Great comments, Jonathan. As always read the entire standard for the requirements (Forward, Introduction, and Clauses 1-10 in 14971) and also the guidance in Annexes A-C, and the entire ISO TR 24971 guidance where ch has some great information and examples.
Original Message:
Sent: 29-Mar-2024 06:24
From: Jonathan Amaya-Hodges
Subject: Responsible Function for Risk Management File
In addition to what Kevin said, I recommend considering Section 4.3 of ISO 14971:2019, "Persons performing risk management tasks shall be competent on the basis of education, training, skills, and experience appropriate to the tasks assigned to them. Where appropriate, these persons shall have knowledge and experience with the particular medical device (or similar medical devices) and its use, the technologies involved or the risk management techniques employed. Appropriate records shall be maintained."
Regardless of function & title, this should be considered to ensure personnel leading or applying RM are competent - and, of course, one can always seek in-depth training to address this.
I have traditionally seen RM led/primarily handled by Quality Engineering or Development Engineering as they would commonly meet the criteria described above. However, that certainly would not preclude others.
Finally, I'll draw attention to the Note in this section - that RM can be performed by several functions, "each contributing their specialist knowledge." I would personally encourage cross-functional participation in RM throughout the product's lifecycle (and would be wary about attempts to solely assign this to one specific function).
Good luck!
------------------------------
Jonathan Amaya-Hodges
Director, Technical Services
Suttons Creek, Inc.
United States
jamaya-hodges@suttonscreek.com
Original Message:
Sent: 28-Mar-2024 18:02
From: Kevin Randall
Subject: Responsible Function for Risk Management File
First, take a deep breath and make sure your emotions don't get the best of you and undermine your credibility in case there is a detail that you might be overlooking.
Next, consider that, for the medical device sector, you and your SOP should assure that your risk management process complies with ISO 14971 / EN ISO 14971 [as amended; versions chosen based on the applicable jurisdiction(s); hereinafter "14971"]. Specifically, per 14971, the "manufacturer" shall establish the Risk Management File (RMF). Neither 14971 nor its guidance ISO/TR 24971 prescribe further details about specifically who within the manufacturer is responsible for creating/maintaining the RMF other than to place the ultimate responsibility on Top Management.
Thus, operationally speaking, 14971 gives us (i.e., all stakeholders on all sides of the discussion) flexibility to decide and assign via the Risk Management Plan (RMP) which particular person, personnel, group, department, etc., shall create/maintain the RMF. I've seen this be Regulatory, Quality, or Engineering. 14971 permits any of these, and maybe even others such as document control, though I wouldn't feel comfortable unless at least one of the first three was closely involved.
Accordingly, a few questions to ask yourself and be versed on before you push too far in the discussion:
• What does the subject RMP state?
• What does your SOP state?
• What does your document/record control SOP state?
• What does your design/development control SOP state?
All of these need to be aligned with one another and the stakeholders along with the aforesaid 14971 parameters.
------------------------------
Kevin Randall, ASQ CQA, RAC (Europe, U.S., Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright by ComplianceAcuity, Inc. All rights reserved.
Original Message:
Sent: 28-Mar-2024 12:06
From: Anonymous Member
Subject: Responsible Function for Risk Management File
This message was posted by a user wishing to remain anonymous
In all the years that I have been in Regulatory Affairs, creating risk management files has always been the responsibility of QA. I am receiving for the first time in my 19 years in regulatory, pushback that this is a regulatory function. Could someone please let me know your experience in this area?