QUALITY BY DESIGN (QBD) – POINTS TO CONSIDER IN RESEARCH
Patricia Henley Lucy Saunderson
WHAT IS QUALITY BY DESIGN (QbD)?
BACKGROUND – WHO DOESN’T LOVE A GOOD ORIGINS STORY?
The European Medicines Agency (EMA), defines Quality by Design as ‘an approach that aims to ensure the quality of medicines by employing statistical, analytical and risk-management methodology in the design, development and manufacturing of medicines’1 The term was coined by Joseph M Juran, a quality expert who worked in many different industries and who is known as a Quality Guru2
APPLICATION IN THE PHARMACEUTICAL INDUSTRY
In 2007, the United States Food and Drug Administration (FDA) adopted QbD as outlined in its report ‘Pharmaceutical Quality for the 21st Century A Risk-Based Approach Progress Report’3. The FDA expects that quality is built into a product; in other words, that the manufacturer has a full understanding of risks involved in the processes that have gone into developing the product.
Several of the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH) Quality Guidelines4 focus on QbD, for example:
• Q8 describes QbD-based drug formulation development
• Q9 describes Quality Risk Management plans
• Q10 explains Pharmaceutical Quality Systems
• Q11 refers to the development of active pharmacological substances, including biologicals.
These guidelines are converging in their expectations across the differing Good Practices, or ‘GXPs’, and principles from well-established Good Manufacturing Practice (GMP) are being adopted into Good Clinical Practice (GCP) clinical research and drug safety monitoring (Pharmacovigilance). This means where it is not a mandatory requirement to follow GxP guidelines, departures from the ‘norm’ should be supported by documented, scientific justification, i.e. a rationale, conditions and limitations relating to the strategy or decision-making should be given. The justification need not be long, but it should be scientifically rigorous and stand-up to peer review/scrutiny.
PRINCIPLES OF QUALITY BY DESIGN
QbD can and should be employed at every stage within clinical development. At its heart, QbD is essentially about examining how best to incorporate quality into each step, from designing a protocol, to assessing adverse events, through to analysis and publication. Some prerequisites to consider with QbD include:
• Strong quality culture encouraging open innovative communication (see UK Medicines and Healthcare Products Regulatory Agency (MHRA) blog5)
• Consideration for processes and tools to standardise the approach
• Training in risk management principles (see Figure 1)
• Senior management oversight and engagement.
‘QbD can and should be employed at every stage within clinical development.’
4. Review Critical to Quality Factors and effectiveness of existing controls
3. Implement relevant controls focussed on Critical to Quality Factors
1. Identify Critical to Quality Factors throughout study lifecycle based on knowledge and experience
2. Evaluate risks to integrity of Critical to Quality Factors
Proactive communications
Proactive support/training
Innovative quality culture
Engage stakeholders (including patients)
Documentation of evaluation, rationale and controls
Tools and processes
FIGURE 1. PRINCIPLES OF QUALITY RISK MANAGEMENT
1. IDENTIFICATION OF CRITICAL TO QUALITY FACTORS
• Review study end-to-end – consider process and/or implementing data mapping to better understand all steps
• Ensure appropriate stakeholders are involved – consider patient involvement and authentic partnerships from earliest stages
• Identify Critical to Quality Factors6 throughout the study
First simplify the study design and objectives to focus on the research endpoints – minimise additional data collection and interventions
Ensure clarity of study objectives and study design; be clear what data will be collected to meet those objectives and understand how it will be collected by all contributors (don’t forget potential local variations for ‘standard care’)
Protect study participants’ rights and safety – know the process, communicate your expectations and don’t make assumptions
Data and scientific integrity –understand data collection processes and mitigate for risks, for example by adding documented checks, quality controls at key points or peer review
• Base your study design on all available knowledge and experience of the study drug (for example check for published regulatory or scientific guidance on endpoints or study design criteria –such as ICH Guidelines7 or published/ pre-publication research papers).
2. EVALUATE RISKS TO INTEGRITY OF CRITICAL TO QUALITY FACTORS
• Ensure clarity in risk descriptions: Cause of risk – a known fact Risk event – what could happen Consequence – in terms of safety, data/ study integrity, etc.
• Probability (how often or how likely is it), impact (low/medium/high, significant/insignificant or some other agreed upon criteria evaluating the impact on 1) Patient Safety, 2) Data Integrity, 3) Protocol/Study Compliance and when applicable, 4) Regulatory Compliance), and detectability (if you have an issue is it easily detected or only detectable after some time has passed or under certain circumstances)
• Consider the use of standardised templates but remember to target to your study specifics (design, data and scientific importance)
Not all evaluations require a numeric assessment or data points. Quantitative vs. qualitative evaluations e.g. numeric risk scores vs high/medium/low prior experience evaluations
• Document your rationale for your evaluation and any limitations or assumptions
• NOTE: Focus on quality risks – e.g. not study recruitment risks, etc. – consider reference to regulatory standards/ expectations (e.g. ICH E68).
3. IMPLEMENT RELEVANT CONTROLS
• Controls to be put in place should be proportionate to the risks evaluated
• Consider controls to increase detectability e.g. focused monitoring –including centralised and/or statistical monitoring or additional checks at key points for accuracy, completeness and/or compliance
• Identify responsibilities e.g. RACI: Responsible, Accountable, Consulted, and Informed, and activity timelines
• Track research/study/project control activities
• Communicate outcomes i.e. what controls are used at which timepoints, under whose responsibility, and what evidence will be available to verify they were used, and how successful they were.
4. REVIEW RISKS AND CONTROL EFFECTIVENESS
• Identify risk review frequency (who is responsible for making a check, how often and how are the outcomes communicated if action or adjustments are needed?)
• Evaluate in an ongoing manner, or periodically, your updated knowledge and experience by ensuring a feedback loop to risk assessments
• Evaluate the effectiveness of the controls implemented (i.e. will you continue, change or stop what you are doing? How will it be evident (in retrospect) that you did this evaluation? Remember to look at the data and compliance as well as clinical outcomes)
• Consider the need for modifications in study design (continue, change or stop what you are doing – for regulatory studies any changes may require a formal regulatory and/or ethical application9, 10)
• Documented risk acceptance or additional controls (NOTE: don’t forget to update any related documents, plans or tools used in the process).
‘Evaluate in an ongoing manner, or periodically, your updated knowledge and experience by ensuring a feedback loop to risk assessments.’
WITHIN THE GUIDELINES
ICH Guideline E6 for Good Clinical Practice (revision 2) Section 5, defines sponsor obligations for the Quality Management System in the same way as ICH Q9. See Figure 2.
HOW DOES QBD APPLY TO THE WORLD OF CLINICAL RESEARCH?
DO WE HAVE TO DO IT?
Many regulatory authorities incorporate the ICH GCP Guidelines directly or refer to them by cross-reference. Similarly, funding bodies may cross-reference or stipulate an expectation that ‘GCP’ (generally anticipated to be a standard at least equivalent to ICH GCP) is followed. Therefore, for regulatory submission studies, and when necessary to maintain research funding, ICH GCP should be followed. It is generally expected that these guidelines are followed unless there is a good justification otherwise.
CRITICAL DATA AND PROCESSES IDENTIFIED
However, common industry practices can be conservative and not fully utilise a risk-based approach or they may require resources not available to the majority of academic studies. For example, on-site monitoring at a high frequency (commonly every 6 to 12 weeks) may be used as well as centralised data monitoring activities to maintain oversight of data quality, data may also be reviewed 100% through source data verification.
Non-commercial/academic research may need to use alternative scientifically justified and documented approaches explaining how patient safety and rights are maintained, how good data will be assured and when applicable regulatory compliance maintained; this may involve more remote and centralised methods or the oversight of trial steering committees that monitor critical data (including safety information). Ethics committees may also have requirements in place for assessing and evaluating research participant risks and safety for non-commercial/academic research.
A risk-based approach in consideration of ICH GCP principles (Figure 2) can be useful to any study. Publications which describe risk-based and QbD in clinical trials may provide useful insights to the application of a risk-based approach and novel trial designs11,12.
WILL IT BENEFIT US TO USE QBD?
Definitely, potential benefits include:
• QbD reduces the potential for amendments, issues/risks considered in the design stage (which in turn can help to adhere to budgets and timelines as per funding agreements)
• QbD builds in risk identification, mitigation and management from the beginning of the study process
• Application of QbD principles can impact monitoring and audit requirements, helping teams to focus on those areas of highest risk and most significant impact to research outcomes, this can be especially useful for remote monitoring and auditing
Risk assessment activities and controls are particularly important for decentralised studies, ensuring checks and controls are communicated to all those supporting the study, including participants.
‘Risk assessment activities and controls are particularly important for decentralised studies, ensuring checks and controls are communicated to all those supporting the study, including participants.’
PRACTICAL EXAMPLES OF QBD USE
Inclusion/exclusion criteria
• Well-written and considered inclusion/ exclusion criteria which have been discussed with participating investigators may reduce the number of amendments related to this area and maximise the available participant pool
• Consider using ranges for values/timings if flexibility can be allowed. ‘Waivers’ by whatever name are not considered to be aligned with the principles of GCP (see EMA GCP Inspectors Questions and Answers, ‘GCP Matters Question No.1’) www.ema.europa.eu/en/human-regulatory/ research-development/compliance/goodclinical-practice/qa-good-clinical-practice-gcp
Consent processes
• The nature of the consent and robustness of the signature applied can be adapted and defined using a risk-based approach – see UK MHRA Guidance on electronic consent and considerations to be made for using e-signatures www.hra.nhs.uk/about-us/news-updates/ hra-and-mhra-publish-joint-statementseeking-and-documenting-consent-usingelectronic-methods-econsent
• Check that electronic signatures are robust; ask software providers for evidence of testing and verify how closely US FDA 21 part 11 is complied with or European electronic signature rules are applied https://eur-lex.europa.eu/ legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG
• Consider breaking down the process, providing high level, detailed and ‘play on demand’ information for the study to support patients participating in the research so they can revisit details as they arise in the study.
Case Report Form and Visit Design
• Case Report Form (CRF) design, whether electronic or paper-based, should only collect relevant data required to answer the research questions as defined by the protocol assessments, visits and measurements
• Designing the form to support complete and accurate data by the site staff in a logical manner aligned with the visit progress could potentially result in better data quality than a form designed to support IT staff, data managers and statisticians who can re-organise the collected data using tables and programmes at the time they need it. Including site staff in review of the form (or those familiar with the data collection processes) can lead to improved form design or mapping a patient visit and assessments could support page and assessment order
• Using warning and alert flags to raise immediate queries on data entry of electronic CRFs is more beneficial to site staff than follow-up queries that may be time-consuming to respond to after the event. Therefore, it is important to ensure enough planning time for CRF development to confirm that the flags and alerts are switched on at CRF publication.
Investigational Medicinal Product (IMP) Management
• Remember to consider the full chain of custody for IMP; from GMP Qualified Person certification (when applicable) and release, to destruction. Do not forget that each site may have specific storage and supply conditions that pose additional IMP-risks. Complete process flows at the study and site-level to ensure the correct checks and balances are implemented is recommended
• Ensure IMP that is temperature sensitive, or has limited stability information, is managed in compliance with the known data and that this is well communicated to site and project management staff
• Don’t forget to consider the availability of electronic accountability records at the start and end of the study when e-systems are used in the support of dispensing activities. Will site records remain accessible when the system is switched off? Can you ensure appropriate checks are made and recorded before systems and staff access rights are withdrawn?
WHERE DOES QUALITY ASSURANCE FIT IN?
DOES QA HAVE A ROLE IN QBD?
Quality Assurance is defined in ICH GCP (revision 2, §1.46) as:
‘All those planned and systematic actions that are established to ensure that the trial is performed and the data are generated, documented (recorded) and reported in compliance with Good Clinical Practice (GCP) and the applicable regulatory requirement(s).’
Quality Assurance is commonly reduced in clinical trial conversations to consideration of SOPs and audit, but in practice it is much more.
QbD considerations have been described for planning, risk-assessment, review and monitoring (oversight) of patient safety, data quality, protocol and regulatory compliance during study conduct and ensuring they result in relevant feedback and communications to maintain the optimum study processes across all sites. All these activities contribute to quality assurance. For the Quality Management System (QMS), similar considerations can be applied to the multiple aspects of the system which include:
• Documented, version-controlled procedures (such as guidelines, work instructions, SOPs, policies, methods, worksheets and forms)
• Archiving: record and material retention policies (materials might include samples, residual samples, specimens and source documents, such as X-ray films or other imaging media)
• QA audits (of critical data, facilities and processes)
• Deviation and issue management (including escalation of significant issues, reporting serious breaches (when required by regulation) and corrective and preventative actions)
• Staff training and training records.
‘Quality Assurance is commonly reduced in clinical trial conversations to consideration of SOPs and audit, but in practice it is much more.’
QUALITY BY DESIGN AND RISK MANAGEMENT OF THE QMS
Let’s briefly look at QbD considerations and risk management for the QMS:
DOCUMENTED, VERSIONCONTROLLED PROCEDURES
Inclusion of documented, version-controlled procedures is in itself a QbD consideration to ensure the same content and version of a procedure is applied to a process to ensure its completeness, consistency and accuracy of performance across staff, facilities and time. Risk management procedures may be applied to who the procedures are provided to for training, and the level of necessary training (e.g. read and understand, complete face-to-face or online user training according to RACI defined in the procedure).
QbD considerations also ensure documentation (procedures, forms, methods, etc.) is changed, replaced, retired and archived in an orderly fashion to ensure (unless specifically authorised) that only the most up-to-date version of the procedure is used for the process at a point in time. This also supports the historical reconstruction of the audit trail for retrospective audit and inspections (when required).
ARCHIVING
Record and material retention policies (materials might include samples, residual samples, specimens and source documents such as X-ray films or other imaging media). Considerations for the secure storage of records and materials under appropriate conditions (where applicable with necessary licences), their traceability and for GCP compliance restricted access on archiving include QbD considerations such as:
• Storage facilities of adequate size and construction to maintain the integrity of the material stored – e.g. frozen things frozen, cold things cold, paper and electronic records at optimum archive conditions, etc.
• Records for temperature controlled and humidity controlled (or monitored) facilities should be maintained without risk to their destruction e.g. in a paper or electronic archive to verify integrity of stored material
• NOTE: licences may be required for the retention of scheduled materials retained beyond completion of clinical trial research (see applicable local Human Tissue and Cell Regulations)
• Retention periods may adopt a risk-based approach depending on the intended use of the research results or may be mandated by legislation (for example for regulatory submissible clinical trials)
• Access restrictions following archiving are required to be limited (according to EU and UK requirements) to named individuals; this is commonly controlled by access logs and ‘gate keepers’ (which may be an archivist) or conversion to read-only protected status for electronic documents; for more information see our chapter on data integrity or MHRA data integrity guidance https://assets.publishing. service.gov.uk/government/uploads/system/ uploads/attachment_data/file/687246/ MHRA_GxP_data_integrity_guide_ March_edited_Final.pdf
QUALITY ASSURANCE AUDITS (OF CRITICAL DATA, FACILITIES AND PROCESSES)
Risk assessment is a fundamental aspect of QA audit strategy/policy, planning, conduct and reporting.
Documented, version-controlled procedures guide the end-to-end process and commonly an audit strategy or plan will guide the audit schedule (e.g. for the long-term audit cycle (typically three to five years), the medium-term annual audit schedule and short-term, individual audit).
The long-term audit cycle takes a risk-based approach to determine the maximum period over which audit targets such as facilities, processes/systems, vendors and/or sites are audited (particularly if a network of research sites is used repeatedly for study conduct).
This may vary between a minimum (frequent audit period applied to ‘high risk’ audit targets) and a maximum audit period (generally applied to ‘low risk’ audit targets) dependent on such factors as:
• Staff experience, past performance (positive or negative) and/or known rates of staff turn-over
• Quality Management System implemented (for example accredited sites may be audited less frequently than those with no accreditation)
• Assigned/contracted responsibilities and task criticality to research outcomes
• Volume or frequency of study involvement and/or budget spend/outlay
• Compliance history.
These factors may be applied to vendors/ service providers, departments/functions, investigator sites, etc.
These factors may similarly be applied to the medium- and short-term audit approach, though of course for study-specific audits a risk-based approach will focus on critical to quality factors, data and processes identified in the trial risk assessments.
Annually consideration is given to long-term audit targets due their periodic review and study-specific audit considerations (such as study documentation, study activities, study teams and study sites) which in combination (and in consideration of available resources) result in a documented audit schedule (or programme) with a rationale for audit schedule inclusions and exclusions, against which the audit progress is assessed in an ongoing (for example quarterly) manner. Changes are also recommended to be captured in an ongoing manner e.g. addition of a new audit or removal of an audit from the schedule, with the reasons for the changes captured to maintain the audit programme history.
Commonly resources for academic audit programmes are limited, but for regulatory submissible studies there is an expectation for the completion of audits, and therefore QbD considerations at the planning of the study may require budgetary considerations, and/or good communication with the local QA function to ensure they are clear on the end-fate of the research.
A separate article on risk is planned in this series.
DEVIATION AND ISSUE MANAGEMENT
(Including escalation of significant issues, reporting serious breaches (when required by regulation) and corrective and preventative actions).
Risk assessment processes are commonly applied to the management of deviations and issues as well as their follow-up activities, commonly investigation and/ or root cause analysis, corrective and preventative actions (CAPA). Significant compliance issues warrant a bigger effort to secure timely compliance and ensure they are avoided for the future. For example, an issue impacting patient safety or patient rights, should be dealt with more promptly than the need to update an SOP for a process already established (i.e. for which the SOP is outdated compared to practice). An example of an impact on patient rights could be a failure to reconsent study patients following a change in the known safety profile of the IMP.
Significant issues (in audit and inspection terms, major and critical failures) would be expected to be subject to root cause analysis and CAPA, whereas minor, insignificant or one-off errors which do not impact patient safety, data integrity, protocol or regulatory compliance would normally result in an immediate correction and corrective action (which could be as simple as acknowledging a gap or error that cannot be remediated).
Deviations must always be documented; this includes deviations from study documents (e.g. the protocol, study plans and study methods), GCP and SOPs. It is recommended that deviations are also subject to an impact assessment, to determine the necessary level of action and timing of actions to secure compliance.
Periodic trending on significant and non-significant issues would support the evaluation of the periodic audit targets and may be reported (in a well-established QMS) to relevant senior/upper management as part of key performance indicators and metrics.
Staff with Quality Assurance responsibilities should always be communicated with when significant non-compliance arises that would fall under the scope requiring regulatory reporting as a serious breach or reporting to a sponsor or funder. QbD considerations of the QMS ensure a process is implemented to ensure the robustness of this process (such as a log for potential and actual breaches that capture the key elements of the issue to allow ‘stand-alone review’ supported by detailed case documentation that support the conclusions in the log). Factors used to determine the significance of the impact of the issue rely on GCP factors of patient rights and safety, data integrity, study protocol and GCP compliance.
NOTE: the clinical significance of the issue may differ from the GCP significance assessment.
A separate article on CAPA is planned in this series, and an RQA publication can be found here www.therqa.com/knowledge-hub/ booklets/capa-booklet
STAFF TRAINING AND TRAINING RECORDS
QbD in the training of staff ensures that the right people are trained in the right activities in a timely manner prior to conducting complex activities, and for other activities that they are provided relevant information to read and understand.
In general, there is an expectation that for regulatory studies, staff are periodically trained in aspects of GCP relevant to their roles and responsibilities at a periodic frequency often enough to maintain an up-to-date, demonstrable, knowledge of relevant legislation. This is commonly every one to three years, but for audits and inspections it is common to assess knowledge relevant to the most recent significant legislation update.
Training records, when requested, are generally considered to include an up-to-date job description, CV (detailing skills and experience), internal, external training, SOP training and GCP (and/or other relevant regulatory training). For more information on the development of training systems, see the RQA publication ‘Management of the Training and Competency of Personnel in GxP and Research Environments’ www.therqa.com/ knowledge-hub/booklets/managementof-the-training-and-competency-of-personnelin-GxP-and-research-environments
REFERENCES
1. EMA (no date) Quality by design, accessible at: www.ema. europa.eu/en/human-regulatory/research-development/ quality-design
2 Quality Guru information, from the UK Department of Trade and Industry, via RQA Website: www.therqa.com/assets/js/ tiny_mce/plugins/filemanager/files/Committees/Quality/02._ The_Original_Quality_Gurus_Crown_Copyright.pdf
3. FDA (2007) Pharmaceutical Quality for the 21st Century A Risk-Based Approach Progress Report, available at: www.fda.gov/about-fda/center-drug-evaluation-andresearch-cder/pharmaceutical-quality-21st-century-riskbased-approach-progress-report
4. ICH Quality Guidelines for reference to various quality topics referencing the risk-based approach and quality by design: www.ich.org/page/quality-guidelines
5. MHRA Blog on Quality Culture: https://mhrainspectorate. blog.gov.uk/2019/02/28/quality-culture-learning-fromhistory/
6. Clinical Trials Transformation Initiative guidance on Exploring the Critical to Quality Factors: https://ctti-clinicaltrials. org/our-work/quality/qbd-quality-by-design-toolkit/teachothers-about-qbd/exploring-the-critical-to-quality-ctqfactors/
7. ICH Guideline Index: www.ich.org/page/search-index-ichguidelines
8. EMA/CHMP/ICH/135/1995, Guideline for good clinical practice E6(R2) www.ema.europa.eu/en/documents/ scientific-guideline/ich-e-6-r2-guideline-good-clinicalpractice-step-5_en.pdf
9. For Clinical Trials initiated under the Clinical Trial Directive 2001/20/EC: https://eur-lex.europa.eu/legal-content/EN/ TXT/?uri=CELEX:52010XC0330(01)
10. UK Guidance for researchers on amendments: www.hra.nhs. uk/approvals-amendments/amending-approval/
11. Yu, L. X., Amidon, G., Khan, M. A., Hoag, S. W., Polli, J., Raju, G. K., & Woodcock, J. (2014). Understanding pharmaceutical quality by design. The AAPS journal, 16(4), 771–783. https:// doi.org/10.1208/s12248-014-9598-3
12. ACRO; Decentralised Clinical Trials – A New Quality by Design, Risk Based Framework, accessible at: www. acrohealth.org dctqbdmanual/
ACKNOWLEDGEMENTS
This information has been compiled by the RQA Research Practice Group: Louise Mawer, Patricia Henley, Lucy Saunderson, Piran Sucindran, Gill Robson and Grainne Gorman.
Kind thanks go to Paul Strickland and Heather Sampson for their peer review.
PROFILES
Louise from Mirabilitas Ltd, works with biotech and academic researchers to develop their quality management systems in proportionate and pragmatic ways – not necessarily quality by design, but always a fit with purpose!
Lucy is an experienced Quality Consultant at Headway Quality Evolution providing GxP and ISO quality management services. She is an engaging trainer and competent auditor, working in various facilities globally.
Lucy holds a Masters in Chemistry from Heriot-Watt University and has been a member of RQA for six years. She has been a member of the RQA Research Practice Group since its inception in October 2018.
Patricia has over 20 years of experience in clinical research within a variety of roles. Whilst collaborating on the article, she was the Head of Research Governance and Integrity at the London School of Hygiene and Tropical Medicine, a post she held for nearly 15 years. Patricia is a Fellow of the Research Quality Association, where she is an active member of the GCP Committee.