Including all Processes in Risk Management - ISO 13485:2016

anahitaj

Registered
Hello everybody,

In the new EN ISO 13485:2016, Risk Management must be included in all processes in the Quality Management System (QMS). How would the QMS be updated to include Risk Management in all process? Is it enough to have a general Risk management SOP or should the Risk Management be considered in each SOP separately?

Thanks in advance for your help
 

Crusader

Trusted Information Resource
Hello everybody,

In the new EN ISO 13485:2016, Risk Management must be included in all processes in the Quality Management System (QMS). How would the QMS be updated to include Risk Management in all process? Is it enough to have a general Risk management SOP or should the Risk Management be considered in each SOP separately?

Thanks in advance for your help

I have a risk item in each SOP and I am creating a master list of them for easy reference. In that master list, I will assign a severity level (Lo, Med, Hi) kind of thing and list the appropriate actions for each in the next column. This should be sufficient. (from what I am told)
 

yodon

Leader
Super Moderator
This could be an interesting discussion!

If you look back in section 0.2, Clarification of Concepts, they say:

When the term “risk” is used, the application of the term within the scope of this International Standard pertains to safety or performance requirements of the medical device or meeting applicable regulatory requirements.

Somehow, lo/med/hi need to relate to how those processes can impact the safety or performance of the device or in meeting regulatory requirements.

Taking 6.2, Human Resources for example, one could argue that a a software developer and a solderer on the assembly line would both fall in the 'hi' category depending on the work they're doing. Or they may both fall into the 'lo' category if what they're doing has little impact. Clearly, though, the actions taken to ensure and maintain competence are different in all of the above cases.

I'm not saying the 3-level categorization can't work; it just need to be framed around what the risks to performance or safety or meeting regulatory requirements are.
 
Q

QAMTY

Crusader


Say, I detected a risk in delivery product to client (delivery process), for the treatment, I will rent an additional truck for transporting the product, and such risk is registered in a master list of risk of all the processes.
As you say, should I include in the SOP , that Im having an additional resource for transportation? duplicating the information?
Note that from time to time, risks are changing, then I will have to change the SOP every time a new risk appears.

Is it not better that in the SOP I only refer the list of risk?, thus saving time and paperwork?

Thanks
 

Crusader

Trusted Information Resource
Crusader


Say, I detected a risk in delivery product to client (delivery process), for the treatment, I will rent an additional truck for transporting the product, and such risk is registered in a master list of risk of all the processes.
As you say, should I include in the SOP , that Im having an additional resource for transportation? duplicating the information?
Note that from time to time, risks are changing, then I will have to change the SOP every time a new risk appears.

Is it not better that in the SOP I only refer the list of risk?, thus saving time and paperwork?

Thanks

Our procedures mention the "risk" as a general statement. What we do with that statement is handled in a separate document right now. Only 1 doc needs updating and that is the separate risk document. The SOP's stay as-is without needing any updates unless you add a new risk or revise a risk to the procedure/process. It is much easier to make that separate document a living document and revise it as necessary.

I can see that mentioning or referring to the separate document of risks is another method of reducing the amount of revisions to paperwork. That should work as well.
You still need to.. or.. should point out where specifically in the SOP that the risk needs to be considered.
 
Last edited:
Q

QAMTY

Thanks Cruzader

The separate risk document is the General list of Identified Risks?

Thank you so much
 
Q

QAMTY

Hey Crusader
If you refer risks in each Sop, what do you do q
With processes wich doesnt have a sop?
Thanks
 
Top Bottom