How to document the Risk Management on Rework activities ?

R

ritammy

First let me say how wonderful this site is. I find it very useful and thank everyone for their inputs.

We are a medical device Contract Manufacturer that is ISO 13485 certified. During a recent BSI audit it was observed that on our Rework Form there was no reference that risk was assessed prior to approving to rework. I modified our form to include a statement that reads: "By approval below the rework to be completed below has been evaluated and determined to not pose any adverse effect to form, fit or function of the device". Is it acceptable to simply do a letter to file that details that the risk was addressed. It seems crazy to do a full blown FMEA or PFMEA for this.

Additionally, what do other Contract Manufacturers do for Risk Management. Are we supposed to have a PFMEA for every process? I would like to develop a simple step by step, idiot proof form that addresses handling risks that are non design control related. Any thoughts.

I am aware of ISO 14971 and have reviewed it thoroughly and have a very comprehensive procedure based on it. However I am stuck on how to implement it and actually start using it. A lot of the procedure is for a manufacturer with design controls.

Thanks!
Tammy
 

Ajit Basrur

Leader
Admin
Re: Contract Manufacturer Risk Management

Being a contract manufacturer, your organization may not be in full knowledge for the form, fit or function of the device and hence should be refered to the customer. In Contract manufacturing, all rework activities have to be approved by the customer and most customer smention this point in the Quality Agreement for compliance.
 

somashekar

Leader
Admin
First let me say how wonderful this site is. I find it very useful and thank everyone for their inputs.

We are a medical device Contract Manufacturer that is ISO 13485 certified. During a recent BSI audit it was observed that on our Rework Form there was no reference that risk was assessed prior to approving to rework. I modified our form to include a statement that reads: "By approval below the rework to be completed below has been evaluated and determined to not pose any adverse effect to form, fit or function of the device". Is it acceptable to simply do a letter to file that details that the risk was addressed. It seems crazy to do a full blown FMEA or PFMEA for this.

Additionally, what do other Contract Manufacturers do for Risk Management. Are we supposed to have a PFMEA for every process? I would like to develop a simple step by step, idiot proof form that addresses handling risks that are non design control related. Any thoughts.

I am aware of ISO 14971 and have reviewed it thoroughly and have a very comprehensive procedure based on it. However I am stuck on how to implement it and actually start using it. A lot of the procedure is for a manufacturer with design controls.

Thanks!
Tammy
You are responsible for your processes risk management of the medical device life cycle.
You are responsible to get the risk management information from your customer OR such other information that makes you understand how and where the device will be put to use and what are the typical usage behavior. These must be embedded into your process risk management documents, with consideration towards risks to user and patient. It would also be good if your customer endorses your risk management document having reviewed the same. This shows that a good customer interface is active and live. (Good luck in this if you can make it)

In these processes , your any rework steps is an aspect and the same can be mapped in your risk management. As this document is live and in your control, when a rework is faced, you decide the rework steps, address these steps in your risk management and establish controls. Then bring the same into your rework procedures.

This way, the rework process and the risk management process become very interactive processes, which are well demonstrated.
 

John Broomfield

Leader
Super Moderator
ritammy,

Rework or repair?

Remember that repair is a design change that cannot be done without evidence of approval from the designer.

Differentiating rework from repair may also require designer input.

John
 

somashekar

Leader
Admin
It is about rework as mentioned in the ISO 13485 within the clause 8.3, Control of nonconforming products.....
 
C

CornelisvanDijk

Hi Ritammy,

Simply stating that no risks were identified may be a bit to simple in this case, especially considering the fact that you are performing rework activities on medical devices.

At the very least, you may want to evaluate whether the elements of the rework are already in your risk assessment (e.g. FMEA or PFMEA) and how they are controlled. You may want to refer to the applicable risk and general control plan in your rework form (e.g. If product labeling is required, refer to the risk and controls in your general FMEA related to product labeling) If you do not have a centralized FMEA, now may be a good time to consider this! ;-)

It may well be, that new risks are discovered during this exercise and you should think about preventive actions (if the risk goes beyond the risk appetite of you and your principal of course).

Either way, make sure that you partner up with your principal on this. Rework, in general, does affect the form, fit or function of the device and is, as such, subject to change control.

I sincerely hope that you find an effective and pragmatic way to deal with this and please keep in mind that the BSI auditor is obligated to accept any solution that leads to meeting the applicable requirement (it doesn't have to be stated on your rework form, if you have this covered in another way that works for you and meets the requirement, that's fine too)

Kindest Regards,
Cornelis van Dijk
 
Top Bottom