ISO-13485 7.1 - Preparing for our MDSAP audit

[AaronM2102]

First post, be gentle.

Also i apologize if this has already been answered in a previous post.

I am currently preparing for our MDSAP audit that encompasses ISO-13485: 2016. I am currently ISO-13485: 2003 and 21 CFR.

As the title says i am having some trouble with 7.1 of the 2016 standard.
I have already implemented risk management/assessment throughout the process individually (NCMR, design, supplier control and complaints...)

So do i already have this covered?

Or do i have to do some over arching risk mitigation? A process flow of how risk is applied?

Examples always help out if that is easier too.

Thanks for the help.

-A

 

[Marc]

A quick "Bump" - My Thanks in advance to anyone who can help with this one.

 

[sagai]

Hello Aaron,
so, this is calling to comply with (EN) ISO 14971:2012 that (more or less) describes the activities expected to see for product risk management.
I do not know if it was your recollection or not, this is more for the measures to take and the process that is proposed to follow to ensure the freedom of unacceptable product (patient safety) risks of the product that is in development, maintenance or that is in an early phase of development.

Hope this helps
Cheers

 

[AaronM2102]

Thanks sagi

So after some reading i think i am on the same page with what you wrote below.

I feel i currently comply with the appropriate product risk management in individual aspects as i stated in the first post.

But as 7.1 states "a process of risk management should be described throughout the realization process"

I am still stuck on this clause.
What you wrote below, i think i understand it like i stated above in an individual sense.

"this is more for the measures to take and the process that is proposed to follow to ensure the freedom of unacceptable product (patient safety) risks of the product that is in development, maintenance or that is in an early phase of development."

I guess my question is still, do i need to describe in my realization document how risk is mitigated at each one of the critical steps in my realization process?

Again sorry if i am confused here.

Thanks

 

[sagai]

Hello,
So, the mitigation measures for product risks are identified in various phases of the realization process as part of a (kind of) FMEA activities. Those mitigations are for the product. For cost effectiveness purposes, earlier identification of product risks and mitigations are mostly the better.

So, I think in the realization process document you either need to describe or to refer to the process definition for product risk management ( see (EN) ISO 14971:2012) that is fit for your organization needs, further you need to maintain the product risk management file that describes the result of the product risk management activities for the particular medical device that was/is in the product realization/maintenance.

That’s my thought on this, hope this helps.
If it is still encrypted, please let us know

Cheers!

 

[yodon]

There may be 2 things going on and overlapping here.

As Sagai notes, product risk management is through the application of 14971.

Where it sounds like there may be confusion is that there's an expectation of process risk management as well; i.e., taking a risk-based approach to a particular process. (For example, applying additional controls on critical suppliers.)

The way I've typically looked at it, though, is that application of 14971 is, in fact, the way to manage risks throughout product realization.

Bear in mind that when the standard talks about risk (see 0.2 Clarification of Concepts), they are as they relate to safety or performance requirements of the device or meeting applicable regulatory standards.

You can, of course, go beyond that; e.g., project risk management (e.g., time & budget), but I think for demonstrating compliance to 7.1, application of 14971 is the right approach.