Skip To The Main Content

PDA Members Recommend ICH Q9 Changes

At PDA’s Risk Management in the Regulatory Landscape Conference held in Washington, D.C., Dec. 10, Stephan Roenninger, PhD, Director International Quality External Affairs, Amgen, announced ICH’s intent to revise parts of the ICH Q9: Quality Risk Management (QRM) guideline (1). PDA provided an opportunity for attendees to suggest changes to the guideline during a subsequent facilitated roundtable discussion at lunch.

A sampling of the changes recommended was discussed that afternoon in a panel session featuring Roenninger, Greg Claycamp, PhD, Biologist, U.S. FDA, and Martin Nemec, PhD, Senior Biologist/Evaluator, Health Canada. Hal Baseman, COO, ValSource, and Steven Mendivil, Consultant, moderated. PDA will use the suggestions captured during the roundtable and panel meeting to inform to inform their outreach to ICH.

Participants demonstrated good insight into the needs of QRM in general and provided sound recommendations for improving ICH Q9. Many of the recommendations and comments expressed common concerns.

Output from the discussion is listed below.

Roundtable Recommendations to ICH

  • Align, where applicable, the respective guidance and expectations for pharmaceutical and medical device QRM by comparing, adding relevant elements or merging elements of ICH Q9 with ISO 14971:2019 Medical devices — Application of risk management (2)
  • Merge some principals of risk management guidance for devices into Q9 and add some guidance on combination products Emphasize the importance of outcomes rather than tools and justifications
  • Add detail on risk reviews, emphasizing review of the original assessment to ensure that changes or events/deviations have not been missed or have not added risk
  • Remove the perception that QRM is not enforced and therefore not part of the quality system
  • Consider how QRM fits into, works within and can support the pharmaceutical quality system, promoting recognition by FDA for QRM as a required quality system, emphasizing that QRM is everyone’s responsibility within an organization, and showing where QRM and Q9 fit with respect to other ICH quality-related guidelines
  • Emphasize the link between QRM and quality systems such as deviation management, CAPA, audit and change control, i.e., a holistic systems approach to QRM, rather than an isolated program; plus clarify that QRM extends to support systems, like IT systems
  • Promote alignment of QRM compliance expectations between European and U.S. regulators
  • Bridge the gap between regulations, SOPs (the what) and integration (the how)
  • Offer strategies for reporting QRM compliance
  • Provide examples or case studies to illustrate QRM tools and approaches, e.g., examples of communication flow and supply chain-related QRM situations
  • Emphasize the importance of QRM in the development space
  • Provide guidance on the training and documentation needed for applying QRM and risk elimination
  • Provide additional clarification for the purpose and difference between QRM elements and steps, including the difference between risk evaluation and risk control
  • Address risk register in the overall QRM program generally, especially in respect to risk communication
  • Add a more inclusive glossary of terms, in addition to defining and describing formal vs informal risk assessments; terms and language should be updated to match current usage in the global industry and the guideline should use language that emphasizes how Q9 can help empower a quality culture
  • Define roles, particularly those of decision-makers
  • Emphasize QRM planning and the use of QRM principles in the planning of activities
  • Provide guidance on the order of precedence, for example, the preference of risk prevention over detection
  • Provide guidance on the use of tools and levels of documentation required during different stages in the lifecycle, based on tool and process complexity, including the use of QRM for legacy processes and products
  • Provide instructions for performing and explaining tools, such as FMEA
  • Provide more guidance on how to determine risk acceptance levels and criteria
  • Include guidance on how to define “risk” within certain contexts
  • Include guidance on determination and use of risk questions
  • Contrast implementation vs maturity metrics
  • Consider the correlation between quality and safety risk and risk culture
  • Delineate differences between QRM and enterprise risk management; clarify levels of maturity for QRM in enterprise risk management and show examples of QRM success within mergers, acquisitions and changes of leadership
  • Encourage companies to define QRM, risk and uncertainty according to their own culture
  • Avoid getting stuck in discussions about nomenclature, terminology and classifications
  • Provide guidance on determining risk and making decisions where little or no data is available
  • Include visuals, such as a workflow, to help illustrate key points
  • Ensure revision creates guidance that is forward-looking and considers the state of industry beyond what we are doing today

Thank you to all of the participants, the planning committee and co-Leaders Ghada Haddad, Merck and Susan Schniepp, Consultant; and the roundtable session facilitators; Denyse Baker, AstraZeneca, Eva Urban, CSL Behring, Stacey Largent, Concordia ValSource, Annette Bacchus, PDA, Marcello Colao, GSK Vaccines, Bettine Boltres, West Pharmaceutical Services, Jaap Venema, PhD, U.S. Pharmacopeia, , and Tiffany Baker, Concordia ValSource. Plus, special thanks to Steven Mendivil for helping organize the session.


  1. Stauffer, R. “ICH Q9: Quality Risk Management Revisions on Horizon.” PDA Letter (Dec. 11, 2019)
  2. International Organization for Standardization. ISO 14971:2019 Medical Devices — Application of Risk Management to Medical Devices; ISO: Geneva, 2019

PDA Members Save Substantially