James Murtagh04.04.06
Risk management is a way to take a proactive approach to building quality into a development program. This article is meant to provide an overview and an example (from the collective experience of a contract services provider) of a risk-based approach to developing a biologically derived entity as a therapeutic agent.
Development of any therapeutic agent from lead identification to proof of concept in man is a time-consuming and expensive process. While each case is different, risk management tools can be applied to the process to identify areas which tend to delay timelines and increase costs. This approach, in fact, is expected to be a part of the submission of the product for approval1. The expectation from the regulatory agencies is if a risk-based approach has been taken to the definition, design, and manufacture of the drug product, it will be easier for the agency to assess the safety and efficacy of the product both at the time of the submission of the product and during the product’s life cycle.
Risk Management
Risk management is a coordinated activity directing and controlling a program with regard to risk. It may be applied during the development of a biotechnological Active Pharmaceu-tical Ingredient (API) to optimize product and process design, develop knowledge of processing options and parameters, assess critical attributes, establish specifications and identify the need for additional studies during the development program. This approach is intended to provide a science- and knowledge-based decision-making tool for conducting, in the case described herein, a development program for a biotechnology-based therapy. Three questions are considered:
• What might go wrong?
• What is the likelihood it will go wrong?
• What are the consequences?
One definition of risk analysis is, “A systematic use of available information to determine how often specified events may occur and the magnitude of their consequences”2.
Risk is restricted to events where there is at least the possibility of negative consequences. Risk identification is followed by risk assessment, which focuses on the second and third questions above. In many cases, an additional concern must be addressed: detectability. In the area of determination of the biological activity, for example, there is a significant likelihood that the information from the biological activity obtained early in the development process is not representative of the eventual therapeutic performance.
The use of a risk-based analysis of a development program can and should occur at both the overall program level (evaluating global marketing expectations, regulatory and development strategies, for example) and for detailed evaluation of each task associated with the development program (choice of production system, purification process, or analytical method development).
Some important elements of a risk management system need to be considered and applied to the development of a biological API. Stakeholders are individuals or groups that can either affect the risk or be affected by the risk. Examples of stakeholders include Marketing, Regulatory Affairs, Development, Clinical, Toxicology, Analytical Development, API manufacturing, and Quality. Decision makers need to be identified. A team approach to the assessment and management of the risk is the typical means of addressing these issues, and the team should include a combination of subject matter experts and individuals familiar with risk management, to provide useful risk analysis.
There are different types of risk management tools that are appropriate for specific applications. It can be helpful initially to use risk ranking and filtering to provide a basis for focusing on areas where additional efforts will be most beneficial. Other tools are more applicable to specific areas. They can provide results from documented evaluations of the overall strategy of the development program at a given point in time; to a statistically based rationale for the optimization of a purification process. Examples of such tools are HACCP, Hazard Analysis and Critical Control Points, originally developed in the food industry3, 4, FMEA, Failure Mode Effects Analysis5, and FTA, Fault Tree Analysis6.
Regulatory Perspective
From both the FDA and other regulatory agencies around the world, the message is clear: the expectation is that industry will use an integrated quality systems approach based on risk management7.
A large part of this expectation is to render the quality process a continuous one, rather than a discrete activity that is completed at the time of submission of the product for approval. The documentation of risk management through the development process is expected to define the product as it has developed, document what is understood and, just as importantly, provide a basis for reassessment as time goes on and knowledge increases. Regulation provides a framework for improvement of both the understanding of the product and the product itself. This is an integral part of the harmonization process, with the ICH Q9 guideline on Quality Risk Management now released to European, Japanese, and the U.S. regula-tory agencies.
Development of Biotechnology-Derived Articles
An important element in the utilization of a risk-based approach is to define the risk question. It is not possible, nor should it be attempted, to formulate a single question which will address all of the concerns or potential risks associated with an activity as complex as the development a new product for human use. At the time of the decision to proceed to development, however, the obvious questions can be framed in terms of a risk identification process almost immediately. For example, if the target is a specific type of cell responsible for the disease state, how far should the development program proceed before considering the drug delivery system? If a commercially viable drug delivery system is not considered until the proof-of-concept studies have shown the product warrants further development, what might go wrong?
Risk Ranking Example
As an example of the application of risk-based analysis to a limited part of a development program, this article will focus on a risk ranking exercise of analytical methods that could be applied during development of a protein API. The table of methods considered is not exhaustive, but is presented to provide an example of the assessment of the methods related to the risk they introduce into the development program.
It is important to consider the purpose of the method under consideration. Methods will be needed to identify the API, quantify it, assess impurities and related proteins in it, provide data on the limits of levels of microorganisms, bacterial endotoxin, viruses, and other potential contaminants. The risk-based analysis of methods will be restricted to identification, quantification, and impurities and related proteins (excluding viruses, endotoxin and microorganisms).
Identification Methods Risk Rating Key
Probability
That the method will need to be redeveloped or reinterpreted when used for identification of a protein API
1 = Rarely if ever occurs
2 = Method frequently requires refinement or redevelopment during program
3 = Likely to occur, method is redeveloped or reinterpreted during most development programs
Severity
For identification testing, severity is based on the length of time needed to develop the method, the requirement of the method for a well characterized reference standard material, and the simplicity of interpretation.
For example, the length of time needed to develop a SDS-PAGE method is short (short time = 1, moderate time = 2, long time= 3), the requirement for a well characterized reference standard material is low (low = 1, moderate = 2, extreme = 3), and the interpretation of the results of the method is simple (simple = 1, moderate = 2, interpretation difficult = 3). Thus the severity rating for the use of SDS-PAGE as an identification method for a protein API is 1 (short time) + 1 (need for reference standard low) + 2 (interpretation moderate) = 4. The minimum severity for an identification method is 3 and the maximum is 9.
Detectability
0.1 = Need for redevelopment or reinterpretation is readily apparent
0.5 = Full validation and robustness evaluation is needed on multiple lots of material to assess method
1.0 = Considerable progress along development path is needed before assessment of method and results is possible
Overall Risk Rating = Probability x Severity x Detectability
[The range of values is from 0.3 to 27]
Quantification Methods Risk Rating Key
Probability
That the method will need to be redeveloped or reinterpreted when used for identification of a protein API
1 = Rarely if ever occurs
2 = Method frequently requires refinement or redevelopment during program, particularly during formulation development
3 = Likely to occur, method is redeveloped or reinterpreted during most development programs
Severity
For quantification, severity is based on the length of time needed to develop the method, the requirement of the method for a well characterized reference standard material, and the simplicity of interpretation.
For example, the length of time needed to develop an A280 method is short (short time = 1, moderate time = 2, long time= 3), the requirement for a well characterized reference standard material is moderate (low = 1, moderate = 2, extreme = 3), and the interpretation of the results of the method is simple (simple = 1, moderate = 2, interpretation difficult = 3). Thus the severity rating for the use of A280 as a quantification method for a protein API is 1 (short time) + 2 (need for reference standard moderate) + 1 (quantification simple) = 4. The minimum severity for an identification method is 3 and the maximum is 9.
Detectability
0.1 = Need for redevelopment or reinterpretation is readily apparent
0.5 = Full validation and robustness evaluation is needed on multiple lots of material to assess method
1.0 = Considerable progress along development path is needed before assessment of method and results is possible
Overall Risk Rating = Probability x Severity x Detectability
[The range of values is from 0.3 to 27]
Impurities/Related Substances Methods Risk Rating Key
Probability
That the method will need to be redeveloped or reinterpreted when used for identification of a protein API
1 = Rarely if ever occurs
2 = Method frequently requires refinement or redevelopment during program
3 = Likely to occur, method is redeveloped or reinterpreted during most development programs
Severity
For determination of impurities and related substances, severity is based on length of time needed to develop the method, requirement of the method for a well characterized reference standard materials, and simplicity of interpretation.
For example, the length of time needed to develop a SDS-PAGE method is short (short time = 1, moderate time = 2, long time= 3), the requirement for a well characterized reference standard material is low (low = 1, moderate = 2, extreme = 3), and the interpretation of the results of the method is for impurities and related substances is difficult (simple = 1, moderate = 2, interpretation difficult = 3). Thus the severity rating for the use of SDS-PAGE as impurity and related substances method for a protein API is 1 (short time) + 1 (need for reference standard low) + 3 (interpretation difficult) = 5. The minimum severity for an identification method is 3 and the maximum is 9.
Detectability
0.1 = Need for redevelopment or reinterpretation is readily apparent
0.5 = Full validation and robustness evaluation is needed on multiple lots of material to assess method
1.0 = Considerable progress along development path is needed before assessment of method and results is possible
Overall Risk Rating = Probability x Severity x Detectability
[The range of values is from 0.3 to 27]
Identification Methods
An identification test for a pharmaceutical API needs to be specific, unequivocally confirming the identity of the API, even in the presence of potentially interfering substances. In many cases for a small molecule API, one or two well characterized methods will suffice. In contrast, a protein API will require more methods and a significant amount of effort to demonstrate the methods chosen are rigorously specific.
The risk to the overall development program is this: What level of risk do these methods, if used for identification of the protein API, have for a significant time delay to development?
To provide a semi-quantitative basis for the ranking, the three risk elements are provided, with different means of assigning a numerical value to the likelihood there will be a delay, the severity of the delay, and the detectability of the need to redevelop or reinterpret the method.
Table 1 shows the results of the risk ranking exercise for methods that would be used to identify the protein API. The key below the table provides the details of how the numerical values in the table were derived. The use of the different approaches for the three risk elements is included to illustrate the different approaches that are available for risk ranking. For the likelihood that there will be a need to redevelop a method or reinterpret its results, a simple three-level assignment was used based on experience with the methods in previous development projects. In order to provide a more detailed consideration of the severity of problems that might be encountered, three aspects of the methods were assigned values separately and then added together for a single value for the severity element. In the case of detectability, fractional values were used to demonstrate their potential use in semi-quantitative or quantitative risk assessment. If the problem is readily apparent as soon as it occurs, it is generally much easier to correct (and the risk to the program is less). If it is difficult to tell a problem exists, then the risk is greater.
To arrive at a risk rating value for each method, the three values assigned to the elements of risk are multiplied together: Probability x Severity x Detectability = Risk Rating.
The range of values assigned to the three elements is arbitrary. Risk assessment is an iterative process, and examination of the risk ratings assigned to various protein identification methods can lead to a refinement of the ranges used to provide a ranking more in line with the expectations of experienced practitioners in the field.
Quantification methods
Quantification of the protein API should be provided by a method that will eventually be demonstrated to be stability indicating. This requirement leads to changes in the risk ratings assigned to the same methods, as is seen in Table 2. It also serves to demonstrate that the same evaluation tool used for the identification methods may not be applicable: the difficulty associated with robust quantification may be underweighted in the severity element of the risk rating. This was compensated by increasing the detectability factor to 1 in the case of a cell-based biological activity assay, greatly increasing the risk rating. Other approaches may be more justified and more appropriate.
Impurities/Related Substances methods
Detection of closely related impurities in a protein API is a challenge when there are unlikely to be readily available reference materials available to confirm the method detection capability. Unknown or uncharacterized materials in the API may be difficult to detect. A number of methods appropriate for identification and quantification are not appropriate for determination of impurities in a protein API. Again, as in the case of the assessment of quantification methods, the severity weighting for method problems does not appear to be adequate for the risk associated, for example, with relying on SDS-PAGE as a method for detection of impurities.
Conclusion
A risk-based planning approach should be applied to the proposed development program for a new biotherapeutic agent. It provides a framework for the input of diverse fields of expertise into the direction of the program in a way that will help provide the information that will be needed when regulatory filings are made.
The example provided is meant to be illustrative rather than definitive. Other considerations certainly come into play when methods of analysis for a protein product are selected—cost, instrument/expertise availability, and of course how the protein is to be produced. We hope that this example can serve as a basis for consideration of the risks inherent in each method, and potentially provide a justification for their application. Obviously a set of well chosen methods can mitigate the risk overall to the progress of the development program. Risk mitigation was not considered in this article, and is obviously an important and integral part of risk management.
The value of the risk analysis is enhanced by the input of experienced, hands-on practitioners of the relevant areas of expertise needed to execute the development program.
References
1. ICH guidance Q8, Pharmaceutical Development, November 18, 2004.
2. Standards Australia, Risk Management, AS/NZS: 1999.
3. WHO Technical Report Series no 908, Annex 7 Application of Hazard Analysis and Critical Control Point (HAACP) methodology to pharmaceuticals 2003
4. Whyte W. A cleanroom contamination control system. European Journal of Parenteral Sciences 2002; 7(2): 55-61.
5. Stamatis D H. Failure Mode and Effect Analysis, FMEA from Theory to Execution, 2003 (2nd Edition)
6. IEC 61025 Fault Tree Analysis
7. “Pharmaceutical cGMPs for the 21st Century: A Risk-Based Approach” Food and Drug Administration, August 24, 2004. (www.fda.gov/oc/guidance/gmp.html)