Risk Analysis as an Input in Management Review

M

Michael J

#1
We had an auditor write a nonconformance stating the following:

5.6.2 Risk Management is not formally listed as a management review input item in Sect. 5.4.1 of the Management Review procedure.

I have been through ISO 13485 and 14969 and cannot find any requirement for this. Am I missing something or is my auditor mistaken for having written this nonconformance. If he is mistaken, then of course we screwed up by accepting it, but that's spilt milk.

Thoughts?
 
Elsmar Forum Sponsor

GStough

Staff member
Super Moderator
#2
Re: Risk Analysis in Management Review

We had an auditor write a nonconformance stating the following:

5.6.2 Risk Management is not formally listed as a management review input item in Sect. 5.4.1 of the Management Review procedure.

I have been through ISO 13485 and 14969 and cannot find any requirement for this. Am I missing something or is my auditor mistaken for having written this nonconformance. If he is mistaken, then of course we screwed up by accepting it, but that's spilt milk.

Thoughts?
Hi Michael and welcome to the Cove! :bigwave:

5.6.2(h) Management Review Input states "new or revised regulatory requirements", which alludes to the FDA's requirements for risk management.

That's the only place in that section I can see where it might apply.
 
M

Michael J

#3
Re: Risk Analysis in Management Review

Gidget,

I was wondering if that might be where he is hanging his hat. Still, I am a literalist and this would be a bit of a stretch.

It may be pertinent to mention that we are not an FDA-registered company, but we endeavor to behave like one for the most part. This is not in writing anywhere in our QMS of course - we're not crazy. :)
 
#4
Re: Risk Analysis in Management Review

A couple of thoughts. It looks like he is refering to section 4.5.1 of your procedure. If you mention it there, then you gotta either do it, or change your procedure. If he is stating it is a requirement of the standard, ask him to show you the direct "shall" (audit criteria).
 

GStough

Staff member
Super Moderator
#5
Re: Risk Analysis in Management Review

Gidget,

I was wondering if that might be where he is hanging his hat. Still, I am a literalist and this would be a bit of a stretch.

It may be pertinent to mention that we are not an FDA-registered company, but we endeavor to behave like one for the most part. This is not in writing anywhere in our QMS of course - we're not crazy. :)
Michael,

If there's not any other regulatory agency involved where 5.6.2(h) might apply, then you may be able to "argue" this one. Or at least address it with a CAR and state why it doesn't apply.
 

Doug Tropf

Quite Involved in Discussions
#6
Re: Risk Analysis in Management Review

Even though ISO 13485 refers to ISO 14971 regarding how
to establish the risk management process and ISO 14971
does state that risk assessment and review is the
responsibility of "top management", I believe your auditor
is out of line because compliance with ISO 14971 is not a
requirement for certification to ISO 13485. :2cents:
 
M

Michael J

#7
Re: Risk Analysis in Management Review

Everyone,

Thank your for your great responses. :applause:

The auditor was stating which section in our procedure the change needed to be added to. I know that's supposed to be verboten, but what ya gonna do.

It seems I am pretty well calibrated with others on their interpretation. My colleagues read your replies as well and were impressed.

We especially like Gidget's idea of issuing a CAR. This will serve to prove that we formally addressed the nonconformance, but are not going to act on it.

Thanks again,

Michael

P.S. If anyone is looking for a QE job, we have several openings. Send me your resume by email and I'll pass it along to the right people.
 
R

Roland Cooke

#8
It isn't a requirement.


That said, reviews of past product performance (which ARE a requirement) might indicate that some corrective changes are needed. Risk management control would naturally be required before and during those changes.

Additionally, I encourage management reviews to be as much forward-looking as well reviews of historical data (and indeed this is often the case, albeit usually not well-structured). Thus introduction of new products, development of new processes, changes to facilities etc would be discussed, and risk management strategies, to safeguard those changes, could begin to be formulated.

So I do commend companies that build risk management discussions into the management reviews. As a bonus it is also easy evidence of pro-active preventive action taking place.
 
#9
...Additionally, I encourage management reviews to be as much forward-looking ...
This is an excellent point. Too many times we think of reviews as just that, a review. And we tend to look at what kinds of things are mandated in the review to keep the registrar off our back. But they also need to be thought of in terms of strategic planning and what things we should be looking at to keep our system (and company) moving forward.
 
Thread starter Similar threads Forum Replies Date
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
M An example of risk analysis of class I MD ISO 14971 - Medical Device Risk Management 36
T Risk analysis of QMS software - Validating software we use for QMS ISO 13485:2016 - Medical Device Quality Management Systems 5
B Grouping of Products for Risk Analysis ISO 14971 - Medical Device Risk Management 9
A Risk-benefit Analysis - Hazard Analysis (HA) and FMEAs ISO 14971 - Medical Device Risk Management 18
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
K Risk Analysis Updates due to complaints ISO 14971 - Medical Device Risk Management 10
S The Severity of a Medical Device Hazard - Risk Analysis Clarification ISO 14971 - Medical Device Risk Management 6
Ed Panek Transition to IEC 60601 4th Edition - Risk Analysis and test submissions CE Marking (Conformité Européene) / CB Scheme 2
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
R IATF 16949 Clause 6.1.2.1 - Lessons Learned and Risk Analysis IATF 16949 - Automotive Quality Systems Standard 6
S Risk analysis 6.1 and contingency plans 6.1.2.3, are they related? IATF 16949 - Automotive Quality Systems Standard 26
B Software Class A - Lengthy further risk analysis IEC 62304 - Medical Device Software Life Cycle Processes 9
W Biocompatibility Risk Analysis for Clinical Practitioner 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F Risk Analysis of a Medical Device Accessory ISO 14971 - Medical Device Risk Management 4
S How we can use risk analysis for suppliers IATF 16949 - Automotive Quality Systems Standard 6
I Medical Device Software Risk Analysis ISO 14971 - Medical Device Risk Management 4
Q Risk Analysis - Same Risk Treatment for Context and Interested Parties ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
C Risk Analysis for COTS/OTS Risk Management Principles and Generic Guidelines 4
M IATF 16949 Cl. 8.7.1.4 - Risk analysis for decision making about rework IATF 16949 - Automotive Quality Systems Standard 2
E Risk Analysis - Events which may cause to Data Loss ISO 14971 - Medical Device Risk Management 12
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
Q Risk Tools in ISO 31010 - Root Cause Analysis vs. Cause-and-effect Analysis ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
S Organizing Risk Analysis and Controls for a New Medical Device (ISO 14971) ISO 14971 - Medical Device Risk Management 4
S Please review my Risk Analysis Table ISO 14971 - Medical Device Risk Management 13
K Risk Analysis and "Information for Safety" / Labeling ISO 14971 - Medical Device Risk Management 10
M Risk analysis - ISO/TS 16949 clause 7.2.2.2 IATF 16949 - Automotive Quality Systems Standard 2
C Help with Risk/Benefit Analysis Self-help Device for Diabetics ISO 14971 - Medical Device Risk Management 3
A FTA-Top/Down approach to Risk Analysis ISO 14971 - Medical Device Risk Management 2
A Industry best practice about Post-Market Surveillance and Risk Analysis ISO 14971 - Medical Device Risk Management 6
T Risk Analysis help for CE Marking Class I Medical Device ISO 14971 - Medical Device Risk Management 10
T Risk Analysis for moving manufacturing equipment ISO 14971 - Medical Device Risk Management 17
D Different kinds of Risk Analysis for various Hazards ISO 14971 - Medical Device Risk Management 3
L GHTF/SG3/N15R8 - Process Validation and Risk Analysis ISO 13485:2016 - Medical Device Quality Management Systems 4
R Risk Analysis of Class IIb Disinfectant ISO 14971 - Medical Device Risk Management 6
J Does anyone have an example of Risk-Benefit Analysis per ISO 14971? Other ISO and International Standards and European Regulations 2
P FMEA Risk Analysis Recommended Action Priority FMEA and Control Plans 2
N ISO 14971 Risk Analysis - Sections 4.2 and 4.3 ISO 14971 - Medical Device Risk Management 2
D ISO 14971 - Risk Analysis Best Practices ISO 14971 - Medical Device Risk Management 5

Similar threads

Top Bottom