ISO 13485 Rework

[indubioush]

The nonconformance in this case is that a 7 Fr component was installed instead of a 7.5 Fr component, and the rework involves removing the 7.5 Fr component and retaining the 7 Fr component.

How can you remove the 7.5 Fr component if a 7 Fr component was installed? To me, it is not clear if this is rework, repair, or acceptance under concession (similar to what Jean_B said).

 

[ChrisM]

This again takes me back to what I was first told about "rework" when I worked in the Medical Device industry - "rework" is doing something the way it was originally prescribed to be done in the procedure or instruction; anything else is "repair".
Example: Instruction says to join 2 pieces of metal by spot-welding them together in 10 places. You find a "reject" with only 9 welds; you repair by adding the missing spot weld exactly as would have been done if it hadn't been originally omitted; this is REWORK.
You now find a further assembly with all 10 spot welds, but one of them is bad and the 2 pieces aren't actually joined. You need to clean up the surfaces, straighten the metal in the area of the join and re-weld; this is REPAIR.

 

[Bev D]

…and repair especially requires a risk assessment, documented procedure, review and approval. And almost always requires approval by the Customer.

 

[Jean_B]

…and repair especially requires a risk assessment, documented procedure, review and approval. And almost always requires approval by the Customer.

Note, approval by customer is not as common in medical (ISO 13485) when it is not capital equipment, as you might be dealing with many customers who do not have the technical knowledge and as such the regulations/standards do not expect it in the same way as in e.g. aerospace. for capital equipment (e.g. x-ray machines, machines for which maintenance is done such as specially designated maintenance controlled devices in Japan) it is more common; others rely on the traceability and recall mechanisms which is enforced in medical.
All other aspects I would expect equally in medical, especially the adverse effect assessment and checks that you are staying within intended use including (essential) performance.

 

[Tidge]

Note, approval by customer is not as common in medical (ISO 13485) when it is not capital equipment, as you might be dealing with many customers who do not have the technical knowledge and as such the regulations/standards do not expect it in the same way as in e.g. aerospace. for capital equipment (e.g. x-ray machines, machines for which maintenance is done such as specially designated maintenance controlled devices in Japan) it is more common; others rely on the traceability and recall mechanisms which is enforced in medical.
All other aspects I would expect equally in medical, especially the adverse effect assessment and checks that you are staying within intended use including (essential) performance.

I agree: it is very rare for "customers" to have a voice in design, development or manufacturing of medical devices... this is somewhat the reason why (in the USA) we ended up with 21 CFR 820 (the preamble probably explains a bit of this... it's been a while since I read it).

Medical device manufacturing also has an expectation of risk management across the life cycle of medical devices... this expectation (and the existence of a consensus standard specific to medical devices) doesn't inoculate against "pencil whipping" of course. A mature manufacturing organization can leverage a risk management process (and existing files) that make rework considerations quite straightforward. The same sort of thinking applies to other areas such as complaint handling. I've worked placed with quite complete risk management files so complaint handling didn't require much (if any) effort from groups that had previously reviewed and approved the risk management files to understand risk. Other companies that don't invest in the creation of such files are likely living the reactionary ad hoc life anyway, and paying for it (whether they recognize the cost or not).

 

[Bev D]

Yeah unfortunately approval by the ‘Customer’ isn’t typically required in med devices and some other industries. And by Customer I mean the last ‘manufacturer’ who sells the thing. But at least med devices requires risk assessment - but without an objective knowledgable reviewer(s) this can be pencil whipped and I suspect this is the case for the OP based on their questions.

 

[Jean_B]

Change notification arrangements are required for anything affecting safety or performance. But whether legal manufacturers can or will include approval prior to change is not certain. For many niche devices that is seldom an option, as they don't have the volume to force anything. There are even big suppliers who offer preset arrangements which include none of that sort of option.

 

[d_addams]

1. If there is a case where rework instructions are written step by step and are not directly based on any released procedure, is it acceptable to perform the risk assessment within the rework instruction itself, without formally referencing the existing risk management files, when the specific rework scenario is not covered in those files? In this approach, the rework instruction would document ......

2. With respect to the requirement for the same review and approval as the original procedure, consider a case where a rework instruction references an existing procedure that was originally approved by R&D, Design Quality, Marketing, Engineering, Operations, and Purchasing. The nonconformance in this case is that a 7 Fr component was installed instead of a 7.5 Fr component, and the rework involves removing the 7.5 Fr component and retaining the 7 Fr component. In this situation, what is the value of requiring approval from functions such as R&D or Marketing? R&D is one of the most valuable and limited resources in the organization, and involving them in the approval of a simple, low-risk rework does not appear to add meaningful value or improve product safety or performance......

I would flip this slightly, instead of saying putting these items in the instruction, put the steps followed in the non-conformance assessment. When a non-conformance found in operations isn't that product being segregated and dispositioned? That disposition paperwork is where you can document the risk assessment for the defect, how it will be addressed (rework, UAI, scrap,...). If one didn't already have a qualified rework operation for this type of defect, one could include the steps taken, risk assessment of the deviation from normal processing, and verification of compliance with the acceptance criteria for the product (in whatever form that would take given the required rework operations to make the devices conforming). You absolutely have to link the assessments back to the risk file, you can't identify new potential hazards and not have those be present in the 'original' risk file. [reviewing the risk file, the potential risks associated with the incorrectly sized introducer in the assembly are X, Y, Z. Replacing the incorrect component ensures the intended controls are implemented as intended]. If there was actually a new hazard created via rework, that would be a hard no-go since a new hazard would require re-evaluating the overall benefit-risk.

Now on to point #2, what do you mean 'R&D is the most valuable and limited resource, can't we do this without including them'? If addressing a non-conformance is considered 'non-value added' just shut the whole operation down. One does not hand design decisions over to other functions because it is 'assumed' to be low risk. This is why all of the original approving functions need to participate. The company established (through the QMS) that these functions need to participate in these types of decisions to ensure safety and effectiveness. That's not a one-time activity. Design's agreement that the issue is low risk and appropriately controlled necessitates documenting their agreement through a signature. If getting their signature is somehow a burden, perhaps its not as simple and low risk issue as you are representing. (i.e. if its so simple the manufacturing engineer should be able to write up the non-conformance and assessment that a quick 2 minute read by design would be sufficient to get their signature). Otherwise, you'll have rouge manufacturing or quality engineers implementing changes because 'they assumed it was low risk' and inadvertently breaking something that the design engineer would know is not a good idea. It goes the other way too; design doesn't get to make changes without getting review from the required functions because they think its small enough or helpful. Of course, Regulatory loves hearing about 'low risk' changes that were implemented without their review as well.