ISO13485 Risk managment implementation for suppliers

Ben124

Starting to get Involved
Hi, we are in process of implementation of ISO13485. We don't do final medical devices/product, but only components for medical devices, therefore we are not technical file owner and design owner. So I am wondering how we should implement Risk Management and related risk assesment, since we don't have overview on final product life-cycle. Beside PFMEA, are DFMEA and UFMEA applicable for us as well? Thank you in advance?
 

Tidge

Trusted Information Resource
Based only on the information provided: I wouldn't develop anything beyond (manufacturing) process failure modes effects and analysis. A UFMEA makes no sense (because you are ignorant of user populations and use cases), and DFMEA (for a component manufacturer) really would only bring benefit if the manufacturer is attempting to be as thorough as possible with respect to the questions "will this component work as expected?" and "could this component work better?"

I recommend that as a component manufacturer, you focus your PFMEA on three areas:
  1. Process steps be analyzed with respect to elements that can result in non-conforming product (and non-conforming in identified ways)
  2. Process steps that can result in product with manufacturing materials present on conforming product (e.g. cutting fluid, mold release)
  3. Process steps that can affect production yield (rates)
The first point is most of what a medical device manufacturer will want to see, they will understand how this affects the risk profile (per 14971) of their device. You won't know their risk assessments a priori, but you will know your process.

The second point will also be needed by a medical device manufacturer, but because they won't know your manufacturing process, they wouldn't even think to ask (a priori). Having this information in your PFMEA will allow them to assess if your controls are necessary and/or adequate.

The third point is to benefit your own business. You may have implemented process controls that have nothing to do with the risk of a finished medical device (to patients/users/stakeholders) but adding/removing/manipulating such controls/process steps could affect your process metrics and a PFMEA is an excellent tool to motivate specific control charts, etc. Your medical device customers won't care about such things, but there is value in PFMEA beyond compliance to 14971.
 

yodon

Leader
Super Moderator
Good advice @Tidge. Are these components you make custom for your customers or are they stock components? If the former, then I would suggest you get good clarification in your contract with them (planning of product realization) as to your responsibilities. All risk analysis is supposed to consider risk to patient, etc. and as a component provider, you're not really going to be aware of the severity levels / downstream impact. You'll want to work closely with your customer to align with their scoring approach, etc.
 
Top Bottom