Introducing a risk/impact assessment to nonconformity procedure

J

jpal2

#1
Hoping to get some clarification on this!

Currently our CAPA procedure requires a root cause investigation into all events regardless of their significance. FDA state that the level of investigation/actions can be commensurate with the risk. We would like to include a basic assessment of the risk/significance/impact of the event in our procedure. Is it sufficient to assign this as a simple qualitative measure i.e. low, medium, high? Many of our current deviations would be classified as low risk and no impact on product. Therefore we would negate the need for a timeconsuming and wasteful root cause investigations!:D

All deviations would be analysed for trends and investigation/action initiated if trends are identified.

Can anyone tell me if we would meet ISO/FDA requirements if we implement this?
 
Elsmar Forum Sponsor
G

Gert Sorensen

#2
Hoping to get some clarification on this!

Currently our CAPA procedure requires a root cause investigation into all events regardless of their significance. FDA state that the level of investigation/actions can be commensurate with the risk. We would like to include a basic assessment of the risk/significance/impact of the event in our procedure. Is it sufficient to assign this as a simple qualitative measure i.e. low, medium, high? Many of our current deviations would be classified as low risk and no impact on product. Therefore we would negate the need for a timeconsuming and wasteful root cause investigations!:D

All deviations would be analysed for trends and investigation/action initiated if trends are identified.

Can anyone tell me if we would meet ISO/FDA requirements if we implement this?
I have been in a couple of companies where there were this approach to CAPA, however I would not recommend it. As you state above it is time consuming. The question is: Why is it time consuming? Is it possible that there are simply to many deviations in production? I guess so, that would be medical devices for you, and if that is the case then IMO it calls for CAPA. I believe that used properly and with management backup than CAPA can and should help you eliminate the problems in the long run.

I'm still not that knowledgeable on the FDA rules, but I seem to recall that they also call for continuos improvement.
 
J

jpal2

#3
Hi Gert!

One of the reasons why the current system has become so burdensome is due to assigning inappropriate actions to low risk nonconformities that do not affect product. For example, a typical knee-jerk reaction by our manufacturing department to such an event is to update a procedure and perform retraining. As a result the nonconformity remains open until the procedure is reissued, which may take some time. From a QA perspective, if we state that this event is low-risk, doesnt affect product and is a one-off, our nonconformity committee would sign off on the deviation without any further investigation or action. Periodical analysis would capture in trends in these events.

There are many reasons why our current programme is causing us problems, which I'm trying to address but it takes a lot of time!!! What I'm proposing here is just one of many actions necessary to ensure our CAPA programme is effective and compliant.
 
G

Gert Sorensen

#4
I truly understand what you're saying :( It is really burdensome to be working with knee jerk reactions and investigations into "one off´s", but don't forget that all deviations cost money and frustrate employees and customers. That being said, if the approach to the issues is not to correct but to truly prevent, then it is my firm belief that CAPA will make the prouction and the products run more smoothly. If there is to many to actually get a decent view of the problems (or of the trending is flawed) then use Paretos Law to apply focus to the most important deviations. When you have identified which deviations to focus on, use a good root cause analysis to find the true cause. One thing to consider is always: Is this designed to be produced?

:bigwave:
 

RoxaneB

Super Moderator
Super Moderator
#5
I admit to liking the idea of conducting a risk/impact assessment, so why not do it for certain nonconformities that are above an established trigger point. Anything below the trigger point will follow the basic CAPA and anything above will adhere to the enhanced process.
 
Q

qualityboi

#6
We are adapting FMEA methodology which I call risk assessment, to trigger reaction, corrective and preventive mechanisms in all of our management systems (EMS, QMS and Health&Safety). They have been in place for about six months and people appear to appreciate that there is some type of logic and decision analysis being made to prioritize subsequent actions to process deviations and unplanned changes (Nonconformities).
 
J

jpal2

#7
Hi Qualityboi

Do you use your process to merely prioritise nonconformities/deviations or do you also use it as a rationale for not initiating an investigation/action plan?
 

Al Rosen

Staff member
Super Moderator
#8
I have been in a couple of companies where there were this approach to CAPA, however I would not recommend it. As you state above it is time consuming. The question is: Why is it time consuming? Is it possible that there are simply to many deviations in production? I guess so, that would be medical devices for you, and if that is the case then IMO it calls for CAPA. I believe that used properly and with management backup than CAPA can and should help you eliminate the problems in the long run.

I'm still not that knowledgeable on the FDA rules, but I seem to recall that they also call for continuos improvement.
Neither ISO 13485 nor FDA call for continuous improvement. I think that is a major difference between ISO 9001:2000 and ISO 13485.
 
G

Gert Sorensen

#9
Neither ISO 13485 nor FDA call for continuous improvement. I think that is a major difference between ISO 9001:2000 and ISO 13485.
I believe you are right if your point is that the standard does not use the exact words of "continuous improvement", however I have experienced that two Notifying Bodies have interpreted the intent of the standard to be just that. Specifically they relate to point 8.5.1 General:

Section 1. The organization shall identify and implement any changes necessary to ensure and maintain the continued suitability and effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review.

Section 4. If any customer complaint is not followed by corrective and/or preventive action, the reason shall be authorized and recorded.


I am aware that there is an ongoing discussion relating to "show me the shall" but I guess that the reason Notifying Bodies still hang on to the matter of "continuous improvement" is that it does make some basic sense. :bigwave:
 
Q

qualityboi

#10
Hi Qualityboi

Do you use your process to merely prioritise nonconformities/deviations or do you also use it as a rationale for not initiating an investigation/action plan?

Since we are using FMEA we must investigate and take action for the highest RPNs, its part of the process. Even though using risk assessment for continual improvement is not a requirement of the medical standard it only makes sense to use some type of structured methodology for CAPA / continual improvement rather than just having a meeting about it or immediate containment.
 
Thread starter Similar threads Forum Replies Date
J Rules associated with introducing new QMS processes IATF 16949 - Automotive Quality Systems Standard 1
D Introducing an existing product into automotive context - DFMEA needed? IATF 16949 - Automotive Quality Systems Standard 8
S Introducing a new peripheral for cleared device - Is Validation required? US Food and Drug Administration (FDA) 3
I Introducing Titanium into Aerospace manufacturing Service Industry Specific Topics 4
P Introducing MSA in a Biomedical Company Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
Marc Ford is introducing an Aluminum F-150 Pick 'em Up Truck World News 1
Q Introducing Process based approach on Production Floor Manufacturing and Related Processes 6
M Introducing ISO 9001:2008 in a Concrete and Construction Material Laboratory ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
R Introducing New Employees Coffee Break and Water Cooler Discussions 10
J Introducing a new Product Variant - ECO Process? Document Control Systems, Procedures, Forms and Templates 3
8 Introducing a Balance Line - Identifying potential future pitfalls etc. Lean in Manufacturing and Service Industries 2
A Introducing New Employees to AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
D Introducing Individual Chart to Accountants Statistical Analysis Tools, Techniques and SPC 23
C Examples of successful 5S projects - Introducing 5S on the shopfloor and the offices Lean in Manufacturing and Service Industries 8
T Introduce Statistical Thinking before introducing the equations Training - Internal, External, Online and Distance Learning 17
E French Intro to Quality - Introducing ISO 9001 to New Employees Book, Video, Blog and Web Site Reviews and Recommendations 1
B ISO 17025:2017 risk management Risk Management Principles and Generic Guidelines 0
Q FMEA and Risk assessment in MS ACCESS FMEA and Control Plans 2
I Realization processes input into overall risk ISO 14971 - Medical Device Risk Management 2
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
thisby_ Post Market/Production Risk Assessment ISO 14971 - Medical Device Risk Management 0
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
C Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
qualprod Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
G Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
C Risk Matrix vs FMEAs ISO 14971 - Medical Device Risk Management 3
S IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 6
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
S Traceability of requirements to design and risk Design and Development of Products and Processes 3
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
D Deciding whether or not pre-market clinical investigation is required for low risk device EU Medical Device Regulations 5
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
_robinsingh Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 0
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
bryan willemot Contract Review and risk managment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5

Similar threads

Top Bottom