On its homepage, the English supervisory authority, MHRA, has published answers to frequently asked questions regarding the topic of quality risk management. In the following extracts from the 16 questions and answers listed on 3 pages.
The question whether all inspections also cover the quality risk management process is answered by the MHRA with a clear: Yes. And this can go as far as the possible request by the inspector to receive copies of risk assessments so he can evaluate them after the inspection. If there is no quality risk management in place, the MHRA will consider this lack as "major deficiency". The quality risk management should be described in an SOP.
Another interesting question asks if quality risk management can be combined with cost-saving measures. In a reply that would be worthy of Solomon, the MHRA says that yes, it is possible if the measures resulting from quality risk management lead to the trimming of processes - but product quality and patient safety remain guaranteed.
Furthermore, the MHRA expects a risk register (or a comparable document) in which the key risks of the company and their reductions are listed. The register should also include a list of performed risk assessments or a link to it.
When asked for the required tools, the MHRA, similarly as other supervisory authorities, answers that there are no mandatory ones. However, at the same time, it refers to the toolbox mentioned in Annex 20/ICH Q9. Depending on the risk, even a less formal approach is acceptable. The inspectors are instructed to be pragmatic in this context.
The patient risk does not have to be reduced to zero either, but, of course, the patient risk should be minimised as far as possible. Risk assessments should be controlled by means of a document management system. The frequency of a risk review should depend on the process to be assessed.
Another interesting question is how subjective the number systems of risk assessments are. The question aims at the possibility of manipulative numbering for the purpose of reducing the overall risk. The MHRA's answer is that it expects a rationale for the numbers to be used. Moreover, it is as important for the measures for reducing the risk as the numeric values themselves. Inspectors will be alert to the improper use of risk assessments.
The document closes with answers on the key elements of a good risk assessment and on the participation of external consultants in risk assessments.
The complete document can be found here.
On balance one can say: If one generalises the MHRA's answers, the pharmaceutical industry will still have to manage a pile of work. Apart from a complete implementation of a quality risk management system, which has not been realised in all pharmaceutical companies yet, new requirements in the form of the risk register with overviews of the conducted risk assessments could be added to the existing ones. Quality risk management will probably become a focus during inspections.
On behalf of the European Compliance Academy (ECA)