1、Designation: E 2476 09Standard Guide forRisk Assessment and Risk Control as it Impacts the Design,Development, and Operation of PAT Processes forPharmaceutical Manufacture1This standard is issued under the fixed designation E 2476; the number immediately following the designation indicates the year
2、oforiginal adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.INTRODUCTIONThis document provides guidance on the implementation of
3、risk assessment and risk control forProcess Analytical Technology (PAT) processes within the pharmaceutical industry. Whereverpossible, other appropriate standards on risk assessment/management have been referenced andacknowledged. Where practical, further details of methods and additional reference
4、s have beenprovided for information within the appendixes.The application of risk assessment and risk control is pivotal to the creation of PAT systems, whichare described as “science-based” and “risk-based.” Such application starts at an early stage in thedevelopment of the process and continues th
5、roughout development and production. In the productionphase, it is a crucial component of applying continuous improvement to the process.RELATIONSHIP TO ICH Q9The ICH Q9 Guideline for Quality Risk Management is intended for general application within thepharmaceutical industry. ICH Q9 describes the
6、requirements for pharmaceutical quality risk manage-ment and considers the risk as “risk to the patient.”This document provides specific guidance on the risk assessment and risk control phases identifiedin ICH Q9 in a limited set of conditions. It is applicable where the manufacturing method is comp
7、liantwith Process Analytical Technology (PAT) principles, and where the primary considerations areproduct quality and reduction of process and product variability. The only component of risk to patientconsidered here is risk to product quality. Other components fall outside the scope of the document
8、.In addition, other areas identified in ICH Q9, such as general risk management and risk communi-cation, are not considered here.This document provides guidance which applies to the design, development, and operation of PATsystems. It should be considered as a specific extension, supporting the ICH
9、Q9 guidance for theseprocesses.1. Scope1.1 This document provides guidance on the assessment ofrisks to product quality within and related to PAT processes inthe pharmaceutical industry. It addresses those risks to productquality arising from, associated with, identified by, or modifiedby the implem
10、entation of PAT in pharmaceutical developmentand manufacturing for primary, secondary, and biotech sectorsof the industry. It does not replace those assessments of riskcurrently undertaken by pharmaceutical companies, but is,rather, an additional component focused specifically upon theevaluation and
11、 design of PAT processes. See Practice E 2474,Guide E 2500, and ICH Q8.1This guide is under the jurisdiction of ASTM Committee E55 on Manufactureof Pharmaceutical Products and is the direct responsibility of Subcommittee E55.01on PAT System Management.Current edition approved May 15, 2009. Published
12、 July 2009.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.1.2 This standard does not purport to address all of thesafety concerns, if any, associated with its use. It is theresponsibility of the user of this standard to establish ap
13、pro-priate safety and health practices and determine the applica-bility of regulatory limitations prior to use. Note that safety inthis context refers to operational and operator safety, not topatient safety.2. Referenced Documents2.1 ASTM Standards:2E 2474 Practice for Pharmaceutical Process Design
14、 Utiliz-ing Process Analytical TechnologyE 2500 Guide for Specification, Design, and Verification ofPharmaceutical and Biopharmaceutical ManufacturingSystems and EquipmentE 2363 Terminology Relating to Process Analytical Tech-nology in the Pharmaceutical Industry2.2 Other Standards:FDA Guidance for
15、Industry PATA Framework for Inno-vative Pharmaceutical Development, Manufacturing, andQuality Assurance3ICH Q8 Pharmaceutical Development4ICH Q9 Quality Risk Management4IEC 60812 Analysis Techniques for System ReliabilityProcedure for Failure Mode and Effects Analysis(FMEA)5IEC 61025 Fault Tree Anal
16、ysis (FTA)5IEC 61882 Hazard and Operability Studies (HAZOPStudies)Application Guide5ISO 22000 Food Safety Management SystemsRequirements for any Organization in the Food Chain6WHO Technical Report 908 WHO Expert Committee onSpecifications for Pharmaceutical Preparations3. Terminology3.1 The terminol
17、ogy specific to this guide will be incorpo-rated into Terminology E 2363.4. Significance and Use4.1 This guide is intended to provide guidance regarding theuse of risk analysis in the development, day-to-day running,and continuous improvement of pharmaceutical processesincorporating ProcessAnalytica
18、l Technology (PAT). Since PATis defined as being “risk-based” (see FDA Guidance forIndustry), it is important that a consistent approach to the useof risk methodologies is adopted, to ensure rapid transfer ofprocess understanding within the development and manufac-turing teams, and to the regulators
19、 where that is appropriate.4.2 This guidance only covers those aspects of risk assess-ment related to “risk to product quality.” Other aspects (such as“risk to patient”) should be covered in the conventionalmanner.5. Principles of Risk Assessment and Risk Control5.1 BackgroundRisk management has bee
20、n widely usedin manufacturing and service industries for many years. Insome industries, risk management has become formalized intoa highly structured approach which has become the subject ofstandardization. This standardization has a number of benefitsincluding:5.1.1 Widespread acceptance based on c
21、onsensus among allinterested parties, which makes regulatory approval easier,5.1.2 Easy comparison of equivalent processes betweensites, companies, and continents,5.1.3 Ready transferability of skilled labor, and5.1.4 Standardized training.5.2 High-Level Characteristics of Risk AssessmentA riskasses
22、sment for a PAT process has, in addition to the principlesoutlined in ICH Q9, a number of key characteristics:5.2.1 It is systematic and structured.5.2.2 It is primarily evidence-based. Evidence may includedirect experience, historical knowledge, professional judg-ment, etc.5.2.3 It specifically foc
23、uses upon uncertainty and/or vari-ability in product quality and the causes of such uncertainty/variability.5.2.4 It is an integral component of the decision-makingprocess.5.2.5 It guides risk control and mitigation; that is, it recog-nizes that the primary consideration is product quality andidenti
24、fies those areas where risks must be reduced and providesa mechanism for assessing when the risk has been sufficientlyreduced.5.2.6 It is multi-layered. It can be applied at many levels,that is, lower-level, more detailed assessments feeding intohigher-level, broader scope assessments. (For example,
25、 ahigher-level risk assessment for the finished product will havelower-level risk assessments for each of the process stageswhich feed into it.) Breaking risk assessment into layers makescomplex evaluations simpler to perform, simpler to understand,and simplifies the generation of a detailed respons
26、e. It alsoassists in the process of identifying specific targets for reducingthe risk.5.2.6.1 In general, an initial high-level risk assessment willidentify most of the high-risk areas. Subsequent lower-levelrisk assessments, and resulting mitigation actions, will focusinitially upon these identifie
27、d areas of high risk, moving tothose areas of intermediate and lower risk at a later stage in theprocess. This later amelioration of the risk may be part of acontinuous improvement process.5.2.7 It is dynamic and iterative. It will remain active for thelifecycle of a product, responding to changing
28、commercial,manufacturing, and scientific conditions and the availability ofadditional information and/or process understanding.5.3 High-Level Characteristics of Risk Control:2For referenced ASTM standards, visit the ASTM website, www.astm.org, orcontact ASTM Customer Service at serviceastm.org. For
29、Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.3Available from Food and Drug Administration (FDA), 5600 Fishers Ln.,Rockville, MD 20857, http:/www.fda.gov.4Available from International Conference on Harmonisation of TechnicalRequireme
30、nts for Registration of Pharmaceuticals for Human Use (ICH), ICHSecretariat, c/o IFPMA, 15 ch. Louis-Dunant, P.O. Box 195, 1211 Geneva 20,Switzerland, http:/www.ich.org.5Available from International Electrotechnical Commission (IEC), 3 rue deVaremb, Case postale 131, CH-1211, Geneva 20, Switzerland,
31、 http:/www.iec.ch.6Available from American National Standards Institute (ANSI), 25 W. 43rd St.,4th Floor, New York, NY 10036, http:/www.ansi.org.E24760925.3.1 Once risks have been clearly identified and prioritized,and the need for risk mitigation agreed, the process of riskcontrol takes effect. Ris
32、k control has a number of key charac-teristics:5.3.1.1 Risks which are identified during the analysis shouldreceive a proportionate response. The response should berelated to the probability of the event occurring, the severity ofthe results, and the detectability of the event.5.3.1.2 Risk control a
33、ctions for a new process occur in aspecific order:(1) Perform design changes to reduce the risk. (That is,enacting modifications to the basic process that deliver higherquality or more consistent product. This is a key reason foradopting PAT.)(2) Add control features to reduce the process risk. (Tha
34、t is,putting extra features on the process the primary function ofwhich is to reduce some facet of the risk, which is a keycomponent of PAT.)(3) Apply methods improving detectability (such as, stan-dard operating procedures, guidelines, company practices, stafftraining and/or selection, etc.) to red
35、uce risk.5.3.1.3 For an existing process, the sequence may be differ-ent.5.3.1.4 These actions should ideally be applied in the orderlisted. When a risk is identified, the design team should firstseek to remove the risk by changing the fundamental processdesign. If this is not possible, they should
36、then seek to modifyequipment design or process conditions to reduce the risk.Only if neither of these are practical should they use the thirdapproach of imposing specific working practices. Some modi-fication in this order may be necessary when an existingprocess is being considered and the costs as
37、sociated withfundamental design change are prohibitive.5.3.1.5 Once this process is complete, the remaining risksare known as residual risks. Residual risks are:(1) Risks which remain higher than the acceptable risklevel, but which cannot practicably be further reduced byredesign, risk control, or s
38、tandard procedures/training/etc.When such risks occur, it will then be necessary to implementa post-process risk mitigation measures such as off-line testing.5.3.1.6 Residual risks must be fully documented and shouldbe subject to a formal acceptance procedure at least oncebefore final process approv
39、al.5.3.1.7 It is recognized that, in the application of riskcontrol:(1) Changes must be viable in technical, regulatory, andcommercial contexts. Where changes do not meet these crite-ria, it must be explicitly so stated in the risk report.(2) Reducing the risk on a process may still mean that thepro
40、cess carries high risk after a particular stage. Subsequentrisk mitigation will be necessary.(3) Changing a process to reduce one risk may aggravateanother risk. The objective is to minimize the overall risk. Thismay result in a high risk remaining unaddressed at a particularstage, which then needs
41、to be addressed by subsequent riskcontrol actions.(4) Changing a process to reduce one risk may introduceanother risk. This risk, in turn, must be assessed and priori-tized.6. Preparation for Risk Assessment and Risk Control6.1 Adequate preparation is a key component of an effectiverisk assessment a
42、nd risk control strategy.6.2 Objectives of the Risk AssessmentTo achieve timely,effective results from a risk assessment and risk controlprocess, the scope and objectives of the work shall be clearlydefined at the earliest possible stage.6.3 Selection of the Risk Assessment/Control Group:6.3.1 The g
43、roup assessing these risks shall include experi-enced practitioners with all of the relevant key skills to identifyand evaluate the key factors in the process under consideration.The group should therefore include, or have direct access to,subject matter experts with expertise or extensive experienc
44、e inappropriate areas such as:6.3.1.1 Drug(s), intermediates and excipients in the formappropriate to the industry sector,6.3.1.2 Design and function of the drug product,6.3.1.3 Scientific and/or technical issues of process design,6.3.1.4 Design and function of the process equipment,6.3.1.5 Measurem
45、ent systems,6.3.1.6 Development of process and control models,6.3.1.7 Design and function of process controls,6.3.1.8 Existing production,6.3.1.9 Current operating practices (including agreed workrules and practices),6.3.1.10 Known problems with the product, either in manu-facturing or subsequent us
46、e,6.3.1.11 Company quality records and procedures,6.3.1.12 Company laboratory capabilities and practices,6.3.1.13 Recruitment and training policies in so far as theyimpact the process,6.3.1.14 Company maintenance records and procedures,and6.3.1.15 Company validation practices and procedures orcontin
47、uous quality verification.6.3.2 Individuals may fulfill one or more of these roles. It isnot necessary for everyone to be present throughout theassessment, but a core group that is involved throughout shouldbe clearly identified.6.3.3 At least one member of the group should be fullytrained to perfor
48、m risk assessments.6.4 Collection and Preparation of InformationAs far asis possible, all relevant information necessary for the riskassessment should be collected or prepared before the start ofthe process. This helps to ensure that the assessment processdoes not become fragmented.6.5 Consistency o
49、f Approach:6.5.1 The estimation of risk will usually be quasi-quantitative, and, therefore, on an arbitrary scale. However it isimportant that measures are put in place to ensure that:6.5.1.1 The estimation of risk is consistent from one projectto another,6.5.1.2 The estimation of risk is consistent from one assess-ment team to another, andE24760936.5.1.3 The estimation of risk is sufficiently transparent thatit can be readily understood by a third party assessor (such asa representative of a regulatory agency).7. Application of Risk Assessment and Risk Control toPAT7.1 O
