INTERNATIONAL CONFERENCE ON HARMONISATION OF TECHNICAL REQUIREMENTS FOR REGISTRATION OF PHARMACEUTICALS FOR HUMAN USE ICH HARMONISED TRIPARTITE GUIDELINE 품질리스크관리 (QUALITY RISK MANAGEMENT) Q9 Current Step 4 version dated 9 November 2005 This Guideline has been developed by the appropriate ICH Expert Working Group and has been subject to consultation by the regulatory parties, in accordance with the ICH Process. At Step 4 of the Process the final draft is recommended for adoption to the regulatory bodies of the European Union, Japan and USA. www..co.kr 1
Q9 Document History New First Codification History Date Codification November 2005 Q9 Approval by the Steering Committee under Step 2 and release for public consultation 22 March 2005 Q9 Q9 Approval by the Steering Committee of Post Step 2 correction 15 June 2005 Q9 Current Step 4 version Q9 Approval by the Steering Committee under Step 4 and recommendation for adoption to the three ICH regulatory bodies. 9 November 2005 Q9 www..co.kr 2
QUALITY RISK MANAGEMENT ICH Harmonised Tripartite Guideline Having reached Step 4 of the ICH Process at the ICH Steering Committee meeting on 9 November 2005, this guideline is recommended for adoption to the three regulatory parties to ICH 목차 1. 서론 (INTRODUCTION) 2. 적용범위 (SCOPE) 3. 품질리스크관리원칙 (PRINCIPLES OF QUALITY RISK MANAGEMENT) 4. 일반품질리스크관리프로세스 (GENERAL QUALITY RISK MANAGEMENT PROCESS) 4.1 업무분장 (Responsibilities) 4.2 품질리스크관리프로세스의개시 (Initiating a Quality Risk Management Process) 4.3 리스크평가 (Risk Assessment) 4.4 리스크통제 (Risk Control) 4.5 리스크커뮤니케이션 (Risk Communication) 4.6 리스크검토 (Risk Review) 5. 리스크관리방법 (RISK MANAGEMENT METHODOLOGY) 6. 품질리스크관리와업계 / 규제업무의통합 (INTEGRATION OF QUALITY RISK MANAGEMENT INTO INDUSTRY AND REGULATORY OPERATIONS) 7. 용어정의 (DEFINITIONS) 8. 참고문헌 (REFERENCES) Annex I: 리스크관리방법및도구 (Risk Management Methods and Tools) I.1 기본리스크관리촉진방법 (Basic Risk Management Facilitation Methods) I.2 FMEA(Failure Mode Effects Analysis) I.3 FMECA(Failure Mode, Effects and Criticality Analysis) I.4 FTA(Fault Tree Analysis) I.5 HACCP(Hazard Analysis and Critical Control Points) I.6 HAZOP(Hazard Operability Analysis) I.7 PHA(Preliminary Hazard Analysis) www..co.kr 3
I.8 리스크랭킹및필터링 (Risk Ranking and Filtering) I.9 통계학적도구 (Supporting Statistical Tools) Annex II: 품질리스크관리기법의적용 (Potential Applications for Quality Risk Management) II.1 통합품질관리의일환으로써품질리스크관리 (Quality Risk Management as Part of Integrated Quality Management) II.2 규제업무의일환으로써품질리스크관리 (Quality Risk Management as Part of Regulatory Operations) II.3 개발의일환으로써품질리스크관리 (Quality Risk Management as Part of Development) II.4 시설, 설비, 유틸리티의품질리스크관리 (Quality Risk Management for Facilities, Equipment and Utilities) II.5 물품관리의일환으로써품질리스크관리 (Quality Risk Management as Part of Materials Management) II.6 생산의일환으로써품질리스크관리 (Quality Risk Management as Part of Production) II.7 시험관리및안정성시험의일환으로써품질리스크관리 (Quality Risk Management as Part of Laboratory Control and Stability Studies) II.8 포장및라벨작업의일환으로써품질리스크관리 (Quality Risk Management as Part of Packaging and Labelling) www..co.kr 4
품질리스크관리 (QUALITY RISK MANAGEMENT) 1. 서론 (INTRODUCTION) Risk management principles are effectively utilized in many areas of business and government including finance, insurance, occupational safety, public health, pharmacovigilance, and by agencies regulating these industries. Although there are some examples of the use of quality risk management in the pharmaceutical industry today, they are limited and do not represent the full contributions that risk management has to offer. In addition, the importance of quality systems has been recognized in the pharmaceutical industry and it is becoming evident that quality risk management is a valuable component of an effective quality system. 금융, 보험, 산업안전, 공중보건, 약물감시등각종산업및공공분야와관련규제기관이리스크관리 (risk management) 원칙을효과적으로활용하고있다. 현재제약업계도품질리스크관리를채택하고있는사례가일부있지만, 극히제한적이며리스크관리를실질적으로추진하고있지도못하다. 또한제약업계는품질시스템의중요성이강조되어왔으며, 그러므로품질리스크관리가효과적인품질시스템의핵심요소라는점이더욱명확해지고있다. It is commonly understood that risk is defined as the combination of the probability of occurrence of harm and the severity of that harm. However, achieving a shared understanding of the application of risk management among diverse stakeholders is difficult because each stakeholder might perceive different potential harms, place a different probability on each harm occurring and attribute different severities to each harm. In relation to pharmaceuticals, although there are a variety of stakeholders, including patients and medical practitioners as well as government and industry, the protection of the patient by managing the risk to quality should be considered of prime importance. 일반적으로리스크 (risk) 는위해 (harm) 발생확률과그위해의심각성 (severity) 을종합한것으로규정된다. 하지만다양한이해관계자모두가리스크관리를이해하고공유하기란매우어렵다. 이해관계자마다잠재위해에대한인식이다르며각각의위해발생가능성도다르게생각하고위해의심각성도다르게판단하기때문이다. 제약분야에도환자와의사, 정부, 업체등다양한이해관계자가있지만, 품질리스크관리를통한환자보호를가장중요하게생각해야한다. The manufacturing and use of a drug (medicinal) product, including its components, www..co.kr 5
necessarily entail some degree of risk. The risk to its quality is just one component of the overall risk. It is important to understand that product quality should be maintained throughout the product lifecycle such that the attributes that are important to the quality of the drug (medicinal) product remain consistent with those used in the clinical studies. An effective quality risk management approach can further ensure the high quality of the drug (medicinal) product to the patient by providing a proactive means to identify and control potential quality issues during development and manufacturing. Additionally, use of quality risk management can improve the decision making if a quality problem arises. Effective quality risk management can facilitate better and more informed decisions, can provide regulators with greater assurance of a company s ability to deal with potential risks and can beneficially affect the extent and level of direct regulatory oversight. 원자재를포함하여의약품제조및사용에는어느정도의리스크가존재하기마련이다. 의약품품질리스크는전체리스크가운데한부분에불과하다. 제품라이프사이클전체에걸쳐제품품질이유지되고의약품의중요품질특성이임상시험에사용되었던것과일치하는상태가지속되어야함을이해하는것이중요하다. 효과적인품질리스크관리는개발및제조과정에서잠재적품질문제를파악하고관리하는사전적수단을제공함으로써고품질의의약품을더욱보장할수있다. 또한품질리스크관리는품질문제발생시의의사결정을효과적으로추진할수있게한다. 효과적인품질리스크관리는충분한정보를바탕으로더바람직한결정을내릴수있게하며, 잠재리스크의관리능력에대한확신을규제기관에심어주고, 규제기관의관리감독수준과강도에도긍정적인영향을준다. The purpose of this document is to offer a systematic approach to quality risk management. It serves as a foundation or resource document that is independent of, yet supports, other ICH Quality documents and complements existing quality practices, requirements, standards, and guidelines within the pharmaceutical industry and regulatory environment. It specifically provides guidance on the principles and some of the tools of quality risk management that can enable more effective and consistent risk based decisions, both by regulators and industry, regarding the quality of drug substances and drug (medicinal) products across the product lifecycle. It is not intended to create any new expectations beyond the current regulatory requirements. 이문서의목적은체계적인품질리스크관리방법을제공하는데있다. 이문서는다른 ICH 품질문서와는독립적이면서도뒷받침하는기본적인문서이며, 제약업계와규제환경의기존품질절차, 기준, 표준, 가이드라인을보완한다. 보다구체적으로이문서는 www..co.kr 6
제품라이프사이클전체에걸쳐원료의약품과완제의약품의품질과관련하여규제기관과업체모두, 보다효과적이고일관성있는리스크기반의사결정을가능하게하는품질리스크관리원칙과일부도구를설명한다. 현재의규제기준범위를벗어나는또다른새로운기준을제시하고자하는것은아니다. It is neither always appropriate nor always necessary to use a formal risk management process (using recognized tools and/ or internal procedures e.g., standard operating procedures). The use of informal risk management processes (using empirical tools and/ or internal procedures) can also be considered acceptable. Appropriate use of quality risk management can facilitate but does not obviate industry s obligation to comply with regulatory requirements and does not replace appropriate communications between industry and regulators. 공식리스크관리프로세스 ( 인정되는도구및 / 또는내부절차 ( 예, SOP) 활용 ) 의활용이항상적절하거나항상필요한것은아니다. 비공식리스크관리프로세스 ( 경험적도구및 / 또는내부절차의활용 ) 역시가능하다. 품질리스크관리를적절하게활용한다면규제기준을보다효율적으로준수할수있다. 하지만품질리스크관리를채택해운영한다고해서규제기준준수의무를지키지않아도되는것은아니며, 품질리스크관리가업체와규제기관사이의커뮤니케이션을대체하지도않는다. 2. 적용범위 (SCOPE) This guideline provides principles and examples of tools for quality risk management that can be applied to different aspects of pharmaceutical quality. These aspects include development, manufacturing, distribution, and the inspection and submission/review processes throughout the lifecycle of drug substances, drug (medicinal) products, biological and biotechnological products (including the use of raw materials, solvents, excipients, packaging and labeling materials in drug (medicinal) products, biological and biotechnological products). 이가이드라인은의약품품질과관련된여러부분에적용할수있는품질리스크관리원칙과도구의예를설명한다. ( 의약품, 생물학적제제, 생물공학제품의원료, 용매, 첨가제, 포장자재및라벨링자재의사용을포함하여 ) 원료의약품과완제의약품, 생물학적제제와생물공학제품의라이프사이클전체에걸친개발, 제조, 유통, 실사및허가신청 / 심사업무가의약품품질과관련된것이다. 3. 품질리스크관리원칙 (PRINCIPLES OF QUALITY RISK MANAGEMENT) www..co.kr 7
Two primary principles of quality risk management are: 품질리스크관리의기본원칙 2가지는다음과같다. The evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient; and 품질리스크의평가는과학적지식을기반으로해야하며, 궁극적으로환자의보호와연계되어야한다. The level of effort, formality and documentation of the quality risk management process should be commensurate with the level of risk. 품질리스크관리프로세스의활동, 형식, 문서수준은리스크수준에비례해야한다. 4. 일반품질리스크관리프로세스 (GENERAL QUALITY RISK MANAGEMENT PROCESS) Quality risk management is a systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle. A model for quality risk management is outlined in the diagram (Figure 1). Other models could be used. The emphasis on each component of the framework might differ from case to case but a robust process will incorporate consideration of all the elements at a level of detail that is commensurate with the specific risk. 품질리스크관리는제품라이프사이클전체에걸친의약품품질리스크의평가, 통제, 커뮤니케이션, 검토로구성된체계적인프로세스이다. 품질리스크관리모델개략도가그림 1에정리되어있다. 다른모델을활용할수도있다. 상황에따라프레임워크구성요소별로강조되는부분이달라질수있지만, 해당리스크에비례하는구체성수준으로모든요소를진행하는견고한프로세스여야한다. www..co.kr 8
Figure 1: 일반적인품질리스크관리프로세스 (Overview of a typical quality risk management process) Decision nodes are not shown in the diagram above because decisions can occur at any point in the process. These decisions might be to return to the previous step and seek further information, to adjust the risk models or even to terminate the risk management process based upon information that supports such a decision. Note: unacceptable in the flowchart does not only refer to statutory, legislative or regulatory requirements, but also to the need to revisit the risk assessment process. 이개략도에는의사결정노드 (decision node) 가표시되어있지않다. 의사결정은리스크관리프로세스중어느지점에서나일어날수있기때문이다. 이때결정의근거가되는정보에따라, 이전단계로복귀및추가정보확보, 리스크모델조정, 또는리스크관리프로세스종결등여러가지결정이내려질수있다. 주 : 흐름도에서 " 수용불가 (unacceptable)" 라함은법적기준이나규제기준뿐만아니라, 리스크평가프로세스의재실시필요성을의미하기도한다. 4.1 업무분장 (Responsibilities) Quality risk management activities are usually, but not always, undertaken by interdisciplinary teams. When teams are formed, they should include experts from www..co.kr 9
the appropriate areas (e.g., quality unit, business development, engineering, regulatory affairs, production operations, sales and marketing, legal, statistics and clinical) in addition to individuals who are knowledgeable about the quality risk management process. 품질리스크관리활동은항상그런것은아니지만일반적으로여러부서의관련자로구성된팀이수행한다. 품질리스크관리프로세스를잘알고있는사람이외에도, 관련분야 ( 예, 품질조직, 비즈니스개발, 엔지니어링, RA(regulatory affairs), 생산, 세일즈및마케팅, 법무, 통계, 임상 ) 의전문가를포함하여팀을구성한다. Decision makers should 의사결정자 (decision maker) 는다음사항을책임진다. take responsibility for coordinating quality risk management across various functions and departments of their organization; and 관련부서전체에걸쳐품질리스크관리업무의조정을책임진다. assure that a quality risk management process is defined, deployed and reviewed and that adequate resources are available. 품질리스크관리프로세스의규정, 구축, 검토와적정자원의확보를책임진다. 4.2 품질리스크관리프로세스의개시 (Initiating a Quality Risk Management Process) Quality risk management should include systematic processes designed to coordinate, facilitate and improve science-based decision making with respect to risk. Possible steps used to initiate and plan a quality risk management process might include the following: 품질리스크관리는리스크와관련하여과학적의사결정을조정하고원활히추진하며개선하는체계적인프로세스로구성된다. 품질리스크관리프로세스의개시및계획단계의활동은다음과같다. Define the problem and/or risk question, including pertinent assumptions identifying the potential for risk; 잠재리스크파악을위한관련가정을포함하여문제및 / 또는리스크질문을규정한다. Assemble background information and/ or data on the potential hazard, www..co.kr 10
harm or human health impact relevant to the risk assessment; 리스크평가와관련하여잠재위해요소, 위해, 또는사람건강영향에대한배경정보와데이터를수집한다. Identify a leader and necessary resources; 리더와필수자원을파악한다. Specify a timeline, deliverables and appropriate level of decision making for the risk management process. 리스크관리프로세스일정과성과물, 적정의사결정수준을규정한다. 4.3 리스크평가 (Risk Assessment) Risk assessment consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards (as defined below). Quality risk assessments begin with a well-defined problem description or risk question. When the risk in question is well defined, an appropriate risk management tool (see examples in section 5) and the types of information needed to address the risk question will be more readily identifiable. As an aid to clearly defining the risk(s) for risk assessment purposes, three fundamental questions are often helpful: 리스크평가 (risk assessment) 는위해요소파악과위해요소노출과관련된리스크의분석과사정으로구성된다 ( 아래참조 ). 품질리스크평가는문제점또는리스크질문의명확한규정과기술에서시작한다. 해당리스크를정확히규정하면, 그리스크질문을처리하는데필요한정보의종류와적절한리스크관리도구 ( 섹션 5의예참조 ) 를보다용이하게파악할수있다. 다음과같은 3가지기본질문은리스크를명확히규정하고리스크평가를진행하는데도움이된다. 1. What might go wrong? 무엇이잘못될수있는가? 2. What is the likelihood (probability) it will go wrong? 그문제가일어날가능성 ( 확률 ) 은어느정도인가? 3. What are the consequences (severity)? 그에따른결과는어느정도인가 ( 심각성 )? Risk identification is a systematic use of information to identify hazards referring to the risk question or problem description. Information can include historical data, theoretical analysis, informed opinions, and the concerns of stakeholders. Risk www..co.kr 11
identification addresses the What might go wrong? question, including identifying the possible consequences. This provides the basis for further steps in the quality risk management process. 리스크파악 (risk identification) 은체계적으로정보를활용하여리스크질문또는문제에해당되는위해요소를파악하는것이다. 과거데이터, 이론적분석, 충분한정보를바탕으로한의견, 이해관계자의관심사항등을바탕으로파악한다. 리스크파악단계에서는 " 무엇이잘못될수있는가?" 를다룬다. 또한그에따라발생할수있는결과도파악한다. 이에따라품질리스크관리프로세스의다음단계를진행하기위한토대가확보된다. Risk analysis is the estimation of the risk associated with the identified hazards. It is the qualitative or quantitative process of linking the likelihood of occurrence and severity of harms. In some risk management tools, the ability to detect the harm (detectability) also factors in the estimation of risk. 리스크분석 (risk analysis) 은파악된위해요소와관련된리스크를평가하는것이다. 발생가능성과위해의심각성을연계시켜평가하는정량적또는정성적프로세스이다. 위해의감지능력 ( 감지성 ) 도포함시켜평가하는리스크관리도구도있다. Risk evaluation compares the identified and analyzed risk against given risk criteria. Risk evaluations consider the strength of evidence for all three of the fundamental questions. 리스크사정 (risk evaluation) 은리스크기준에대비하여리스크 ( 파악과분석을거친 ) 를비교하는것이다. 3개기본질문을뒷받침하는증거의수준을고려하여리스크사정을실시한다. In doing an effective risk assessment, the robustness of the data set is important because it determines the quality of the output. Revealing assumptions and reasonable sources of uncertainty will enhance confidence in this output and/or help identify its limitations. Uncertainty is due to combination of incomplete knowledge about a process and its expected or unexpected variability. Typical sources of uncertainty include gaps in knowledge gaps in pharmaceutical science and process understanding, sources of harm (e.g., failure modes of a process, sources of variability), and probability of detection of problems. 효과적인리스크평가를위해서는데이터세트의강건성이중요하다. 데이터의강건성이결과의질적수준을결정하기때문이다. 불확실성의합리적근원과가정을밝히면, 이 www..co.kr 12
결과에대한신뢰가높아지고결과의한계를파악하는데도도움이된다. 공정에대한불완전한지식과예상또는예상치못한공정변동성이결합되어불확실성이발생한다. 일반적인불확실성의근원으로는제약과학과공정이해에있어서지식공백, 위해의원천 ( 예, 공정의이상모드, 변동성의근원 ), 문제감지확률이있다. The output of a risk assessment is either a quantitative estimate of risk or a qualitative description of a range of risk. When risk is expressed quantitatively, a numerical probability is used. Alternatively, risk can be expressed using qualitative descriptors, such as high, medium, or low, which should be defined in as much detail as possible. Sometimes a "risk score" is used to further define descriptors in risk ranking. In quantitative risk assessments, a risk estimate provides the likelihood of a specific consequence, given a set of risk-generating circumstances. Thus, quantitative risk estimation is useful for one particular consequence at a time. Alternatively, some risk management tools use a relative risk measure to combine multiple levels of severity and probability into an overall estimate of relative risk. The intermediate steps within a scoring process can sometimes employ quantitative risk estimation. 리스크평가결과를리스크의정량적추정치또는정성적표현으로나타낼수있다. 리스크를정량적으로표현할때는수치확률을이용한다. 아니면 " 고 (high)", " 중 (medium)", " 저 (low)" 같은정성적표현으로리스크를나타낼수도있다. 이때의정성적표현단위를최대한구체적으로규정한다. " 리스크점수 " 를활용하여리스크랭킹시에표현단위를더자세히규정하기도한다. 정량적리스크평가시에리스크추정치는리스크유발상황을감안하여구체적인결과의발생가능성을보여준다. 그러므로정량적리스크추정은한번에하나의특정결과를평가할때도움이된다. 일부리스크관리도구는상대리스크척도를활용하여, 심각성과발생확률을종합해전체상대리스크추정치를구하기도한다. 평점과정의중간단계에서정량적리스크추정방식을활용할수도있다. 4.4 리스크통제 (Risk Control) Risk control includes decision making to reduce and/or accept risks. The purpose of risk control is to reduce the risk to an acceptable level. The amount of effort used for risk control should be proportional to the significance of the risk. Decision makers might use different processes, including benefit-cost analysis, for understanding the optimal level of risk control. www..co.kr 13
리스크통제 (risk control) 단계에서는리스크감소및 / 또는수용여부를결정한다. 리스크통제의목적은리스크를수용가능한수준까지감소시키는것이다. 리스크통제를위한활동의규모는해당리스크의중요도에비례하여정한다. 의사결정자는비용-효과분석을포함해여러가지방법으로최적수준의리스크통제방안을정한다. Risk control might focus on the following questions: 리스크통제는다음질문에초점을맞춘다. Is the risk above an acceptable level? 리스크가수용가능수준이상인가? What can be done to reduce or eliminate risks? 리스크를감소또는제거하기위해무엇을할수있는가? What is the appropriate balance among benefits, risks and resources? 효과, 리스크, 자원사이의적정균형점은어디인가? Are new risks introduced as a result of the identified risks being controlled? 파악된리스크의통제결과로새로운리스크가발생할수있는가? Risk reduction focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable) level (see Fig. 1). Risk reduction might include actions taken to mitigate the severity and probability of harm. Processes that improve the detectability of hazards and quality risks might also be used as part of a risk control strategy. The implementation of risk reduction measures can introduce new risks into the system or increase the significance of other existing risks. Hence, it might be appropriate to revisit the risk assessment to identify and evaluate any possible change in risk after implementing a risk reduction process. 리스크감소 (risk reduction) 는품질리스크가지정 ( 수용가능 ) 수준을벗어나는경우에품질리스크의회피또는완화를추진하는것이다 ( 그림 1 참조 ). 리스크감소에는위해발생확률과심각성을완화시키기위한조치가포함될수있다. 위해요소및품질리스크의감지성개선방안또한리스크통제전략의일부로활용할수있다. 리스크감소조치의추진에따라시스템에새로운리스크가도입되거나다른기존리스크의위험성이더커지기도한다. 그러므로리스크감소프로세스를진행한다음에, 리스크평가를다시실시하여리스크의변화를파악하고사정하는것이적절할수있다. Risk acceptance is a decision to accept risk. Risk acceptance can be a formal decision to accept the residual risk or it can be a passive decision in which residual www..co.kr 14
risks are not specified. For some types of harms, even the best quality risk management practices might not entirely eliminate risk. In these circumstances, it might be agreed that an appropriate quality risk management strategy has been applied and that quality risk is reduced to a specified (acceptable) level. This (specified) acceptable level will depend on many parameters and should be decided on a case-by-case basis. 리스크수용 (risk acceptance) 은리스크를수용하기로결정하는것이다. 리스크수용은잔여리스크를수용하기로하는공식결정이될수도있고, 잔여리스크를특정하지않는수동적결정이될수도있다. 위해의유형에따라서는최고의품질리스크관리절차를갖추더라도리스크를완전히제거하지못할수있다. 그와같은경우에는적절한품질리스크관리전략을추진하여품질리스크를지정 ( 수용가능 ) 수준까지감소시키기로합의하여정할수도있다. 이때 ( 지정 ) 수용가능수준은파라미터에따라달라지며, 건별로결정한다. 4.5 리스크커뮤니케이션 (Risk Communication) Risk communication is the sharing of information about risk and risk management between the decision makers and others. Parties can communicate at any stage of the risk management process (see Fig. 1: dashed arrows). The output/result of the quality risk management process should be appropriately communicated and documented (see Fig. 1: solid arrows). Communications might include those among interested parties; e.g., regulators and industry, industry and the patient, within a company, industry or regulatory authority, etc. The included information might relate to the existence, nature, form, probability, severity, acceptability, control, treatment, detectability or other aspects of risks to quality. Communication need not be carried out for each and every risk acceptance. Between the industry and regulatory authorities, communication concerning quality risk management decisions might be effected through existing channels as specified in regulations and guidances. 리스크커뮤니케이션 (risk communication) 은의사결정자와다른사람사이의리스크및리스크관리에관한정보의공유를의미한다. 리스크관리프로세스가운데어느단계에서나관련자사이에커뮤니케이션이이루어질수있다 ( 그림 1의점선화살표 ). 품질리스크관리프로세스의결과도적절하게커뮤니케이션을실시하고문서화한다 ( 그림 1의실선화살표 ). 규제기관과업체, 업체와환자, 회사, 업계또는규제기관내부등여러이해관계자사이에커뮤니케이션이일어날수있다. 이때커뮤니케이션대상정보로는 www..co.kr 15
품질리스크의존재, 그특성, 형태, 확률, 심각성, 수용가능성, 통제, 처리, 감지성등에관한것이있다. 각각의모든리스크수용사례에대하여커뮤니케이션이필요하지는않다. 품질리스크관리결정과관련한업체와규제기관사이의커뮤니케이션은, 규정과가이드라인에지정된기존채널을통해할수도있다. 4.6 리스크검토 (Risk Review) Risk management should be an ongoing part of the quality management process. A mechanism to review or monitor events should be implemented. 리스크관리는품질관리프로세스의지속적인부분이다. 이벤트의검토또는모니터메커니즘을구축한다. The output/results of the risk management process should be reviewed to take into account new knowledge and experience. Once a quality risk management process has been initiated, that process should continue to be utilized for events that might impact the original quality risk management decision, whether these events are planned (e.g., results of product review, inspections, audits, change control) or unplanned (e.g., root cause from failure investigations, recall). The frequency of any review should be based upon the level of risk. Risk review might include reconsideration of risk acceptance decisions (section 4.4). 새로운지식과경험을고려하여리스크관리프로세스의결과를검토한다. 품질리스크관리프로세스를일단개시하면, 계획된것이건 ( 예, 제품검토, 실사, 감사, 변경관리의결과 ) 계획에없던것이건 ( 예, 이상조사에서파악된근본원인, 리콜 ), 최초의품질리스크관리결정에영향을줄수있는이벤트에대하여품질리스크관리프로세스를계속적용한다. 검토주기는리스크의수준에따라결정한다. 리스크검토시에리스크수용결정의재검토도포함할수있다 ( 섹션 4.4). 5. 리스크관리방법 (RISK MANAGEMENT METHODOLOGY) Quality risk management supports a scientific and practical approach to decisionmaking. It provides documented, transparent and reproducible methods to accomplish steps of the quality risk management process based on current knowledge about assessing the probability, severity and sometimes detectability of the risk. 품질리스크관리는과학적이고실제적인의사결정을뒷받침한다. 품질리스크관리는 www..co.kr 16
리스크의발생확률, 심각성, 그리고때로는감지성평가에관한현재의지식을바탕으로, 품질리스크관리프로세스의단계를수행하는데필요한투명하고재현가능한문서화된 방법이다. Traditionally, risks to quality have been assessed and managed in a variety of informal ways (empirical and/ or internal procedures) based on, for example, compilation of observations, trends and other information. Such approaches continue to provide useful information that might support topics such as handling of complaints, quality defects, deviations and allocation of resources. 일반적으로품질리스크는예를들어관찰결과, 경향평가정보, 기타정보등을바탕으로다양한비공식적방식 ( 경험적및 / 또는내부절차 ) 으로진단하고관리했다. 이와같은방식도불만, 품질결함, 일탈, 자원분배등의업무를뒷받침하는유용한정보를제공할수있다. Additionally, the pharmaceutical industry and regulators can assess and manage risk using recognized risk management tools and/ or internal procedures (e.g., standard operating procedures). Below is a non-exhaustive list of some of these tools (further details in Annex 1 and chapter 8): 이외에도제약업체와규제기관은일반적으로인정되는리스크관리도구및 / 또는내부절차 ( 예, SOP) 를활용하여리스크를평가하고관리할수있다. 몇가지도구를정리하면아래와같다 ( 자세한사항은부록 1과 8장참조 ). Basic risk management facilitation methods (flowcharts, check sheets etc.) 기본리스크관리촉진방법 ( 흐름도, 체크시트등 ) FMEA(Failure Mode Effects Analysis) FMECA(Failure Mode, Effects and Criticality Analysis) FTA(Fault Tree Analysis) HACCP(Hazard Analysis and Critical Control Points) HAZOP(Hazard Operability Analysis) PHA(Preliminary Hazard Analysis) Risk ranking and filtering 리스크랭킹및필터링 Supporting statistical tools 통계학적도구 www..co.kr 17
It might be appropriate to adapt these tools for use in specific areas pertaining to drug substance and drug (medicinal) product quality. Quality risk management methods and the supporting statistical tools can be used in combination (e.g., Probabilistic Risk Assessment). Combined use provides flexibility that can facilitate the application of quality risk management principles. 원료의약품및완제의약품품질관련영역에맞춰이들도구를조정해적용하는것이적절할것이다. 품질리스크관리방법과통계분석도구를함께활용할수도있다 ( 예, 확률적리스크평가 (Probabilistic Risk Assessment)). 여러도구를함께활용하면유연성이확보되고품질리스크관리원칙의적용이더욱촉진될것이다. The degree of rigor and formality of quality risk management should reflect available knowledge and be commensurate with the complexity and/ or criticality of the issue to be addressed. 해당사안의복잡성및 / 또는중요도에상응하고활용가능한지식에근거하여, 품질리스크관리의공식성과엄격성의정도를결정한다. 6. 품질리스크관리와업계 / 규제업무의통합 (INTEGRATION OF QUALITY RISK MANAGEMENT INTO INDUSTRY AND REGULATORY OPERATIONS) Quality risk management is a process that supports science-based and practical decisions when integrated into quality systems (see Annex II). As outlined in the introduction, appropriate use of quality risk management does not obviate industry s obligation to comply with regulatory requirements. However, effective quality risk management can facilitate better and more informed decisions, can provide regulators with greater assurance of a company s ability to deal with potential risks, and might affect the extent and level of direct regulatory oversight. In addition, quality risk management can facilitate better use of resources by all parties. 품질리스크관리를품질시스템에통합시키면, 과학적이고실제적인의사결정이가능하다 ( 부록 II 참조 ). 서론에서설명한바와같이, 품질리스크관리를한다고해서규제기준을준수하지않아도되는것은아니다. 효과적인품질리스크관리는충분한정보를바탕으로더바람직한결정을내릴수있게하며, 잠재리스크의관리능력에대한확신을규제기관에심어주고, 규제기관의관리감독수준과강도에도긍정적인영향을준다. 또한품질리스크관리는모든관련자의효과적인자원활용도가능하게한다. www..co.kr 18
Training of both industry and regulatory personnel in quality risk management processes provides for greater understanding of decision-making processes and builds confidence in quality risk management outcomes. 업계와규제기관관련자에게품질리스크관리프로세스를교육시킨다면, 의사결정프로세스를보다정확히이해하고품질리스크관리성과에대한신뢰를높일수있다. Quality risk management should be integrated into existing operations and documented appropriately. Annex II provides examples of situations in which the use of the quality risk management process might provide information that could then be used in a variety of pharmaceutical operations. These examples are provided for illustrative purposes only and should not be considered a definitive or exhaustive list. These examples are not intended to create any new expectations beyond the requirements laid out in the current regulations. 품질리스크관리를기존업무에통합시키고적절하게문서화한다. 부록 II는품질리스크관리프로세스를활용하여얻은정보로각종업무에적용할수있는예를정리한것이다. 이예는설명을위한것이며모든경우를포괄하고있지않다. 또한현재의규제기준범위를벗어나는또다른새로운기준을제시하고자하는것은아니다. Examples for industry and regulatory operations (see Annex II): 업계와규제기관업무가운데적용가능영역의예 ( 부록 II 참조 ) Quality management 품질경영 Examples for industry operations and activities (see Annex II): 업계업무와활동가운데적용가능영역의예 ( 부록 II 참조 ) Development; 개발 Facility, equipment and utilities; 시설, 설비, 유틸리티 Materials management; 물품관리 Production; 생산 Laboratory control and stability testing; www..co.kr 19
시험관리및안정성시험 Packaging and labeling; 포장및라벨작업 Examples for regulatory operations (see Annex II): 규제기관업무가운데적용가능영역의예 ( 부록 II 참조 ) Inspection and assessment activities. 실사및평가 While regulatory decisions will continue to be taken on a regional basis, a common understanding and application of quality risk management principles could facilitate mutual confidence and promote more consistent decisions among regulators on the basis of the same information. This collaboration could be important in the development of policies and guidelines that integrate and support quality risk management practices. 규제기관의의사결정은지역별로이루어지지만, 품질리스크관리원칙을이해하고활용하면상호신뢰를증진시키고같은정보를바탕으로규제기관사이에보다일관된결정을촉진할수있다. 품질리스크관리절차를통합하고뒷받침하는정책과가이드라인을개발하는데있어서이와같은협력이중요하다. 7. 용어정의 (DEFINITIONS) 의사결정자 (Decision Maker(s)) Person(s) with the competence and authority to make appropriate and timely quality risk management decisions. 적절한품질리스크관리결정을적시에내릴수있는권한과능력을갖춘자. 감지성 (Detectability) The ability to discover or determine the existence, presence, or fact of a hazard. 위해요소의존재나사실을발견하거나결정하는능력. 위해 (Harm) Damage to health, including the damage that can occur from loss of product quality or availability. www..co.kr 20
제품품질또는활용성상실로인해발생할수있는훼손을포함한건강훼손. 위해요소 (Hazard) The potential source of harm (ISO/IEC Guide 51). 위해의잠재적원인 (ISO/IEC Guide 51) 제품라이프사이클 (Product Lifecycle) All phases in the life of the product from the initial development through marketing until the product s discontinuation. 초기개발단계부터판매를거쳐그제품이중단되기까지모든라이프사이클단계. 품질 (Quality) The degree to which a set of inherent properties of a product, system or process fulfills requirements (see ICH Q6A definition specifically for "quality" of drug substance and drug (medicinal) products.) 제품, 시스템, 또는공정의내재특성이기준을충족하는정도 (ICH Q6A의원료의약품및완제의약품 " 품질 " 에관한정의참조 ). 품질리스크관리 (Quality Risk Management) A systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle. 제품라이프사이클전체에걸친의약품품질리스크의평가, 통제, 커뮤니케이션, 검토로구성된체계적인프로세스. 품질시스템 (Quality System) The sum of all aspects of a system that implements quality policy and ensures that quality objectives are met. 품질방침을이행하고품질목표달성을위한시스템을구성하는모든부분의합. 기준 (Requirements) The explicit or implicit needs or expectations of the patients or their surrogates (e.g., health care professionals, regulators and legislators). In this document, requirements refers not only to statutory, legislative, or regulatory requirements, but also to such needs and expectations. 환자또는환자대리인 ( 예, 의료전문가, 규제기관, 입법의원 ) 의명시적또는암시적요구 www..co.kr 21
또는기대. 이문서에 " 기준 " 이라함은법적또는규제기준뿐만아니라, 그와같은요구와 기대도의미한다. 리스크 (Risk) The combination of the probability of occurrence of harm and the severity of that harm (ISO/IEC Guide 51). 위해발생확률과위해의심각성의조합 (ISO/IEC Guide 51). 리스크수용 (Risk Acceptance) The decision to accept risk (ISO Guide 73). 리스크를수용하기로한결정 (ISO Guide 73). 리스크분석 (Risk Analysis) The estimation of the risk associated with the identified hazards. 파악된위해요소와관련된리스크의추정. 리스크평가 (Risk Assessment) A systematic process of organizing information to support a risk decision to be made within a risk management process. It consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards. 리스크관리프로세스에서정보를정리하여리스크관련결정을뒷받침하는체계적인프로세스. 위해요소의파악과위해요소노출과관련된리스크의분석및사정으로구성된다. 리스크커뮤니케이션 (Risk Communication) The sharing of information about risk and risk management between the decision maker and other stakeholders. 리스크와리스크관리에관한정보를의사결정자와기타이해관계자가공유하는것. 리스크통제 (Risk Control) Actions implementing risk management decisions (ISO Guide 73). 리스크관리결정사항을추진하는행위 (ISO Guide 73). 리스크사정 (Risk Evaluation) The comparison of the estimated risk to given risk criteria using a quantitative or qualitative scale to determine the significance of the risk. www..co.kr 22
정량적또는정성적스케일을활용해지정리스크기준과추정리스크를비교하여리스크의 중요도를결정하는행위. 리스크파악 (Risk Identification) The systematic use of information to identify potential sources of harm (hazards) referring to the risk question or problem description. 정보를체계적으로활용하여리스크질문또는문제에해당되는위해의잠재적출처 ( 위해요소 ) 를파악하는행위. 리스크관리 (Risk Management) The systematic application of quality management policies, procedures, and practices to the tasks of assessing, controlling, communicating and reviewing risk. 리스크의평가, 통제, 커뮤니케이션, 검토에품질관리방침, 절차, 업무방법의체계적적용. 리스크감소 (Risk Reduction) Actions taken to lessen the probability of occurrence of harm and the severity of that harm. 위해의발생확률및위해의심각성을완화를위한행위. 리스크검토 (Risk Review) Review or monitoring of output/results of the risk management process considering (if appropriate) new knowledge and experience about the risk. ( 적절한경우에 ) 리스크에대한새로운지식과경험을고려한, 리스크관리프로세스결과의검토또는모니터. 심각성 (Severity) A measure of the possible consequences of a hazard. 위해요소에따른예상결과의수준. 이해관계자 (Stakeholder) Any individual, group or organization that can affect, be affected by, or perceive itself to be affected by a risk. Decision makers might also be stakeholders. For the purposes of this guideline, the primary stakeholders are the patient, healthcare professional, regulatory authority, and industry. www..co.kr 23
리스크에영향을주거나리스크에의해영향을받거나리스크에의해영향을받는다고 스스로인식하는개인, 그룹또는조직. 의사결정자역시이해관계자가될수있다. 이 가이드라인에서일차이해관계자는환자, 의료전문가, 규제기관그리고업체이다. 경향 (Trend) A statistical term referring to the direction or rate of change of a variable(s). 변수의변화속도또는방향을의미하는통계학적용어. 8. 참고문헌 (REFERENCES) ICH Q8 Pharmaceutical Development. ISO/IEC Guide 73:2002 - Risk Management - Vocabulary - Guidelines for use in Standards. ISO/IEC Guide 51:1999 - Safety Aspects - Guideline for their inclusion in standards. Process Mapping by the American Productivity & Quality Center, 2002, ISBN 1928593739. IEC 61025 - Fault Tree Analysis (FTA). IEC 60812 Analysis Techniques for system reliability Procedures for failure mode and effects analysis (FMEA). Failure Mode and Effect Analysis, FMEA from Theory to Execution, 2nd Edition 2003, D. H. Stamatis, ISBN 0873895983. Guidelines for Failure Modes and Effects Analysis (FMEA) for Medical Devices, 2003 Dyadem Press, ISBN 0849319102. The Basics of FMEA, Robin McDermott, Raymond J. Mikulak, Michael R. Beauregard 1996, ISBN 0527763209. WHO Technical Report Series No 908, 2003, Annex 7 Application of Hazard Analysis and Critical Control Point (HACCP) methodology to pharmaceuticals. www..co.kr 24
IEC 61882 - Hazard Operability Analysis (HAZOP). ISO 14971:2000 - Application of Risk Management to Medical Devices. ISO 7870:1993 - Control Charts. ISO 7871:1997 - Cumulative Sum Charts. ISO 7966:1993 - Acceptance Control Charts. ISO 8258:1991 - Shewhart Control Charts. What is Total Quality Control?; The Japanese Way, Kaoru Ishikawa (Translated by David J. Liu), 1985, ISBN 0139524339. www..co.kr 25
Annex I: 리스크관리방법및도구 (Risk Management Methods and Tools) The purpose of this annex is to provide a general overview of and references for some of the primary tools that might be used in quality risk management by industry and regulators. The references are included as an aid to gain more knowledge and detail about the particular tool. This is not an exhaustive list. It is important to note that no one tool or set of tools is applicable to every situation in which a quality risk management procedure is used. 이부록의목적은업계와규제기관이품질리스크관리에활용할수있는기본적인도구일부를개괄적으로살펴보고설명하는데있다. 도구에대해더자세한정보를얻는데도움이되도록, 참고문헌정보도포함시켰다. 모든것을포함하고있지는않다. 어느하나의도구나도구세트를모든품질리스크관리상황에적용할수는없다. I.1 기본리스크관리촉진방법 (Basic Risk Management Facilitation Methods) Some of the simple techniques that are commonly used to structure risk management by organizing data and facilitating decision-making are: 데이터의취합정리및의사결정촉진을통해리스크관리를체계적으로진행하는데일반적으로사용되는일부간단한기법은다음과같다. Flowcharts 흐름도 Check Sheets 체크시트 Process Mapping 프로세스매핑 Cause and Effect Diagrams (also called an Ishikawa diagram or fish bone diagram) 특성요인도 ( 이시카와도또는어골도 ) I.2 FMEA(Failure Mode Effects Analysis) FMEA (see IEC 60812) provides for an evaluation of potential failure modes for processes and their likely effect on outcomes and/or product performance. Once failure modes are established, risk reduction can be used to eliminate, contain, www..co.kr 26
reduce or control the potential failures. FMEA relies on product and process understanding. FMEA methodically breaks down the analysis of complex processes into manageable steps. It is a powerful tool for summarizing the important modes of failure, factors causing these failures and the likely effects of these failures. FMEA(IEC 60812 참조 ) 는공정의잠재이상모드와그에따른산출물및 / 또는제품성능에미칠영향을평가하는방법이다. 이상모드를파악한다음에, 리스크감소를통해잠재이상을제거, 억제, 감축또는통제한다. 제품과공정에대한이해가필요하다. FMEA 시에복잡한공정을분석해관리가능한여러단계로세분한다. 중요이상모드, 이이상을유발하는요소, 이에따른파급영향을정리하는데큰도움이되는도구이다. 적용가능분야 (Potential Areas of Use(s)) FMEA can be used to prioritize risks and monitor the effectiveness of risk control activities. FMEA를활용하여리스크의우선순위를정하고리스크통제활동의효과를모니터할수있다. FMEA can be applied to equipment and facilities and might be used to analyze a manufacturing operation and its effect on product or process. It identifies elements/operations within the system that render it vulnerable. The output/ results of FMEA can be used as a basis for design or further analysis or to guide resource deployment. FMEA는설비와시설에적용할수있으며, 제조작업, 그리고제조작업이제품이나공정에미치는영향을분석하는데활용할수있다. 시스템을취약하게만드는요소 / 업무를파악한다. FMEA 결과를디자인또는추가분석의토대로활용하거나자원배치의기준으로삼을수있다. I.3 FMECA(Failure Mode, Effects and Criticality Analysis) FMEA might be extended to incorporate an investigation of the degree of severity of the consequences, their respective probabilities of occurrence, and their detectability, thereby becoming a Failure Mode Effect and Criticality Analysis (FMECA; see IEC 60812). In order for such an analysis to be performed, the product or process specifications should be established. FMECA can identify places where additional preventive actions might be appropriate to minimize risks. www..co.kr 27
FMEA를확장시켜파급영향의심각성정도, 각각의발생확률, 감지성조사까지포함하는 FMECA(Failure Mode Effect and Criticality Analysis, IEC 60812 참조 ) 를실시할수있다. 이와같은분석을수행하려면, 제품또는공정규격이설정되어있어야한다. 리스크를최소화하기위해예방적조치가추가로필요한부분을 FMECA로파악할수있다. 적용가능분야 (Potential Areas of Use(s)) FMECA application in the pharmaceutical industry should mostly be utilized for failures and risks associated with manufacturing processes; however, it is not limited to this application. The output of an FMECA is a relative risk score for each failure mode, which is used to rank the modes on a relative risk basis. FMECA 기법은제약업계에서주로제조공정관련리스크와이상에활용된다. 하지만적용범위가여기에만한정되지않는다. FMECA 결과로이상모드별상대리스크 " 점수 " 를구하고, 이를활용하여상대리스크를바탕으로이상모드의순위를정할수있다. I.4 FTA(Fault Tree Analysis) The FTA tool (see IEC 61025) is an approach that assumes failure of the functionality of a product or process. This tool evaluates system (or sub-system) failures one at a time but can combine multiple causes of failure by identifying causal chains. The results are represented pictorially in the form of a tree of fault modes. At each level in the tree, combinations of fault modes are described with logical operators (AND, OR, etc.). FTA relies on the experts process understanding to identify causal factors. FTA 도구 (IEC 61025 참조 ) 는제품또는공정의기능이상을가정한방법이다. FTA는한번에하나씩시스템 ( 또는서브시스템 ) 이상을평가하지만, 인과관계를밝혀이상의여러원인을결합시킬수도있다. 결함수 (fault tree) 형태로분석결과를도식적으로정리한다. 또한레벨별로논리기호 (AND, OR 등 ) 로결함모드의관계를설명한다. FTA를하려면전문가가공정을충분히이해하고원인을파악할수있어야한다. 적용가능분야 (Potential Areas of Use(s)) FTA can be used to establish the pathway to the root cause of the failure. FTA can be used to investigate complaints or deviations in order to fully understand their root cause and to ensure that intended improvements will fully resolve the issue and not lead to other issues (i.e. solve one problem yet cause a different problem). www..co.kr 28
Fault Tree Analysis is an effective tool for evaluating how multiple factors affect a given issue. The output of an FTA includes a visual representation of failure modes. It is useful both for risk assessment and in developing monitoring programs. FTA를활용하여이상의근본원인을찾아낼수있다. 불만이나일탈조사시에 FTA 기법을활용하면, 문제의근본원인을파악하고개선대책이문제를충분히해결하며다른문제 ( 예, 한문제는해결하지만그에따라또다른문제를유발 ) 를일으키는지확인할수있다. FTA는여러요소가특정사안에어떻게영향을미치는지평가하는데효과적인도구이다. 이상모드가시각적으로정리된다. 리스크평가와모니터프로그램개발에유용하다. I.5 HACCP(Hazard Analysis and Critical Control Points) HACCP is a systematic, proactive, and preventive tool for assuring product quality, reliability, and safety (see WHO Technical Report Series No 908, 2003 Annex 7). It is a structured approach that applies technical and scientific principles to analyze, evaluate, prevent, and control the risk or adverse consequence(s) of hazard(s) due to the design, development, production, and use of products. HACCP은제품품질, 신뢰성, 안전성보증을위한체계적이고예방적인사전대응도구이다 (WHO TRS No. 908, 2003, Annex 7 참조 ). 제품디자인, 개발, 생산, 사용에따른위해요소의부정적영향또는리스크의분석, 평가, 예방, 통제를위해기술적과학적원칙을적용하는체계적인방법이다. HACCP consists of the following seven steps: HACCP은다음 7단계로구성된다. (1) conduct a hazard analysis and identify preventive measures for each step of the process; 위해요소분석을실시하고공정단계별로예방조치를파악한다. (2) determine the critical control points; 핵심관리포인트 (CCP) 를결정한다. (3) establish critical limits; 기준을설정한다. (4) establish a system to monitor the critical control points; 핵심관리포인트 (CCP) 의모니터시스템을구축한다. (5) establish the corrective action to be taken when monitoring indicates that the critical control points are not in a state of control; www..co.kr 29
모니터결과에따라핵심관리포인트 (CCP) 가관리범위를벗어났을때취할조치사항을결정한다. (6) establish system to verify that HACCP system is working effectively; HACCP 시스템의효과적운영상태확인을위한시스템을수립한다. (7) establish a record-keeping system. 기록유지시스템을구축한다. 적용가능분야 (Potential Areas of Use(s)) HACCP might be used to identify and manage risks associated with physical, chemical and biological hazards (including microbiological contamination). HACCP is most useful when product and process understanding is sufficiently comprehensive to support identification of critical control points. The output of a HACCP analysis is risk management information that facilitates monitoring of critical points not only in the manufacturing process but also in other life cycle phases. 물리적, 화학적, 생물학적위해요소 ( 미생물오염포함 ) 관련리스크를파악하고관리하는데 HACCP을활용할수있다. 핵심관리포인트 (CCP) 를파악하는데충분할정도로제품과공정에대한이해도가높으면 HACCP 기법의유용성은더욱크다. HACCP 분석결과는제조공정뿐만아니라기타라이프사이클단계에서핵심관리포인트 (CCP) 모니터를위한효과적인리스크관리정보이다. I.6 HAZOP(Hazard Operability Analysis) HAZOP (see IEC 61882) is based on a theory that assumes that risk events are caused by deviations from the design or operating intentions. It is a systematic brainstorming technique for identifying hazards using so-called guide-words. Guide-words (e.g., No, More, Other Than, Part of, etc.) are applied to relevant parameters (e.g., contamination, temperature) to help identify potential deviations from normal use or design intentions. It often uses a team of people with expertise covering the design of the process or product and its application. HAZOP(IEC 61882 참조 ) 은디자인또는운전조건을벗어나는일탈에의해리스크사태가발생된다고가정하는이론을토대로한다. 소위 " 가이드단어 (guide-words)" 를활용하여위해요소를파악하는체계적인브레인스토밍기법이다. " 가이드단어 "( 예, 없음 (No), 증가 (More), 기타 (Other than), 부분 (Part of) 등 ) 를관련파라미터 ( 예, 오염, 온도 ) 에적용하여정상사용또는디자인조건을벗어나는일탈부분을파악한다. 공정 www..co.kr 30
또는제품디자인및이의적용에관련된전문가로팀을구성해 HAZOP 을진행한다. 적용가능분야 (Potential Areas of Use(s)) HAZOP can be applied to manufacturing processes, including outsourced production and formulation as well as the upstream suppliers, equipment and facilities for drug substances and drug (medicinal) products. It has also been used primarily in the pharmaceutical industry for evaluating process safety hazards. As is the case with HACCP, the output of a HAZOP analysis is a list of critical operations for risk management. This facilitates regular monitoring of critical points in the manufacturing process. HAZOP은원료의약품및완제의약품제조시설과설비, 공급업체뿐만아니라, 아웃소싱생산및조제를포함한제조공정에적용할수있다. 또한제약업계에서는공정안전위해요소평가에주로사용되어왔다. HACCP과마찬가지로 HAZOP의결과로리스크관리를위한핵심업무목록이만들어진다. 제조공정중의핵심포인트를주기적으로모니터하는데도움이된다. I.7 PHA(Preliminary Hazard Analysis) PHA is a tool of analysis based on applying prior experience or knowledge of a hazard or failure to identify future hazards, hazardous situations and events that might cause harm, as well as to estimate their probability of occurrence for a given activity, facility, product or system. The tool consists of: 1) the identification of the possibilities that the risk event happens, 2) the qualitative evaluation of the extent of possible injury or damage to health that could result and 3) a relative ranking of the hazard using a combination of severity and likelihood of occurrence, and 4) the identification of possible remedial measures. PHA는위해요소또는이상에대한지식이나과거경험을바탕으로미래의위해요소, 위해상황, 위해를유발할수있는사태를파악하고, 특정행위, 시설, 제품또는시스템별발생확률을추정하는분석도구이다. PHA는 1) 리스크사태발생가능성의파악, 2) 그에따른부상또는건강훼손수준의정성적평가, 3) 발생가능성과심각성을조합해위해요소의상대등급설정, 4) 가능한구제조치파악으로구성된다. 적용가능분야 (Potential Areas of Use(s)) PHA might be useful when analyzing existing systems or prioritizing hazards where www..co.kr 31
circumstances prevent a more extensive technique from being used. It can be used for product, process and facility design as well as to evaluate the types of hazards for the general product type, then the product class, and finally the specific product. PHA is most commonly used early in the development of a project when there is little information on design details or operating procedures; thus, it will often be a precursor to further studies. Typically, hazards identified in the PHA are further assessed with other risk management tools such as those in this section. PHA는보다상세한기법의적용이어려운상황에서기존시스템을분석하거나위해요소의우선순위를정할때유용하다. 제품, 공정, 시설디자인분석에활용할수있으며, 또한일반적인제품에대한위해요소유형을평가하고그다음에는제품종류별위해요소유형, 그리고마지막으로특정제품의위해요소를평가한다. 상세한디자인정보나운전절차에대한정보가거의없는프로젝트초반에 PHA를흔히활용한다. 그러므로추가조사를위한기초자료역할을한다. 일반적으로 PHA를통해파악된위해요소를이섹션에서설명하고있는것과같은다른리스크관리도구로더상세하게평가한다. I.8 리스크랭킹및필터링 (Risk Ranking and Filtering) Risk ranking and filtering is a tool for comparing and ranking risks. Risk ranking of complex systems typically requires evaluation of multiple diverse quantitative and qualitative factors for each risk. The tool involves breaking down a basic risk question into as many components as needed to capture factors involved in the risk. These factors are combined into a single relative risk score that can then be used for ranking risks. Filters, in the form of weighting factors or cut-offs for risk scores, can be used to scale or fit the risk ranking to management or policy objectives. 리스크랭킹및필터링은리스크를비교하고순위를정하는도구이다. 복잡한시스템의리스크랭킹을위해서는리스크별다양한정량적 / 정성적요소를평가할필요가있다. 기본리스크질문을최대한많은부분으로세분하여, 그리스크에관련된요소를파악한다. 이들요소를종합하여하나의상대리스크점수를정하고, 이를활용해리스크순위를매긴다. " 필터 "( 리스크점수에컷오브 (cutoff) 또는가중치 (weighting factor) 적용 ) 를활용해관리또는방침목표에대비하여리스크랭킹을조정할수있다. 적용가능분야 (Potential Areas of Use(s)) Risk ranking and filtering can be used to prioritize manufacturing sites for inspection/audit by regulators or industry. Risk ranking methods are particularly helpful in situations in which the portfolio of risks and the underlying consequences www..co.kr 32
to be managed are diverse and difficult to compare using a single tool. Risk ranking is useful when management needs to evaluate both quantitatively-assessed and qualitatively-assessed risks within the same organizational framework. 리스크랭킹및필터링은규제기관이나업체의실사 / 감사대상제조소의순위를정하는데활용할수있다. 리스크랭킹방법은리스크포트폴리오와관리대상영향이다양하며하나의도구로비교하기어려운상황에서도움이된다. 조직내부의리스크를정량적 / 정성적으로평가할필요가있을때리스크랭킹방법이유용하다. I.9 통계학적도구 (Supporting Statistical Tools) Statistical tools can support and facilitate quality risk management. They can enable effective data assessment, aid in determining the significance of the data set(s), and facilitate more reliable decision making. A listing of some of the principal statistical tools commonly used in the pharmaceutical industry is provided: 통계학적도구는품질리스크관리를뒷받침한다. 효과적인데이터평가를가능하게하며, 또한데이터의의미를이해하고보다신뢰성있는의사결정을촉진하는데도움이된다. 제약업계에서일반적으로사용되고있는통계학적도구일부를정리하면다음과같다. Control Charts (for example): - Acceptance Control Charts (see ISO 7966); - Control Charts with Arithmetic Average and Warning Limits (see ISO 7873); - Cumulative Sum Charts (ISO 7871); - Shewhart Control Charts (see ISO 8258); - Weighted Moving Average. Design of Experiments (DOE); Histograms; Pareto Charts; Process Capability Analysis www..co.kr 33
Annex II: 품질리스크관리기법의적용 (Potential Applications for Quality Risk Management) This Annex is intended to identify potential uses of quality risk management principles and tools by industry and regulators. However, the selection of particular risk management tools is completely dependent upon specific facts and circumstances. 이부록은업계와규제기관이품질리스크관리원칙과도구를활용할수있는분야를제시하는데목적이있다. 하지만어떤리스크관리도구를선택할것인지는구체적인상황과사실에따라결정한다. These examples are provided for illustrative purposes and only suggest potential uses of quality risk management. This Annex is not intended to create any new expectations beyond the current regulatory requirements. 아래에기술한사항은단지예에불과하며품질리스크관리기법의활용가능성을제시할뿐이다. 이부록은현재의규제기준범위를벗어나는또다른새로운기준을제시하고자하는것은아니다. II.1 통합품질관리의일환으로써품질리스크관리 (Quality Risk Management as Part of Integrated Quality Management) 문서관리 (Documentation) To review current interpretations and application of regulatory expectations; 규제기관의기대사항에대한해석과이의적용에대한검토. To determine the desirability of and/or develop the content for SOPs, guidelines, etc. SOP, 가이드라인등으로작성할필요가있는부분의파악및그내용개발. 교육훈련및교육 (Training and education) To determine the appropriateness of initial and/or ongoing training sessions based on education, experience and working habits of staff, as well as on a periodic assessment of previous training (e.g., its effectiveness); 작업자의교육, 경험, 업무습관, 그리고이전교육훈련의주기적평가 ( 예, 교육훈련의 www..co.kr 34
효과 ) 에근거하여최초및 / 또는지속적교육훈련의적절성평가. To identify the training, experience, qualifications and physical abilities that allow personnel to perform an operation reliably and with no adverse impact on the quality of the product. 제품품질에부정적영향을주지않고업무를신뢰성있게수행할수있는작업자의교육훈련, 경험, 자격, 신체능력파악. 품질결함 (Quality defects) To provide the basis for identifying, evaluating, and communicating the potential quality impact of a suspected quality defect, complaint, trend, deviation, investigation, out of specification result, etc; 품질결함의심사항, 불만, 경향, 일탈, 조사, OOS 결과등의품질파급영향파악, 평가, 커뮤니케이션을위한토대제공. To facilitate risk communications and determine appropriate action to address significant product defects, in conjunction with regulatory authorities (e.g., recall). 규제기관과연계하여중대한제품결함을해결하기위한리스크커뮤니케이션촉진및적정조치사항결정 ( 예, 리콜 ). 감사 / 실사 (Auditing/Inspection) To define the frequency and scope of audits, both internal and external, taking into account factors such as: 다음요소를고려하여내부및외부감사주기와범위결정. Existing legal requirements; 현재의법적기준 Overall compliance status and history of the company or facility; 회사또는시설의전반적인준수상태와과거준수내역 Robustness of a company s quality risk management activities; 품질리스크관리활동의강건성 Complexity of the site; 사업장의복잡성 Complexity of the manufacturing process; www..co.kr 35
제조공정의복잡성 Complexity of the product and its therapeutic significance; 제품의복잡성과치료중요성 Number and significance of quality defects (e.g, recall); 품질결함 ( 예, 리콜 ) 횟수와중요성 Results of previous audits/inspections; 이전감사 / 실사결과 Major changes of building, equipment, processes, key personnel; 건물, 설비, 공정, 핵심작업자의주요변경 Experience with manufacturing of a product (e.g., frequency, volume, number of batches); 제품제조경험 ( 예, 빈도, 양, 배치수 ) Test results of official control laboratories. 공식품질관리시험기관의시험결과 주기적검토 (Periodic review) To select, evaluate and interpret trend results of data within the product quality review; 제품품질검토대상데이터의경향분석결과선정, 평가, 해석. To interpret monitoring data (e.g., to support an assessment of the appropriateness of revalidation or changes in sampling). 모니터데이터의해석 ( 예, 검체채취방법변경또는재밸리데이션의적절성평가뒷받침 ). 변경관리 (Change management/change control) To manage changes based on knowledge and information accumulated in pharmaceutical development and during manufacturing; 의약품개발과제조시에축적한지식과정보를바탕으로변경관리. To evaluate the impact of the changes on the availability of the final product; 변경이최종제품활용성에미칠파급영향평가. To evaluate the impact on product quality of changes to the facility, equipment, material, manufacturing process or technical transfers; www..co.kr 36