Risk Assessment and Risk Management for Contract Manufacturer

[Marcelo]

Re: Risk managment for contract manufacturer

A contract manufacturer cannot dictate to a customer the design aspects of a device to minimize risks associated with design and use of the device. A contract manufacturer can only meet the requirements that a customer has determined and specified (e.g., test result must meet certain criteria, instructions for use must match specified copy).

If the design owner determines that a certain aspect of the device is critical, and that the manufacturing process affects the ability to meet that criteria, then it is incumbent upon the contract manufacturer to minimize the risk of causing a defect within the manufacturing process (e.g., validation, inspection, test, etc.)

This is the stance that I took with my registrar, and they concurred. It is the same stance that I took with advisory notices, MDR reporting, and post-market surveillance. The contract manufacturer has a limited role in some aspects of 13485. They can't be ignored, disregarded, or excluded, and they are not "not-applicable", but they can only be implemented in asmuch as is within specified agreements with the customer.

You are generally right on your remarks, but that´s not the point i wanted to convey.

What i was trying to say is that, if you do as you told, from a regulatory standpoint, it would not fulfill the regulatory requirements for the device in questions.

So, it can be expected for example, that you client asks more that that of you. There could be some types of approaches to deal with this, and it will depende on what the original manufacturer requires and what you as a contract manufacturer is willing to do.

 

[yodon]

Re: Risk managment for contract manufacturer

I'd like to look at this from a slightly different angle (by the way, I agree with ontheopenroad's post).

If you are a CM and you are asked to bid to build a medical device, is it incumbent on you to specify that a risk-based (hazard, not business) pFMEA be conducted with the customer? Many device developers ("specifications developers" or whatever they are called - the ones who use CMs) may not understand that such a risk management activity is needed.

Going a step further, if the customer strikes that out of the contract, should the CM ethically take the contract?

 

[MIREGMGR]

Re: Risk managment for contract manufacturer

Going a step further, if the customer strikes that out of the contract, should the CM ethically take the contract?

For a business opportunity involving expected marketing only outside of the US, my employer would make that judgment be conducting our own informal quickie product-use risk analysis.

If we're pretty confident that the product will have acceptably low risk numbers, we'll take the job.

We're less willing to take such jobs for the US market...in practice, our upper threshold for estimated risk is lower...because of the FDA's recent stance that contract manufacturers take on responsibilities such as this one if they know that their customer won't do so.

 

[jkuil]

Re: Risk management for contract manufacturer

The risk evaluation and risk acceptance is the responsibility of the manufacturer who puts the product on the market. Also the manufacturer has the responsibility for risk analysis that precedes the risk evaluation. However, the contract manufacturer may execute this activity as outsourced task and provide the manufacturer the rersults. Especially during the post-production phase. In order to adequately perform such a task, the manufacturer is adviced to communicate the risk management file during the design transfer to the contract manufacturer.

In order to reduce business risk the contract manufacturer is adviced to evaluate the risk management file presented by the manufacturer. If blanks are identified in the risk management file or the product or process involves risks which the contract manufacturer assesses as being an inacceptable business risk, they should consider not to sign the contract.

 

[Laura Halper]

Re: Risk management for contract manufacturer

An interesting discussion! MIREGMGR mentioned a couple of times that the FDA has recently taken a stance that puts more responsibility on the contract manufacturer: "by relatively recent precedent, contract manufacturers within FDA jurisdiction may be regarded as having substantial responsibility for risk management, potentially extending to elements of design and post market activities, if the contract manufacturer should have known that the product marketer was not competent to take on the responsibilities in question."

I would like to get a better understanding of the FDA's position. How have they communicated the recent precedent-- by warning letters, guidance, information on their website? Where can I find more information about this new approach?

Thank you,
Laura

 

[MIREGMGR]

Re: Risk management for contract manufacturer

I read all device-related warning letters as they're FDA-published weekly, roughly 90 days after original issuance to the recipient. The described stance appeared in a couple of warning letters from roughly 4 to 6 months ago. I think I have copies of that particular pair of WLs in a special file. When I get back to the office Monday, I'll try to come up with time to track them down.

 

[Laura Halper]

Thanks, I would appreciate getting the references to the specific Warning Letters, or copies of the WL's themselves.

 

[MIREGMGR]

All published WLs are on the FDA website. Unfortunately, there's no practical way to contextually search them.