Risk Management, complaint handling and CAPA system

alimary15

Involved In Discussions
#1
Good morning,

I would like to know how to do you handle the risk management process toward the complaint handling?

When a complaint related to a specific product is received, the complaint handling team is responsible to rate the complaint assigning to it a probability and a severity.

My questions are:

1) Does the rating of the complaint needs to be done according to the risk management plan of the particular product? ( In my opinion YES!- But how do you make sure that the complaint analysts are rating the complaint in accordance to the product risk analysis ? E.g. a risk that is rated unacceptable by R&D might be rated with a lower severity or probability by the CAPAs :frust::frust:)

2) Could you suggest best practices on how to handle complaints in regard of the collection of post-production information?

Thanks
 
Elsmar Forum Sponsor

Mark Meer

Trusted Information Resource
#2
...rate the complaint assigning to it a probability and a severity.
I'm confused. What is the "probability" of a complaint that you've already received? Is it the probability of it happening again? ...in most cases this would be very difficult (if not impossible) to estimate.

As for "severity", complaint handling usually includes a determination of "reportability" (i.e. whether the complaint involves an adverse event - usually death or serious injury - that needs to be reported to regulatory authorities). This determination is pretty straight forward. ...is this what you mean by complaint "severity"?

The bottom-line however is that the probability/severity risk-management approach isn't really suited for complaint handling.

What the complaint-handling process might want to consider however, is whether there was an incident that necessitates review of risk files. In otherwords:
a) Are there new hazards, previously unidentified?
b) Does the incident call into question previous risk evaluations, or effectiveness of control measures?

If so, a risk design review should be held (which includes appropriate authorities, knowledgeable personnel), so the risk-files can be updated.
 

Mark Meer

Trusted Information Resource
#3
2) Could you suggest best practices on how to handle complaints in regard of the collection of post-production information?
I don't know about "best practices", but I can certainly offer suggestions.

Whatever data you collect should be useful.
Ideally, the data helps to evaluate established Quality Objectives.

For us, we collect the following:

  • Is it reportable? (necessary, for obvious reasons)
  • Does it necessitate a return? (good to track, because returns are costly)
  • Is the item under warranty?
  • A general "cause" category. For example: misuse/abuse, user-error, or non-conforming product. (good for identifying negative trends and areas for improvement)
  • General "resolution" categories. For example: return, servicing, replacement, support, no action taken. (good for evaluating the resources spent to resolve the complaint).

Just some suggestions. Ultimately up to you. Good luck!
 

Bev D

Heretical Statistician
Staff member
Super Moderator
#4
I agree with Mark - it is non-sensible to assess the probability when you get a complaint. certainly complaint handles aren't equipped to figure this out.

severity can be consistently assigned with well developed and well worded guidelines.

For example we assign a severity rating of a 3 (we use a 1-5 scale which we find reduces inconsistent assignment) if the practice lost 15 or more minutes of workflow time due to the incident.
 

alimary15

Involved In Discussions
#5
:thanx:everyone.

I am currently looking at already existing procedures which assign probability to complaints. This is why I got confused cause I also wondered how this assignment could be done!

My question is: how do you link the complaint handling and analysis to the risk management process?

If a complaint is received, how can the risk anaylsis be updated in terms of risk assesment?

1) If I get a complaint that constitute a new risk--> then ok I just add it into the risk management file
2) If I get a complaint that is not new--> Is there a best way to assess whether an update to the Probability/Severity of the risk needs to be performed?

Also my concern is that sometimes the analysis of a complaint is done by someone who is not a 100% technical expert of the device--> thus how to ensure that from that complaint the risk is well identified?

Thanks
 

Mark Meer

Trusted Information Resource
#6
1) If I get a complaint that constitute a new risk--> then ok I just add it into the risk management file
2) If I get a complaint that is not new--> Is there a best way to assess whether an update to the Probability/Severity of the risk needs to be performed?
Complaints don't really tie into the ISO14971 framework except, as I mentioned in post #2, the following:
1. Is there a new, previously identified hazard?
2. Does the complaint involve an incident that calls into question previous risk-evaluations or the effectiveness of control measures? For example:
- Did a control measure fail?
- Did an event deemed improbable occur?
- Did an event occur whose consequences were more severe than the worst-case considered in the risk-file?

In either case, a risk file review should be held to ensure that all appropriate expertise is present.

"Just add[ing] [a hazard] into the risk management file" involves a process, and shouldn't be treated lightly. Any new hazard must be evaluated, and risk controls prescribes if necessary. This requires expertise. Similarly, updating an evaluation or a control measure also require expertise.

Fortunately, in practice, most complaints probably won't involve reassessing the risk file.

My suggestion would be to:
1. Add an evaluation of the 2 criteria above to your complaint forms. (e.g. yes/no checkboxes)
2. Add to your procedure that if "yes" is checked for these on a complaint form, then a risk-file review is necessary (which will include appropriate expertise).
 
Thread starter Similar threads Forum Replies Date
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
B Time necessary for all Risk Management activities ISO 14971 - Medical Device Risk Management 2
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
O CQE Handbook - Missing Section VII - Risk Management Misc. Quality Assurance and Business Systems Related Topics 1
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M Free Risk Management Webinar - Design for Quality - May 2017 Risk Management Principles and Generic Guidelines 1
J Will this fulfill the AS9100D Risk Management Requirement AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
A Including all Processes in Risk Management - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 8
F Risk Management vs. FMEA ISO 14971 - Medical Device Risk Management 11
T Using Risk Management in ISO 10993 - Medical Device Accessory 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk Management - Additional Process in ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
J What ever happened to Medical Device Risk Management, anyway? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 17
M AAMI draft report - Postmarket Risk Management ISO 14971 - Medical Device Risk Management 2
L Risk Management in an IVD, ISO 13485 certified company ISO 14971 - Medical Device Risk Management 2
S Informational Risk Management Implementation for ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 60
S Risk Management during Contract Review AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
M Risk Management File for Extra Oral RX Equipment ISO 14971 - Medical Device Risk Management 11
D Risk Management for Drug-Device Combinations ISO 14971 - Medical Device Risk Management 1
A AS 9100 - Risk Management Procedure and Flow Chart examples AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2

Similar threads

Top Bottom