Regulatory Open Forum

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

One example I would point out is the tendency to equate producing FMEA(s) with performing risk management.  Admittedly, such a tool can provide valuable input into the risk management process, but relying solely on this method makes consideration of risk outside of single-fault conditions difficult.  Likewise, proper risk analysis and evaluation will likely suffer without additional methods.  Unfortunately, some articles, practitioners and even auditors do not recognize this which allows the practice to continue. 

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

We usually think of business risks and product/patient safety risks as different kinds of things, with different risk management processes. It's challenging when they intersect, for example when supply chain disruptions force design changes.

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

Business Risks and Product Safety Risks are two entirely different things, managed by two separate and distinct systems.  ISO 14971 Clause 1-Scope (typically not read by users of the standard, but very important) states, "This document does not apply to: [2nd dash] business risk management".  The proper document for business risks is ISO 31000, but don't try to develop a system which mingles the two different processes.  Product Safety should always be the first consideration.  Think of it as if you would be the first patient to use the device you developed, would you be willing to accept the risk?

Don't confuse the two.  A company in France caused the creation of the new MDR regulation by determining that the cost of medical grade silicone in breast implants was too high, so they substituted industrial grade silicone.  The resulting harm to patients was one of the big reasons for the MDR and the denial of the use of business cost to accept risk.  Don't use cost to overrule safety.  The use of Benefit-Risk Analysis is now mandated in the MDR and the ISO 14971 standard to make product risk acceptability decisions.

We usually think of business risks and product/patient safety risks as different kinds of things, with different risk management processes. It's challenging when they intersect, for example when supply chain disruptions force design changes.

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

Edwin,

I agree they are very different. But... 

My experience, unfortunately, has been that cost will override quality/risk.  Executives seem to enjoy the old-school game of Risk.  I don't know how to change that mindset. 

Business Risks and Product Safety Risks are two entirely different things, managed by two separate and distinct systems.  ISO 14971 Clause 1-Scope (typically not read by users of the standard, but very important) states, "This document does not apply to: [2nd dash] business risk management".  The proper document for business risks is ISO 31000, but don't try to develop a system which mingles the two different processes.  Product Safety should always be the first consideration.  Think of it as if you would be the first patient to use the device you developed, would you be willing to accept the risk?

Don't confuse the two.  A company in France caused the creation of the new MDR regulation by determining that the cost of medical grade silicone in breast implants was too high, so they substituted industrial grade silicone.  The resulting harm to patients was one of the big reasons for the MDR and the denial of the use of business cost to accept risk.  Don't use cost to overrule safety.  The use of Benefit-Risk Analysis is now mandated in the MDR and the ISO 14971 standard to make product risk acceptability decisions.

We usually think of business risks and product/patient safety risks as different kinds of things, with different risk management processes. It's challenging when they intersect, for example when supply chain disruptions force design changes.

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

We usually think of business risks and product/patient safety risks as different kinds of things, with different risk management processes. It's challenging when they intersect, for example when supply chain disruptions force design changes.

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

Hey,

I spent many nights during the first part of COVID writing justification letters.  For larger companies, there seem to be gaps in collaboration or consistency in how things are done.  In smaller companies, it seems that everything is dumped on QA.  If I had to choose one place to apply risk it would be supplier quality. I feel strongly that supplier quality can make and break companies.  The problem is people are overwhelmed and have no clue how to start.  

We usually think of business risks and product/patient safety risks as different kinds of things, with different risk management processes. It's challenging when they intersect, for example when supply chain disruptions force design changes.

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

May,

Do you think in smaller companies QA should be responsible for risk (suppliers, product, etc.)?

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

May,

Do you think in smaller companies QA should be responsible for risk (suppliers, product, etc.)?

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

Everyone involved in the design, development, preclinical and clinical evaluation, manufacturing, testing, storage, and distribution of product is responsible for managing risk. If it falls on one group (e.g., Quality), the risk management process will not be robust or effective. Small companies have more to lose if they make a mistake as it pertains to product safety risk, so it's really important to get top management to buy into the concept of a joint responsibility for risk management. 

Nathan

May,

Do you think in smaller companies QA should be responsible for risk (suppliers, product, etc.)?

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

You missed one group, Nathan, the one with the ultimate responsibility. ISO 14971:2019 places responsibility for resources and competent personnel as well as a policy for establishing risk acceptability with management  

Additionally, top management "shall review the suitability of the risk management process at planned intervals". Thus an audit of the quality system described would result in findings against top management in the situation Zillery is describing.  

Everyone involved in the design, development, preclinical and clinical evaluation, manufacturing, testing, storage, and distribution of product is responsible for managing risk. If it falls on one group (e.g., Quality), the risk management process will not be robust or effective. Small companies have more to lose if they make a mistake as it pertains to product safety risk, so it's really important to get top management to buy into the concept of a joint responsibility for risk management. 

Nathan

May,

Do you think in smaller companies QA should be responsible for risk (suppliers, product, etc.)?

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community. 

No disagreement here with what you stated. And just a point of clarity that my post included a note about top management buying into the joint responsibility for risk management (i.e., they need to establish the policy and responsibilities and then enforce it throughout the lifecycle). Companies should not make the incorrect assumption that it is all on Quality's shoulders. Quality is important in this process, but not the sole party.

You missed one group, Nathan, the one with the ultimate responsibility. ISO 14971:2019 places responsibility for resources and competent personnel as well as a policy for establishing risk acceptability with management  

Additionally, top management "shall review the suitability of the risk management process at planned intervals". Thus an audit of the quality system described would result in findings against top management in the situation Zillery is describing.  

Everyone involved in the design, development, preclinical and clinical evaluation, manufacturing, testing, storage, and distribution of product is responsible for managing risk. If it falls on one group (e.g., Quality), the risk management process will not be robust or effective. Small companies have more to lose if they make a mistake as it pertains to product safety risk, so it's really important to get top management to buy into the concept of a joint responsibility for risk management. 

Nathan

May,

Do you think in smaller companies QA should be responsible for risk (suppliers, product, etc.)?

In addition to Christopher's comment, another common pitfall for small MD company is to really think the risk management process as a continuous loop, the post market collected information need to feedback into risk management. 

It is good to know that your tier 1 suppliers are doing well. It can be a potential risk for many companies. We were suggested to have two suppliers for the critical components in case of supply disruption/shortage. Another commonly seen problem with suppliers is change control management, sometimes there is delayed notice of changes on the suppliers side. 

Best regards

May

Hello!

I am in the process of gathering information on what people feel is their biggest risk challenge. 

Example: I am a RA of a small medical device company and we don't have a computer system we do everything manually, which takes too much time and there are lots of errors because of opinions.

I work as a quality supplier and we incorporate risk to our tier 1 suppliers but the results do not trigger anything else. 

Thank you for taking a second to answer.  The only thing I am looking for is the pulse of our community.