1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Question on One Sentence in 7.1 of ISO 13485:2016

Discussion in 'ISO 13485 and ISO 14969 – Medical Devices QMS' started by Diane Hunt, Aug 28, 2018.

  1. Diane Hunt

    Diane Hunt New Member

    Joined:
    Aug 24, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    2
    Dear Colleagues,

    The second paragraph of section 7.1 of the standard has a rather odd requirement in it. It says we have to “document one or more processes for risk management in product realization.” What sort of “document” is meant here? Does this mean we need a procedure for doing risk management or does it mean we have to pick one ("or more") of the various “product realization” processes (such as the order acceptance process, the purchasing process, or any of the actual manufacturing processes) and document our risk analysis of them (for example, a Process Failure Modes and Effects Analysis)? Perhaps it means something else altogether. We are really struggling with understanding this one sentence!

    Thanks in advance to all who reply.

    Kind regards,
    Diane Hunt
    Portland, Oregon USA
     
  2. Marcelo Antunes

    Marcelo Antunes Active Member

    Joined:
    Jul 31, 2015
    Messages:
    55
    Likes Received:
    65
    Trophy Points:
    17
    This is one of the errors that ISO 13485:2016 has, because this is the one of only two instances where the standard requires you to "document a process" (the other one is in 6.2).

    This problem happened because the group decided to use only the word "document" instead of establishing, maintaining, etc. (this is explained in 0.2 -
    When a requirement is required to be “documented”, it is also required to be established,implemented and maintained) and ended up up changing those instances to document. However, in those two cases, it does not make sense (the correct way would be to require to document a procedure) but the group did not this problem (and I only noticed it when translating the standard to Portuguese). Anyway, the idea is to apply ISO 14971, as can be seen by the note.
     
    Atul Khandekar likes this.
  3. Diane Hunt

    Diane Hunt New Member

    Joined:
    Aug 24, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    2
    Dear Marcelo,

    Many thanks for the quick reply and for the insight in what the standard writers were thinking when revising ISO 13485. I can see how this got mixed up, but I would still like to ask if I'm understanding you correctly. If we have a documented procedure for risk management (especially if it takes ISO 14971 into account), would we meet this awkwardly-stated requirement?

    Kind regards,
    Diane
     
  4. Marcelo Antunes

    Marcelo Antunes Active Member

    Joined:
    Jul 31, 2015
    Messages:
    55
    Likes Received:
    65
    Trophy Points:
    17
    \

    Not only to have a procedure, but to establish, implement and maintain it, too (only having the procedure does not meet the requirement, you have to show that you are applying it). Also, please note that although I mentioned that the idea is to follow ISO 14971, this is not mandatory (for several reasons).
     
  5. Diane Hunt

    Diane Hunt New Member

    Joined:
    Aug 24, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    2
    Dear Marcelo,

    Ah yes! We would (of course!) "establish, implement, and maintain" that procedure, too. For us, that goes without saying, but I imagine there are companies that write procedures they have no intention of following.

    Again, I thank you heartily for your reply....which I will now run with!

    Kind regards,
    Diane
     
    Atul Khandekar likes this.