Step 10: Risk Communication and Continuous Improvement (Periodic Review) Activities:
This ten-step process, as outlined above, complements some of the points made in ISPE’s White Paper of 2005,5 which, while focused only on equipment and facility qualification, made a number of very useful recommendations on ways to achieve true risk-based qualification. One was that risk assessments, process development, and experimental design should be used to identify critical features, functions, and critical process parameters, and that qualification efforts should be process-based, and focused on the concept of risk-mitigation for patients. The risk management solution developed here offers a practical means for how this might be achieved.
While this risk management methodology provides a means by which risk management might be of use within GMP environments, at the same time, it was designed to serve as a potential risk management solution for GMP regulators, for use within their own work activities. This is considered important, recognising the significant contribution made by ICH Q9 in promoting the use of risk management principles and tools by both parties. This aspect of the tool is explained in more detail in Part II of this paper.
In Part I of this paper, a risk management solution is described that is designed to facilitate risk-based qualification, validation, and change control activities within GMP and regulatory compliance environments in the EU. This solution is based upon a set of pre-defined, fundamental principles and design criteria, which were considered important. It offers a documented and ready-to-use ten-step process for determining and managing, on a risk basis, the scope and extent of qualification and validation, and the likely impact of changes.
This is a formal and rigorous approach to risk management. As such, it is designed so that its use should be commensurate with the complexity and/or criticality of the issue to be addressed. It is not intended for use in all situations, or to address all risk areas or concerns, and in many instances, in line with ICH Q9 principles, a more informal approach to risk management may be more appropriate, and indeed proportionate.
In Part II of this paper, the scope of this risk management solution is presented, and the structure of the tool and some of its key features are described. Some novel aspects relating to this risk management solution are also presented, and a number of limitations associated with this solution are discussed. Finally, an outline of the main findings made to date with using this tool is given.
Overall, this work seeks to demonstrate how risk management principles may be used in practical terms across a broad range of EU GMP and Regulatory Compliance environments. It is hoped that these efforts will serve to build upon the milestone that was ICH Q9, and the work done to date by FDA, ISPE, GAMP and many others in promoting true risk-based qualification, validation and change control activities.
- The Rules Governing Medicinal Products in the European Community, Volume IV, published by the European Commission.
- European Commission Directive 2003/94/EC of 8 October 2003 laying down the Principles and Guidelines of Good Manufacturing Practice in respect of Medicinal Products for Human Use and Investigational Medicinal Products for Human Use, Official Journal of the European Union L262, 14/10/2003.
- European Commission Directive 91/412/EEC of 23 July 1991 laying down the Principles and Guidelines of Good Manufacturing Practice for Medicinal Products for Veterinary Use, Official Journal of the European Union L228, 17/08/1991.
- ICH Q9 - Quality Risk Management, at Step 4 of the ICH Process, November 9th, 2005.
- ‘A White Paper on Risk-Based Qualification for the 21st Century,’ ISPE’s Qualification Task Team Steering Committee, ISPE 9 March 2005
- G. C. Wrigley, ‘Strategies for Minimising Validation Costs,’ Journal of Validation Technology, Vol. 10, Issue 3, 2004.
- Proceedings of the conference titled “Reducing Validation Costs,” Dublin Institute of Technology, Dublin, Ireland, 9 September, 2004.
- For information in this regard, see the quality defect and recall sections of the Irish Medicines Board Annual Reports for 2003 and 2004
- For information on recalls which have occurred in the UK over recent years, see the Drug Alerts section of the website of the UK Medicines and Healthcare Products Regulatory Agency
- For information in this regard, see the presentations from the Irish Medicines Board Inspectorate Information Days of 27 September 2002 and 15 October 2004, available from the IMB upon request.
- IEC 61025 - Fault Tree Analysis.
- IEC 60812 - Analysis Techniques for System Reliability - Procedures for Failure Mode and Effects Analysis (FMEA).
- WHO Technical Report Series No. 908, 2003, Annex 7, Application of Hazard Analysis and Critical Control Point (HACCP) methodology to pharmaceuticals.
- ISPE Baseline Pharmaceutical Engineering Guide, Volume 5, ‘Commissioning and Validation,’ March 2001.
- GAMP 4 Guide, ‘Validation of Automated Systems,’ December 2001.
- Military Standard No. MIL-STD-1629A, Procedures for Performing a Failure Mode, Effects, and Criticality Analysis (FMECA), U.S. Department of Defense, Washington, DC, 24 November, 1980.
- ISO 14971:2000, ‘Medical Devices - Application of Risk Management to Medical Devices,’ December 2000.
- ISO/IEC Guide 73:2002, ‘Risk Management - Vocabulary - Guidelines for Use in Standards.’
- D. W. Vincent and B. Honeck, Risk Management Analysis Techniques for Validation Programs,’ Journal of Validation Technology, Vol. 10, Issue 3, 2004.
- For example, see EMEA Public Statement of 18 October 2005 on the risk of inhibitor development for Factor VIII recombinant products
- E. C. Tidswell, ‘Risk Profiling Pharmaceutical Manufacturing Processes’, European Journal of Parenteral and Pharmaceutical Sciences 2004; 9 (2):49-55.
- M. G. Morgan, ‘Risk Analysis and Management’, Scientific American, July 1993.
- Recommended International Code of Practice: General Principles of Food Hygiene Cac/rcp 1-1969, rev. 3-1997, amd., (1999). [Note: This document is from the Codex Alimentarius Commission and the FAO/WHO Food Standards Programme.]