Risk Based Approach for ISO 13485:2016 Form/Procedure

Elsmar Forum Sponsor

Avraham Harris

Involved In Discussions
#13
Finally, I updated our QMS for the risk-based approach by updating our "quality planning" procedure with a short "risk-management for processes" chapter for all (!) QMS processes,..
Wolf.K, but what content did your Risk management for processes chapter contain?
What is your method. Can you share the principle?

Well done with Audit :applause:
 
Q

qagirl

#14
ISO 13485:2016 s. 4.1.2(b) requires that The organization shall apply a risk based approach to the control of the appropriate processes needed for the quality management system.

The processes needed for the QMS shall be determined by the organization (4.1.2(a)).

What are the "appropriate" processes to which the requirement in 4.1.2(b) applies? Based on s. 0.2, they are the ones necessary for allowing the product to meet its requirements; for compliance with regulatory requirements; for allowing corrective actions; and for risk management. Essentially, all or most of the QMS processes...

S. 4.1.2(b) relates to the "control" of the appropriate processes. What is "control"? It is the application of measures to ensure that the controlled entity is kept within predefined boundaries. In my understanding, "control" of QMS processes means ensuring that they take place as prescribed. So the question that remains is what measures need to be applied to ensure that the QMS processes take place as prescribed.

S. 4.1.2(b) provides part of the answer - it says that the determination of those measures should be risk-based. To me this means that the higher the risk of a given QMS process not taking place as prescribed (ie going out of specification), the more action / stricter measures need to be taken to counter the risk.

Effective control involves monitoring and feedback. In this case a properly functioning internal audit process can provide such feedback, so that the perceived risks and effectiveness of mitigation means can be continuously adjusted.
Ronen,
your message was very helpful to me.
I have implemented ISO 9001:2015, but not yet for ISO 13485:2016.
For ISO 9001:2015, we made process maps of each process and then made a Risk Analysis for each process listing up to 5 main risks and the actions necessary to reduce the risk, if the risks were too high. Does ISO 13485:2016 require a similar approach to meet the standard?
 
Q

qagirl

#15
We are taking the following approach; all my QMS major processes (4.1.2a/c) had their risks individually evaluated and the mitigation actions specified (in turtle like diagram) as well as their KPI (Key Performance Indicator).
As 4.1.2 b does not require a documented procedure, I did not document a specific procedure. The quality manual specifies that the QMS processes are mapped and that the controls are stablished, the method is left in open.
Any thoughts?
We did this similar approach for ISO 9001:2015. I wasn't aware that it will also work for ISO 13485:2016. Thank you very much. It was not difficult to make a process map of each process (inputs, outputs, process description, resources, and KPIs on a map). The hardest part was to get the process owners to track the KPIs!
 

Wolf.K

Quite Involved in Discussions
#16
It is a short FMEA-like work. The SOP for quality planning has a new chapter for process risk management. So, for each process, either during updates or during first implementation, competent people have to think of possible problems with the process (brainstorming part) and what our current controls are to cover these possible problems. Then we have a table at the end of each SOP (one SOP - one process) listing these results. As every employee is trained on "his/her" SOPs, everyone is aware (hopefully) of these obstacles, so that they cannot prevail. We got this idea from the SOP templates from the Medical Device Academy (Many thanks!).
 
T

tuodor yaftrah

#18
Finally, I updated our QMS for the risk-based approach by updating our "quality planning" procedure with a short "risk-management for processes" chapter for all (!) QMS processes, and renamed our "risk management" procedure to "product risk management".

So, all QMS processes requiring a formal risk management according to 14971 (e.g. during design and development) reference to the SOP "product risk management", and the control of all QMS processes is controlled by the SOP "quality planning".

Next month we are audited by our notified body - then I will know if this approach is alright...
Could you advice with template for the risk managment procdure for process
 

love02eat

Involved In Discussions
#19
It is a short FMEA-like work. The SOP for quality planning has a new chapter for process risk management. So, for each process, either during updates or during first implementation, competent people have to think of possible problems with the process (brainstorming part) and what our current controls are to cover these possible problems. Then we have a table at the end of each SOP (one SOP - one process) listing these results. As every employee is trained on "his/her" SOPs, everyone is aware (hopefully) of these obstacles, so that they cannot prevail. We got this idea from the SOP templates from the Medical Device Academy (Many thanks!).
Thank You
 
Thread starter Similar threads Forum Replies Date
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 8
D Validation of existing equipment - Risk based approach example ISO 13485:2016 - Medical Device Quality Management Systems 3
C Usability IEC 62366-1:2015 and MDR 2017/745 - Risk based approach IEC 62366 - Medical Device Usability Engineering 1
M Informational USFDA draft guidance – A Risk-Based Approach to Monitoring of Clinical Investigations Questions and Answers Guidance for Industry Medical Device and FDA Regulations and Standards News 0
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
Q Questions about the Risk-based approach to QMS processes ISO 13485:2016 - Medical Device Quality Management Systems 17
S ISO 13485:2016 - Risk-based Approach ISO 13485:2016 - Medical Device Quality Management Systems 3
S Risk based approach - Procedures already take a risk-based approach to QMS processes ISO 13485:2016 - Medical Device Quality Management Systems 3
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
B Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Examples ISO 13485:2016 - Medical Device Quality Management Systems 21
V Evolving QA from 'Compliance-based' to 'Science/Risk-based' approach US Food and Drug Administration (FDA) 2
AnaMariaVR2 Risk Based Approach to Validation [article] Qualification and Validation (including 21 CFR Part 11) 3
C ISO/ PAS 28000 Implementation Guide - I'm interested in its risk based approach Other ISO and International Standards and European Regulations 4
Sidney Vianna Risk Based Audits - Will the industry change it's approach? Registrars and Notified Bodies 0
Scott Catron Any difference in FDA inspections since the risk-based approach was announced? US Food and Drug Administration (FDA) 6
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
S Risk based internal auditing Internal Auditing 6
D Reduction of software class based on multiple external risk controls IEC 62304 - Medical Device Software Life Cycle Processes 5
D Requirement of Pharmacovigilance (Drug Safety) Risk Based Strategic and Tactical Audit Plan General Auditing Discussions 0
Ed Panek Are audit non conformances also risk based? ISO 13485:2016 - Medical Device Quality Management Systems 1
P Looking for Risk Assessment Template - Not necessarily Asset based IEC 27001 - Information Security Management Systems (ISMS) 1
S Can anybody share a sample risk assessment prepared based on ISO 17025:2017? ISO 17025 related Discussions 15
E Basic Risk based thinking questions Risk Management Principles and Generic Guidelines 5
Jen Kirley Risk Based Thinking and acts of God/Mother Nature Business Continuity & Resiliency Planning (BCRP) 1
T What is Risk-based Design? ISO 14971 - Medical Device Risk Management 15
Sidney Vianna FAA and DCMA to leverage OASIS data to assist in planning risk-based oversight audits Federal Aviation Administration (FAA) Standards and Requirements 3
Q Risk Based Thinking - Is a Documented Procedure required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Chennaiite But who said we are new to Risk based thinking Imported Legacy Blogs 1
Y Examples of Risk and Opportunities based on ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Q Is it worth the effort to implement ISO 31000 Risk based on ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Sidney Vianna Are the TC 176 Documents on Risk Based Thinking useful to you? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
A Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 56
J Timeframes for Risk-Based Biocompatibiilty Assessment Other Medical Device Related Standards 3
S Help me with preparing Internal Audit Schedule based on Risk analysis 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
D Risk Based Inspection: Injection Molding Inspection, Prints (Drawings), Testing, Sampling and Related Topics 6
A Risk Based Internal Quality Audit Scheduling and Planning Internal Auditing 2
T Risk based Impact Level related to Customer Complaints 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
G Why do we use Sampling Plans based on Producer's Risk? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 20
RoxaneB Risk-Based Audit Results - Audit Program for Multiple Locations General Auditing Discussions 8
W Customer wants 'Risk Based Compliance' for our Plastic Component Other Medical Device and Orthopedic Related Topics 3
D PA, CA and Risk-Based Decision Making - Need Input Preventive Action and Continuous Improvement 7
C Is Risk Based Decision Making part of Preventive Action Preventive Action and Continuous Improvement 5
Ajit Basrur Risk Based Internal Auditing - Pharmaceutical Plants Internal Auditing 3
J Overall Residual Risk Procedure based on the 2007 version of ISO 14971 ISO 14971 - Medical Device Risk Management 4
S Supplier Risk Check Sheet based on Quality and Delivery needed Supplier Quality Assurance and other Supplier Issues 1
Jen Kirley Some Options for Risk Based Auditing The Reading Room 14
S Risk Based Certification General Auditing Discussions 2
C How is risk management handled in a software-based product ISO 13485:2016 - Medical Device Quality Management Systems 1
E Risk Based Audits ocussing on those areas of identified risk General Auditing Discussions 3
B ISO 17025:2017 risk management Risk Management Principles and Generic Guidelines 0

Similar threads

Top Bottom