We are in an ISO 13485 audit and the auditor is questioning why we have not included "Distribution" process under risk based process.
Section 4.1.2 b) mentions to apply a risk based approach to the control of the "appropriate" processes needed for the QMS.
I explained to the auditor that we have identified Software, Internal Audits, frequency of Management Review, Training etc. and did not feel that "Distribution" needs to be risk based as the product does not have any special storage/handling requirements but he seems persistent on that.
What do you feel?
Section 4.1.2 b) mentions to apply a risk based approach to the control of the "appropriate" processes needed for the QMS.
I explained to the auditor that we have identified Software, Internal Audits, frequency of Management Review, Training etc. and did not feel that "Distribution" needs to be risk based as the product does not have any special storage/handling requirements but he seems persistent on that.
What do you feel?