Risk Management: Key Takeaways from Last Week’s ISO 13485:2016 Webinar

Risk Management: Key Takeaways from Last Week’s ISO 13485:2016 Webinar

Justin L. Smith, Manager of Product Management, Pilgrim Quality Solutions

Last week we hosted a webinar titled “Regulations, Risk, and Responsibilities: Closing the Gap on ISO 13485:2016 Compliance.” The webinar was presented by Dan O’Leary, President of OMBU Enterprises, and Kari Miller, Pilgrim’s Vice President of Regulatory and Product Management. If you were unable to attend the webinar, you can watch the Closing the Gaps in ISO 13485:2016 Compliance On-demand Webinar.

During the webinar, Dan presented several areas where the latest version of ISO 13485 will present significant challenges to medical device manufacturers. These areas include supplier management, complaint handling, integrating regulatory requirements into the quality system, and the way your company approaches risk.

Risk is Adding Complexity

Risk is adding a layer of complexity to ISO 13485:2016. That’s because the standard actually refers to two different kinds of risk and it isn’t always clear which one it is describing:

  • Device safety and performance risk
  • Risk of regulatory noncompliance

Device Safety and Performance Risk

Risk to device safety and performance is what typically comes to mind when you think of medical device risk. This includes considerations such as the risk that the device will not function as intended or that it will cause patient harm. ISO 13485:2016 strongly recommends (but does not require) that this type of risk be managed in accordance with the ISO 14971:2007 standards.

During the webinar, Dan provided a framework for how risk is controlled using ISO 14971 process standards. Perhaps more importantly, he also discussed the next step – risk management outputs should flow into product design to ensure that risk reduction measures are properly implemented and verified.

ISO 13485:2016

On-Demand Webinar

Regulations, Risk and Responsibility: Closing the Gaps in ISO 13485:2016 Compliance

ISO 13485:2016 Compliance

Risk Management and Process Control

The other side of risk involves taking a risk-based approach to process control. Process controls may affect either device safety or your ability to meet regulatory requirements. It’s important to review process controls in light of both types of risk, and to really understand your risk of regulatory noncompliance due to a process change. ISO 13485:2016 has additional clauses to ensure that quality system changes do not affect your organization’s ability to meet regulatory requirements in the countries where you market your device.

In many cases, ISO 13485:2016 (like GMP) asks you to ensure that the controls put in place are proportionate to risk, including in the areas below:

  • Controls over outsourced processes [4.1.5]
  • QMS software validation and revalidation [4.1.6]
  • Evaluating the effectiveness of actions related to competency [6.2]
  • Establishing criteria for the evaluation and selection of suppliers [7.4.1]
  • Addressing a supplier’s non-fulfilment of purchasing requirements [7.4.1]
  • Verification of purchased product [7.4.3]
  • Production software validation and revalidation [7.5.6]
  • Monitoring and measuring software validation and revalidation [7.5.6]

Pilgrim’s Perspective on Risk and ISO 13485:2016

From a quality system perspective, risk-based thinking and risk management should be embedded activities, not standalone processes. Pilgrim’s SmartSolve® solutions provide risk-based quality processes that direct the flow of system activity based on risk. This means that you’re automatically leveraging risk-based thinking in the quality processes you manage every day.

  • Quality Audits – Captures auditee risk (internal or supplier) as a part of the audit planning process to drive audit frequency and vigor.
  • Incoming Inspection – Automates sampling plans and inspection frequency for incoming material inspections based on supplier rating and risk.
  • Nonconformance and Corrective Action (CAPA) Creation – Ensures that CAPAs are created and prioritized for high-risk quality events.
  • Change Management – Allows specific cross-functional teams and business process workflows to be dynamically managed based on the risk of each proposed change.

Pilgrim has worked closely with our Customer Advisory Board to strengthen SmartSolve’s existing risk-based processes to align even more closely with ISO 13485:2016. We’re committed to our customers’ success in transitioning to the latest version of the standard.

What challenges are you facing as you transition to ISO 13485:2016? Please let us know in the comments area below.

Justin Smith

Product Management Director, Pilgrim Quality Solutions