Risk Based Approach for ISO 13485:2016 Form/Procedure

Ronen E

Problem Solver
Moderator
Ok,

The last three days we had the auditor from our Notified Body as our guest, and he accepted our approach to the "risk-based approach" and we will get the 13485:2016 certificate!

:D

Have a nice weekend!

Well done! Thanks for sharing. :applause:
 

Avraham Harris

Involved In Discussions
Finally, I updated our QMS for the risk-based approach by updating our "quality planning" procedure with a short "risk-management for processes" chapter for all (!) QMS processes,..
Wolf.K, but what content did your Risk management for processes chapter contain?
What is your method. Can you share the principle?

Well done with Audit :applause:
 
Q

qagirl

ISO 13485:2016 s. 4.1.2(b) requires that The organization shall apply a risk based approach to the control of the appropriate processes needed for the quality management system.

The processes needed for the QMS shall be determined by the organization (4.1.2(a)).

What are the "appropriate" processes to which the requirement in 4.1.2(b) applies? Based on s. 0.2, they are the ones necessary for allowing the product to meet its requirements; for compliance with regulatory requirements; for allowing corrective actions; and for risk management. Essentially, all or most of the QMS processes...

S. 4.1.2(b) relates to the "control" of the appropriate processes. What is "control"? It is the application of measures to ensure that the controlled entity is kept within predefined boundaries. In my understanding, "control" of QMS processes means ensuring that they take place as prescribed. So the question that remains is what measures need to be applied to ensure that the QMS processes take place as prescribed.

S. 4.1.2(b) provides part of the answer - it says that the determination of those measures should be risk-based. To me this means that the higher the risk of a given QMS process not taking place as prescribed (ie going out of specification), the more action / stricter measures need to be taken to counter the risk.

Effective control involves monitoring and feedback. In this case a properly functioning internal audit process can provide such feedback, so that the perceived risks and effectiveness of mitigation means can be continuously adjusted.
Ronen,
your message was very helpful to me.
I have implemented ISO 9001:2015, but not yet for ISO 13485:2016.
For ISO 9001:2015, we made process maps of each process and then made a Risk Analysis for each process listing up to 5 main risks and the actions necessary to reduce the risk, if the risks were too high. Does ISO 13485:2016 require a similar approach to meet the standard?
 
Q

qagirl

We are taking the following approach; all my QMS major processes (4.1.2a/c) had their risks individually evaluated and the mitigation actions specified (in turtle like diagram) as well as their KPI (Key Performance Indicator).
As 4.1.2 b does not require a documented procedure, I did not document a specific procedure. The quality manual specifies that the QMS processes are mapped and that the controls are stablished, the method is left in open.
Any thoughts?
We did this similar approach for ISO 9001:2015. I wasn't aware that it will also work for ISO 13485:2016. Thank you very much. It was not difficult to make a process map of each process (inputs, outputs, process description, resources, and KPIs on a map). The hardest part was to get the process owners to track the KPIs!
 

Wolf.K

Quite Involved in Discussions
It is a short FMEA-like work. The SOP for quality planning has a new chapter for process risk management. So, for each process, either during updates or during first implementation, competent people have to think of possible problems with the process (brainstorming part) and what our current controls are to cover these possible problems. Then we have a table at the end of each SOP (one SOP - one process) listing these results. As every employee is trained on "his/her" SOPs, everyone is aware (hopefully) of these obstacles, so that they cannot prevail. We got this idea from the SOP templates from the Medical Device Academy (Many thanks!).
 

love02eat

Involved In Discussions
Congrats. Our company is on the same boat of transitioning would you mind sharing your risk based turtle diagram on your processes
 
T

tuodor yaftrah

Finally, I updated our QMS for the risk-based approach by updating our "quality planning" procedure with a short "risk-management for processes" chapter for all (!) QMS processes, and renamed our "risk management" procedure to "product risk management".

So, all QMS processes requiring a formal risk management according to 14971 (e.g. during design and development) reference to the SOP "product risk management", and the control of all QMS processes is controlled by the SOP "quality planning".

Next month we are audited by our notified body - then I will know if this approach is alright...

Could you advice with template for the risk managment procdure for process
 

love02eat

Involved In Discussions
It is a short FMEA-like work. The SOP for quality planning has a new chapter for process risk management. So, for each process, either during updates or during first implementation, competent people have to think of possible problems with the process (brainstorming part) and what our current controls are to cover these possible problems. Then we have a table at the end of each SOP (one SOP - one process) listing these results. As every employee is trained on "his/her" SOPs, everyone is aware (hopefully) of these obstacles, so that they cannot prevail. We got this idea from the SOP templates from the Medical Device Academy (Many thanks!).
Thank You
 
Top Bottom