Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Examples

#1
We repackage, relabel and distribute devices, we do not complete manufacturing of medical devices. We will have an MDSAP audit in 2017 and need to meet the explicit Risk Based approach of 13485:2016. Looking for some examples of how others are meeting this requirement.

Specifically the MDSAP audit Model states under process management objective eidence will show whether the organization has:
G) Performed risk management planning and ongoing review of the effectiveness of risk management activities to ensure that policies, procedures and practices are established for analyzing, evaluating and controlling risk
 
Elsmar Forum Sponsor
R

randomname

#2
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

So how do you analyze, evaluate and control risks in the repackaging, relabeling and distribution of devices (as well as in contract review, purchasing, etc.)?
 
#4
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Yes, we have scheduled our audit for next year (2017), and coordinated with our certification body, it will for Canada and will be MDSAP audit for ISO 13485:2016.

We have implicit risk based approach, ie document control in place, tiered vendors for purchasing. We are considering completing risk management (identifying the risk via risk analysis, rating the risk level based on liklihood, severity, detection, performing process FMEA, evaluating residual risk etc.) This would be completed on the functions / processes by clause.

Another much simpler alternative is to have a high level document (SOP) that details our risk based approach by clause.

Looking for feedback or examples.

Thanks!
 

Project Man

Involved In Discussions
#5
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We are a ISO13485 job shop and things flow through in every shape, size, type, etc. but they all flow through our basic processes and how we assess risk at each basic step doesn't change. We have a single document that outlines our risk approach at each process. It's simple and effective because it clearly communicates and is easy to follow. It's a compass for everyone.
 

Wolf.K

Involved In Discussions
#6
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We have a SOP "Risk management", but as for 13485:2003 it is just valid for ISO 13485 7.1 "Planning of product realization" and 7.3 "Design and development". Currently I am planning the transition to 13485:2016.

For 9001:2015, I found several suggestions for the implementation of the new version. Most information is about the techniques which can be used for the risk-based approach (brainstorming, FMEA and so on, e.g. ISO 31000). But I also found some information regarding to the question "when and where" to use these techniques. But I wonder if I can adopt this 1:1 to 13485?
 
#7
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We are currently facing the situation as well to define some "risk-based approach".
I think of splitting into:
- Procedure for Medical Device i.e. Product Risk Management Process
- Procedure for Quality System Risk Management Process (inspired by e.g. ICH Q9 Quality Risk Management)

The former one goes compliant with the ISO 14971 and focusses on products over the whole life cycle.
The latter one gives guidance for risk-based decision making on processes e.g. how to risk-rank processes, suppliers a.s.o. And which control measures are deemed to be required. It should provide guidance for a supply chain manager to assess suppliers and define appropriate measures as well as to a Process Owner.

As you might notice I am still at the stage of looking for concrete implementation recipes.

How have you dealt with the situation so far? What do you intend do you when ISO 13485:2016 and/or MDSAP audit will happen?
 
#8
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Attached is how we decided to address risk for each ISO Clause. We then went through and documented current risk controls in place, also identified when we required additional risk mitigation to take place based on the pre-determined risk acceptability. The documents will be living documents and re-versioned based on additional risk review/evaluation annually and signed off by the top management during management review.

We have our ISO audit in a few weeks.
 

Attachments

#9
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Thank you very much for sharing your ideas and the document.
It is a good thought to refer to some quality data,
 
#10
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Thank you bmelissam...a brilliant approach to the issue...kudos to you!!
 
Thread starter Similar threads Forum Replies Date
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
Moncia All the risk assessments - ISO 9001:2015 requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
K Understanding Risk Management Requirements according to AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
C ISO 13485 - Documented Requirements for Risk Management ISO 13485:2016 - Medical Device Quality Management Systems 6
somashekar What are the ISO 13485 documented requirements for Risk Management? ISO 13485:2016 - Medical Device Quality Management Systems 13
A Risk Management - HIRARC Form Requirements Occupational Health & Safety Management Standards 4
V Medical Device Intended Use Document - Risk Analysis Documentation Requirements ISO 14971 - Medical Device Risk Management 12
E ISO 14971:2009 Risk Management Requirements CE Marking (Conformité Européene) / CB Scheme 2
E Meeting ISO 10993-1 2009 Material Risk Assessment Requirements Other Medical Device Related Standards 13
D CAPA FDA Requirements and Guidance related to the Risk Management File 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
K High Risk Medical Device Type Testing (China Requirements) China Medical Device Regulations 5
K High Risk Medical Device Type Testing in Korea (Requirements) Other Medical Device Regulations World-Wide 5
D ISO 17025 and Calibration Laboratory Risk Management Requirements ISO 17025 related Discussions 1
C ISO 14971 Clause 9 Requirements - Post-Production Monitoring and Risk Management ISO 14971 - Medical Device Risk Management 7
R TS 16949 Alternative Risk Assessment FMEA, Apendix C Requirements FMEA and Control Plans 5
E Compliance with AS9100 Rev C Risk Management Purchasing Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
E Essential Requirements for each type of Risk EU Medical Device Regulations 11
A ISO 13485 Risk Analysis Requirements for Wound Ointments ISO 13485:2016 - Medical Device Quality Management Systems 13
A Business Risk Analysis requirements for a New Project IATF 16949 - Automotive Quality Systems Standard 12
A ISO 9001 Project Management and Risk Analysis Requirements - Construction ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
P Risk Analysis and Risk Reduction requirements in 7.2.2.2 IATF 16949 - Automotive Quality Systems Standard 8
L ISO13485 Cl. 7.1 Process Flow (Product Realization & Risk Management requirements)? ISO 13485:2016 - Medical Device Quality Management Systems 2
G FDA Risk Management vs. CE Risk Management - Requirements Differences 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
U 1. Hardware Life Cycle; 2. Requirements tracking; 3. FMEA Risk Analysis ISO 13485:2016 - Medical Device Quality Management Systems 7
P Risk Analysis Requirements - Medical Devices Manufactured prior to 1998 ISO 13485:2016 - Medical Device Quality Management Systems 1
W ISO 14971 - Product Risk Analysis and Reviews - New requirements? ISO 14971 - Medical Device Risk Management 6
S ISO 13485 & ISO 14971 - Requirements for risk management ISO 14971 - Medical Device Risk Management 6
Q TS 16949 Clause 7.2.2.2 - Risk Analysis Requirements Explaination IATF 16949 - Automotive Quality Systems Standard 3
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33

Similar threads

Top Bottom