ISO 14971:2012 - Verification of Implementation of Risk Control Measures

[Maire]

Hi All,

Can someone give me an idea of what an auditor would be looking for in relation to verification of implemented risk controls?

We have a NCR on it in relation to our risk assessment and im trying to figure out what type of table/form/review i could do to verify this in one document as opposed to pulling evidence and pointing in 120 different directions.

Any help much appreciated.

Thanks.

 

[t.PoN]

Re: 14971:2012 Verification of Implementation of Risk Control measures

The idea is to make sure that the control you have applied has been really effected and addressing the problem.
Because you might have implemented a risk control without reducing it from red to green. some even do have a new risks merging from their control and they forget to evaluate it.

You can use the same tool you used first time in Risk Assessment.

for example: if you used a risk assessment matrix. then you can point where was the risk before and after implementing control.
if you used table, then you can add a column for Risk Re-Evaluation after Risk control.

You just need to show that the control has reduced one of the following:
the risk probability,or risk impact, or may be hazard exposure, or was it done to improve risk detection. and it might have done all the above. (Boy-dog scenario).

 

[Maire]

Re: 14971:2012 Verification of Implementation of Risk Control measures

Ah great. Thanks for that we had the the risk rated after control but not before. So rating it before and then after would be sufficient for verification purposes.

Thank you for the response

 

[yodon]

Re: 14971:2012 Verification of Implementation of Risk Control measures

Thanks for that we had the the risk rated after control but not before. So rating it before and then after would be sufficient for verification purposes.

Um, hang on a second. The act of reducing the RPN in your risk documentation is NOT sufficient for verification. Maybe I misunderstood.

Verification would need to be done in a manner to gather objective evidence that the control is effective. Typically, this is through (formal) verification testing.

 

[Maire]

Re: 14971:2012 Verification of Implementation of Risk Control measures

We have all the verification testing done. In about 20 or so different binders full of verification and validation testing, some hazards mitigated by drawing attention to the user manual and some a product features. What im saying is we have all our testing in various binders in our risk documentation we have a table that lists the various hazards and rate them based on probability, severity and likelihood to be detected. The same table also includes what we have done to mitigate the risk. E.g stating software requests administrative approval. Do I need to attach evidence of this? Its already in another location.

The auditor said. No evidence could be found that the risk control measures detailed in the assessment have been implemented and verified.

 

[t.PoN]

Re: 14971:2012 Verification of Implementation of Risk Control measures

Let me get this straight:
you have a risk assessment before the control.
You have implemented a control
You test your control
You re-evaluate the risk based on the test

if its all documented and traceable (not necessary in the same location), then i don't know whats the problem?

but the Nonconformity states that you haven't implemented the controls? its not risk evaluation.
I think he could not find an evidence that you have followed up actions regardless if you have already implemented them or not

 

[Maire]

ok let me give you some more information.

the auditor stated no evidence could be found that the risk control measures detailed in the risk assessment have been implemented and verified.

The quoted:

The solutions adopted by the manufacturer for the design and construction of the devices must conform to safety principles, taking account of the generally acknowledged state of the art.
In selecting the most appropriate solutions, the manufacturer must apply the following principles in the following order:
? eliminate or reduce risks as far as possible (inherently safe design and construction),
? where appropriate take adequate protection measures including alarms if necessary, in relation to risks that cannot be eliminated,
? inform users of the residual risks due to any shortcomings of the protection measures adopted.

The response given by my company in the CAPA plan was ---- Risk assessment will be updated to show risk control measures have been verified.

Auditor replied to our suggested action with...... Rejected, still no reference to whether the risk control measures have been verified.
--------

To be perfectly honestly I am a bit lost here. I've been brought in at the tail end of this and been told fix it basically.

I really appreciate yer help.

 

[t.PoN]

First you stated:

some hazards mitigated by drawing attention to the user manual and some a product features.

then you said the auditor stated:

In selecting the most appropriate solutions, the manufacturer must apply the following principles in the following order:
• eliminate or reduce risks as far as possible (inherently safe design and construction),
• where appropriate take adequate protection measures including alarms if necessary, in relation to risks that cannot be eliminated,
• inform users of the residual risks due to any shortcomings of the protection measures adopted.

Is the auditor satisfied with your risk control?!!!
i could only conclude that the auditor is thinking that you have jumped to informing users without first Trying to eliminate the risk.

Is the residual risk within acceptable criteria? if not, then he is right.
but if it is, then i don't think you are obliged to follow the order of elimination, then alarms ...etc. unless your procedure states so

Clause 6.1. state WHEN RISK Reduction is required then risk control activity shall take logical sequence.

 

[Maire]

Thanks,

Yes all the hazards we assessed are within the acceptable level.

We also have to comply to 60601-1 and we have reduced all risks as much as possible. The reference to the instructions for use is where we stated the user may choose calibration files from a product other than our own so we first noted that the software will automatically disregard them as they would be incompatible and second check is that the instructions for use state the correct files to use for calibration and how to calibrate? that is just one of about 50 different types of hazards we looked at.

 

[Mark Meer]

Hi Maire,
I'm a bit confused as to what the gap the auditor is identifying is, by your account it seems as though everything is in order...

Generally, the risk-control measures feed into the system requirements specification.
If this is the case, then verification of the risk-control should be already incorporated into the design verification process.

Simplified Example:

1. Initial Hazard Identification: "Hzd2.3 Hazard XXX due to unexpected battery depletion".
2. Initial Risk Evaluation: shows that "Hzd2.3" is above the RPN threshold and therefore risk-control measures are necessary.
3. Risk Control Measure (as system requirement): "System Requirement 2.3 - System shall beep and flash LED at 30 second intervals when battery charge is detected at less than 20%."
4. Residual Risk Evaluation: Given System Requirement 2.3, Hzd2.3 RPN is now below threshold.
5. Design Verification Plan: "Test2.3 - Monitor battery charge and verify audible beep and LED flash at 30 second intervals at charge less than 20%."
6. Design Verification Report: "Test2.3 - Carried out by XXX on YY-MM-DD - Pass"
7. Risk Assessment Report: "Implementation of risk control measure for Hzd2.3 was verified according to Test2.3 of Verification Plan (see Verification Report)"

From this, it should be clear that the control measure was specced (as a system requirement), and implementation verified (as part of design verification)