I agree with you that risk management is never a standalone process and it is also not a one-man's job. The best practice would be integrate the risk management with the quality management system. ISO13485 and ISO14971 are highly recommended to medical device companies, and maybe assess whether ISO27001 is necessary if the company is a SaMD manufacturer or software service company. There might be other relevant requirements, which is hard to cover everything in this discussion thread.
Original Message:
Sent: 08-Mar-2023 09:51
From: Nathan Blazei
Subject: Risk Management
No disagreement here with what you stated. And just a point of clarity that my post included a note about top management buying into the joint responsibility for risk management (i.e., they need to establish the policy and responsibilities and then enforce it throughout the lifecycle). Companies should not make the incorrect assumption that it is all on Quality's shoulders. Quality is important in this process, but not the sole party.
------------------------------
Nathan Blazei
Head of Quality & Regulatory Affairs
Morrisville NC
United States
Original Message:
Sent: 08-Mar-2023 09:07
From: Edwin Bills
Subject: Risk Management
You missed one group, Nathan, the one with the ultimate responsibility. ISO 14971:2019 places responsibility for resources and competent personnel as well as a policy for establishing risk acceptability with management
Additionally, top management "shall review the suitability of the risk management process at planned intervals". Thus an audit of the quality system described would result in findings against top management in the situation Zillery is describing.
------------------------------
Edwin Bills MEd, BSc, ASQ Fellow, CMQ/OE, CQE, CQA, RAC
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com
Original Message:
Sent: 08-Mar-2023 08:18
From: Nathan Blazei
Subject: Risk Management
Everyone involved in the design, development, preclinical and clinical evaluation, manufacturing, testing, storage, and distribution of product is responsible for managing risk. If it falls on one group (e.g., Quality), the risk management process will not be robust or effective. Small companies have more to lose if they make a mistake as it pertains to product safety risk, so it's really important to get top management to buy into the concept of a joint responsibility for risk management.
Nathan
------------------------------
Nathan Blazei
Head of Quality & Regulatory Affairs
Morrisville NC
United States
Original Message:
Sent: 07-Mar-2023 09:39
From: Zillery Fortner
Subject: Risk Management
May,
Do you think in smaller companies QA should be responsible for risk (suppliers, product, etc.)?
------------------------------
Zillery Fortner
Product Advisor QA/RA Life Science
Florence KY
United States
Original Message:
Sent: 24-Feb-2023 09:21
From: May Meng
Subject: Risk Management
In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management.
It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side.
Best regards
May
------------------------------
May Meng, PhD, RAC
Senior Consultant
Oxford
United Kingdom
Original Message:
Sent: 22-Feb-2023 08:59
From: Zillery Fortner
Subject: Risk Management
Hello!
I am in the process of gathering information on what people feel is their biggest risk challenge.
Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.
I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else.
Thank you for taking a second to answer. The only thing I am looking for is the pulse of our community.
------------------------------
Zillery Fortner
Product Advisor QA/RA Life Science
United States
------------------------------