What are the ISO 13485 documented requirements for Risk Management?

[somashekar]

At clause 7.1, the standard calls for establishing documented requirements for risk management throughout product realization.
What exactly is it asking for ? A documented procedure ??? or something else...

 

[Marcelo]

Re: Documented requirements for risk management... What exactly ?

It's in fact requiring that the system has risk-based decisions (process-based risk).

The clarification text in the last draft of ISO 13485 is:

4.1.3 For each quality management system process, the organization shall
a) establish documented requirements for risk management within the processes

We are hoping this makes it more clear. There's also some other clarifying links to risk management in several parts of the revised text.

(Although IMHO it would be better to require a separate product and process risk management system )

 

[sagai]

(

Although IMHO it would be better to require a separate product and process risk management system

Exactly!

 

[Ronen E]

The organization shall establish documented requirements for risk management throughout product realization.

Product Realization is a process, meaning, its a mechanism that takes inputs and yields outputs. Fortunately, it's not a black box, and we can say what it comprises.

Risk management is the activity of making sure that risks are kept at an acceptable level.

The workings of the product realization mechanism present all sorts of risks, for various stakeholders. Its outputs present risks as well. The manufacturer is required to establish methods (and document them in a way that binds staff) aimed at ensuring that all these risks are kept at (or brought to) an acceptable level. In my understanding, the specifics of where (in the QMS) to document these binding methods are up to the manufacturer, as long as there's a good coverage of the entire mechanism of Product Realization and its outputs.

Cheers,
Ronen.

 

[AgnieszkaSz]

I doubt whether it will be useful for Americans, but in Europe, there is the standard EN ISO 14971 "Medical devices - Application of risk management to medical devices". It supports the general requirements of EU Directives and is generally used in the industry. It is also very comprehensive, quotes other standards that may be applicable.

 

[DianaBC]

ISO 14971 current revision

Does anyone know what is current version for ISO 14971?
I found the revision from 2007 on a website; but the auditor asked me to purchase the revision from 2012. Where do I find such revision?
Some "lightning" would be much appreciated.

 

[sagai]

Wow, I have never heard that auditors are book agents

for the ISO version, you are okay with your 2007 version.
For an EN version, you may need to have a read of the 2012 version and I am not sure if you have one for Romania, the one we are looking into is the BSI version.

Only for my curiosity, is your company is a manufacturer of a medical device?

Regards

 

[Pads38]

Does anyone know what is current version for ISO 14971?

As Sagai has suggested the current ISO version is the 2007 version.

The current EN version is 2012.

That can be found (in English) for a bargain price here:

http://www.evs.ee/products/evs-en-iso-14971-2012

Note that the text of the standard has not changed. The only changes are the addition of the "Z" annexes. The preview from the same site includes the "Z" annexes so you could just grab the preview and add it to your existing standard.

Do also check out the discussions on the implications on the 2012 version over on the 14971 forum.

 

[DianaBC]

Yes, it is a medical device manufacturing company, BUT on contract; to be more clear: we manufacture according to customer specification, we do not have CE mark

 

[sagai]

Okey-Dokey ...

So than ... as a contract manufacturer ... in what extent are you facing with ISO14971?

Many thanks.
Regards