SBS - The best value in QMS software

I'm @ RISK of not showing my RISKS!

Elsmar Forum Sponsor

mmasiddiqui

Involved In Discussions
#12
Thank you all very much - this has been helpful!
I am a certified Internal Auditor. Implementing ISO 9001:2015 in our business, I may know a thing or two.
I have made sure, the risk and opportunities are discussed at various levels in the Business. Each function/ department have their own risk that prevent them from sleeping at night and opportunities that make them excited to milk the benefits. Then these are rated such that the Management have a list of Risk and Opportunities that are discussed in their Management Reviews. The risk and opportunities will be both internal to the business and external to the business as well.
You will also have to mention the criteria, what risk is important and why it is important. There should be an Impact effort matrix for opportunities and Cause and effect matrix for Risks. Your auditor will surely ask you, why you chose to work on certain risk/opportunities and not others. This matrix will give him the justification on why you decided to work on one vs others.
If you need more information, I can help you.
 

qualprod

Trusted Information Resource
#13
I am a certified Internal Auditor. Implementing ISO 9001:2015 in our business, I may know a thing or two.
I have made sure, the risk and opportunities are discussed at various levels in the Business. Each function/ department have their own risk that prevent them from sleeping at night and opportunities that make them excited to milk the benefits. Then these are rated such that the Management have a list of Risk and Opportunities that are discussed in their Management Reviews. The risk and opportunities will be both internal to the business and external to the business as well.
You will also have to mention the criteria, what risk is important and why it is important. There should be an Impact effort matrix for opportunities and Cause and effect matrix for Risks. Your auditor will surely ask you, why you chose to work on certain risk/opportunities and not others. This matrix will give him the justification on why you decided to work on one vs others.
If you need more information, I can help you.
More than satisfy the auditor, is to satisfy the needs of your organization.
The standards doesn't require to evaluate risk level nor to be documented, according to what Tony's recommended, however , in order to give a more appropriated treatment to risks (my case) we apply criteria to evaluate risk level.
But none auditor should require as mandatory, to evaluate risk level.
Is up to you the way it is addressed.
My two cents.
 

Ninja

Looking for Reality
Staff member
Super Moderator
#14
I am a certified Internal Auditor. Implementing ISO 9001:2015 in our business, I may know a thing or two.
Wrong forum to brag in... just sayin'... why don't you look at the credentials of the folks here...some of the folks you're bragging to may have written the training materials you used to get certified...
 

mmasiddiqui

Involved In Discussions
#15
More than satisfy the auditor, is to satisfy the needs of your organization.
The standards doesn't require to evaluate risk level nor to be documented, according to what Tony's recommended, however , in order to give a more appropriated treatment to risks (my case) we apply criteria to evaluate risk level.
But none auditor should require as mandatory, to evaluate risk level.
Is up to you the way it is addressed.
My two cents.
I am yet to see a business which is free of risk and without opportunity. Anyway, resources to address them are surely limited.
 

Marc

Hunkered Down for the Duration with a Mask on...
Staff member
Admin
#17
FYI - To all:

@mmasiddiqui says:

There is nothing to brag here. I am providing my credentials to make sure Bob knows the suggestion is proven during audits. I'm surprised that you can twist things the other way, which was not my intention.
------------------------------------------------------------------
Please folks - Chill - Please keep this professional, not personal.

Thanks!
 
#18
Everyone, this has been very helpful! I'm so glad I was introduced to Elsmar. I mentioned this site in my Lead Auditor training class (QAI; through Exemplar Global) and the instructor had everyone stop what they were doing so that they could write down "Elsmar Cove" because according to him it is, "a fantastic resource." But back to the theme of the thread: I found some old FMEA's (Failure Modes and Effects Analysis) for the equipment and referenced those as showing risks (lazy I know). I'm thinking this will likely not suffice and I am planning a meeting with everyone where they can tell me their risks. I'll offer that documentation as well during my audit (June 1st). Do you guys think the combination of the FMEA's and a record of risks from the staff will be sufficient?
 

qualprod

Trusted Information Resource
#20
Everyone, this has been very helpful! I'm so glad I was introduced to Elsmar. I mentioned this site in my Lead Auditor training class (QAI; through Exemplar Global) and the instructor had everyone stop what they were doing so that they could write down "Elsmar Cove" because according to him it is, "a fantastic resource." But back to the theme of the thread: I found some old FMEA's (Failure Modes and Effects Analysis) for the equipment and referenced those as showing risks (lazy I know). I'm thinking this will likely not suffice and I am planning a meeting with everyone where they can tell me their risks. I'll offer that documentation as well during my audit (June 1st). Do you guys think the combination of the FMEA's and a record of risks from the staff will be sufficient?
I your are newbie , I will not recommend to implement FMEA.
Start in the easiest way, as Tonys suggested.

Is more complex then just PXI (probability x impact), In FMEA, there are 3 aspects to consider.
and is required to have some training.

Hope this helps
 
Thread starter Similar threads Forum Replies Date
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 7
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 4
Q FMEA and Risk assessment in Microsoft Access FMEA and Control Plans 6
I Realization processes input into overall risk ISO 14971 - Medical Device Risk Management 2
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
thisby_ Post Market/Production Risk Assessment ISO 14971 - Medical Device Risk Management 0
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
C Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
qualprod Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
G Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
C Risk Matrix vs FMEAs ISO 14971 - Medical Device Risk Management 11
S IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 6
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
S Traceability of requirements to design and risk Design and Development of Products and Processes 3
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
D Deciding whether or not pre-market clinical investigation is required for low risk device EU Medical Device Regulations 5
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
_robinsingh Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 0
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
bryan willemot Contract Review and risk managment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33

Similar threads

Top Bottom