Hi Ya'll
I have recently come back to the Forum after quite a long absense and am glad to be back. I am involved with ISO 13485:2003, ISO 14791 and of course FDA. Does anyone have any leads for where I might be able to get to a website for ISO 13485to discuss activities similar to the one that is used for the ISO 9000 discussion list.
My specific issue is this:
Does risk management analize, evaluate and control medical devices in (accordance with ISO 14971) only initial and/or changes to design and processes, or does it require analysis, evaluation and control of risks associated with changes as a result of deviations, non conformances, rework and or corrective action. I would really appreciate any inputs. Thanks in advance. :bigwave:

Does anyone have any thoughts on this?

My specific issue is this:
Does risk management analize, evaluate and control medical devices in (accordance with ISO 14971) only initial and/or changes to design and processes, or does it require analysis, evaluation and control of risks associated with changes as a result of deviations, non conformances, rework and or corrective action. I would really appreciate any inputs. Thanks in advance. :bigwave:
I'm not sure I understand your question? IMO, what difference would it make, if a change was made to improve the product or as a result of a corrective action to reduce non-conformances? If there is a change for any reason, a risk analysis should be done for the change. The extent of the RA would depend on the complexity and extent of the change.

Requirements of ISO 14971: A risk management file is to be maintained throughout the entire life cycle of the device and the risks associated with the corrective action or proposed changes be analyzed, evaluated and controlled.

ISO 13485 Old and new one, 2003 require the same compliance

Issue# 1. Two Cars were issued, one from the Registrar and the other internally.
CAR # 1 was issued internally because risk analysis was not being done for design or process changes. We are supposed to adhere to FDA requirements, ISO 13485 and ISO 14791. Research with Managers / Directors shows that Risk Management is done but not always documented.

CAR # 2 Rework associated with NCMR does not include evidence of analysis of possible risk on rework on product

Intepretations of some and I quote;
ISO 14971 section 9 Post Production information is concerned with hazards and mistakes in the analysis. It does not mention product changes.

ISO 14971 does not require Objective Evidence that corrective action or changes be analyzed, evaluated or controlled.

What do you learned folk think ? Am I in over my head?

Do you use a Change Control document/record to capture the need to perform Risk Analysis or rationale why it is not required??

Regards,

Kevin

I will add my tup'pens worth (tup'pens= olde English money!)

The way I understand this updated risk management standard is that it you just do it once you use it when you change and review the product or product family. I am currently working through updating our risk analysis fom the previous standard. And I think one of the biggest areas to remember is that it it no longer a risk analysis it is RISK MANAGEMENT of the product or product family.

Not only do you need to initially assess the risks and justify them and any control, you need to review these with complaint history and possible design changes. To achieve this I have put a procedure together with all required docuemtation. It is difficult to explain but I attached the documents that I use.

What I have done is Identified the product
Planned the risk management
Assessed all known risks
Implemented additional controls where neccessary
wrote a risk management report for each family.

Even design change note has a section for risk review. This is carried out by me and I sign it off. If I haven't reviewed the risk and something happened....on my head be it. So with this in mind, I ensure my department review all changes thoroughly. It is the same with complaint investigation - I add a note to file about the product.

All risk files are fully reviewed every 6-12 months to ensure it is up to date.

Maybe this is a bit much but to me patient safety is much more importment than whether I can be bothered to take 5 minutes to check or updaye a file.

Cathy - your risk management report lists Sections A, B, C, and D, but you only included templates for A~C. What is in Section D?

I have some real questions too, but I'll probably start a different thread, since they are :topic:

Hi Howste!

Section D is additional risk control measures needed to be taken when the hazard and probability has been assessed and over the threshold marker for safety.

I have been lucky enough with our devices not to have to do this yet, hence I have not designed a template!

Section D would cover clauses 6to 6.7 in ISO14971:2000 Where I would analyse the controls needed, note methods and control points, analyse the residual risk against benifits of the product and any hazards generated from the risk control measures.

I am open to ideas to improve this area. currently -:ca:

OK, thanks. I hope to have a copy of 14971 soon... :D

I trully appreciate all your responses and thank you. However one main question is open and that is: Is risk analysis, evaluation and control of risks associated with changes as a result of deviations, non conformances, rework and or corrective action required. How do you folk handle the above. We are still discussing this issue ahnd some collars are getting "Hot". My take: risk management/ analysis is for the life of the product, including all changes that would effect form, fit, or function and be a potential safety problem for the Patient. I would really appreciate any inputs. Thanks in advance.

I trully appreciate all your responses and thank you. However one main question is open and that is: Is risk analysis, evaluation and control of risks associated with changes as a result of deviations, non conformances, rework and or corrective action required. How do you folk handle the above. We are still discussing this issue and some collars in manufacturing are getting "Hot". My take: risk management/ analysis is for the life of the product, including all changes that would effect form, fit, or function and be a potential safety problem for the Patient. Would appreciate any inputs. Thanks in advance.

Yes, you need to include a review of any design change, modification, upgrade in material, - anything that it changed about the product from the original design and risk analysis.

You need to do a risk analysis to prove it is safe and you have covered all possible risks.

If you think the change is insignificant, you still need to review the original analysis and make a note to file about the change.

Risk Management (during Product Realization): What do you do to reduce risk?
Inspect and test to begin with, right?

qualify and monitor suppliers
you have receiving, in process and final inspection,
plus procedures for control of nonconformances
training

and you document that rework was evaluated and has no adverse effects
and concessions do not violate any regulatory standards, etc.

:applause:

EN ISO 1441 will be withdrawn by April 2004, so one will have to follow EN ISO 14971 for risk management of medical devices (especially CE marked ones).

Hello:
I have a bit of a dilemma. We have a quality system in place which I thought was compliance to ISO 13485:2003. I have stepped into the position as the Management Representative and after our stage 1 audit of our procedures it has been determined that we do not have a risk management procedure. The audit is next week and I am scrambling to develop a procedure. I saw that someone had some form templates that were incredibly helpful, but does anyone have an actual procedure from which I could work from. Scope, procedure etc.? Thanks.

Hello:
I have a bit of a dilemma. We have a quality system in place which I thought was compliance to ISO 13485:2003. I have stepped into the position as the Management Representative and after our stage 1 audit of our procedures it has been determined that we do not have a risk management procedure. The audit is next week and I am scrambling to develop a procedure. I saw that someone had some form templates that were incredibly helpful, but does anyone have an actual procedure from which I could work from. Scope, procedure etc.? Thanks.

Hi Calimar75, my company has just gone through the compliance audit last week and was recommended for the certification. We do not establish any procedure but we have a Risk Management Manual instead.