ICH is the International Council for Harmonisation and deals with the harmanonization of technical requirements for pharmaceuticals for human use; among the different guidelines and regulations issued by ICH, in this article we will talk about ICH Q9 : Quality Risk Management.
ICH is an organization that since the early ’90s played a fundamental role in the pharmaceutical sector, and nowadays ICH guidelines are applied by a growing number of regulatory authorities. The mission of this organisation is well described in their website, where it is stated:
ICH’s mission is to achieve greater harmonisation worldwide to ensure that safe, effective and high quality medicines are developed, and registered and maintained in the most resource efficient manner whilst meeting high standards.
We have extensively been discussing about risk management for medical devices, from the main applicable standards (ISO 14971 and ISO/TR 24971) to the main risk management concept (for example the risk benefit analysis) and the main documentation associated to the risk management file (risk management plan, risk analysis report, traceability matrix).
In this article we want to focus on Quality Risk Management for the pharmaceutical sector.
ICH Q9 together with ICH Q8 and Q10 is one of the ICH Q-topics that pushes further the implementation of science based and risk based approaches to quality. The principle of the ICH Q9 and in general of Quality Risk Management is the following:
- The evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient; and
- The level of effort, formality and documentation of the Quality Risk Management process should be commensurate with the level of risk.
-
Risk Management Package€149,00
Quality Risk Management Process according to ICH Q9
What we call “Quality Risk Management” is a systematic process that ranges through the whole life cycle of the drug medicinal product and takes in consideration the assessment, control, communication and review of risks associated to medicinal products.
The model that is provided within the ICH Q9 guideline is reported in the scheme below and it does not substantially differ from the risk management process typically applied to the medical device sector.
There are in fact different phases related to risk assessment, risk control and risk review where, the risk assessment includes different steps such as:
- Risk Identification
- Risk Analysis
- Risk Evaluation
At the same time, the risk control steps are:
- Risk reduction
- Risk acceptance
Instead of repeating once again the concept we have been talking about when we discussed the risk management process for medical devices, we are going to focus more on specific concentp that have never been taking deeply in consideration before, specifically:
- The risk communication
- The risk review
Risk Communication
For risk communication is intended the sharing of information about risks between all the personnel involved in decision making activities. It is obviously possible to communicate at any stage of the risk management process and it might involve different stakeholders such as regulators and industry, industry and the patient, within a company, industry or regulatory authority, etc.
Risk Review
It is necessary to have, within the quality management system of the organization, a system that allows the systematic review of risk management. As it is clearly stated by the ICH Q9 guideline:
Once a quality risk management process has been initiated, that process should continue to be utilized for events that might impact the original quality risk management decision, whether these events are planned (e.g., results of product review, inspections, audits, change control) or unplanned (e.g., root cause from failure investigations, recall).
The frequency of the review of risk management shall be established and justified, based on different considerations. In the context of risk management review, it is also necessary to re-evaluate risk acceptance decisions and whether the level of risks previously defined as accepted are still acceptable or the risk profile has changed over time.
Integration of Risk Management into Quality & Regulatory Operations as per ICH Q9 guideline
Risk management process has the overall goal to support science-based decision making within an organisation. Obviously risk management as stand alone process is not sufficient to reach an acceptable level of regulatory compliance however effective quality risk management can facilitate better and more informed decisions, providing regulators with greater assurance of a company’s ability to deal with potential risks.
Training is an important point when dealing with quality risk management and an efficient training system needs to be implemented to ensure all the stakeholders are knowledgeable of risk management concepts.
The integration of quality risk management with all the other processes of the organization is essential. Risk management can be embedded to basically all the quality processes, such as training, management of deviations and quality defects, change management, and much more.
Conclusions
We have been discussing about quality risk management for the pharmaceutical sector according to ICH Q9 guideline. As we have already had the possibility to mention, risk management shall be consider a pillar of quality management system for any type of organisation working within a regulated environment.
Subscribe to 4EasyReg Newsletter
4EasyReg is an online platform dedicated to Regulatory matters within the medical device, information security and AI-Based business.
We offer a wide range of documentation kits to support your compliance efforts towards a wide range of standards and regulations, such as ISO 13485, EU MDR, ISO 27001, ISO 42001 and much more. . Specifically, in our webshop you will find:
- ISO 13485 Documentation / Compliance Kit
- ISO 27001 Documentation / Compliance Kit
- ISO 42001 Documentation / Compliance Kit
- FDA Cybersecurity Documentation
Within our sister platform QualityMedDev Academy, a wide range of online & self-paced training courses is available, such as for example:
- Complaint Handling and Vigilance Reporting
- Artificial Intelligence in Medical Device. Regulatory Requirements
- Unique Device Identification (UDI) Requirements according to EU MDR
- Clinical Evaluation Process According to EU MDR
- Medical Device SW Verification & Validation
- Risk Management for Medical Devices
- Usability Evaluation for Medical Devices
As one of the leading online platforms in the medical device sector, 4EasyReg offers extensive support for regulatory compliance. Our services cover a wide range of topics, from EU MDR & IVDR to ISO 13485, encompassing risk management, biocompatibility, usability, software verification and validation, and assistance in preparing technical documentation for MDR compliance.
Do not hesitate to subscribe to our Newsletter!
