ISO 13485 Risk Management for Contract Manufacturer

C

cjssag

My client is a contract manufacturer of machined metal parts. Less than 20% of their sales are to medical device OEM's and are being pushed to 13485 by them. 100% of their parts are manufactured to specific customer prints which not only specify form, fit and funtion but also the base materials to be used. Some parts are made from customer supplied material. They ship parts only to the OEM.
Only one of the parts can be considered an end product: it is intended for implant but the OEM does all the sterilization, packaging and labeling.
For the life of me, I cannot fathom what type or extent of risk management they need to do other than to ensure the raw materials they purchase and the finished parts made from them are verified to applicable customer requirements.
I'd appreciate the insight of anyone with experience in this area. Thanks
 
A

achorste

Are they pushing the business to get 13485 certification or are they looking for risk management?

Is the business already certified to ISO 9001 or FDA regs?
 
M

MIREGMGR

ISO 13485 requires risk management, i.e. application of ISO 14971 risk analysis.

It doesn't require that any particular number of risks be identified and addressed.
 
R

Roland Cooke

Your process presumably follows something like this
Receive customer order.
Place raw materials request on supplier.
Receive raw materials.
Make product.
Ship product.

It sounds as if a simple process flow map, highlighting the risk management activities at each step, might suffice. So you would identify:

controls over customer orders and documentation
supplier controls
purchasing and incoming inspection controls
machining processes, which utilise appropriate equipment and staff
final inspection

Emphasise risk management activities like two-way traceability, training/competency, control of equipment (PM/calibration etc)


You should also include:
a) evidence that your RM activities are effective
b) evidence that you are reviewing the adequacy of your RM strategy at appropriate intervals
 
C

cjssag

achorste said:
Are they pushing the business to get 13485 certification or are they looking for risk management?

Is the business already certified to ISO 9001 or FDA regs?
Click to expand...

Thanks for your response
Currently in process for dual certification. Want 9001 for the bottom line benefits (the right reasons) but only doing 13485 because a few customers suggested it. Not covered by FDA regs.
 
C

cjssag

Roland Cooke said:
Your process presumably follows something like this
Receive customer order.
Place raw materials request on supplier.
Receive raw materials.
Make product.
Ship product.

It sounds as if a simple process flow map, highlighting the risk management activities at each step, might suffice. So you would identify:

controls over customer orders and documentation
supplier controls
purchasing and incoming inspection controls
machining processes, which utilise appropriate equipment and staff
final inspection

Emphasise risk management activities like two-way traceability, training/competency, control of equipment (PM/calibration etc)


You should also include:
a) evidence that your RM activities are effective
b) evidence that you are reviewing the adequacy of your RM strategy at appropriate intervals
Click to expand...

Their activity is as you cited plus a good percentage of their material is customer furnished. I sort of came to the same conclusion as you but since it is nothing more than what they will be doing under ISO9001:2000, I wanted to be sure I wasn't missing something.

Your final suggestions- a) and b) above - are "money".

Thanks very much.
 
R

Roland Cooke

Well don't ignore ISO14971:2007, build that into your RM system.


Don't lose sight of the end-use of this device. The metal is going to form some or all of an implanted medical device.

That is what separates your client's activities from routine manufacturing under ISO9001:2000.

Your client needs to take into account the fact that they may well have much greater knowledge of the materials and the machining processes than the customer. (The level of knowledge varies greatly in the orthopaedic industry, depending on the situation).

So it is possible that your client will need to be proactive in assisting the customer to compile his own risk management file. Are there any issues with the type/grade of metal used: machining residues, surface oxides, strength considerations?
(The customer may well perform biocompatibility testing, but is the sample they test actually representative of what your client will be providing going forward?)

Are there any additional issues relating to the actual machining, how critical are the tolerances, how will they be checked?


I hope that provides you with some useful food for thought! :)
 
C

cjssag

Roland Cooke said:
Well don't ignore ISO14971:2007, build that into your RM system.


Don't lose sight of the end-use of this device. The metal is going to form some or all of an implanted medical device.

That is what separates your client's activities from routine manufacturing under ISO9001:2000.

Your client needs to take into account the fact that they may well have much greater knowledge of the materials and the machining processes than the customer. (The level of knowledge varies greatly in the orthopaedic industry, depending on the situation).

So it is possible that your client will need to be proactive in assisting the customer to compile his own risk management file. Are there any issues with the type/grade of metal used: machining residues, surface oxides, strength considerations?
(The customer may well perform biocompatibility testing, but is the sample they test actually representative of what your client will be providing going forward?)

Are there any additional issues relating to the actual machining, how critical are the tolerances, how will they be checked?


I hope that provides you with some useful food for thought! :)
Click to expand...

Those are excellent questions the answers to which I will be sure to pursue. At this moment I am certain of one thing: my client may be aware of the use to which some of his parts will be put but has no knowledge of the design considerations employed by the OEM nor does he have what I would consider superior knowledge with respect to the effects the body (or body part) would have on the material specified by the OEM.
It's certainly appropriate and wise for him to at least ask for confirmation should he have some reasoned basis for questioning the selection.
I appreciate your very valuable feedback.
 
R

Roland Cooke

I hasten to add:

a) those questions were off the top of my head!
b) I am not an orthopaedics product specialist
c) I am not a metallurgist

It may well be that the final customer is expert on all this stuff - that will make your client's job very easy. My point is that it is important (from an ethical standpoint, if nothing else), to not automatically assume that is indeed the case.
 
C

cjssag

Roland Cooke said:
I hasten to add:

a) those questions were off the top of my head!
b) I am not an orthopaedics product specialist
c) I am not a metallurgist

It may well be that the final customer is expert on all this stuff - that will make your client's job very easy. My point is that it is important (from an ethical standpoint, if nothing else), to not automatically assume that is indeed the case.
Click to expand...

I learned too many years ago that I assume at my own peril. I am not certain how to quantify what is or isn't ethical except to say I believe we are all obligated - standards notwithstanding - to give 110%, to always strive to do better, to never do that which we know is wrong or which we believe might be wrong: in essence to never do anything that will not pass the smell test.

My chief concern for my small clients, who are low on the medical device supply chain, is not the requirements of the standards. I/We can always learn how to do that which is required - thanks to folks like yourself. That part we can control.

What we cannot control is the "blood-in-the-water", litigious environment that surrounds this industry in the USA. My clients' only protection from this uncontrollable plague, aside from insurance, is that they are small(er) fish and do not present as rich a feast as do the OEM's.

I have been through major product litigation in the past where, after two years, we were dismissed from the suit and learned that insurance doesn't cover the disruption. It was as if management's time and attention were sucked into that black hole for the duration. Day to day business suffered from it while the business' progress was put on hold.

Being a conservative, old codger I suppose my clients'
"risk appetite" is far greater than mine.
 
You must log in or register to reply here.

Similar threads

K
Validation process
Replies
0
Views
100
KarenA01
K
M
AS9100 v. AS9120 and Contract Manufacturing
Replies
4
Views
139
Sidney Vianna
Sidney Vianna
K
QA involvement with Quality Agreements for Outsourced processes
Replies
3
Views
372
William55401
William55401
A
ISO 13485 Design Non-Applicability
Replies
8
Views
195
ChrisM
ChrisM
J
ISO 13485 - Control of Records (4.2.5) question
2
Replies
10
Views
563
Tidge
T
Top Bottom