Hello Everyone :) ,
If some of you could remember my inquiry I posted here before about: Auditor requests confidential information via Email , I am indeed so grateful for your help. The Audit was last Wednesday and it went really very systematic and informative ( I was a little bit afraid that...
Health Canada issued this notice of intent back in April regarding "Strengthening the post-market surveillance and risk management of Medical Devices".
As written in the notice, most of the proposed changes are written in the format "Provide the Minister with the authority to...". Does this...
Office of Inspector General of the U.S. Department of Health & Human Services (HHS) - The Food and Drug Administration's Policies and Procedures Should Better Address Postmarket Cybersecurity Risk to Medical Devices
Full Report - https://oig.hhs.gov/oas/reports/region18/181630530.pdf
Our auditor requires us to attend a training on EN ISO 14971:2012 so that we could prepare the risk management documents accordingly. It seems that unless we attend the training, they would be happy with the risk management document. Currently we hold a document complying to ISO...
In a risk analysis, how can we tie security breach (e.g. losing confidentiality of patient information) to ISO 14971? What is the severity level of harm for loss of confidentiality of information in a mobile app? I would think we should do that exploitability analysis first as per...
Thinking about the need for a digital signature certificate...do you think it´s necessary for which situations?
If I have a good audit trail and controls like:
- confirmation - user and password - before approve/sign a document
- the signature responsible, hour and date...
FDA - Draft Guidance on Considering Uncertainty in Making Benefit-Risk Determinations to Support Certain Premarket Decisions for Medical Devices
The clause 126.96.36.199:
The organization shall include in its risk analysis, at a minimum, lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework.
This mean that we should include the lessons learned from product recalls, also lessons...
I feel I have a reasonable understanding of the concept of essential performance but in Annex A clause 4.3 of IEC60601-1 Ed 3.1, there is the following sentence:
"When considering the RISK associated with a level of degraded performance, which might include full loss, the analysis...
At managing risks, I have been following this practice when identifying external issues (negatives) and in Interested parties the suppliers.
When ran the FODA, In external issues, I identified negative (risk) in external issues the Goverment policies.
In IATF 16949 clause 6.1, which is the same as in ISO 9001, we need to conduct a risk analysis and then plan actions to mitigate such risks.
Then the contingency plan clause 188.8.131.52, mentions the risks analysis and risk mitigation activity again.
What is the difference between 6.1...
We are a small medical device company and recently we had a management review meeting and our CEO mentioned that he heard about a new risk approach - "risk-based design". Basically, that risk assessment is done over the requirements of a medical device - you identify a risk, show mitigation for...
In the approach to manage risk under 9001 2015, I´m considering this.
I use the equation Risk value = PxI
Once I get the value, I have a table of values which correspond to a Type of risk, ranking form A to D.
My sources to evaluate P and are just references, events in...
Some regulatory schemes prescribe a fixed hierarchy of risk control categories that should be examined in the following order:
1. Inherent safety by design
2. Protective measures in the device or its manufacture
3. Information for safety, such as warnings, maintenance schedules...