Pharmaceutical industry groups suggest ICH Q9 changes

Farma Darya

Posted 06 May 2022 | By Joanne S. Eglovitch 

Pharmaceutical industry groups suggest ICH Q9 changes

The proposed revisions of the International Council of Harmonization’s (ICH) Q9 (R1) guideline on risk management should be better aligned with medical device quality risk standards as well as international standards. Further, a firm’s information technology (IT) program should be subject to the same level of risk controls as other areas within an organization, representatives of the pharmaceutical industry said in their comments on the update.
The European Medicines Agency (EMA) issued the call for comment in releasing the ICH Q9 (R1) guideline in December 2021 (RELATED: ICH releases revised ICH Q9 guideline to improve risk assessments, Regulatory Focus, 3 January 2022).
The revision is meant to update the original guideline, which is now 16 years old. An ICH  business plan said the update is meant to provide “more scientific and robust applications of quality risk management principles (QRM)” leading to “fewer quality defects and recalls” and reduced costs for the pharmaceutical industry.
The comment period closed on 15 March 2022, and the guideline is now at Step 3.
EMA received 15 public comments from stakeholders, with some saying the guideline is a step in the right direction.
“The promotion of a science-based approach to risk management relying on knowledge management according to Q10 is really appreciated.  Such an approach requires objective risk assessment,” said the European Compliance Academy (ECA) Foundation/European QP Association.
The International Society for Pharmaceutical Engineering (ISPE) voiced its support for the guideline’s approach to quality risk management. “One of the stated objectives of ICH Q9(R1) is to expand on the concept of ‘formality’ in Quality Risk Management. The Principles of Quality Risk Management … correctly states that ‘the level of effort, formality and documentation of the QRM process should be commensurate with the level of risk.’ Formality in Quality Risk Management … also correctly states that QRM is not binary (formal vs informal) but rather a continuum ranging from low to high.”
There were suggestions for improvement, however.
More alignment with medical device risk principles
AstraZeneca suggested the guideline should be more aligned with current risk management principles for medical devices that are embodied in the ISO 14971:2019 standard as well as the principles in the 2017 EU Medical Device Regulations (MDR).
“As compared to the time of original ICH Q9 publication, medical devices have become increasingly important to the manufacture and marketing of medicinal products. Relevant examples include drug delivery systems and digital medical devices used together medicines. As such, many manufacturers are now incorporating medical device risk management practices into their Pharmaceutical Quality Systems,” they wrote.
The company adds that the original ICH Q9 guideline was more in alignment with ISO14971:2000, and that the proposed revisions “do not account for the changes that have taken place to medical device risk management over the intervening years.”
Needs more alignment with ISO risk management standard
Along the same lines, the European Federation of Pharmaceutical Industries and Associations (EFPIA) suggested the document be more consistent with the international risk management standard ISO Guide 73:2009, especially concerning the guidance’s definition of “uncertainty” in quality risk management as the “lack of knowledge about risks.”
“The opportunity of a revision should encourage alignment with the language of the ISO Risk Management Standards, thereby enabling companies to align with the risk management systems of platform technology providers and other business partners,” said the group. The proposed definition of the level of uncertainty in risk management is not aligned with the standard’s risk management vocabulary.
QM principles need to address IT
ECA and ISPE said that QRM principles also should incorporate IT operations. The guidance called for these principles to be embedded in a company’s development program, facilities, equipment, packaging and labeling and supply chain control, but not necessarily IT.
In a joint comment, the groups wrote that “within the scope of Quality Risk Management, IT and OT [operational technology] infrastructure robustness as well as cybersecurity shall be considered as well. Today, a weak IT/OT infrastructure can highly jeopardize the manufacturing, QC, and supply chain processes as well as the overall business capability of the regulated organisation. The experience showed already the vital impact such IT/OT infrastructure and computerized systems can have on the operational capability of a pharmaceutical company.”
The groups write that these topics “represent the Achilles’ heel of every regulated user organisation.”
More clarification needed on levels of formality
Lonza Group AG said more clarification is needed on the levels of formality of a risk management process. The guideline states that the higher the level of uncertainty given to a given risk management activity, the higher the levels of formality in the quality risk management approach.
The company said examples are needed for a combination of different factors and the importance of one factor over another.
“Lower formality could be attributed to less effort,” said the company, and industry needs examples covering the spectrum of formality using a variety of combination of factors, preferably in a matrix form.


© 2022 Regulatory Affairs Professionals Society.

Next Post

How UCHealth's Virtual Health Center has enabled innovation and scaled capability and capacity

Before the COVID-19 pandemic, University of Colorado Health had been developing multiple virtual care systems over several years. THE PROBLEM Aurora, Colorado-based UCHealth created its Virtual Health Center, which provided a virtual urgent care system, Safety View virtual sitter program and virtual ICU system, and centralized-telemetry monitoring services. Further, the […]