ISO 13485:2016 - Risk-based Approach

S

snoopy2017

Hi everyone,

I've been reading ISO 13485:2016 practical guide and some other white papers on 13485:2016 risk-based approach. I understand that we are taking a risk-based approach to our QMS processes. How many processes are there? There are a large number of SOPs at my company but not all of them are directed toward a QMS process; many are instructions for day-to-day activities. In this case, how would I incorporate an explicit risk-based approach in these SOPs? I was told there is no particular formula to take a risk-based approach (e.g. not at the level of 14971) but some form of risk-based thinking. This is a small company and we don't have a risk-management team, I would appreciate any advice.

Thank you
 

John Broomfield

Leader
Super Moderator
Hi everyone,

I've been reading ISO 13485:2016 practical guide and some other white papers on 13485:2016 risk-based approach. I understand that we are taking a risk-based approach to our QMS processes. How many processes are there? There are a large number of SOPs at my company but not all of them are directed toward a QMS process; many are instructions for day-to-day activities. In this case, how would I incorporate an explicit risk-based approach in these SOPs? I was told there is no particular formula to take a risk-based approach (e.g. not at the level of 14971) but some form of risk-based thinking. This is a small company and we don't have a risk-management team, I would appreciate any advice.

Thank you

Snoopy,

Are you saying that the processes necessary for your system to be effective have yet to be determined?

Your question implies that your organization had a system of documents but not its process-based management system had yet to be determined.

This implies that your first step is the study how your organization works as a system, interacting with its customers, suppliers and regulators to determine which processes are essential to the success of the organization (fulfill its mission or purpose).

In doing this you, your top managers and the process owners be taking a risk-based approach and the process approach to developing your management system.

Kindly let us know the status of your management system as you all progress and we may be able to assist your progress.

Best wishes,

John
 
L

LCordie

While there is no defined number of procedures/documents required for a QMS, there are 6 standard procedures that must be included in any ISO 13485 QMS:
Control of Documents (4.2.4)
Control of Records (4.2.5)
Internal Audit (8.2.4)
Nonconforming Product (8.3.1)
Corrective Action (8.5.2)
Preventive Action (8.5.3)

Additionally the clauses of the standard identify where documented procedures are required or where you must document procedures to cover the requirements.
The organization determines if these documents apply to their business, along with identifying any other procedures required by the organization.

One way to apply the risk-based approach is to include a "Risk" section in every document where you state what (if any) risks are associated with the procedure. These risks can be to the business, end user, patient, product quality, QMS integrity, etc. The risks identified in this section are then further addressed in the Risk Manangement process. This is useful in any size company to get all departments involved in and aware of the risk managment process.
 
T

tuodor yaftrah

could any one advice me with the risk management process procedure template
 
Top Bottom