The quality
environment has evolved to require the use of a risk based approach throughout
the quality management system. ISO 13485:2016 Medical devices—Quality
management systems –Requirements for regulatory purposes published March 1,
2016, characterizes risk to include two components:
1) the safety or
performance requirements of the medical device
2) meeting
applicable regulatory requirements.
The 2016
version of ISO 13485 has an increased focus on risk compared to the prior 2003
edition of the standard. Risk management is now required throughout the quality
management system (QMS) rather than being specific to product development. A
risk based approach is needed for control of QMS processes.
Four
Qualities of a Comprehensive and Effective Risk Based QMS.
Strategic
Stand back
and think strategically prior to moving forward with implementation of the new
requirements for a risk based QMS. Consider the balance and interactions across
business risk, product risk, process risk and regulatory risk. In the end, the
goal is to do no harm to the health of people, property or the environment
while maintaining a nimble QMS that meets all regulatory requirements. It is
important to take into account the markets in which sales are anticipated to
occur over the course of several years such that requirements are not
overlooked causing audit nonconformities to arise.
Sensible
If the system
is not easy to follow and applied in a realistic manner, the results may be of
little value. It is human nature to resist change and imposed rules, particularly
when the benefits of the changes may not be readily apparent. The response to
implementation of the regulations often depends on the values of management;
thus keeping the QMS user in mind when developing the system will create the
environment for compliance rather than defiance. If the system becomes complex
and burdensome, the result may become a pile of paperwork that doesn’t meet the
intent of the regulations or improve company performance and may not be
effective in reducing physical injury or damage to the health of people, or
damage to property or the environment.
Connected
QMS processes
with associated inputs and outputs are interrelated, with management leading
the culture of compliance. Management commitment and follow-through drives the
benefit to each company.
Consistent
To maximize user compliance with the system and drive home a simple process, the same risk scheme can be applied in multiple QMS subsystems. For example, a scale such as low, medium and high, where the scales are clearly defined, can be utilized for supplier management, corrective and preventive actions (CAPA), nonconforming materials and complaints. All subsystems must be linked to operate efficiently.
User questions & answers