Risk Management and other Files

[Seekingknowledgee]

Hi all,

Our company wants to make the QMS robust. So we are mainly trying to see if there any forms/documents that are missing in the QMS that would make it air tight. So was wondering if I could get a website or some place that would list out the documents that are generally used in a company or something like that so that I can verify if we are missing a document or a form. It's not really just ISO14971 related documents. Didn't find the apt group to post it in, so posted here since I'm verifying Risk Management documents first.

Help is greatly appreciated.

Thanks,
SeekingKnowledgee

 

[indubioush]

So we are mainly trying to see if there any forms/documents that are missing in the QMS that would make it air tight.

This is what your internal audit system should be doing for you. If you don't have someone internal to your organization who can do an internal audit, you should hire a consultant/contractor to audit you. Find someone who has previously done risk management audits.

 

[yodon]

There is no singular "right" approach - especially in risk management! You should have procedures saying how you do risk management. Those need to be assessed against the standard to ensure you are covering the requirements. Then, as @indubioush said, you can audit against your procedures to confirm you are at least doing what you said you'd do.

Risk management is a specialized function so even though you may be doing what you said, it may not necessarily be suitable as 'proper' risk management. You would need to get an expert in risk management to assess this.

 

[Seekingknowledgee]

Thanks a lot for your input guys.

 

[Gisly]

I would promote a critical thinking approach founded on a risk assessment to what docs and procedures you "need" to have and be very careful about copying what others have done.
Seeking inspiration, if you can get in touch with QA/RA managers in similar line of business as yours through ex. local fora's (health tech. innovation arenas) for knowledge exchange that may be a way to go.

 

[Seekingknowledgee]

I would promote a critical thinking approach founded on a risk assessment to what docs and procedures you "need" to have and be very careful about copying what others have done.
Seeking inspiration, if you can get in touch with QA/RA managers in similar line of business as yours through ex. local fora's (health tech. innovation arenas) for knowledge exchange that may be a way to go.

Yea that's a good point. Will strike when an opportunity that way arrives.

 

[Seekingknowledgee]

There is no singular "right" approach - especially in risk management! You should have procedures saying how you do risk management. Those need to be assessed against the standard to ensure you are covering the requirements. Then, as @indubioush said, you can audit against your procedures to confirm you are at least doing what you said you'd do.

Risk management is a specialized function so even though you may be doing what you said, it may not necessarily be suitable as 'proper' risk management. You would need to get an expert in risk management to assess this.

There is no singular "right" approach - especially in risk management! You should have procedures saying how you do risk management. Those need to be assessed against the standard to ensure you are covering the requirements. Then, as @indubioush said, you can audit against your procedures to confirm you are at least doing what you said you'd do.

Risk management is a specialized function so even though you may be doing what you said, it may not necessarily be suitable as 'proper' risk management. You would need to get an expert in risk management to assess this.

Where do Internal Auditors mostly get their knowledge from? Experience or Courses or some other means?

 

[DannyK]

Training provides the basics along with the requirements,
Experience to see how it is applied is the key.

 

[yodon]

@DannyK is right. I just want to point out that, in this thread, there are 2 different aspects of expertise being discussed: auditing and RIsk Management. An experienced auditor doesn't imply the ability to audit your risk management file (other than superficially) nor does a risk management expert have the ability to audit.