Risk Management Plan Template - ISO 14971:2007 Compliant

Marcelo

Inactive Registered Visitor
#1
Hello all.

Some time ago someone asked me about a risk management plan template.

I´ve compiled a first version of a template in english with some guidance, with a focus on being compliant with ISO 14971 requirements. it´s a first version so it´s really ugly :p.

Please note that I generally have concerns related to templates because people usually think that these activities and processes are like a cake recipe. They are not. This template will be compliant with ISO 14971 requirements if you:

1 - correctly understand ISO 14971 requirements
2 - use the template as a guidance for compiling a risk management plan
3 - create the correct, expected information
4 - review the plan you created against ISO 14971 to verify if there´s a need to add any other information due to your medical devices/processes

I think I will also create some other templates to documents required by medical device standards, but it will take some time.

Comments are welcome!
 

Attachments

Elsmar Forum Sponsor
L

louis6161

#2
One comment: I Think the Management responsibilities should be one part of the risk managment plan.
 

Marcelo

Inactive Registered Visitor
#3
Hello Louis 6161 and welcome to the Cove.

Thanks for your comment.

The risk management plan is for a device, meaning, it´s device-specific.

The management responsibilities requirements of ISO 14971 (3.2) is for the general risk management process, not directly linked to any device. This is also true to 3.1 and 3.3.
 

sagai

Quite Involved in Discussions
#4
First of all thank you for the template.
However, i should note, this template indicates me that it based on some organizational and cultural pre-assumption and as such could give an impression for the Reader coming from different organizational and cultural background, that his/her way is not appropriate.
But it could be absolutely okay, regardless this template far not applicable to his/her recent practice as regard to Risk Management.
Regards!
 

Marcelo

Inactive Registered Visitor
#5
Hello Sagai

No, it's not based on any organizational or cultural background, I created it from scract following the requiremens of the standard.

And yes, I'm pretty sure that a lot of poeple will think it's different from their recent practice in risk management (that's exactly why I crrated it :))
 

sagai

Quite Involved in Discussions
#6
:cool:
What if, there is no named Risk Manager?
What if there is no named Risk Management Process Team?
What if there is no communication between RM team and others, because there is no such distinction?
What if Risk Acceptable Criteria is really can not be set universally for the total product?

So if there is a company not having such elements (and have passed several audits over the years), than ... we should have just to comply with this template?

Regards!
 

Marcelo

Inactive Registered Visitor
#7
What if, there is no named Risk Manager?
This is a filled example.
What if there is no named Risk Management Process Team?
Not the name, but the standard requires that you define people which performs risk management activities - this is what I called the RM Team (which can be 1 person)

What if there is no communication between RM team and others, because there is no such distinction?
So you are saying the risk management process is the only proces in the manufacturer? Didn't understand your comment.

What if Risk Acceptable Criteria is really can not be set universally for the total product?
The standard requires that you define the risk acceptability criteria for the product under the plan.

So if there is a company not having such elements (and have passed several audits over the years),
Passing an audit does not mean that you comply with the standard - this is a common general misconception. In the case of risk management, this is so true that a lot of research has showed that, in the EU, most of the manufacturers do not comply with ISO 14971 (alghouth claiming compliance).
 
Last edited:
M

Mor628

#8
Dear Marcelo,

I've been following your posts, searching for answers regarding the risk management process. In our recent audit, we had a minor NC for risk management process flow and residual risk.

From what the auditor asked me, I understand that a customer complaint (or any post-production information) should feed back into the risk management process.

My question is where does it feedback to? Back to Residual risk, where I assess whether the failures identified in the complaint have been covered in the residual risk? And if they have what would be my next step?

What if it is not covered in the residual risk?

Please help me. I've been at this for days and no where near a complete understanding of the process.
 

rob73

looking for answers
#9
Hi Mor628
The way we treat PMS is to evaluate the failure and see if it it covered by any hazard identified during the initial RM (4.3 ISO 14971:2012), if not the the risk management report requires updating with the new hazard introduced, following through risk estimation, risk evaluation, risk control etc etc. Now this might mean a design change if the risk is deemed to be severe in which case we would start a new risk management process for the new design.
If there is no new hazard or risk posed, the information is noted in the RM file and a justification for no further RM action is placed in the CAPA (or complaint) file.
I hope this helps.
 
M

Mor628

#10
Thank you so much Rob!!!! That's really helpful.

What if instead of product complaint, it's about final inspections or receiving & incoming inspections from suppliers? Does that also feedback into the RM process? At the moment none of my potential risks cover anything other than the product itself. Will I need to create a RM file just for inspections?
 
Thread starter Similar threads Forum Replies Date
H Risk Management Plan in agile process ISO 14971 - Medical Device Risk Management 14
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
N Non conformance Report to Risk Management-Plan ISO 14971 - Medical Device Risk Management 16
U Product Level Software Risk Management Plan and Report ISO 14971 - Medical Device Risk Management 2
E How to write a Validation Risk Management Plan for Equipment ISO 14971 - Medical Device Risk Management 5
T Medical Device Risk Management Plan ISO 14971 - Medical Device Risk Management 11
T Developing the Risk Management Plan - Risk Management Policy and Objectives ISO 14971 - Medical Device Risk Management 25
Y Risk Management Plan for Medical Device - ISO 14971 ISO 14971 - Medical Device Risk Management 1
T Risk Management Plan for a Mature Product - ISO 14971 ISO 14971 - Medical Device Risk Management 2
Q Risk Management Plan for a Class III Medical Device (Bone Void Filler) ISO 13485:2016 - Medical Device Quality Management Systems 5
J HELP NEEDED ! Risk Management Exercise ISO 14971 - Medical Device Risk Management 12
O Should a Covid vaccine and testing policy be included as part of ISO9001 or AS9100 risk management? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 10
D Does Risk Management apply to re-labeler (MDR) EU Medical Device Regulations 1
U Supply risk management Manufacturing and Related Processes 4
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 5
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12

Similar threads

Top Bottom