Risk Management in Outsourcing Company

Ronen E

Problem Solver
Staff member
Moderator
#11
:bigwave:
Hi Ronen, always feel good to ask you the Question:
We do contract manufacturing ideally repackaging bulk Class IIa non-sterile products in pharmacy display boxes. We have controlled environment, but not a clean room. In the TF I have risk analysis of those products received from the manufacturer.

At what level I should conduct my risk analysis?
Can I just write a plane risk management report and state possible risks and applied control?
How much importance I need to give to determine overall residual risk assessment?

Cheers

Nash
Hi,

Contract manufacturing = the devices are not sold (labelled) under you company's name, right?

In most leading regulatory domains, that would mean you are not regulatorily required to hold your own risk management files. USA regulation has some exceptions to that rule, but I assume you're not referring to sales in the USA, right? Look in the contract you have with this client - if it doesn't state any obligation re. risk management, then you can pretty much do whatever you think best serves the business.

From a regulatory perspective, the overall responsibility for risk management lies with the legal manufacturer (and/or the sponsor, in Australia). They may need / desire your contribution to this process, however it's still their own responsibility. If you are aware of any significant risks, it would naturally be the right thing to let them know about it, regardless of any hard obligations or explicit requirements.

Cheers,
Ronen.
 
Last edited:
Elsmar Forum Sponsor

Nash27

Involved In Discussions
#13
Hi Ronen,
Thanks, I got your point, although we are registered as a manufacturer and thus I believe we do have obligation to keep the risk management record. But what at what level?
 

Ronen E

Problem Solver
Staff member
Moderator
#14
Hi Ronen,
Thanks, I got your point, although we are registered as a manufacturer and thus I believe we do have obligation to keep the risk management record. But what at what level?
Sorry, I must be missing something. What do you mean by "registered as a manufacturer"? Where? And in what product context?

In Australia, medical devices are typically included on the ARTG as a prerequisite to distribution, and in that context direct regulatory burden is carried by the legal manufacturer (=entity under whose name the device is placed on the market) and the sponsor. If you are neither, then most likely you don't have direct regulatory obligations. In that case you could conduct the risk management at any level you deem appropriate, including nil.
 

Nash27

Involved In Discussions
#15
Sorry, I must be missing something. What do you mean by "registered as a manufacturer"? Where? And in what product context?

In Australia, medical devices are typically included on the ARTG as a prerequisite to distribution, and in that context direct regulatory burden is carried by the legal manufacturer (=entity under whose name the device is placed on the market) and the sponsor. If you are neither, then most likely you don't have direct regulatory obligations. In that case you could conduct the risk management at any level you deem appropriate, including nil.
We are the '=entity' and under our name the device is placed on the market.
 

Ronen E

Problem Solver
Staff member
Moderator
#16
We are the '=entity' and under our name the device is placed on the market.
OK, thanks. Then, from a regulatory perspective you are not doing "contract manufacturing" -- you are "manufacturing" (the difference is significant). It just so happens that one of the ingredients you purchase are finished devices in bulk form, and your scope of activity begins at the sales packaging stage. Nothing unusual in regulatory terms.

For guidance on your regulatory process and requirements, relating to risk management, you can (if haven't already) refer to the ARGMD in general, and particularly to the section on Risk Management on p. 41:

http://www.tga.gov.au/industry/devices-argmd.htm

If you follow ISO 14971 as well you should be fine.

In specific, I would:

1. Incorporate the contents of the risk management files you get from the bulk device maker (your supplier), and ensure that there's a mechanism in place for updates (including review and response on your part, as appropriate) whenever the source is updated;

2. Address any risks you can identify relating to changes in the purchased devices, without you first becoming aware; and

3. Thoroughly analyse and manage any risks associated with the processes that take place under your responsibility, after receiving the bulk devices.

It might sound like a lot of work but it doesn't have to be.

Cheers,
Ronen.

PS I assumed you only operate in the Australian market. Otherwise, different rules may apply.
 
Last edited:
Thread starter Similar threads Forum Replies Date
B ISO 17025:2017 risk management Risk Management Principles and Generic Guidelines 0
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
B Time necessary for all Risk Management activities ISO 14971 - Medical Device Risk Management 2
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
O CQE Handbook - Missing Section VII - Risk Management Misc. Quality Assurance and Business Systems Related Topics 1
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M Free Risk Management Webinar - Design for Quality - May 2017 Risk Management Principles and Generic Guidelines 1
J Will this fulfill the AS9100D Risk Management Requirement AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
A Including all Processes in Risk Management - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 8
F Risk Management vs. FMEA ISO 14971 - Medical Device Risk Management 11
T Using Risk Management in ISO 10993 - Medical Device Accessory 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk Management - Additional Process in ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
J What ever happened to Medical Device Risk Management, anyway? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 17

Similar threads

Top Bottom