Risk Management (ISO 14971:2007) Internal Audit Checklist

medwise

Involved In Discussions
#1
Hi Everyone,

I'm scheduled to audit the risk management of a class IIb electrosurgical forceps. I was wondering if anyone can provide/guide me an internal audit checklist for risk management as per ISO 14971:2007.

Even few open and closed ended questions for internal audit of risk management will be helpful.

Note - the current RM is based on 2000 version (1st edition).

Any help will be much appreciated.

Thanks in advance.

Kind regards
Romit:thanx:
 
Elsmar Forum Sponsor

sagai

Quite Involved in Discussions
#2
I cannot really think of any check-list, apart from a kind of check-list having all clauses of the standard lined up to find evidence or encouragement for.
But regardless this could be a check-list i would not really advocate it.

You cannot go wrong if you have the principles of the standard in your mind and you look into the corresponding part of the QMS to see a level of compliance as well as the activities are carried out as part of RM.

Cheers!
 

medwise

Involved In Discussions
#3
Thank you Sagai for your response.

The company in question is a very small organisation and currently has just the basics in place i.e. ISO 14971:2000. I can only take a gradual improvement approach rather bombarding them with a lot of things to do.However, I understand that the regulations are same for large and small companies regardless.

I was looking for some simple checklist which can help them get on track on first place. Say if you were conducting an internal audit for a class IIb device, what 7 -10 critical questions will you be focusing on to ensure that they can cross the bridge from first edition to 2007 version.

Regards
Romit
 

yodon

Staff member
Super Moderator
#4
If you get a copy of the standard, there's a nice flowchart in Annex B that can guide you through the process and determine if they are complying.

Beyond that, maybe a few thoughts..

Do they have a Risk Management Plan? This should lay out the approach, including what their measurement criteria are (e.g., severity levels, occurrence factors, thresholds, etc.). (So then the obvious audit question would be, based on the Plan, are they following it?)

Have they identified hazards? Typically, the table in Annex E is used to guide this process. The table provides a broad spectrum of where hazards can arise.

Have they identified and quantified risks? This is most often done in an FMEA or a set of FMEAs (but alternate methods are very much allowed).

Have they identified mitigations to reduce the risk? Are those mitigations verified for implementation and effectiveness?

Do they periodically review and update the hazards and risks based on feedback from use? Do they re-assess risk when changes occur?

Not comprehensive by any means but hopefully it helps set the stage.
 

Ronen E

Problem Solver
Staff member
Moderator
#5
Thank you Sagai for your response.

The company in question is a very small organisation and currently has just the basics in place i.e. ISO 14971:2000. I can only take a gradual improvement approach rather bombarding them with a lot of things to do.However, I understand that the regulations are same for large and small companies regardless.

I was looking for some simple checklist which can help them get on track on first place. Say if you were conducting an internal audit for a class IIb device, what 7 -10 critical questions will you be focusing on to ensure that they can cross the bridge from first edition to 2007 version.

Regards
Romit
Hi,

Given this setup, I wouldn't even go for a checklist. Instead, I would look at just 2 things:

(a) Risk acceptability criteria -- Is a policy for setting them in place? Were the acceptability criteria clearly defined, in line with this policy? Were these criteria applied with integrity and consistency?

(b) Risk reduction verification -- Were the mitigation means verified for implementation? Was their effectiveness verified as well, i.e. was any objective evidence collected showing that the risks were reduced to an acceptable level? Is all this process properly and clearly documented?

These are two major and common pitfalls. If there's any slack on ISO 14971 compliance, it would show in these areas, I'm quite sure. If, however, the above are adequately addressed, most chances that the entire process ticks quite well.

Cheers,
Ronen.
 
A

ALICEqa

#7
Thank you all for this helpful information, I am so delighted as it has answered the exact question I was going to ask. <3 the cove
 
Thread starter Similar threads Forum Replies Date
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
A Including all Processes in Risk Management - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 8
T Using Risk Management in ISO 10993 - Medical Device Accessory 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk Management - Additional Process in ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
L Risk Management in an IVD, ISO 13485 certified company ISO 14971 - Medical Device Risk Management 2
S Informational Risk Management Implementation for ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 60
A Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 56
A Is Risk Management Process compliant to ISO 14971 in absence of Hazardous Situations? ISO 14971 - Medical Device Risk Management 5
Marc Are you looking for ISO 31000 - Risk Management Principles and Generic Guidelines? ISO 14971 - Medical Device Risk Management 1
Marc Are you looking for ISO 14971 - Medical Device Risk Management? Risk Management Principles and Generic Guidelines 1
C ISO 13485 - Documented Requirements for Risk Management ISO 13485:2016 - Medical Device Quality Management Systems 6
somashekar What are the ISO 13485 documented requirements for Risk Management? ISO 13485:2016 - Medical Device Quality Management Systems 13
Y ISO 31004 - Risk Management Implementation Guidance Risk Management Principles and Generic Guidelines 2
N ISO 14971:2007 vs. 2009 - Which Risk Management Standard is still accepted in the EU Other ISO and International Standards and European Regulations 2
E ISO 14971:2009 Risk Management Requirements CE Marking (Conformité Européene) / CB Scheme 2
G ISO Registrars/CBs citing for use of "Detection" in Risk Management ISO 14971 - Medical Device Risk Management 27
M ISO 14971 Medical Device Risk Management FAQ ISO 14971 - Medical Device Risk Management 43
M Risk Management Plan Template - ISO 14971:2007 Compliant ISO 14971 - Medical Device Risk Management 13
C Section 7.1 of ISO 13485 - Risk Management throughout Product Realization ISO 13485:2016 - Medical Device Quality Management Systems 7
D ISO 17025 and Calibration Laboratory Risk Management Requirements ISO 17025 related Discussions 1
C Scope of Risk Management in ISO13485 vs. ISO 14971/EU MDD ISO 14971 - Medical Device Risk Management 2
C ISO 14971 Clause 9 Requirements - Post-Production Monitoring and Risk Management ISO 14971 - Medical Device Risk Management 7
A Where can I buy EN ISO 14971:2009 (Medical Device Risk Management)? ISO 14971 - Medical Device Risk Management 11
Q ISO 14971 Class II Medical Devices - Product Realization & Risk Management ISO 14971 - Medical Device Risk Management 5
K ISO 62304 Software Risk Management and Medical Device Class IEC 62304 - Medical Device Software Life Cycle Processes 5
K Risk Management (ISO 31000) and AS9100C - Gap Analysis Template Needed Risk Management Principles and Generic Guidelines 2
K ISO 31000 - Implementing Risk Management in the Construction Industry? Risk Management Principles and Generic Guidelines 5
B ISO 9001:2008 and Risk Management ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B Application of Risk Management - ISO 14971 for a Tooling Manufacturer ISO 14971 - Medical Device Risk Management 18
M Risk management, ISO 13485 and ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 10
A ISO 9001 Project Management and Risk Analysis Requirements - Construction ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
R ISO 10993-1:2009 incorporating Risk Management published by ISO ISO 13485:2016 - Medical Device Quality Management Systems 1
M ISO 14971:2007 Risk Management - Class I A Sterile Medical Device ISO 14971 - Medical Device Risk Management 4
M Implementing Risk Management for Contract Manufacturers - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 12
K What is 'output of risk management' in ISO 13485, Cl 7.3.2(e).? ISO 13485:2016 - Medical Device Quality Management Systems 7
M ISO 14971 Risk Management Qualification of Personnel ISO 14971 - Medical Device Risk Management 5
Q ISO 14971 for Contract Manufacturers - Extensive risk management ISO 14971 - Medical Device Risk Management 16
V ISO 14971:2007 Application of Risk Management to Medical Devices ISO 14971 - Medical Device Risk Management 9
M ISO 14971 Risk Management questions and comments ISO 14971 - Medical Device Risk Management 38
V ISO 14971 Risk Management training courses in Montreal or Ottawa ISO 14971 - Medical Device Risk Management 1
V ISO 14971: 2007 Risk Management File - Separate file required for each product? ISO 14971 - Medical Device Risk Management 3

Similar threads

Top Bottom