Implementing Risk Management for Contract Manufacturers - ISO 13485

M

mipelamo

#1
Hi, I am new to the board, but I would appreciate any guidance on this issue. We are a contract manufacturer who makes components for medical device manufacturer. We are currently ISO 9001 certified, but we are in the process of obtaining a 13485 certification. However, I am struggling with the best way to implement the risk management aspect of the 13485 standard.

We do not design the product; we simply build based on our customers design specifications. Hence, it's difficult to have a risk manangement file on the product as ISO 14971 standard requires since we can assess component failure mode's impact to the patient/ end user. Would it be more appropriate to perform a process risk assessment with the failure mode being that product does not meet customer specification? Also, does anyone has any example procedures and/or templates that would help? Finally, I have read some of the older threads on this forum on the topic for contract manufacturer, yet none really addressed my concerns. Thus, I would appreciate any help you can provide.

Thanks
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#2
Re: Implementing Risk Management for Contract Manufacturer

As you are the contract manufacturer, you have to seek and obtain as much information as possible about the use and application of the product and if also possible, fetch a copy of the risk management file of the customer. These inputs can give you a fair idea of what risks could be faced by the patient / user of the product that you manufacture. These are enough to make a beginning and as you go further with your process application, you will have good vision of what likely effects your process might bring in to the risks to patient / user.
 
Last edited:

Marcelo

Inactive Registered Visitor
#3
Re: Implementing Risk Management for Contract Manufacturer

Ok, this again,. Let´s try a new one: maybe your problem is you are trying to perform "medical device risk management activities" which are part of the "medical device - as a whole - risk management" on your own, without asking the responsible for the medical device risk management - your costumer.

Brainstorming: I make a medical device, i have to perform medical device risk management. I contract services, i have to make sure these services do not impact the medical device risk management. So, any contracted service have to "bow" to my risk management process. In this case, the risk management activities should be contract requirements, and should be defined for the contract manufacturer to implement. In this case, he could have a very detailed specification which takes the risk impact into consideration, and then asks the provider to implement activities of process risk analysis. Note that i dependes, for example, in the impact of the contracted service on the finished medical device.

I´m sure there might be some problemas with this simple line og though, but it´s the best one i can think of right now.

Also, take a look at SG3/N17/2008 - Quality Management System – Medical Devices – Guidance on the Control of Products and Services Obtained from Suppliers.
 

jkuil

Quite Involved in Discussions
#4
Re: Implementing Risk Management for Contract Manufacturer - ISO 13485

If you have designed the manufacturing process, you should perform a process risk analysis. This is an input to your process validation and to your non-conformance investigation (corrective action determination). Awareness of the criticallity of your item aspects to your customers end product verry benificial in performing the RA.
 
R

Roland Cooke

#5
Re: Implementing Risk Management for Contract Manufacturer - ISO 13485

We do not design the product; we simply build based on our customers design specifications.
It's very rarely "simple". It probably still wouldn't be 100% simple if all the following applied...

Your customer provides and validates all the assembly equipment.

Your customer defines and validates all the assembly processes.

Your customer selects the suppliers that will be providing you with the build components.

Your customer directly trains your people, or better yet, staffs your facility with his own people.


Even then, there are risks to the effectiveness of your involvement in the overall process to deliver a good product to the customer.
 
M

mipelamo

#6
Re: Implementing Risk Management for Contract Manufacturer - ISO 13485

Ok, thanks your insights. I will approach it from a process risk standpoint, and see if that satisfies our customers and ISO 13485 auditor.
 
M

Metal63

#7
Re: Implementing Risk Management for Contract Manufacturer - ISO 13485

Hello,
I'm new to this forum and have a similar question regarding Risk Analysis as performed by a contract manufacturer. We are a mid sized machine shop that builds components for various industries. We would like to become a supplier of the medical industry. We are currently in the process of becoming ISO 13485 and ISO 9001 certified however we do not have a direct OEM Medical customer yet. We recently had a pre-assessment done by a Registrar and the auditor recommended we have several Risk Analyses done for certification. The auditor said we can perform a risk analysis on any part we build, however without knowing what the end prodcut is used for I find it difficult to do a risk analysis. My question is how do we create a Risk Analysis if we are not doing business yet with medical OEM company? Are there provisions to allow certification without showing evidence as long as our procedures are in place?
 

somashekar

Staff member
Super Moderator
#8
Re: Implementing Risk Management for Contract Manufacturer - ISO 13485

Hello,
I'm new to this forum and have a similar question regarding Risk Analysis as performed by a contract manufacturer. We are a mid sized machine shop that builds components for various industries. We would like to become a supplier of the medical industry. We are currently in the process of becoming ISO 13485 and ISO 9001 certified however we do not have a direct OEM Medical customer yet. We recently had a pre-assessment done by a Registrar and the auditor recommended we have several Risk Analyses done for certification. The auditor said we can perform a risk analysis on any part we build, however without knowing what the end prodcut is used for I find it difficult to do a risk analysis. My question is how do we create a Risk Analysis if we are not doing business yet with medical OEM company? Are there provisions to allow certification without showing evidence as long as our procedures are in place?
Welcome here Metal63.
You are mid sized machine shop.
You build components for various industries..
What ever component you build perhaps is itself not a medical device or is not such a working module that can be covered under medical device requirement.
If you are in the process of ISO13485 and ISO9001, certification., please have a relook and work well only towards ISO9001.
Please let us know what type of products you make for being qualified as supplier to the medical industry exclusively that is so very different from engineering industry.
Is there any medical industry as your customer (prospective customer) and are they asking you for ISO13485 certification ? What part they want you to supply ?
Is your management wanting ISO13485 ? why do they believe that they want ISO13485 ?
What is your scope for ISO9001 ?
What is your scope for ISO13485 ?
 
M

MIREGMGR

#9
Re: Implementing Risk Management for Contract Manufacturer - ISO 13485

...Risk Analysis as performed by a contract manufacturer. We are a mid sized machine shop that builds components for various industries. We would like to become a supplier of the medical industry. (...) We recently had a pre-assessment done by a Registrar and the auditor recommended we have several Risk Analyses done for certification. The auditor said we can perform a risk analysis on any part we build, however without knowing what the end prodcut is used for I find it difficult to do a risk analysis.
The O.P. in this thread said:

Would it be more appropriate to perform a process risk assessment with the failure mode being that product does not meet customer specification?
My view is, in the absence of customer driven inputs as to downstream risks, that is what you should do.

Your Risk Plan should state that this is what you are doing, and that you understand that if customer requirements were applicable and made known to you, they would be factored into your analysis.
 
M

Metal63

#10
Re: Implementing Risk Management for Contract Manufacturer - ISO 13485

Hi Somashekar,
Thanks for the reply. The main focus from management is to build our customer base beyond our commercial builds and into the medical field. We have built parts for a large CM for products that go to a medical company i.e. laser eye surgery machine but not directly to the OEM. There was no requirement from the CM to be ISO13485. We also build semiconductor and communications parts. The focus is to build a diverse customer base to include the OEM medical industry. This will enable us to grow as a company and be more attractive to prospective customers.

Our scope is Contract Manufacturer of non-sterile components and assemblies for commercial and medical industry.
 
Thread starter Similar threads Forum Replies Date
A Implementing Risk Management in a Medical Device "Distributor Only" company ISO 13485:2016 - Medical Device Quality Management Systems 2
E Implementing Risk Management - Required Document Types ISO 14971 - Medical Device Risk Management 8
V Common Errors while Implementing Risk Management Process ISO 14971 - Medical Device Risk Management 9
K ISO 31000 - Implementing Risk Management in the Construction Industry? Risk Management Principles and Generic Guidelines 5
K Risk Management Compliance - Implementing AS9100:2009 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 50
Q Easy Way of "Implementing" Risk in ISO 9001 2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
H Implementing ISO22301 on a Limited Scope Business Continuity & Resiliency Planning (BCRP) 1
J Implementing an ISO 13485 QMS Software ISO 13485:2016 - Medical Device Quality Management Systems 6
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 7
L Implementing the PRRC role in a company EU Medical Device Regulations 7
A Implementing ISO 20000-1 - Where to start Other ISO and International Standards and European Regulations 2
B Lessons Learned Implementing ISO 50001 (Chemical Engineering Progress) Other ISO and International Standards and European Regulations 0
C How medical device manufacturers are implementing standards like GDPR and HIPAA Other ISO and International Standards and European Regulations 5
M Informational EU – Commission Implementing Decision (EU) as regards the designation of expert panels in the field of medical devices Medical Device and FDA Regulations and Standards News 0
R Implementing Design History Documents/ Technical Documents in the QMS ISO 13485:2016 - Medical Device Quality Management Systems 3
tnorton Lessons learned from implementing Customer Complaints Customer Complaints 1
M Informational Update – MDR and IVDR implementing measures rolling plan – 2 more NBs designated under the new regulations Medical Device and FDA Regulations and Standards News 0
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
M Informational Commission Implementing Decision (EU) 2019/939 of 6 June 2019 designating issuing entities designated to operate a system for the assignment of Unique Medical Device and FDA Regulations and Standards News 0
J Implementing Machine Replacement Part Reverse engineering technology Manufacturing and Related Processes 3
Q Does anyone have experience implementing a QMS without ISO certification? Quality Manager and Management Related Issues 2
M Informational EU – April 2019 update of the MDR and IVDR implementing measures rolling plan Medical Device and FDA Regulations and Standards News 0
I First Time Implementing Document Control for ISO-9001 - how far back do you go? Document Control Systems, Procedures, Forms and Templates 15
M Medical Device News Last update of the MDR and IVDR implementing measures rolling plan – December 2018 Medical Device and FDA Regulations and Standards News 0
J Implementing EN 62304:2006 on existing and proven medical devices IEC 62304 - Medical Device Software Life Cycle Processes 6
M Medical Device News MDR and IVDR implementing measures rolling plan EU Medical Device Regulations 0
B Implementing an Escalation Process and Andon system Supplier Quality Assurance and other Supplier Issues 1
K EQMS question - Implementing an electronic QMS to support ISO 13485:2016 Quality Assurance and Compliance Software Tools and Solutions 4
T Is there any requirement to be compliant with IEC 62304 while implementing ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
A Compliance Obligations - Implementing 6.1.1 and 6.1.3 NOTE - Determine risks and... ISO 14001:2015 Specific Discussions 1
G Heavy Civil Construction Company Implementing ISO 9001:2015 for Certification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
K Implementing ISO13485:2016 in the Middle of a New Device Project ISO 13485:2016 - Medical Device Quality Management Systems 1
D Implementing 5S for Multiple Shop Floor Layout Workstations Lean in Manufacturing and Service Industries 2
N FDA Guidelines for implementing Continuous Improvement Process US Food and Drug Administration (FDA) 5
N Implementing ISO 17025 in a Calibration Laboratory ISO 17025 related Discussions 8
E Does anyone have experience implementing a Tiered QMS? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
A Implementing an AS9100 Aerospace Quality System AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
L Implementing ISO 9001 in small Trading Company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
C Implementing a set of bore gages at a machine Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 1
T Implementing a Suspect Counterfeit Identification Program Quality Manager and Management Related Issues 3
O Implementing Lean Intranet Sharepoint Lean in Manufacturing and Service Industries 6
F Implementing ISO 9001:2008 in a new Food Processing company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
J ISO 22301 - Implementing a Business Continuity Management System Business Continuity & Resiliency Planning (BCRP) 15
M Does anyone here have experience implementing PCI DSS (Data Security Standard) IEC 27001 - Information Security Management Systems (ISMS) 10
L Implementing a new quality management system for a new engineering company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Implementing ISO 9001 in an Assembly Plant ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
D Understanding and implementing ISO 17025 ISO 17025 related Discussions 9
Q Implementing ISO 9001 and ISO 22000 systems at the same time Document Control Systems, Procedures, Forms and Templates 2
E Implementing a Production Accountability Program Manufacturing and Related Processes 3
J Implementing a TrackWise eQMS System Quality Assurance and Compliance Software Tools and Solutions 3

Similar threads

Top Bottom