Planning of Product Realization - Risk Management - ISO 13485 Clause 7.1

V

vinhhoang

We are Electronics Contract Manufacturing, our product is the Printed Circuit Board Assemblied (PCBA) that will be installed to some kinds of medical devices / equipment by our customer as our their intended use such as install into a machine to measure pressure of blood in human body...

Regarding to Risk management at clause "7.1 Planning of product realization". Does anybody have any idea and give me concept about the requirement of risk managment to our PCBA product relization process? Does the PCBA product need to apply risk management?

Does anybody have an example of documented procedure for risk management please share with me.

Many thanks in advance.
 

howste

Thaumaturge
Trusted Information Resource
My first advice is to get a copy of ISO 14971 if you don't already have one. It is the standard that describes risk management for medical devices.

Because you're a contract manufacturer, your customer should be responsible for risk management for design. You should definitely focus on risk managment for the PCBA manufacturing side. Working with your customer, you should develop risk assessment and risk management activities based on their inputs. The results may be in the form of a process FMEA or FMECA with recommended actions.

Sorry, I don't have a risk management procedure I can share. Anyone else?
 
P

Pat McGhie

Re: ISO 13485 Clause 7.1 Planning of product realization - Risk management

I am struggling with this a bit also. I have the standard on Risk Management but I have limited exposure today and am looking for a simple procedure. I do not see an samples yet.

Pat in NH
 
K

Katydid

Re: ISO 13485 Clause 7.1 Planning of product realization - Risk management

We are a tier 1 contract manufacturer for orthopaedics. Up to this point, our Risk Analysis has been limited to the section below as found in the quality planning process. The customer base seems to be changing their requirements (especially the last month or so) and some will now start requiring more info for validation and risk analysis, which means they will be providing more information to me to help in this effort. I see a Quality Manual revision and process change on the horizon. This is not exactly what you asked for, but I thought you may be interested.

Good Luck!!!!



3. RISK ANALYSIS

3.1. Our Customers maintain design control over all products manufactured by *&%*#@. The customer is responsible for performing Design Risk Analysis including FMEA’s and other Risk Analysis techniques during their planning process in order to meet FDA requirements for 510(k) filings.

3.2. All information provided to *&%*#@ by the Customer is reviewed and approved prior to manufacturing to ensure products are produced per customer and regulatory requirements. Documents such as Customer Provided Inspection Sheets are used as a guideline for creation of our internal inspection criteria and frequencies.

3.3. Internal Risk Analysis can only be based on information the customer is willing to provide. Therefore, internally our risks are controlled by our quality planning and production control systems because access to design FMEA’s, customer process FMEA’s, and end user feedback information is not available from the Customer for our use.

3.4. Internal Risks are analyzed throughout Quality Planning and Product Realization. The analyses are evidenced by (but not limited to):

3.4.1. Sales Order Review Forms
3.4.2. Specification Review Forms
3.4.3. Quality Planning Meeting Record, Other Risks section for new processes or other risks.
3.4.4. Master Router Creation
3.4.5. Creation of Process Drawings
3.4.6. Creation of Inspection Sheets based upon available Customer Supplied Inspection Sheets (which provide a link to the Customer’s risk assessment systems). The Internal Inspection Sheets include stages of inspection, criteria to be inspected, gages to be used, and frequency of the checks.
3.4.7. Engineering Change Request adverse effect evaluations as documented on the ECR Form.
3.4.8. Rework adverse effect evaluations as documented on the Temporary Process Requirements Form or in (MANAGEMENT SOFTWARE) Comments for a rework job.
3.4.9. Communication Records are retained electronically on the Preventive Action Communication form by part number. These records document conversations with customers or vendors regarding product quality, specifications, requirements, or other risks associated with producing a product.

3.5. During the Design and Planning stages of our Quality Management System, certain manufacturing risks were identified and addressed by system requirements. Some of these systems include (but are not limited to):

3.5.1. First Piece Inspections by operator and a separate independent person to verify programs, gaging, tooling, and equipment.

3.5.2. Preventive Maintenance.

3.5.3. Procedures addressing the details of processes with many requirements such as Passivation.

3.5.4. Creation, Use, and Retention of our detailed Job History Files.

3.5.5. Training Programs.

3.6. If at any time *&%*#@ files a 510(k) with the FDA, the Quality Manager will be responsible to ensure all regulatory requirements are met including completion of the FMEA, and implementing a Design Control system.
 
P

Pat McGhie

Re: ISO 13485 Clause 7.1 Planning of product realization - Risk management

Katydid,

Thank You! This is an excellent example for me... I will use it as a "reference" and generate something for management here to review.

Pat McGhie in NH
 
K

km214

First I will begin with a resounding "I LOVE THIS FORUM" I was initially looking to confirm my perspective on risk management as it applies to contract manufactuing. Due to my 15 + years in quality my initial presumption was validated. Most of the burden of risk assessment lies with the designer of the product, however we as the manufacturer are required to analyze any risk our processes would add to the product during production of it. We have performed PFMEA's on our critical processes so we are there. Have some work to do in validating our processes but again we are getting there as well.
I appreciate the great minds here in the cove sharing their wisdom with us all.

I also appreciate the additional components offered here regarding not only risk management, but the regulatory and appropriate methods of documenting things like rework and more importantly the issues the contracting firm faces with their submission of the product's 510K. Some companies do not take into consideration that their customer has submitted the production plan for the part in the 510K submission in the sense that if a particular step is modified or other, the production process has changed and that change needs to be first-approved by the customer and second-may require a modification to their 510K submission. As we do not do 510K submissions here, my knowledge and expertise in this area is unrecognized and unfortunately dismissed.
Here to say thanks again for the info sharing!
 

Marcelo

Inactive Registered Visitor
Great job Katydid!

But I would like to point that this procedure could be improved by not only expecting that your customer would do all the job of defining their requirements, you could also make a risk analysis of your board based on it´s intended "customer" use.

For example, it can be expected that there will be requirements for creepage and clearance distances, and flammability classification of your board (they´re all part of risk control requirements of medical electrical equipment safety standards), to control some risks on the final product in use. Shouldn´t you take this aspects into consideration "before" you customer say so?

You said that "end user feedback information is not available from the Customer for our use" but this is in fact part of a "customer requirements" definition from any regulatory or not design and development.

This approach would be also in concordance with the recent trend on systems parity (See my discussion in this thread for more info on that - http://elsmar.com/Forums/showthread.php?t=26591)
 
Top Bottom