Editor’s note: This is the first in a series of four blog posts on quality risk management and how you can stay on top of expected regulatory updates in 2023.
The start of a new year always brings a sense of proactivity; where you take time to look at some of your habits and plan to do better. Even though practices such as quality or compliance should be continuous activities, sometimes it feels right to use the new year as a “fresh start.” In this four-part blog series, I intend to discuss some key changes to the Quality Risk Management guidelines from the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH).
In industry, I would try to make it a beginning-year practice to look at any forward changing policies that could sneak up and derail the plans I had for my quality system. Of course, we all get surprises such as the 2020 guidance that was quickly publicized for testing requirements of nitrosamine impurities1, but long-planned change documents can also surprise those who don’t track the depth and breadth of all the regulatory body publications.
Change is coming
This year, the ICH is planning to release the final update for the Q9 Chapter on Quality Risk Management (QRM). We can expect this updated version in Q1 or Q2 of 20232; it has been in draft since November 2020. As a stroke of irony, the FDA called for manufacturers to adopt an enhanced risk management system3 in response to the infant formula supply crisis in 2022. So, with that in mind, there is a fresh responsibility to incorporate risk management into our quality systems, software and equipment.
Risk management, in general, is a systemic undertaking of examining a system for potential hazards and mitigating them with proactive tools and procedures.
In the review4 of the original publication, the ICH stated that “the benefits of QRM (quality risk management), as envisaged by ICH Q9, have not been fully realized…”
They go on to define a list4 of four areas of concern with current risk management programs that includes:
- High levels of subjectivity in risk assessments and in QRM outputs, leading to a lack of good science
- Challenges in the management of product availability risks, resulting in continued shortages of important medicines for patients
- A lack of understanding of what constitutes formality in QRM, and how to apply varying degrees of formality in QRM activities so that a better use of resources can be made
- A lack of clarity on what constitutes good risk-based decision-making
Risk assessment as a part of risk management
As someone who has crossed the line between software administrator and laboratory subject matter expert, I have been involved in various risk assessments for my own company’s benefit and in the benefit of customers’ companies over the years.
Utilization of risk assessments in purchasing decisions, during the installation, during an upgrade, and for procedure development for tasks such as data review, is a valuable task to complete.
In general, a risk assessment comes down to a list of actions that a user can undertake, and a score. Risk assessment scores are often based on the likelihood a user will perform the action combined with the severity of risk associated.
Additional score categories may or may not be helpful in assessing risk. For example, in very complex systems, for the purpose of meeting audit or review requirements, it might be critical to score the capability of a second or third party being able to find a risk-scored action performed in the past.
Scoring each action or feature allows for a risk control plan to be put into place and hopefully reduce the risk altogether.
High-risk activity: system installation and modification
In this first blog post in the series on risk management, the feature focus is on the integrated qualification tools in the Thermo Scientific Chromeleon Chromatography Data System (CDS).
No matter if someone is an administrator, a user, or a service professional, the ability to mitigate risk with tools built into a product is highly impactful to the usability of that product.
Along with system installation, the expansion of a system or the addition of more instruments is considered a high-risk activity that demands change control to plan, execute, and summarize the installation, operation and performance of the system. These planned activities can take years to complete without guidance, automated tools or an advanced skill set.
Chromeleon CDS comes with a complete set of automated tools and pre-configured reports to simplify installation qualification (IQ), operation qualification (OQ), and performance qualification (PQ) of both the software and instruments. A demonstration is provided in the videos linked here:
- Video: Chromeleon Installation Qualification
- Video: Chromeleon Operational Qualification
The availability of these tools can pay dividends toward the process of maintaining a quality system, and all of them are included in the base software.
Additional resources
- Chromeleon CDS Software: Built for Compliance
- Pharma and Biopharma Labs: Are You Audit Ready? 6 FAQs About Chromeleon
- Ease of Administration
- On-Demand Webinar Series: Built for Quality without compromise
- Blog post part 2: Quality Risk Management: Defining Responsibilities
- Blog post part 3: Quality Risk Management: Don’t Discard Standard Lab Practices
For initial installation of complex architecture, assistance with expansion, or other services, Thermo Fisher Scientific also offers a complete service offering. Services and support plans include transition services, implementation, training and validation.
Take-home message
For me, risk assessments have always been part of the quality experience, but perhaps not formally captured until I moved into a vendor role. Just like when industry adopted Kaizen and continual process improvements, I think the hard part is training yourself to structure the variables in the system and assess them prior to proposing solutions.
Do you see yourself conducting risk assessments in the near future? Is risk management planning part of your 2023 implementation vision? I’d love to connect about your quality pain points and feedback for software utilization in the laboratory. Leave a comment below.
Subscribe to the blog so you don’t miss the second installment on Risk Management in Q2 and subsequent posts in the series.
References
1 FDA/CDER resources page. Food and Drug Administration Web site. Accessed January 26, 2023
2 ICH resources page. International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH) Web Site. View the Work Plan (PDF). Accessed January 26, 2023.
3 FDA Statement. (2022, May 19). FDA Urges Drug Manufacturers to Develop Risk Management Plans to Promote a Stronger, Resilient Drug Supply Chain. (Press release)
4 ICH resources page. International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH) Web site (PDF) Accessed January 26, 2023.