The UK is on to something. British inspectors will be looking for a “risk register” and a defined document management control system including periodic reviews of risk management assessments when inspecting drug manufacturers. It seems both sides of the Atlantic are on board with quality risk management, and for good reason.
The Medicines and Healthcare products Regulatory Agency (MHRA) was set up in April 2003 from a merger of the Medicines Control Agency and the Medical Devices Agency. According to the website (https://www.mhra.gov.uk), the MHRA is the government agency which is responsible for ensuring that medicines and medical devices work, and are acceptably safe. The MHRA is an executive agency of the Department of Health. MHRA defines Good Manufacturing Practice (GMP) as “a part of quality assurance which ensures that medicinal products are consistently produced and controlled to the quality standards appropriate to their intended use and as required by the marketing authorisation (sic) (MA) or product specification. GMP is concerned with both production and quality control.”
Likewise, the Food and Drug Administration (FDA) says that “good manufacturing practices are a quality system that follows certain basic principles that govern the manufacturing process, documentation, employee training, handling of complaints, and management of records. “ They also cite that good manufacturing practices require that domestic or foreign manufacturers have a quality system to do business in the United States. However, the FDA says that the GMP requirements were established to be flexible in order for each manufacturer to decide individually how to best implement the necessary controls by using scientifically sound design, processing methods, and testing procedures. The flexibility encourages the use of modern technologies to achieve higher quality through continuous improvement.
Reading through the FAQs on MHRA’s website, you can get an idea of what the agency will be evaluating and enforcing in quality risk management. First of all, quality risk management is required. “All manufacturing authorisation holders, third country manufacturing sites, blood establishments, blood banks and active pharmaceutical ingredient manufacturers must have a system for QRM. Inspectors will review the QRM system as part of the Quality Systems section of the inspection (along with complaints, recalls, deviations, and product quality reviews etc) … It is an expectation of Chapter 1 that companies embody quality risk management. “
Companies must have a standard operating procedure (SOP) to describe how they approach QRM. SOPs need to define how the management system operates and its general approach to both planned and unplanned risk management. The SOP should include scope, responsibilities, controls, approvals, management systems, applicability, and exclusions.
Additionally, MHRA requires a “risk register” or similar document to “list and track all key risks as perceived by the organisation and summarise how these have been mitigated. “ It also requires that a management process be in place to review risk management and incorporated into the quality management review process.
Clearly, the MHRA gave this a lot of thought and the guidance is very detailed. What stands to be seen is whether companies will be able to implement it as well as the requirements suggest. The FDA has seen its challenges with GMP regulations and quality systems. As consumer demand for regulation continues to drive new, more stringent regulations, organizations are forced to look at their quality management systems and ensure that they are following good manufacturing processes. If not now, they will surely be hearing from an auditor from at least one side of the Atlantic.