Risk analysis of QMS software - Validating software we use for QMS

Teyla

Starting to get Involved
#1
Hi everybody!

Hope someone can help me. I'm validating software we use for QMS and I'm really struggling with Risk Analysis.

It's very hard for me (I'm not the expert) to identify potential risk that usage of eQMS brings. Can someone help me and guide me? Examples of potential risks will be hihly appreciated.

Thanks!
 
Elsmar Forum Sponsor

François

Involved In Discussions
#2
Here's some thoughts.

Once you've defined the purpose and the scope of your SW. you should identify which clauses of the ISO13485 are applicable to your SW and how you could be non compliant (hazards).

You will have fore sure:
4.2.5 Control of records

Hazards : records can't be retrieved
Failure : records has been erased.
Causes :
-Records are not protected for deletion in the SW.
- New version erased the previous one
- ....

Hazards: records integrity has been altered
Failure : records has been edited with no traceability
Causes :
- No audit trail
- No signature of the editor


You can also assess risk for :

- SW maintainability : SW has security breach because it's not maintained anymore. You may want to chose a reliable, well-known supplier.

- SW support : you can't use the SW because you don't know how, or it's broken. you may want a reliable helpdesk to help you.
 

Teyla

Starting to get Involved
#3
Here's some thoughts.

Once you've defined the purpose and the scope of your SW. you should identify which clauses of the ISO13485 are applicable to your SW and how you could be non compliant (hazards).

You will have fore sure:
4.2.5 Control of records

Hazards : records can't be retrieved
Failure : records has been erased.
Causes :
-Records are not protected for deletion in the SW.
- New version erased the previous one
- ....

Hazards: records integrity has been altered
Failure : records has been edited with no traceability
Causes :
- No audit trail
- No signature of the editor


You can also assess risk for :

- SW maintainability : SW has security breach because it's not maintained anymore. You may want to chose a reliable, well-known supplier.

- SW support : you can't use the SW because you don't know how, or it's broken. you may want a reliable helpdesk to help you.
Thank you! It's more clearer now...
 

AbelVV

Starting to get Involved
#4
Keep in mind that the standards don't list every possible hazard. You might want to look for additional ways as explained in 14971
 

tnorton

Solution Expert @ Simploud.com
#5
One exercise we do is to evaluate each item in the Functional Requirements and try to think of potential hazards based on what we know of the system and based on the URS. This way, we identify significant hazards to which we can place mitigation measures and on which we focus during testing.

Good luck!
 

invitro_spain

Involved In Discussions
#6
some thoughts,

All the ideas that tnorton and Françoise gave you are very useful. No new ideas from my side. If we talking about risk assessment in Medical device we must use the ISO 14971. I do not know if you know this standard. It could be useful. Secondly, following Tnorton's thoughts, I would start defining risks related to the requirements in the URS and FRS and then assure the traceability to the measures to mitigate them. There are templates here and in google too.

Good luck
 
Thread starter Similar threads Forum Replies Date
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 0
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
M An example of risk analysis of class I MD ISO 14971 - Medical Device Risk Management 36
B Grouping of Products for Risk Analysis ISO 14971 - Medical Device Risk Management 9
A Risk-benefit Analysis - Hazard Analysis (HA) and FMEAs ISO 14971 - Medical Device Risk Management 18
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
K Risk Analysis Updates due to complaints ISO 14971 - Medical Device Risk Management 10
S The Severity of a Medical Device Hazard - Risk Analysis Clarification ISO 14971 - Medical Device Risk Management 6
Ed Panek Transition to IEC 60601 4th Edition - Risk Analysis and test submissions CE Marking (Conformité Européene) / CB Scheme 2
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
R IATF 16949 Clause 6.1.2.1 - Lessons Learned and Risk Analysis IATF 16949 - Automotive Quality Systems Standard 6
S Risk analysis 6.1 and contingency plans 6.1.2.3, are they related? IATF 16949 - Automotive Quality Systems Standard 26
B Software Class A - Lengthy further risk analysis IEC 62304 - Medical Device Software Life Cycle Processes 9
W Biocompatibility Risk Analysis for Clinical Practitioner 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F Risk Analysis of a Medical Device Accessory ISO 14971 - Medical Device Risk Management 4
S How we can use risk analysis for suppliers IATF 16949 - Automotive Quality Systems Standard 6
I Medical Device Software Risk Analysis ISO 14971 - Medical Device Risk Management 4
Q Risk Analysis - Same Risk Treatment for Context and Interested Parties ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
C Risk Analysis for COTS/OTS Risk Management Principles and Generic Guidelines 4
M IATF 16949 Cl. 8.7.1.4 - Risk analysis for decision making about rework IATF 16949 - Automotive Quality Systems Standard 2
E Risk Analysis - Events which may cause to Data Loss ISO 14971 - Medical Device Risk Management 12
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
Q Risk Tools in ISO 31010 - Root Cause Analysis vs. Cause-and-effect Analysis ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
S Organizing Risk Analysis and Controls for a New Medical Device (ISO 14971) ISO 14971 - Medical Device Risk Management 4
S Please review my Risk Analysis Table ISO 14971 - Medical Device Risk Management 13
K Risk Analysis and "Information for Safety" / Labeling ISO 14971 - Medical Device Risk Management 10
M Risk analysis - ISO/TS 16949 clause 7.2.2.2 IATF 16949 - Automotive Quality Systems Standard 2
C Help with Risk/Benefit Analysis Self-help Device for Diabetics ISO 14971 - Medical Device Risk Management 3
A FTA-Top/Down approach to Risk Analysis ISO 14971 - Medical Device Risk Management 2
A Industry best practice about Post-Market Surveillance and Risk Analysis ISO 14971 - Medical Device Risk Management 6
T Risk Analysis help for CE Marking Class I Medical Device ISO 14971 - Medical Device Risk Management 10
T Risk Analysis for moving manufacturing equipment ISO 14971 - Medical Device Risk Management 17
D Different kinds of Risk Analysis for various Hazards ISO 14971 - Medical Device Risk Management 3
L GHTF/SG3/N15R8 - Process Validation and Risk Analysis ISO 13485:2016 - Medical Device Quality Management Systems 4
R Risk Analysis of Class IIb Disinfectant ISO 14971 - Medical Device Risk Management 6
J Does anyone have an example of Risk-Benefit Analysis per ISO 14971? Other ISO and International Standards and European Regulations 2
P FMEA Risk Analysis Recommended Action Priority FMEA and Control Plans 2
N ISO 14971 Risk Analysis - Sections 4.2 and 4.3 ISO 14971 - Medical Device Risk Management 2
D ISO 14971 - Risk Analysis Best Practices ISO 14971 - Medical Device Risk Management 5
S Internal Audit Plan per Risk Analysis Internal Auditing 5
K RISK ANALYSIS SAMPLE according to Annex ZA of EN ISO-14971-2012 Other Medical Device and Orthopedic Related Topics 1
S Help me with preparing Internal Audit Schedule based on Risk analysis 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2

Similar threads

Top Bottom