ISO 13485 and ISO 14971 - one mandates the other?

P

psp1234

Involved In Discussions
Hi there (and happy 4th),

An auditor wrote a NC for not following ISO 14971, while an audit for 13485,
Here is the NC quote:

• Risk Management Plan, OP-02, rev 5 does not contain a risk policy as required in ISO 14971:2007 clause 3.2
• Risk Management Plan, OP-02, rev 5 does not outline the requirements for qualifications of personnel as required in ISO 14971:2007 clause 3.3

Nowhere in our procedure did we state that we shall follow 14971, but we mentioned 14971 as a "reference" in the "references" section.

My questions to the community here are:
1. Does ISO 13485 mandate ISO 14971 to be used?
2. Did we "dig a hole" by mentioning 14971 in our procedure as a reference?

ugh...I sometimes feel I need do be a lawyer when writing procedures...:confused:


Interested to hear your thoughts,
Thanks in advance,
Sue
 
M

Marcelo

Inactive Registered Visitor
1. Does ISO 13485 mandate ISO 14971 to be used?
Click to expand...
No.

2. Did we "dig a hole" by mentioning 14971 in our procedure as a reference?
Click to expand...

Maybe. Formally, if you mentioned it as a shall, it would be turned into a clear specified requirement of the QMS. If you mentioned only as a reference, in my opinion it would not be a specified requirement, however, the auditor may thought that it was an implied requirement. I prefer not to deal with implied requirements, only with specified, because it's easy to begin making endless inferences in auditing.

Anyway, is there any expectation that you fulfill ISO 14971? Do the regulatory requirements applicable to your product require application of ISO 14971? Does any other requirement (a standard such as IEC 60601) requires ISO 14971?
 
P

psp1234

Involved In Discussions
Hi Marcelo,
We are a contract manufacturer of components for OEMs. Manufacturing metal parts for medical equipment (no patient contact).
We did not commit compliance to 14971 to any of our customers.

When I contested the NC to the auditor, she was very adamant about following 14971 because we mentioned it, even as a reference, in our procedure.

Regards,
Sue
 
M

Marcelo

Inactive Registered Visitor
If you are only a contract manufacturer, there would be really no expectation to follow ISO 14971. So the auditor seems to be really pushing too much :-(

psp1234 said:
Hi Marcelo,
We are a contract manufacturer of components for OEMs. Manufacturing metal parts for medical equipment (no patient contact).
We did not commit compliance to 14971 to any of our customers.

When I contested the NC to the auditor, she was very adamant about following 14971 because we mentioned it, even as a reference, in our procedure.

Regards,
Sue
Click to expand...
 
B

BhupinderSinghPawa

The EU recognizes EN ISO 14971:2012 and FDA recognizes 14971:2007/(R)2010 for meeting the regulatory requirements of risk management.

Is the 13485 audit you are facing is an internal or a notified body audit? What are the regulatory markets (US / Europe / ...) in scope?
 
Y

yodon

Leader
Super Moderator
This issue seems to pop up frequently: a 13485-registered CM shop gets dinged for not "owning" 14971. As Marcelo pointed out, thought, that makes little sense from a product perspective.

Where it DOES make sense, though, is assessing the process-based risks that can impact the product for which you are contracted. To me, it makes sense that you could scope your QMS to say (not necessarily in these words) "For product risk management, our scope is limited to supporting process-based risk management (e.g., a Process FMEA) in collaboration with our customers. The specific processes are driven by our customers' procedures. The customer ultimately owns the records arising from these efforts"

You guys have particular expertise in recognizing how nonconformities could arise in the process but your customers have to provide the expertise in the clinical effects so it absolutely has to be a collaborative effort.

Curious if the group thinks this is a reasonable approach for a CM. I think a number of CMs could benefit by having a defined approach to this.
 
P

psp1234

Involved In Discussions
Hi BSP,
It was a registrar audit (NSAI). we are a CM and we don't place any device in any markets.

Thanks for your post!
Sue
 
P

psp1234

Involved In Discussions
Good point Yodon,
I wish that the technical committee will address CM "special situation" in one of their publications. It would help a lot with interpretations and auditor variability.
Maybe they did?

Thanks for the pointer, I will put it in the "right place",
sue
 
You must log in or register to reply here.

Similar threads

B
How to integrate risk assessment of a medical device to a SOP for ISO 14155:2020
Replies
1
Views
300
Enternationalist
Enternationalist
A
Risk Assessment for ISO 13485:2016 section 7??
2
Replies
11
Views
1K
AliceQA
A
Renea Koski QAM
Inspecting your own work--ISO unspoken no-no!?!?
2
Replies
12
Views
609
Sidney Vianna
Sidney Vianna
timbro
Class 1 medtech start up and regulatory decisions
Replies
4
Views
290
timbro
timbro
I
IEC 60812 or ISO 14971 for PFMEA? What should we use?
Replies
3
Views
1K
Ronen E
Ronen E
Top Bottom