Risk Management (ISO 14971:2007) Internal Audit Checklist

medwise

Involved In Discussions
Hi Everyone,

I'm scheduled to audit the risk management of a class IIb electrosurgical forceps. I was wondering if anyone can provide/guide me an internal audit checklist for risk management as per ISO 14971:2007.

Even few open and closed ended questions for internal audit of risk management will be helpful.

Note - the current RM is based on 2000 version (1st edition).

Any help will be much appreciated.

Thanks in advance.

Kind regards
Romit:thanx:
 

sagai

Quite Involved in Discussions
I cannot really think of any check-list, apart from a kind of check-list having all clauses of the standard lined up to find evidence or encouragement for.
But regardless this could be a check-list i would not really advocate it.

You cannot go wrong if you have the principles of the standard in your mind and you look into the corresponding part of the QMS to see a level of compliance as well as the activities are carried out as part of RM.

Cheers!
 

medwise

Involved In Discussions
Thank you Sagai for your response.

The company in question is a very small organisation and currently has just the basics in place i.e. ISO 14971:2000. I can only take a gradual improvement approach rather bombarding them with a lot of things to do.However, I understand that the regulations are same for large and small companies regardless.

I was looking for some simple checklist which can help them get on track on first place. Say if you were conducting an internal audit for a class IIb device, what 7 -10 critical questions will you be focusing on to ensure that they can cross the bridge from first edition to 2007 version.

Regards
Romit
 

yodon

Leader
Super Moderator
If you get a copy of the standard, there's a nice flowchart in Annex B that can guide you through the process and determine if they are complying.

Beyond that, maybe a few thoughts..

Do they have a Risk Management Plan? This should lay out the approach, including what their measurement criteria are (e.g., severity levels, occurrence factors, thresholds, etc.). (So then the obvious audit question would be, based on the Plan, are they following it?)

Have they identified hazards? Typically, the table in Annex E is used to guide this process. The table provides a broad spectrum of where hazards can arise.

Have they identified and quantified risks? This is most often done in an FMEA or a set of FMEAs (but alternate methods are very much allowed).

Have they identified mitigations to reduce the risk? Are those mitigations verified for implementation and effectiveness?

Do they periodically review and update the hazards and risks based on feedback from use? Do they re-assess risk when changes occur?

Not comprehensive by any means but hopefully it helps set the stage.
 

Ronen E

Problem Solver
Moderator
Thank you Sagai for your response.

The company in question is a very small organisation and currently has just the basics in place i.e. ISO 14971:2000. I can only take a gradual improvement approach rather bombarding them with a lot of things to do.However, I understand that the regulations are same for large and small companies regardless.

I was looking for some simple checklist which can help them get on track on first place. Say if you were conducting an internal audit for a class IIb device, what 7 -10 critical questions will you be focusing on to ensure that they can cross the bridge from first edition to 2007 version.

Regards
Romit

Hi,

Given this setup, I wouldn't even go for a checklist. Instead, I would look at just 2 things:

(a) Risk acceptability criteria -- Is a policy for setting them in place? Were the acceptability criteria clearly defined, in line with this policy? Were these criteria applied with integrity and consistency?

(b) Risk reduction verification -- Were the mitigation means verified for implementation? Was their effectiveness verified as well, i.e. was any objective evidence collected showing that the risks were reduced to an acceptable level? Is all this process properly and clearly documented?

These are two major and common pitfalls. If there's any slack on ISO 14971 compliance, it would show in these areas, I'm quite sure. If, however, the above are adequately addressed, most chances that the entire process ticks quite well.

Cheers,
Ronen.
 
A

ALICEqa

Thank you all for this helpful information, I am so delighted as it has answered the exact question I was going to ask. <3 the cove
 
Top Bottom