Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Examples

B

bmelissam

We repackage, relabel and distribute devices, we do not complete manufacturing of medical devices. We will have an MDSAP audit in 2017 and need to meet the explicit Risk Based approach of 13485:2016. Looking for some examples of how others are meeting this requirement.

Specifically the MDSAP audit Model states under process management objective eidence will show whether the organization has:
G) Performed risk management planning and ongoing review of the effectiveness of risk management activities to ensure that policies, procedures and practices are established for analyzing, evaluating and controlling risk
 
R

randomname

Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

So how do you analyze, evaluate and control risks in the repackaging, relabeling and distribution of devices (as well as in contract review, purchasing, etc.)?
 
B

bmelissam

Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Yes, we have scheduled our audit for next year (2017), and coordinated with our certification body, it will for Canada and will be MDSAP audit for ISO 13485:2016.

We have implicit risk based approach, ie document control in place, tiered vendors for purchasing. We are considering completing risk management (identifying the risk via risk analysis, rating the risk level based on liklihood, severity, detection, performing process FMEA, evaluating residual risk etc.) This would be completed on the functions / processes by clause.

Another much simpler alternative is to have a high level document (SOP) that details our risk based approach by clause.

Looking for feedback or examples.

Thanks!
 

Project Man

Involved In Discussions
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We are a ISO13485 job shop and things flow through in every shape, size, type, etc. but they all flow through our basic processes and how we assess risk at each basic step doesn't change. We have a single document that outlines our risk approach at each process. It's simple and effective because it clearly communicates and is easy to follow. It's a compass for everyone.
 

Wolf.K

Quite Involved in Discussions
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We have a SOP "Risk management", but as for 13485:2003 it is just valid for ISO 13485 7.1 "Planning of product realization" and 7.3 "Design and development". Currently I am planning the transition to 13485:2016.

For 9001:2015, I found several suggestions for the implementation of the new version. Most information is about the techniques which can be used for the risk-based approach (brainstorming, FMEA and so on, e.g. ISO 31000). But I also found some information regarding to the question "when and where" to use these techniques. But I wonder if I can adopt this 1:1 to 13485?
 
P

PeterTHunter

Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We are currently facing the situation as well to define some "risk-based approach".
I think of splitting into:
- Procedure for Medical Device i.e. Product Risk Management Process
- Procedure for Quality System Risk Management Process (inspired by e.g. ICH Q9 Quality Risk Management)

The former one goes compliant with the ISO 14971 and focusses on products over the whole life cycle.
The latter one gives guidance for risk-based decision making on processes e.g. how to risk-rank processes, suppliers a.s.o. And which control measures are deemed to be required. It should provide guidance for a supply chain manager to assess suppliers and define appropriate measures as well as to a Process Owner.

As you might notice I am still at the stage of looking for concrete implementation recipes.

How have you dealt with the situation so far? What do you intend do you when ISO 13485:2016 and/or MDSAP audit will happen?
 
B

bmelissam

Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Attached is how we decided to address risk for each ISO Clause. We then went through and documented current risk controls in place, also identified when we required additional risk mitigation to take place based on the pre-determined risk acceptability. The documents will be living documents and re-versioned based on additional risk review/evaluation annually and signed off by the top management during management review.

We have our ISO audit in a few weeks.
 

Attachments

  • QMS Risk Management.docx
    52.7 KB · Views: 3,010
P

PeterTHunter

Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Thank you very much for sharing your ideas and the document.
It is a good thought to refer to some quality data,
 
R

Rockdog

Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Thank you bmelissam...a brilliant approach to the issue...kudos to you!!
 
Top Bottom