SBS - The best value in QMS software

Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Examples

B

bmelissam

#1
We repackage, relabel and distribute devices, we do not complete manufacturing of medical devices. We will have an MDSAP audit in 2017 and need to meet the explicit Risk Based approach of 13485:2016. Looking for some examples of how others are meeting this requirement.

Specifically the MDSAP audit Model states under process management objective eidence will show whether the organization has:
G) Performed risk management planning and ongoing review of the effectiveness of risk management activities to ensure that policies, procedures and practices are established for analyzing, evaluating and controlling risk
 
Elsmar Forum Sponsor
R

randomname

#2
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

So how do you analyze, evaluate and control risks in the repackaging, relabeling and distribution of devices (as well as in contract review, purchasing, etc.)?
 
B

bmelissam

#4
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Yes, we have scheduled our audit for next year (2017), and coordinated with our certification body, it will for Canada and will be MDSAP audit for ISO 13485:2016.

We have implicit risk based approach, ie document control in place, tiered vendors for purchasing. We are considering completing risk management (identifying the risk via risk analysis, rating the risk level based on liklihood, severity, detection, performing process FMEA, evaluating residual risk etc.) This would be completed on the functions / processes by clause.

Another much simpler alternative is to have a high level document (SOP) that details our risk based approach by clause.

Looking for feedback or examples.

Thanks!
 

Project Man

Involved In Discussions
#5
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We are a ISO13485 job shop and things flow through in every shape, size, type, etc. but they all flow through our basic processes and how we assess risk at each basic step doesn't change. We have a single document that outlines our risk approach at each process. It's simple and effective because it clearly communicates and is easy to follow. It's a compass for everyone.
 

Wolf.K

Involved In Discussions
#6
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We have a SOP "Risk management", but as for 13485:2003 it is just valid for ISO 13485 7.1 "Planning of product realization" and 7.3 "Design and development". Currently I am planning the transition to 13485:2016.

For 9001:2015, I found several suggestions for the implementation of the new version. Most information is about the techniques which can be used for the risk-based approach (brainstorming, FMEA and so on, e.g. ISO 31000). But I also found some information regarding to the question "when and where" to use these techniques. But I wonder if I can adopt this 1:1 to 13485?
 
P

PeterTHunter

#7
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

We are currently facing the situation as well to define some "risk-based approach".
I think of splitting into:
- Procedure for Medical Device i.e. Product Risk Management Process
- Procedure for Quality System Risk Management Process (inspired by e.g. ICH Q9 Quality Risk Management)

The former one goes compliant with the ISO 14971 and focusses on products over the whole life cycle.
The latter one gives guidance for risk-based decision making on processes e.g. how to risk-rank processes, suppliers a.s.o. And which control measures are deemed to be required. It should provide guidance for a supply chain manager to assess suppliers and define appropriate measures as well as to a Process Owner.

As you might notice I am still at the stage of looking for concrete implementation recipes.

How have you dealt with the situation so far? What do you intend do you when ISO 13485:2016 and/or MDSAP audit will happen?
 
B

bmelissam

#8
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Attached is how we decided to address risk for each ISO Clause. We then went through and documented current risk controls in place, also identified when we required additional risk mitigation to take place based on the pre-determined risk acceptability. The documents will be living documents and re-versioned based on additional risk review/evaluation annually and signed off by the top management during management review.

We have our ISO audit in a few weeks.
 

Attachments

P

PeterTHunter

#9
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Thank you very much for sharing your ideas and the document.
It is a good thought to refer to some quality data,
 
R

Rockdog

#10
Re: Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Exam

Thank you bmelissam...a brilliant approach to the issue...kudos to you!!
 
Thread starter Similar threads Forum Replies Date
S Traceability of requirements to design and risk Design and Development of Products and Processes 3
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
Moncia All the risk assessments - ISO 9001:2015 requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
K Understanding Risk Management Requirements according to AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
C ISO 13485 - Documented Requirements for Risk Management ISO 13485:2016 - Medical Device Quality Management Systems 6
somashekar What are the ISO 13485 documented requirements for Risk Management? ISO 13485:2016 - Medical Device Quality Management Systems 13
A Risk Management - HIRARC Form Requirements Occupational Health & Safety Management Standards 4
V Medical Device Intended Use Document - Risk Analysis Documentation Requirements ISO 14971 - Medical Device Risk Management 12
E ISO 14971:2009 Risk Management Requirements CE Marking (Conformité Européene) / CB Scheme 2
E Meeting ISO 10993-1 2009 Material Risk Assessment Requirements Other Medical Device Related Standards 13
D CAPA FDA Requirements and Guidance related to the Risk Management File 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
K High Risk Medical Device Type Testing (China Requirements) China Medical Device Regulations 5
K High Risk Medical Device Type Testing in Korea (Requirements) Other Medical Device Regulations World-Wide 5
D ISO 17025 and Calibration Laboratory Risk Management Requirements ISO 17025 related Discussions 1
C ISO 14971 Clause 9 Requirements - Post-Production Monitoring and Risk Management ISO 14971 - Medical Device Risk Management 7
R TS 16949 Alternative Risk Assessment FMEA, Apendix C Requirements FMEA and Control Plans 5
E Compliance with AS9100 Rev C Risk Management Purchasing Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
E Essential Requirements for each type of Risk EU Medical Device Regulations 11
A ISO 13485 Risk Analysis Requirements for Wound Ointments ISO 13485:2016 - Medical Device Quality Management Systems 13
A Business Risk Analysis requirements for a New Project IATF 16949 - Automotive Quality Systems Standard 12
A ISO 9001 Project Management and Risk Analysis Requirements - Construction ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
P Risk Analysis and Risk Reduction requirements in 7.2.2.2 IATF 16949 - Automotive Quality Systems Standard 8
L ISO13485 Cl. 7.1 Process Flow (Product Realization & Risk Management requirements)? ISO 13485:2016 - Medical Device Quality Management Systems 2
G FDA Risk Management vs. CE Risk Management - Requirements Differences 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
U 1. Hardware Life Cycle; 2. Requirements tracking; 3. FMEA Risk Analysis ISO 13485:2016 - Medical Device Quality Management Systems 7
P Risk Analysis Requirements - Medical Devices Manufactured prior to 1998 ISO 13485:2016 - Medical Device Quality Management Systems 1
W ISO 14971 - Product Risk Analysis and Reviews - New requirements? ISO 14971 - Medical Device Risk Management 6
S ISO 13485 & ISO 14971 - Requirements for risk management ISO 14971 - Medical Device Risk Management 6
Q TS 16949 Clause 7.2.2.2 - Risk Analysis Requirements Explaination IATF 16949 - Automotive Quality Systems Standard 3
C Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 0
qualprod Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
C Risk Matrix vs FMEAs ISO 14971 - Medical Device Risk Management 3
S IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 4
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
D Deciding whether or not pre-market clinical investigation is required for low risk device EU Medical Device Regulations 5
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
_robinsingh Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 0
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
bryan willemot Contract Review and risk managment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4

Similar threads

Top Bottom