PFMEA and Control Plans on legacy product

tbaker

Registered
We are a contract manufacturer and added the use of PFMEA's and Control Plans to our new product introduction process in 2018, in a recent certification audit we received a finding because we had not gone back and performed these on our older products. Some of these date back to 2012. The finding was against ISO 13485 clause 7, since this clause is related to "Product Realization" and our procedure for when to use them is in our NPI process is this a legitimate finding?
Thanks,
 

Tagin

Trusted Information Resource
1) What specific point in clause 7 was cited? And/or, provide us the full text of the NC from the auditor.
2) What do your process docs say for FMEA/CP requirements? Do you say you will do it on "all products", or on "all new products going forward", etc.?
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
Good day @tbaker ;
Please allow me to cause us to think beyond what the auditor is "asking for" and instead think about what your organization wishes.

Do corrective actions ever take place on the legacy products/processes? What do you use to confirm the current controls when performing corrective actions? What does your update to ensure any corrective actions are sustained?

Do any change points take place on the legacy products/processes? What does your organization update to ensure any change points are sustained?

See where I'm going here ? Instead of asking "what can we avoid", I would challenge your organization to consider instead "what do we need".

Be selfish. Management systems should first and foremost serve the need of your organization and its customers.

Hope this helps.
Be well.
 

tbaker

Registered
Here is the finding:
Non-conformance description:
Risk management process and documentation are inadequately established

Requirement:
ISO 13485:2016

- 7.1-d) "records needed to provide evidence that the realization processes and resulting product meet requirements"
- 4.2.4-a) "review and approve documents for adequacy prior to issue

Objective Evidence:

- Not all processes/products have documented risk management files.
- Risk Management File 536571 Ferrite Holder include irrelevant information related to PFMEA and Control Plan dated 10 Sep 2019 for 530581 Rev H Molded, 543631 Rev B Foam Pads Installed.

In the audit while looking for obj evidence we found a couple files with the wrong part number in the file name, the files were in the correct folders (electronic) but it looked like the file creator had modified an existing file for a new part but forgot to change the file name.

Our procedures have PFMEA and CP done during NPI processes and then updated whenever there is a rev change to the part.
 

tbaker

Registered
Thanks John C,

As a low volume high mix contract supplier we would need to do hundreds of PFMEA's and CP's on well established products and processes, I struggle to see the reward on the effort and cost.
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
we would need to do hundreds of

Good day @tbaker ;
Understood.
The focus of the finding (likely your organization's priority) is specific to identifying risk.

Is it possible your organization could benefit from foundational (or family) PFMEA? For example, if an organization makes zip ties in multiple lengths and colors, the process steps (mix, extrude, cut, etc....) and the associated risks with each step are same/similar. It would not make sense, therefore to have a separate PFMEA for each item number. In the above example, foundational PFMEA could simply be created for the various process steps.

Just a thought.

Hope this helps.
Be well.
 
Top Bottom