Implementing Risk Management in a Medical Device "Distributor Only" company

[Aphel]

Hello!

I would need a recommendation for how to implement risk management in a medical device "distributor only" company?

We want to certify our company acc. ISO 13485; we have no R&D and no production, we act only as distributor for other legel manufacturers in the company group.
The auditor who will come and conduct the audit has requested (beside other general procedures) our risk management procedure in advance!?

The issue now is - a distributor company cannot implement a risk procedure according ISO 14971 from point of view... am I wrong?
We only have the idea to implement FMEA in order to evaluate our internal processes like storage & distribution - to identify possible impacts on devices we handle. Is this enough???

Thanks a lot for your comments/help in advance!

BR
Aphel

 

[somashekar]

Re: Recommendation for risk management

First, ISO 14971 is not mandatory for the risk management. Its a note 3 to see for guidance in the ISO 13485.
You should be OK with FMEA for the processes in your scope.
Consider things that can effect the device in terms of storage and transport conditions, which in turn can directly effect the user / patient. Get information from the device manufacturer about these which are essential for you to know, and these can be present in the device information for use, or in other technical information that is available with the manufacturer. Know them and consider them in your risk management documentation, and decide your such effective control measures.

 

[pkost]

Re: Recommendation for risk management

ISO 14971 is intended for manufacturers, not distributors. The standard is about risk for the health and safety of the patient - this has already been investigated by the manufacturer. All you have to do is follow their instructions

Your business needs to consider your business risk. Consider the following...risk: product may not be suitable for storage in hot conditions

A manufactuerer (and ISO14971) cares that this will lead to an ineffective device that harms the patient
As a distributor you care that you have stock that is non conforming and needs to be written off

This is not to say you can't use concepts from 14971, just that it isn't entirely appropriate

 

[LEMAB]

Considering ISO 14971 would not be fittable for Distributors, What if could be use for the life cycle period covered by the Distributor, that said from the storage, transport distribution, installation etc etc on
Can anybody could share a Risk Management Plan for that portion of the life cycle of the products involving a Distributor?

 

[Tagin]

We only have the idea to implement FMEA in order to evaluate our internal processes like storage & distribution - to identify possible impacts on devices we handle. Is this enough???

I think you want to look at ISO 31000, which provides a more general framework for setting up a risk management process (in which FMEA may be embedded).

 

[Jean_B]

And to jumpstart you wrt concerns/risks your 'customer' might have with respect to medical devices:

• How will you keep product in a good state, generally but also wrt specific conditions such as temperature, humidity, lifetime, risk of contamination, transport shocks etc. Be especially aware of microclimate conditions that might arise due to the design of your storage space, its doors (often giving shocks of cold and heat), windows in any walls as well as the roof (Some Ethylene Oxide exposure stickers can return to a state that implies they were not sterilized at all if exposed to UV light) and the placement of any sensors if you use it (heat rises etc). This will also help you in case of send-backs, as when product is not demonstrably within bounds your contracts might specify the loss to be on your end. Arrange pest management in a manner that you can show no unacceptable risk to the device from the pests, nor from the pest management methods (possible toxins, waste or exposure to the UV lights for example). Keep climate change in mind for your investments (it has been becoming an issue and facilities should be managed with decades in mind, not just years, definitely not months).
• How will you identify product and the distribution steps/tracks it has undergone and prevent any mix-up or loss of provenance. How will you segregate product you find to be non-conforming, or that is returned through you for repair (hooking up to available RMA processes of your supplier efficiently can help). If it is returned to you for repair, realize that repairs have their own slew of requirements and often involve calibration of test equipment as well as maintaining records demonstrating competence.
• Get good at specifying the minimum level of care you expect outgoing product to get from transporters. Occasionally check for it as cost reduction projects might forget/miss such requirements. Ensure any incoming product was transported with the same level of care if you were not arranging it, lest someone else's shortcut comes from your purse. A badly set tarp does not do positive wonders for product, nor do badly restrained loads and bungles. They make for funny pictures though.
• When dealing with labeling be aware of what it means in the medical device sector: the stickers/labels as well as accompanying documentation such as manuals of all kinds, IFU's, possibly even GUI's. If you're asked to act as translator ensure you manage the risk of deficient/defective translations (distributors often say yes to get the deal, and then only realize what they're getting into when the approvals become tedious). Due to your (relative geographical) position in the chain you might have the obligation to add labeling identifying you as a distributor with contact information. Become aware and agree on what is proper and possible labeling. Any stickers you might add should never, ever obscure information enabling traceability, identification, warnings, contra-indications, indications for use or intended use. Be aware that even marketing pamphlets you add can be problematic if they expand claims or are ambiguously linked to something else than the device (model) you are distributing.
• If acting as an importing distributor be very well aware of the responsibilities you take upon you for checking the compliance of the previous step of the chain, and the conflicts of interest in your duty to report to the competent authority versus how the legal manufacturer expects you to report (Currently at the front of my mind due to EU MDR).
• How will you assure to meet and keep up-to-date on any customer-specific obligations/requirements, i.e. record-keeping, change notification, deviation/exception management, pass-through information up the chain on complaints/vigilance and down the chain on field safety notices/field safety corrective actions. Include change control with/distribution notices to the manufacturers for any documents/procedures that are pertinent in such matters. E.g. if you say you've arranged reporting timelines in SOP SoAndSo (when it was at revision 2), be sure to notify that manufacter when you change it or you might find out you have unwittingly not kept up legal requirements.
• What aspects of the products you manage are 'unusual' versus regular storage and shipping. Sterile barriers come to mind, as might ElectroStatic Discharge (ESD), batteries or susceptibility to (electro)magnetic interference.
• If you make procedure packs, do reprocessing, installation or act as a regulatory representative (sponsor, marketing authorization holder etc) add further specialized resource on the regulatory/quality level as that has its own characteristics.
• For the love of god, manage the risk of focusing speciality skill and knowledge in specific persons that might become unavailable (vacation, pregnancy leave, illnes, death, departure) at critical times. Some of the above things might not feel like your "core-business", and thus not get redundant attention, but the uninterrupted availability of good support on all above matters is a definite draw for manufacturers.

Note that in the spirit of this forum I've mixed in some common growth phases for distributors that take on duties that make sense to position at their organization relative to their position in the supply chain.

 

[LEMAB]

And to jumpstart you wrt concerns/risks your 'customer' might have with respect to medical devices:

• How will you keep product in a good state, generally but also wrt specific conditions such as temperature, humidity, lifetime, risk of contamination, transport shocks etc. Be especially aware of microclimate conditions that might arise due to the design of your storage space, its doors (often giving shocks of cold and heat), windows in any walls as well as the roof (Some Ethylene Oxide exposure stickers can return to a state that implies they were not sterilized at all if exposed to UV light) and the placement of any sensors if you use it (heat rises etc). This will also help you in case of send-backs, as when product is not demonstrably within bounds your contracts might specify the loss to be on your end. Arrange pest management in a manner that you can show no unacceptable risk to the device from the pests, nor from the pest management methods (possible toxins, waste or exposure to the UV lights for example). Keep climate change in mind for your investments (it has been becoming an issue and facilities should be managed with decades in mind, not just years, definitely not months).
• How will you identify product and the distribution steps/tracks it has undergone and prevent any mix-up or loss of provenance. How will you segregate product you find to be non-conforming, or that is returned through you for repair (hooking up to available RMA processes of your supplier efficiently can help). If it is returned to you for repair, realize that repairs have their own slew of requirements and often involve calibration of test equipment as well as maintaining records demonstrating competence.
• Get good at specifying the minimum level of care you expect outgoing product to get from transporters. Occasionally check for it as cost reduction projects might forget/miss such requirements. Ensure any incoming product was transported with the same level of care if you were not arranging it, lest someone else's shortcut comes from your purse. A badly set tarp does not do positive wonders for product, nor do badly restrained loads and bungles. They make for funny pictures though.
• When dealing with labeling be aware of what it means in the medical device sector: the stickers/labels as well as accompanying documentation such as manuals of all kinds, IFU's, possibly even GUI's. If you're asked to act as translator ensure you manage the risk of deficient/defective translations (distributors often say yes to get the deal, and then only realize what they're getting into when the approvals become tedious). Due to your (relative geographical) position in the chain you might have the obligation to add labeling identifying you as a distributor with contact information. Become aware and agree on what is proper and possible labeling. Any stickers you might add should never, ever obscure information enabling traceability, identification, warnings, contra-indications, indications for use or intended use. Be aware that even marketing pamphlets you add can be problematic if they expand claims or are ambiguously linked to something else than the device (model) you are distributing.
• If acting as an importing distributor be very well aware of the responsibilities you take upon you for checking the compliance of the previous step of the chain, and the conflicts of interest in your duty to report to the competent authority versus how the legal manufacturer expects you to report (Currently at the front of my mind due to EU MDR).
• How will you assure to meet and keep up-to-date on any customer-specific obligations/requirements, i.e. record-keeping, change notification, deviation/exception management, pass-through information up the chain on complaints/vigilance and down the chain on field safety notices/field safety corrective actions. Include change control with/distribution notices to the manufacturers for any documents/procedures that are pertinent in such matters. E.g. if you say you've arranged reporting timelines in SOP SoAndSo (when it was at revision 2), be sure to notify that manufacter when you change it or you might find out you have unwittingly not kept up legal requirements.
• What aspects of the products you manage are 'unusual' versus regular storage and shipping. Sterile barriers come to mind, as might ElectroStatic Discharge (ESD), batteries or susceptibility to (electro)magnetic interference.
• If you make procedure packs, do reprocessing, installation or act as a regulatory representative (sponsor, marketing authorization holder etc) add further specialized resource on the regulatory/quality level as that has its own characteristics.
• For the love of god, manage the risk of focusing speciality skill and knowledge in specific persons that might become unavailable (vacation, pregnancy leave, illnes, death, departure) at critical times. Some of the above things might not feel like your "core-business", and thus not get redundant attention, but the uninterrupted availability of good support on all above matters is a definite draw for manufacturers.

Note that in the spirit of this forum I've mixed in some common growth phases for distributors that take on duties that make sense to position at their organization relative to their position in the supply chain.

Thank you Jean B for such descriptive list of points and riks to be taken into account while you are a distributor!!