ISO 13485, Clause 4.1.2 b)

[SGquality]

We are in an ISO 13485 audit and the auditor is questioning why we have not included "Distribution" process under risk based process.

Section 4.1.2 b) mentions to apply a risk based approach to the control of the "appropriate" processes needed for the QMS.

I explained to the auditor that we have identified Software, Internal Audits, frequency of Management Review, Training etc. and did not feel that "Distribution" needs to be risk based as the product does not have any special storage/handling requirements but he seems persistent on that.

What do you feel?

 

[John C. Abnet]

We are in an ISO 13485 audit and the auditor is questioning why we have not included "Distribution" process under risk based process.

Section 4.1.2 b) mentions to apply a risk based approach to the control of the "appropriate" processes needed for the QMS.

I explained to the auditor that we have identified Software, Internal Audits, frequency of Management Review, Training etc. and did not feel that "Distribution" needs to be risk based as the product does not have any special storage/handling requirements but he seems persistent on that.

What do you feel?

Good day @SGquality ;
I want to first be clear that "we" do not see what the auditor sees....i.e. "we" are not intimate with what your organization has in place and what is being called into question.

Having said that, ....you are correct in regards to the "risk" controls being applied to "appropriate processes needed for the QMS".
Has your organization had a history of nonconformances related to "distribution"?
Can the auditor state (he /she MUST) the actual ISO 13485 clause which they are claiming is not being conformed to?

Based on the LIMITED information we have here, it appears that the auditor is reaching beyond the requirements of the standard.

Also- It should be noted that "risk" in the context of ISO 13485 is different than within ISO 9001 (for example). Here is the statement in 0.2 of 13485 intended to clarify...
"When the term “risk” is used, the application of the term within the scope of this International
Standard pertains to safety or performance requirements of the medical device or meeting
applicable regulatory requirements"

Hope this helps.
Be well.

 

[Sidney Vianna]

What do you feel?

Why wasn't that discussed during the Stage 1 Audit?

 

[SGquality]

Good day @SGquality ;
I want to first be clear that "we" do not see what the auditor sees....i.e. "we" are not intimate with what your organization has in place and what is being called into question.

Having said that, ....you are correct in regards to the "risk" controls being applied to "appropriate processes needed for the QMS".
Has your organization had a history of nonconformances related to "distribution"?
Can the auditor state (he /she MUST) the actual ISO 13485 clause which they are claiming is not being conformed to?

Based on the LIMITED information we have here, it appears that the auditor is reaching beyond the requirements of the standard.

Also- It should be noted that "risk" in the context of ISO 13485 is different than within ISO 9001 (for example). Here is the statement in 0.2 of 13485 intended to clarify...
"When the term “risk” is used, the application of the term within the scope of this International
Standard pertains to safety or performance requirements of the medical device or meeting
applicable regulatory requirements"

Hope this helps.
Be well.

Thats the perfect answer

 

[SGquality]

Why wasn't that discussed during the Stage 1 Audit?

That's a valid question and probably he missed it.

 

[John C. Abnet]

Thats the perfect answer

Thank you. If you don't mind, let us know how it goes

 

[SGquality]

Thank you. If you don't mind, let us know how it goes

Surely, I will. The auditor seems to be satisfied with my earlier response but I will keep the 0.3 statement ready to be fired if required

 

[yodon]

I don't disagree with anything said so far on this thread but there's sometimes there are some nuggets that can be gleaned. So just to play devil's advocate, why *isn't* there any risk with distribution? Can the product be damaged, can there be a mix-up of product shipped, can there be a loss of information regarding to whom the product was shipped?

 

[SGquality]

I don't disagree with anything said so far on this thread but there's sometimes there are some nuggets that can be gleaned. So just to play devil's advocate, why *isn't* there any risk with distribution? Can the product be damaged, can there be a mix-up of product shipped, can there be a loss of information regarding to whom the product was shipped?

Totally understand but was trying to understand the requirements per Clause 4.1.2 (b). How do companies typically handle distribution of finished medical device that is a simple device - is it part of the PFMEA?

 

[yodon]

is it part of the PFMEA?

Yes, that's certainly one way (and a good one, IMO)! But it goes back a bit further into packaging design as well (we do shipping validation on our packages to ensure the device is adequately protected throughout storage and distribution - implying that devices are packaged as part of the manufacturing process).