Risk Management for Small Contract Manufacturers

C

ckusnierek

#1
Hi, I have been lurking for a few years and have to say the information within this forum has been a great resource.

I made a mistake and in my initial QM. I exempted my company from Risk Management. Being a contract manufacture I thought that risk assessment and management was solely the responsibility if the customer.

Well my auditor was happy enough to point out that the standard says "SHALL" and I must perform risk management.

Well where do I start? and how do I implement it? All the information and resources I can find refer to design risk management and long term safety etc...

We are a small shop and I want to make this as simple as possible.
I suppose I could create a checklist, list all a products process and possible failure points.

What I mean is from a manufacturing side would risk be defined as any process or operation failure that could cause the product to not meet customer specifications?

If so, am I not already doing that thru monitoring and measurement of process & products?

And if I were to assign a risk level would they not all be "sever" since any missed operation would cause the product to not meet requirements?

I'm am just really struggling with how to effectively implement this requirement. If any one could point me in the right direction it would be greatly appreciated.

-Chris
 
Elsmar Forum Sponsor
A

arios

#2
Re: Risk Management for Contract Manufactures.

First of all, I am glad to be in touch with someone from Indiana. That's a pretty place. (I love Goshen)

It looks like you are talking about a medical device related product under ISO 13485. It would be good for you to acquire the ISO 14971 standard which explains the process in detail, but will try to make a brief summary of what you need:

1. Create a SOP for risk management
2. In your SOP make reference to what is known as risk management file. A risk management file can exist or be crated for a product family.
3. In your risk management file you can include the risk management plan (which defines criteria for acceptability), a "checklist" with the 34 or so questions that points out the ISO 14971 standard (annex C if I remember well) which is used to analize the intended use of the device and its relationship to other factors like materials used, environment with which the device is exposed, etc.
4. Your risk analysis tool which can be on the form of an FMEA. Since you are a contract manufacturer, the life cycle of the product can be limited to manufacturing and you can consider the risk that your process can leave traces of manufacturing materials (e.g. burrs, grease, etc). I would consider your customer responsible for design, final disposal and other aspects outside your scope.

Now, it is possible that your customer has already done the risk assessment for your operations or part of them. If he has, you may not need to reinvent the wheel and use what has been created already and make reference to that in your SOP.

Here is Elsmar I have seen very nice examples of the templates that form a risk management file. I hope some body can locate them for us.

Greetings from this side of the border!
Alberto
 
C

ckusnierek

#3
Re: Risk Management for Contract Manufacturers

Thanks so much Alberto!

So I can group part families? IE Taps, Drills Reamers etc...???

That would make it much easier for me considering the risk management files seems to sound lengthy.

We are a "niche" manufacture specializing in Tap, drills, reamers and K-wires.
 
A

arios

#4
Re: Risk Management for Contract Manufacturers

I would group by families if they are intended for a similar application and produced by the same process, and include notes as necessary on the file if an exception deserves further consideration or explanation, e.g. if one needs a different heat treatment from another one.
 
Last edited by a moderator:
C

ckusnierek

#5
Re: Risk Management for Contract Manufacturers

I would group by families if they are intended for a similar application, and include notes as necessary on the file if an exception deserves further consideration.
Well in our case a family consists of essentially every instrument to perform a specific surgery. From K-wire to drill to tap to screw/implant.

All totally different parts
 
Last edited by a moderator:

yodon

Staff member
Super Moderator
#6
Re: Risk Management for Contract Manufacturers

Um, I'd like to maybe look at this from a different angle. As you say, you are a contract manufacturer. Thus, you build what your customer says to build. Your customer is, indeed, responsible for the risk management of the PRODUCT (medical device). Your responsibilities are in product realization. So exactly what SHALL did they cite that is your responsibility? You may not have any clue as to the harm the device could do to a patient / user / operator. Note that 14971 states very clearly:

The requirements contained in this International Standard provide manufacturers with a framework within which experience, insight and judgment are applied systematically to manage the risks associated with the use of medical devices.

So Risk Management has to address how a patient can be harmed. Does the manufacturing process have a role in risk management? Sure. Typically what we've seen / done is to have a process FMEA for the manufacturing process FOR THAT PRODUCT to determine, as others have said, how the process could contribute to a failure to meet requirements. But this then has to be tied back to how that failed requirement can harm a patient. I don't see that you would necessarily have the information to do that.

The only 'shall' in 13485 I know of for risk management is:

The organization shall establish documented requirements for risk management throughout product realization. Records arising from risk management shall be maintained (see 4.2.4)

I don't see how you, as contract manufacturer, would be responsible for this! I know you will need to participate. You're right, you can't assess the risk severity or probability. I think there's some misunderstanding / miscommunication going on.
 
M

MIREGMGR

#7
Re: Risk Management for Contract Manufacturers

The requirements contained in this International Standard provide manufacturers with a framework within which experience, insight and judgment are applied systematically to manage the risks associated with the use of medical devices.
My bold added above.

EN ISO 14971:2007 defines "manufacturer" in 2.8 as a "natural or legal person with responsibility for the design, manufacture, packaging, or labelling of a medical device, assembling a system, or adapting a medical device before it is placed on the market or put into service, regardless of whether those operations are carried out by that person or on that persons' behalf by a third party."

My bold added above.

As a contract manufacturer, you are that third party. Risk management is the fundamental responsibility of the manufacturer...your customer...and not you.

(100% agreement with Yodon.)

***

Have you discussed with your customer if they already have a comprehensive risk analysis? You might find that they've already performed an analysis that includes your operations...in which case you might be able to improve their risk file by reviewing the production-related aspects and suggesting improvements.

I certainly agree with Arios regarding the desirability of family analysis when large numbers of somewhat related products are involved.
 
C

ckusnierek

#8
Re: Risk Management for Contract Manufacturers

Our auditor was very vague in explaining this to me. I argued that as a contract manufacture we may have a knowledgeable guess as to the how the device is to be used but we cannot determine risks based on speculation.

He argued back that we could simply perform risk assessment on the corporate level meaning will we incur liabilities? Do you have the capitol/resources to meet customer requirements? I thought this was asinine but being our auditor I kept my mouth shut.
 
A

arios

#9
Re: Risk Management for Contract Manufacturers

I still see a benefit on the auditor's finding and an a good opprtunity to enhance the system and detect possible failure modes that may be undesirable. Hopefully you can establish something easy to maintain ideally with the support from your customer.

As I earlier mentioned do not reinvent the wheel if your customer has developed a risk management process which covers your processes, or as the other folks said see if you can improve from what the customer has. Since you are the one who can better understand your processes there is a good chance you can contribute to improvement of an existing RM.

You can probably still use a product family approach even with the scenario of diverse applications, but it would good to define the criteria in the Risk Management Plan based on the highest risk product

Take care and wish you sucess in this project

Alberto
 
Last edited by a moderator:
A

adamsjm

#10
Re: Risk Management for Contract Manufacturers

Ckusnierek quote:
We are a "niche" manufacture specializing in Tap, drills, reamers and K-wires
From this statement I am assuming that your company produces several different Taps (diameter, pitch, length, etc.) based upon the same basic operations. If so, you can consider your taps product line as a product family. The same assumption can be made for drills, reamers, and K-wires. Each of these individual families (product lines) will share manufacturing, handling, and identification processes. These processes will be identified on your “Process Flow Diagram / Chart List”.

Ckusnierek quote:
… as a contract manufacture we may have a knowledgeable guess as to the how the device is to be used but we cannot determine risks based on speculation.
Your customer provided your company with at least a minimal list of requirements. Such as reamer diameter size and tolerance, length, hardness, retention features, packaging, shipping, etc. (Hopefully you are not guessing about these.) These items can be listed as your customers “wants”.

The first activity to be performed between the design team (customer) and the manufacturing team (you) is to create a modified Phase III QFD or Special Characteristic Matrix. The customer’s wants go down the left side and your “Process Flow Diagram / Chart List” how’s goes across the top. By completing the matrix, you and your customer will know which process effect what requirements. You will also identify which process affects the most wants and should be analyzed first for what can go wrong during that particular process step. That means perform a PFMEA analysis and identify the RISK of not producing to requirement. How will you control the process so that non-conforming product will not be produced or contained if it is produced – the Control Plan, Work Instructions, Standard Operating Procedures. Only your company can produce this documentation.
You then submit it to your customers for their approval and buy-in.

Per your Auditor:
Do you have the capital / resources to meet customer requirements?
The paragraph above describes how to meet your customer requirements, If your company cannot or will not perform those activities then they may “incur consequences”, such as product liabilities or loss of business.

This is just the start of becoming a great company.
I have led production product lines to have 0 DPMO process failures for weeks at a time while handling 288,000 parts and assemblies per day. Through hard work, you can reach this level also.
As a consultant, I am willing to help.


Joe Adams
Process Excellence Architect
 
Thread starter Similar threads Forum Replies Date
T Risk Management in a very small low tech, Class 1 Medical Device Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 3
B ISO 17025:2017 risk management Risk Management Principles and Generic Guidelines 0
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
B Time necessary for all Risk Management activities ISO 14971 - Medical Device Risk Management 2
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
O CQE Handbook - Missing Section VII - Risk Management Misc. Quality Assurance and Business Systems Related Topics 1
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M Free Risk Management Webinar - Design for Quality - May 2017 Risk Management Principles and Generic Guidelines 1
J Will this fulfill the AS9100D Risk Management Requirement AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
A Including all Processes in Risk Management - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 8
F Risk Management vs. FMEA ISO 14971 - Medical Device Risk Management 11
T Using Risk Management in ISO 10993 - Medical Device Accessory 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk Management - Additional Process in ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1

Similar threads

Top Bottom