Internal Auditor Training
Download
Report
Transcript Internal Auditor Training
Risk Management
An integral part of the Quality Management System
Instructor:
Angelo Scangas
Quality Support Group, Inc.
[email protected]
978-430-7611
www.qualitysupportgroup.com
Quality Support Group, Inc.
Risks related to product safety
Integration of risk management into
QMS applies to ALL stages of product’s
life cycle
Elements of risk management fit well into
several of the quality system elements
(ISO 13485 for example)
Applicable standard - ISO 14971:2007
Quality Support Group, Inc.
Risk Management
The requirements that it contains
provide a framework within which
experience, insight and judgement are
applied systematically to manage risks.
Risk management is a complex subject.
Each stakeholder places a different
value on the probability of harm
occurring and on the detriment that
might be suffered on exposure to a
hazard.
Quality Support Group, Inc.
Risk Management
It is accepted that the concept of risk
has two components:
the probability of the occurrence of harm,
that is, how often the harm may occur;
the consequences of that harm, that is,
how severe it might be.
The acceptability of a risk to a
stakeholder is influenced by these
components and by the stakeholder’s
perception of the risk.
Stakeholders - medical practitioners, the
organizations providing health care,
governments,
industry, patients and
Quality Support Group, Inc.
members of the public.
Risk Management Flow
Risk Analysis
Hazard Identification
Estimation of risks for the consequences of
each hazard
Risk Evaluation
Acceptability of risks that have been
evaluated
Quality Support Group, Inc.
Risk Management Flow
(cont’d)
Risk Control
Process through which decisions are
reached
Protective measures to reduce, eliminate
unacceptable risks
Post Production Information
Establish new design safety requirements
Baseline for future risk management of
similar designs
Quality Support Group, Inc.
Risk Management File
A Risk Management File should
exist (or other appropriate files
referred to, e.g., design history
files, technical files, device
master records, process
validation, post market
surveillance/ customer
feedback, etc).
Document controls should be
applied
Quality Support Group, Inc.
The overall process specified
Risk Management File
Std states that it need not physically
contain ALL the documents but at least
references or pointers to required
documentation
Quality Support Group, Inc.
Terminology
It is very beneficial to list common terms
on hazards and or patient (human)
harms
Quality Support Group, Inc.
Management Responsibilities
Should begin with top management
Management can demonstrate
commitment by establishing
State approach in helping determine what
is an acceptable risk
Provide resources, include trained
personnel
Review the results at defined intervals
Quality Support Group, Inc.
Risk Management
Risk management applied throughout
product realization
Spans whole life cycle of product
Planning of product realization
Customer related processes
Design and development
Purchasing, production, servicing
provisions
Post marketing/ customer feedback
information
Quality Support Group, Inc.
Risk Management cont’d
Objective is NOT to eliminate ALL risks,
rather to reduce to acceptable level
Formalized brainstorming session of
predicting potential failure modes and
hazards
Quality Support Group, Inc.
ISO 14971:2007
Risk Management Process
Quality Support Group, Inc.
Identification of hazards
Information can come from published
data, competitive device information,
simulated tests, clinical evidence (see
4.4 of ISO 14971) experience from
previous designs…
Appendix A of ISO 14971 can be useful
tool to develop initial checklist
Quality Support Group, Inc.
Intended use and identification
of characteristics related to
safety of device
List the quantitative and qualitative
characteristics that could affect the
safety of the device
Formal list of known or foreseeable risks
in both normal and fault conditions
Quality Support Group, Inc.
Risk Estimation
For each hazard (normal and fault
conditions) the risk should be estimated;
Where they cannot a listing of the
possible consequences of the hazard
shall be prepared
Any system for qualitative, quantitative of
probability (likelihood) OR severity
estimates shall be recorded
For estimation of risk (sometimes
referred to as “likelihood”) see section of
4.4 of ISO 14971
Quality Support Group, Inc.
Severity
Ranking
Severity
Level
Severity Definitions (possible actions associated with potential failure)
1
Very Low
Minor nuisance, may effect product appearance, not used in patient; no patient
safety concern, possible performance degradation
E.g. Cannot prep device/system, not used in patient, select another
device/system
2
Low
Degraded performance, may remove and replace device/system, may extend
invasive procedure time; no patient safety concern, degraded performance
E.g. Used in patient, removed due to degraded performance, select another
device/system
3
Moderate
Requires unplanned but not uncommon medical management, with or without
degraded performance; moderate patient safety concern
E.g. Filler remnant in parent artery, additional anticoagulant medication given
E.g. Distal emboli, attempt to retrieve emboli
4
High
5
Very High
Requires unplanned medical intervention with or without prolonged hospital stay
to prevent or mitigate serious injury or death; high safety concern
E.g. Rupture of aneurysm or parent artery
Likely to cause death or serious permanent injury; catastrophic safety-related
effects
E.g. Catastrophic aneurysm rupture with hemorrhagic and/or ischemic stroke
and/or permanent neurological deficit
Quality Support Group, Inc.
Failure mode likelihood levels
1. 1/10,000 or less frequent (10-4)
2. between 1/1000 and 1/10,000
3. between 1/100 and 1/1000
4. from 1/10 to 1/100
5. more frequent than 1/10
Quality Support Group, Inc.
Failure mode detectability
levels
High detectability
Failure is visually evident and likely to be
noticed by a trained operator
Medium detectability
Product or process is specifically tested or
monitored for this failure mode
Low detectability
Failure mode is neither visually evident nor
specifically tested or monitored
Quality Support Group, Inc.
Severity/ Frequency example
Quality Support Group, Inc.
Risk estimation cont’d
Risk estimation can be qualitative or
quantitative. Annexes E and F in ISO
14971 provide some details on how
Other techniques for estimation include:
Published standards, scientific data,
reportable incidents on competitive
devices, clinical trial evidence, expert
opinions, etc
Quality Support Group, Inc.
Risk Evaluation
ISO 14971 states “Risk evaluation, for
each hazard, mfr. decides whether
estimated risk so low risk reduction need
not be pursued.”
Quality Support Group, Inc.
Risk Control
When risk reduction is necessary the
manufacturer should identify risk control
measures by:
Providing inherent safety measures by
design
Protective measures on the medical device
itself
Providing information for safety
(instructions for use, labeling, etc.)
Quality Support Group, Inc.
Risk control cont’d
If it is impracticable to reduce risk with
risk controls a risk/ benefit analysis of
remaining risk should be documented
All risk control measures should be
verified; ISO 14971 defines verified as
“Confirmation by examination and
provision of objective evidence that
specified requirements have been met”
Quality Support Group, Inc.
Risk control cont’d
Residual risk evaluation after risk control
measures applied and verified. If
residual risk unacceptable, further risk
controls are necessary (unless
impracticable and then risk/ benefit
statement needed).
Risk benefit
Review published literature on medical
benefits to see if risk outweighed by
benefits
Quality Support Group, Inc.
Risk control cont’d
Were other new risks generated with risk
control measures?
The overall completeness of the risk
evaluation should be assessed
Quality Support Group, Inc.
Risk Management Flow Chart
Quality Support Group, Inc.
Flow chart cont’d
Quality Support Group, Inc.
Post Production information
A procedure AND PLAN shall exist that requires
a review gained by the device or similar devices
in post production phase that reveals potential:
Previously unrecognized hazards
If estimated risk is no longer acceptable
If original assessment is otherwise
invalidated
FORGOT TO MENTION DESIGN
CHANGES!!!
ENGINEERING CHANGE CONTROL AS
WELL!!!
Quality Support Group, Inc.
Purchasing and Acceptance
Criteria
Risk to patient, consumer could occur
with outsourced processes, services as
well
Specified purchase requirements
determined with risk control measures
Selection, evaluation and re-evaluation
of suppliers also based on risk of
identified hazards
Quality Support Group, Inc.
Production Process Control
Assessments of risks, e.g., process
FMEA, can help
“Bottoms up approach vs top down
approach”
Starting with individual processes, steps
and assessing their impact on failure of
product
Quality Support Group, Inc.
Production cont’d
Equipment
Calibration, preventive maintenance
considered?
Work environment and personnel
Environmental conditions (humidity, spatial
separation, pest control)
Health, cleanliness
Gowning procedures, cleaning of the clean room?
Process Validation
Quality Support Group, Inc.
Servicing
Repair and maintenance of product
Lack of controls can adversely affect
product
Quality Support Group, Inc.
CAPA risk management
An integral part of CAPA to help
determined severity (complaints, service
reports, manufacturing defects, supplier
audits, etc.)
Facilitates closed loop process to ensure
any previously unrecognized risks are
identified and if risk estimation still
acceptable and valid
Quality Support Group, Inc.
Post Market Surveillance/
Customer Feedback
A concerted effort to gain knowledge
from post production (literature search,
input from sales/ distributor staff,
competitive information, etc.) that might
have an impact on the risk management
file.
Quality Support Group, Inc.
That’s a wrap.
Questions?
+’s and Δ’s
Quality Support Group, Inc.