S
SLandry92
Hi everyone, first post, but I've been lurking a bit. I dove head first in the medical sector after 5+ years in oil & gas as QA manager.
Since we're a small company (~50 employees), I'll be doing an "as simple as I can" method for evaluating risks for complying with 4.1.2 (b).
Basically, there is result low, medium and high in a grid of occurence versus impact. Medium and High need actions put in place, while low does not.
Changes/risks will have two categories, one for ressources changes and the other for all other change types with each level of risk (low, medium and high) along with each set (level / hierarchical) of staff required to approve the action plan. For example, high level risks for ressources need the management commity, while medium level risks require QA, engineering and affected departement manager while low level risks if, deemed worthy of an action plan would require only the departement manager (and RH if ressources).
This would make a 3*3 grid for evaluating the risk itself, while a 2*3 grid for specifying who needs to approve the action plans, which will be detailed in the procedure managing this form.
Would this be enough to satisfy requirements?
Since we're a small company (~50 employees), I'll be doing an "as simple as I can" method for evaluating risks for complying with 4.1.2 (b).
Basically, there is result low, medium and high in a grid of occurence versus impact. Medium and High need actions put in place, while low does not.
Changes/risks will have two categories, one for ressources changes and the other for all other change types with each level of risk (low, medium and high) along with each set (level / hierarchical) of staff required to approve the action plan. For example, high level risks for ressources need the management commity, while medium level risks require QA, engineering and affected departement manager while low level risks if, deemed worthy of an action plan would require only the departement manager (and RH if ressources).
This would make a 3*3 grid for evaluating the risk itself, while a 2*3 grid for specifying who needs to approve the action plans, which will be detailed in the procedure managing this form.
Would this be enough to satisfy requirements?
Last edited by a moderator: