Pharmaceutical industry groups suggest changes to ICH Q9

Posted on May 06, 2022 | By Joanne S. Eglovitch

Proposed revisions to the International Council for Harmonization (ICH) Q9 (R1) guideline on risk management should be better aligned with medical device quality risk standards as well as international standards. In addition, a company’s information technology (IT) program should be subject to the same level of risk controls as other areas of an organization, pharmaceutical industry representatives said in their comments on the update.

The European Medicines Agency (EMA) launched the call for comments when the ICH Q9 (R1) guidance was published in December 2021 (RELATED: ICH releases revised ICH Q9 guidance to improve risk assessmentsRegulatory guidanceJanuary 3, 2022).

The revision aims to update the original guideline, which is now 16 years old. an ICP business plan said the update aims to provide “more scientific and robust applications of quality risk management (QRM) principles” leading to “fewer quality defects and recalls” and lower costs to industry pharmaceutical.

The comment period closed on March 15, 2022 and the guidance is now at Step 3.

EMA received 15 public comments from stakeholders, with some saying the directive is a step in the right direction.

“The promotion of a scientific approach to risk management based on knowledge management according to Q10 is really appreciated. Such an approach requires an objective risk assessment,” said the European Compliance Academy (ECA) Foundation/European QP Association.

The International Society for Pharmaceutical Engineering (ISPE) expressed support for the guideline’s approach to quality risk management. “One of the stated objectives of ICH Q9(R1) is to develop the concept of ‘formality’ in quality risk management. The Principles of Quality Risk Management…correctly state that “the level of effort, formality and documentation of the QRM process should be commensurate with the level of risk”. Formality in quality risk management…also correctly indicates that QRM is not binary (formal vs informal) but rather a continuum from low to high.

There were, however, suggestions for improvement.

More alignment with medical device risk principles

AstraZeneca suggested that the directive be further aligned with the current risk management principles for medical devices which are incorporated in ISO 14971:2019 as well as the principles of the EU Medical Device Regulation (MDR) of 2017.

“Compared to the time of the original publication of ICH Q9, medical devices have become increasingly important for the manufacture and marketing of medicines. Relevant examples include drug delivery systems and digital medical devices used with drugs. As such, many manufacturers are now integrating medical device risk management practices into their pharmaceutical quality systems,” they wrote.

The company adds that the original ICH Q9 guideline was more in line with ISO14971:2000, and that the proposed revisions “do not take into account the changes that have taken place in medical device risk management over the years. intermediaries”.

Needs more alignment with ISO risk management standard

Along the same lines, the European Federation of Pharmaceutical Industries and Associations (EFPIA) suggested that the document be more consistent with the international risk management standard ISO Guide 73:2009, in particular regarding the definition of “uncertainty” in quality risk management as “lack of knowledge about risks.

“The timeliness of a review should encourage alignment with the language of ISO risk management standards, allowing companies to align with platform technology vendors’ risk management systems and other business partners,” the group said. The proposed definition of the level of uncertainty in risk management is not aligned with the standard’s risk management vocabulary.

Quality management principles should address IT

ECA and ISPE said QRM principles should also integrate IT operations. The guidelines called for these principles to be integrated into a company’s development program, facilities, equipment, packaging and labeling, and supply chain control, but not necessarily into IT.

In a joint comment, the groups wrote that “as part of quality risk management, IT and OT [operational technology] the robustness of the infrastructure as well as cybersecurity must also be taken into account. Today, a weak IT/OT infrastructure can severely compromise manufacturing, quality control, and supply chain processes as well as the overall business capability of the regulated organization. Experience has already shown the vital impact that such IT/OT infrastructure and IT systems can have on the operational capability of a pharmaceutical company.

The groups write that these topics “represent the Achilles’ heel of any regulated user organization.”

More clarification needed on levels of formality

Lonza Group AG said further clarification was needed on the formality levels of a risk management process. The guideline states that the higher the level of uncertainty afforded to a given risk management activity, the higher the levels of formality in the quality risk management approach.

The company said examples were needed for a combination of different factors and the importance of one factor over another.

“Less formality could be attributed to less effort,” the company said, and the industry needs examples that cover the spectrum of formality using a variety of factor combinations, preferably in matrix form. .


© 2022 Society of Regulatory Affairs Professionals.