First Time Poster
I work at a manufacturing facility that makes medical devices - we are a contact facility, meaning we do not design the product. As far as risk management goes, i cant really say much about anything else other then our production processes/human errors -- would it be necessary for me to go beyond -- such as an effect to end user?
There has been some good advice. Here is how I see things, for a contract manufacturer (CM):
The CM ought to have Process
FMEA that focus on implementing risk controls to minimize the production of non-conforming product. I'm somewhat of a stickler about asking for the specific evidence showing that the implement controls really are reducing
this risk, but this can be a touchy subject. If a CM has a known scrap rate, the CM should (minimally) be able to explain the rate (pre- and post-controls) and use it to justify whatever sort of sampling plan is implemented.
The customer ought to be telling the CM what (if any) processes/controls they require the CM to implement, and then
the customer should assess the risk controls (for such processes). This assessment will be drive by
their Risk Management file, which is where the consideration for the patient/customer comes into play. For example, is is common that plastic parts from an injected molding process will have some amount of "mold release" on them... the customer may want the CM to remove manufacturing fluids (because of risk to patients), or they may decide to do it themselves. In this example: if the customer decides to take on the parts cleaning by themselves, there isn't much point for a CM to consider patient risk... the CM will still be focused on making parts "to spec".
If the customer is pushing risk controls for patient/user/stakeholder safety to a CM; the customer is still responsible for assessing the appropriateness and effectiveness of those risk controls.