Quality Management System & Risk Management Management System & Risk Management EUDIPHARM ... ICH Q9...

1 Rabia BERTHIER-MARSOU

Quality Management System & Risk Management

EUDIPHARM

5th December 2011

2

Rabia BERTHIER-MARSOU

Content

Quality Management System (QMS)

Risk Management System (RMS)

Quality Risk Management (QRM) - ICH Q9

QRM application – Examples Computerised System Validations

Audits

Conclusion

3



What is the QMS?

QMS is an essential function in any successful organization leading to improve profits, reduce costs, and to provide competitive advantages

QMS includes Quality System and Quality Control

QMS background Summary:

1st emerged out of the Industrial Revolution (From the 18th to the 19th century)

Previously goods had been mainly made from start to finish by the same person

Mass production (e.g. flow production, repetitive flow production, etc.) brought huge teams of people together to work on specific stages of production to meet ‘quality criteria’

In the late 19th it was recognized the limitations of the methods being used in mass production

Quality Departments established to oversee the quality of production and rectifying of errors and quality was implemented by inspection of product output to 'catch' defects.

Quality, as a profession and the managerial process associated with the quality function, was introduced during the second-half of the 20th century,

Over this period, few other disciplines have seen as many changes as the quality profession

http://en.wikipedia.org/wiki/Industrial_Revolution

4



Quality control activities were predominant in the 1940s, 1950s, and 1960s

The 1970s were an era of quality engineering

Since at least 1983 Quality System for medical have been internationally recognized as a way to assure product safety and efficacy and customer satisfaction

FDA documented design defects in medical devices that contributed to recalls from 1983 to 1989 that would have been prevented if Quality Systems had been in place

In 1990s quality systems recognised as an emerging field (e.g. medicine).

In 1996, FDA identified the essential elements that a quality system shall embody for design, production and distribution (e.g. personnel training and qualification; traceability

at all stages of production; monitoring non conforming product; instituting corrective and preventive action when errors occur; records; etc.)

In 2010 Update of Pharmacovigilance EU legislation to recognise the QMS as a tool of the patient safety protection

...From QMS to Quality Risk Management

http://en.wikipedia.org/wiki/Quality_control

http://en.wikipedia.org/wiki/Medicine

5


Risk Management System (RMS)

What is the RMS ?

RMS is process of the risk identification, confirmation, characterization, communication and its minimisation. The risk is defined as the combination of the probability of occurrence of harm and the severity of that harm

RMS includes four steps:

- Risk detection

- Risk assessment

- Risk minimization

- Risk communication

Where the RMS is utilised ?

Risk management principles are utilized in many areas of business and government including but not limited to:

- Finance

- insurance

- Public Health: Pharmaceutical industry (Pharmacovigilance, QMS, etc.)

6



What is the QRM ?

Systematic process

designed to

coordinate, facilitate and improve

science-based decision making

with respect to risk to quality

7



What is the QRM ?

Risk Review

R i s

k C

o m

m u

n i c

a t i

o n

Risk Assessment

Risk Evaluation unacceptable

Risk Control

Risk Analysis

Risk Reduction

Risk Identification

Review Events

Risk Acceptance

Initiate QRM Process

Output / Result of the QRM Process

R i s k M

a n a g e m

e n t t o o l s

Team approach

8



Risk Assessment: 3 fundamental questions

Risk Evaluation

Risk Analysis

Risk Identification


What might go wrong?

What is the likelihood

(probability)

it will go wrong??

What are the

Consequences (severity)?

9


Risk Reduction

Risk Acceptance


Risk Control: Decision making


How to treat/Ovoid

(minimisation)?

What the level of risk

to be taken

(benefit/Risk balance)?

10



Risk Communication

Initiate

QRM Process

Industry - Submissions

Regulators - Reviews

- Inspections

Communication Trust/Understanding

11



What are the Principles of QRM ?

Two primary principles:

The risk evaluation should be based on scientific knowledge and ultimately link to the protection of the patient

The level of effort should be commensurate with the level of risk

12


QRM application - Examples

Computerised System Validation

Type Level Description

Severity High Lost of the product traceability

Shipment of non conform products

Severity Medium Manufacturing / Consumption of non conform products

Lost of the internal traceability

Purchased items management not controlled

Operations management not controlled

Lack of proof for the realized operations

Responsibilities management not controlled

Severity Low minor regulatory impact


Occurrenc

e

High Functionality is used every day and gives multiple actions.

Functionality is used several times in a day.

Occurrenc

e

Medium Functionality is used every day and gives a single action.

Functionality is used at least one time per week.

Occurrenc

e

Low Functionality is used only one time per month.


Detection Low No control, checking or system security

Detection Medium Organizational control (SOP or SOP associated to control system)

Detection High Control, checking and system security

13



Computerised System Validation

High and Medium impact: stress tests

Low or No impact: users tests

14



– Audits: Audit program

List of candidates to be audited

Method combining the risk estimation for several risk factors: -Organisation (knowledge of the site/actors, change in organisation, issue on organisation)

-Previous audit (date of last previous audit)

-Previous inspection (date of last previous inspection)

-Previous audit / inspection outcome

-Compliance (audit and/or process review, metrics, feedback from the field)

-Business (turn over or contribution to business)

-Regulatory / pharmaceutical impact (Regulatory activities, Reporter, Co-reporter location / Type of procedure)

-Contract (MAH, date of the end of the contract)

15




Risk factor (i.e. triggers) R Site

R1 Organisation Knowledge of the site organisation

1 No issue/change in organisation

2 Minor change/issue in organisation

3 Major change/issue in organisation or unknown

R2 Previous audit received Previous audit received

1 ≤ 1 year

2 ]1-2] years or ≤ 1 partial scope

3 ]2-3] years or [1-2] partial scope

4 never or > 3 years

R3 Previous inspection Previous inspection

1 ≤ 1 year

2 ]1-2] years or ≤ 1 partial scope

3 ]2-3] years or [1-2] partial scope

4 never or > 3 years

R4 Previous audit / inspection outcome Previous audit / inspection outcome

1 0 critical finding and [0-10[ major findings

2 0 critical finding and [10-20[ major findings

3 ≥ 1 critical finding or ≥ 20 major findings

16




Risk factor (i.e. triggers) R Site

R5 Compliance GxP KPI or Process/Audit review (if several data, consider worse case)

1 KPI> 95% / Few other non-compliance

2 KPI=[85-95[ / Several other non-compliance

3 KPI=[80-85[ or partial KPI data / major non-compliance

4 KPI < 80% or Critical non-compliance or Unknown data

R6 Business Turn over or Budget or % contribution to overall SPMSD activity/project

1 < 5% or low

2 [5-20]% or medium

3 > 20% or high

R7 Regulatory or Pharmaceutical Impact Impact of the site for SPMSD pharmaceutical status / reliability of regulatory data

1 low

2 supportive

3 pivotal

R8 Contract Contract

1 if SPMSD not MAH

2 if SPMSD MAH

17




List of the candidates to be identified

For each candidate the value of the 8 risk factors is to be assessed: -R1 Organisation

-R2 Previous audit received

-R3 Previous inspection

-R4 Previous audit / inspection outcome

-R5 Compliance

-R6 Business

-R7 Regulatory or pharmaceutical impact

-R8 Contract

18



By multiplying together all the risk factors, a score for each candidate is obtained: R1 * R2 * R3 * R4 * R5 * R6 * R7 * R8 = score

For obtaining the percentile as a percentage of maximum risk, the score is divided by the sum of all scores of a process and multiplying by 100.

Assignment of rank:

The ranks are assigned in inverse order based on increasing percentile. The more a candidate has a high percentile, the more it will have a rank low. The rank number 1 is attributed to the candidate with the greatest percentile.

The column priorities:

-The numbers 1 or 2 are attributed: – Priority 1: should be part of the audit program correspond to smaller

ranks.

– Priority 2: can be part of the audit program (depending on the budget & resources).

19



Audits: Findings Grading

Critical finding: A critical audit finding is a serious deviation in system practices or processes that:

-directly compromises the assurance of product quality, and or,

-represents a serious violation of applicable legislation and guidelines,

-adversely affects the rights, safety or well-being of patients or that poses a potential risk to public health and or,

-adversely affects the quality and integrity of data, documentation, or other materials or information addressed in the audi

-a missing Quality system is a critical audit finding.

Immediate Corrective action by auditee is required. A critical observation may require to stop the concerned process until corrective actions have been effectively implemented.

20




Major finding: A major audit finding is a deviation in system practices or processes that:

-might compromise the assurance of product quality, and or,

-has or may produce a product, which does not comply with its marketing authorisation,

-represents a violation of applicable legislation and guidelines,

-might adversely affect the rights, safety or well-being of patients or that might pose a potential risk to public health and or,

-might adversely affect the quality and integrity of data, documentation, or other materials or information addressed in the audit.

Prompt Corrective Action by auditee is required.

21




Other finding: Deviation, which cannot be classified as either critical or major, but which indicates a deviation from good practices. This deviation is not yet serious but could become a problem if not corrected in a timely manner. Corrective action by auditee is required. A combination of several “other” deficiencies, none of which on their own may be major, but which may together represent a major deficiency and should be explained and reported as such.

Remark: Advice to attract the attention of the auditee towards possible risks and possible or desirable improvements.

22


Conclusion

It is not always necessary to use formal risk management tools in a QRM process, however in the right circumstances

they can be very powerful

Quality Management System & Risk Management Management System & Risk Management EUDIPHARM ... ICH Q9...

Documents

Transcript of Quality Management System & Risk Management Management System & Risk Management EUDIPHARM ... ICH Q9...