SBS - The best value in QMS software

Risk analysis 6.1 and contingency plans 6.1.2.3, are they related?

Sebastian

Trusted Information Resource
#21
Amit, thank you for replay.
Saying risk analysis applies to every process is mental shortcut, that's my mistake.
I think, that 4.1 applies to every process - see e.g. Note 3 - personnel knowledge is always a concern point and every organization tries to address it. So answering "No" to question "Did you determine any risks related to issues in your process?" is not proper answer.
Addressing this particular risk is not job of every process, but let's say process whose goal is assuring required competence of personnel.

Finally let me repeat my previous post - risks mentioned in 6.1.2.3 and requiring preparation of contingency plan shall be identified during 6.1.1, as it is logical flow: issue (manufacturing equipment) -> risk (failure of key manufacturing equipment) -> addressing (contingency plan for key equipment).
 
Elsmar Forum Sponsor

SamuelB

Starting to get Involved
#22
From what I could gather, this is what I should do to try and satisfy the clause:

  1. Create FMEAs for each process as they all happen to have risks. The FMEAs explains what we do to mitigate everyday risks when they are at normal levels.
  2. Create a contingency plan for those risks that can become way too high, including those that are listed in 6.1.2.3 point c)

Is this correct?
 

AMIT BALLAL

Trusted Information Resource
#23
From what I could gather, this is what I should do to try and satisfy the clause:

  1. Create FMEAs for each process as they all happen to have risks. The FMEAs explains what we do to mitigate everyday risks when they are at normal levels.
  2. Create a contingency plan for those risks that can become way too high, including those that are listed in 6.1.2.3 point c)

Is this correct?
No need to create FMEAs for any process. Identify risks related to manufacturing processes and infrastructure equipment required for production and to meet customer requirements (such as delivery). Accordingly prepare contingency plan based on risk.
 

AMIT BALLAL

Trusted Information Resource
#24
Amit, thank you for replay.
Saying risk analysis applies to every process is mental shortcut, that's my mistake.
I think, that 4.1 applies to every process - see e.g. Note 3 - personnel knowledge is always a concern point and every organization tries to address it. So answering "No" to question "Did you determine any risks related to issues in your process?" is not proper answer.
Addressing this particular risk is not job of every process, but let's say process whose goal is assuring required competence of personnel.

Finally let me repeat my previous post - risks mentioned in 6.1.2.3 and requiring preparation of contingency plan shall be identified during 6.1.1, as it is logical flow: issue (manufacturing equipment) -> risk (failure of key manufacturing equipment) -> addressing (contingency plan for key equipment).
Personnel knowledge is not a concern in my organization. And hence we didn't consider it as an issue. Agree that the risk based on context will be addressed in processes like training as per your example.
 

Johnson

Involved In Discussions
#25
From what I could gather, this is what I should do to try and satisfy the clause:

  1. Create FMEAs for each process as they all happen to have risks. The FMEAs explains what we do to mitigate everyday risks when they are at normal levels.
  2. Create a contingency plan for those risks that can become way too high, including those that are listed in 6.1.2.3 point c)

Is this correct?
Congratulation! You are approaching the right direction....but it could be more precision.

FMEA (DFMEA and PFMEA) is IATF 16949 highly recommended method for risk addressment (including risk analysis) in product development and all manufacturing processes. PFMEA is mostly quoted in IATF16949 as "such as", "e.g." etc., which means you may use other risk analysis tools in manufacturing process, but it unfortunately it seems to me there is no other tool which is accepted by all automotive OEMs.

But IATF 16949:2016 and ISO9001:2015 also requires to address risks and opportunities in other (or all) quality management process including management process (like business planning, management review) and support process (like training, and documentation/ information). IATF16949 and ISO9001 does not require or recommend formal methods for risk analysis in these process, you may select and decide how to do do, for example, do risk analysis in process analysis turtle diagram, do risk analysis by ranking and filting risk in an Excel sheet, do SWOT analysis during quality management system planning etc.

For contingency plan, you just need to consider "internal and external risks to all manufacturing processes and infrastructure equipment" 6.1.2.3 point a), or rather the whole supply chain process. From meeting IATF 16949 standard requirements point of view, your contingency plan just needs to cover all the scenarios which are listed in 6.1.2.3 point c). But of cause you can do more if it is necessary for your company.

PFMEA address and mitigate everyday risks in manufacturing process no matter the risk level is high or low. But depending on the risk level or risk priority level (before it was called RPN in AIAG PFMEA manual, but now it was not recommend in PFMEA version 4 ), you may decide if and what actions to be taken.
 
Last edited:

Sebastian

Trusted Information Resource
#26
I wrote somewhere else probably, that introduction of Risk Based Thinking into ISO 9001 / IATF 16949 standards gave a rationale for some of requirements which were already there, e.g. contingency plans, maintenance system, competence process, measurement system analysis. These were plain requirements "You must do". So addressing of some risks was already done for years, now we have to add preceding steps - risk and issue. For me RBT means: "Now you know, why you must have done some things in the past."
 

Johnson

Involved In Discussions
#27
Attached is ISO organization's official document about Risk Based Thinking, which is "Developed by the ISO subcommittee responsible for ISO 9001" and "Available for unrestricted public use". It stated that "ISO 9001:2015 does not require formal risk management".

IATF 16949:2016 do have many mandatory requirements and recommended practice (like FMEA) on "address risks" and "risk analysis".
 

Attachments

Thread starter Similar threads Forum Replies Date
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
M An example of risk analysis of class I MD ISO 14971 - Medical Device Risk Management 36
T Risk analysis of QMS software - Validating software we use for QMS ISO 13485:2016 - Medical Device Quality Management Systems 5
B Grouping of Products for Risk Analysis ISO 14971 - Medical Device Risk Management 9
A Risk-benefit Analysis - Hazard Analysis (HA) and FMEAs ISO 14971 - Medical Device Risk Management 18
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
K Risk Analysis Updates due to complaints ISO 14971 - Medical Device Risk Management 10
S The Severity of a Medical Device Hazard - Risk Analysis Clarification ISO 14971 - Medical Device Risk Management 6
Ed Panek Transition to IEC 60601 4th Edition - Risk Analysis and test submissions CE Marking (Conformité Européene) / CB Scheme 2
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
R IATF 16949 Clause 6.1.2.1 - Lessons Learned and Risk Analysis IATF 16949 - Automotive Quality Systems Standard 6
B Software Class A - Lengthy further risk analysis IEC 62304 - Medical Device Software Life Cycle Processes 9
W Biocompatibility Risk Analysis for Clinical Practitioner 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F Risk Analysis of a Medical Device Accessory ISO 14971 - Medical Device Risk Management 4
S How we can use risk analysis for suppliers IATF 16949 - Automotive Quality Systems Standard 6
I Medical Device Software Risk Analysis ISO 14971 - Medical Device Risk Management 4
Q Risk Analysis - Same Risk Treatment for Context and Interested Parties ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
C Risk Analysis for COTS/OTS Risk Management Principles and Generic Guidelines 4
M IATF 16949 Cl. 8.7.1.4 - Risk analysis for decision making about rework IATF 16949 - Automotive Quality Systems Standard 2
E Risk Analysis - Events which may cause to Data Loss ISO 14971 - Medical Device Risk Management 12
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
Q Risk Tools in ISO 31010 - Root Cause Analysis vs. Cause-and-effect Analysis ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
S Organizing Risk Analysis and Controls for a New Medical Device (ISO 14971) ISO 14971 - Medical Device Risk Management 4
S Please review my Risk Analysis Table ISO 14971 - Medical Device Risk Management 13
K Risk Analysis and "Information for Safety" / Labeling ISO 14971 - Medical Device Risk Management 10
M Risk analysis - ISO/TS 16949 clause 7.2.2.2 IATF 16949 - Automotive Quality Systems Standard 2
C Help with Risk/Benefit Analysis Self-help Device for Diabetics ISO 14971 - Medical Device Risk Management 3
A FTA-Top/Down approach to Risk Analysis ISO 14971 - Medical Device Risk Management 2
A Industry best practice about Post-Market Surveillance and Risk Analysis ISO 14971 - Medical Device Risk Management 6
T Risk Analysis help for CE Marking Class I Medical Device ISO 14971 - Medical Device Risk Management 10
T Risk Analysis for moving manufacturing equipment ISO 14971 - Medical Device Risk Management 17
D Different kinds of Risk Analysis for various Hazards ISO 14971 - Medical Device Risk Management 3
L GHTF/SG3/N15R8 - Process Validation and Risk Analysis ISO 13485:2016 - Medical Device Quality Management Systems 4
R Risk Analysis of Class IIb Disinfectant ISO 14971 - Medical Device Risk Management 6
J Does anyone have an example of Risk-Benefit Analysis per ISO 14971? Other ISO and International Standards and European Regulations 2
P FMEA Risk Analysis Recommended Action Priority FMEA and Control Plans 2
N ISO 14971 Risk Analysis - Sections 4.2 and 4.3 ISO 14971 - Medical Device Risk Management 2
D ISO 14971 - Risk Analysis Best Practices ISO 14971 - Medical Device Risk Management 5
S Internal Audit Plan per Risk Analysis Internal Auditing 5

Similar threads

Top Bottom