Re: ISO 13485 Clause 7.1 Planning of product realization - Risk management
We are a tier 1 contract manufacturer for orthopaedics. Up to this point, our Risk Analysis has been limited to the section below as found in the quality planning process. The customer base seems to be changing their requirements (especially the last month or so) and some will now start requiring more info for validation and risk analysis, which means they will be providing more information to me to help in this effort. I see a Quality Manual revision and process change on the horizon. This is not exactly what you asked for, but I thought you may be interested.
Good Luck!!!!
3. RISK ANALYSIS
3.1. Our Customers maintain design control over all products manufactured by *&%*#@. The customer is responsible for performing Design Risk Analysis including
FMEA’s and other Risk Analysis techniques during their planning process in order to meet FDA requirements for 510(k) filings.
3.2. All information provided to *&%*#@ by the Customer is reviewed and approved prior to manufacturing to ensure products are produced per customer and regulatory requirements. Documents such as Customer Provided Inspection Sheets are used as a guideline for creation of our internal inspection criteria and frequencies.
3.3. Internal Risk Analysis can only be based on information the customer is willing to provide. Therefore, internally our risks are controlled by our quality planning and production control systems because access to design FMEA’s, customer process FMEA’s, and end user feedback information is not available from the Customer for our use.
3.4. Internal Risks are analyzed throughout Quality Planning and Product Realization. The analyses are evidenced by (but not limited to):
3.4.1. Sales Order Review Forms
3.4.2. Specification Review Forms
3.4.3. Quality Planning Meeting Record, Other Risks section for new processes or other risks.
3.4.4. Master Router Creation
3.4.5. Creation of Process Drawings
3.4.6. Creation of Inspection Sheets based upon available Customer Supplied Inspection Sheets (which provide a link to the Customer’s risk assessment systems). The Internal Inspection Sheets include stages of inspection, criteria to be inspected, gages to be used, and frequency of the checks.
3.4.7. Engineering Change Request adverse effect evaluations as documented on the ECR Form.
3.4.8. Rework adverse effect evaluations as documented on the Temporary Process Requirements Form or in (MANAGEMENT SOFTWARE) Comments for a rework job.
3.4.9. Communication Records are retained electronically on the Preventive Action Communication form by part number. These records document conversations with customers or vendors regarding product quality, specifications, requirements, or other risks associated with producing a product.
3.5. During the Design and Planning stages of our Quality Management System, certain manufacturing risks were identified and addressed by system requirements. Some of these systems include (but are not limited to):
3.5.1. First Piece Inspections by operator and a separate independent person to verify programs, gaging, tooling, and equipment.
3.5.2. Preventive Maintenance.
3.5.3. Procedures addressing the details of processes with many requirements such as Passivation.
3.5.4. Creation, Use, and Retention of our detailed Job History Files.
3.5.5. Training Programs.
3.6. If at any time *&%*#@ files a 510(k) with the FDA, the Quality Manager will be responsible to ensure all regulatory requirements are met including completion of the FMEA, and implementing a Design Control system.