2
R ISK MANAGEMENT Applying Risk Management Principles to Your Quality System MPO • October 2007 24 W hile all manufacturers must perform risk management ac- tivities, they are most critical for medical device companies. Malfunc- tioning medical equipment poses high risks for consumers, and even small flaws can have tremendous impact on the OEM—including fines, product recalls and permanent damage to the company’s reputation. While every function in a com- pany should have its own policies regard- ing risk management, it is particularly important for the quality department. The risks associated with devices have obvious ties to product quality, and quality man- agers must work to minimize them at every stage of the design, production and post-production processes. While regulatory bodies acknowl- edge the importance of managing risk, it can be challenging to interpret best practices from the language of their standards. FDA 21 CFR Part 820 only mentions risk in the context of design validation. ISO 13485, the medical de- vice quality standard, recognizes that risk management should be performed throughout the product lifecycle but offers no specific guidance about best practices. ISO 14971, the risk manage- ment standard for medical device manufacturers, offers details on how to perform hazard analysis and risk mitigation. Because there are two sep- arate standards for quality manage- ment and risk management, it may seem logical to perform these func- tions separately. However, risk assess- ment and mitigation should be a part of every quality activity throughout the entire product lifecycle, from de- sign to manufacturing and post-deliv- ery quality control. In following a few guiding princi- ples to integrating quality and risk, manufacturers can strengthen their quality management function while minimizing the impact of harm to users of their products. Build Risk Management Into Devices Even in the earliest stages of product de- velopment, it is vital to perform risk man- agement activities. Before they begin design and development, manufacturers must identify the hazards their devices may pose. Quality team members should gather information about potential haz- ards from a number of sources, such as historical data, laws, codes and standards, informed hypotheses, industry research and customer feedback. When armed with a thorough, realistic understanding of the risk landscape, manufacturers can design safer devices. While careful quality planning makes it possible to eliminate certain risks, there are inherent risks in any manufacturing envi- ronment. It is the responsibility of manu- facturers to analyze the severity and likelihood of each potential risk, determine an acceptable level of risk, and develop programs to control them. Failure mode ef- fects analysis (FMEA) is a popular method for managing product-related risk. This technique helps manufacturers identify po- tential sources of failure and measure the consequences of defects. It also enables manufacturers to prioritize all potential failures when deciding on actions to help them reduce risk. The FMEA method is necessary not only for products, but also for manufac- turing processes. Manufacturers should devise control plans for any potential process failures, such as poorly trained employees and malfunctioning equip- ment. These plans should include steps Dan Riordan

Applying Risk Mgt to Quality

Embed Size (px)

DESCRIPTION

This document describes steps required in order to apply risk management to quality

Citation preview

  • RISK MANAGEMENTApplying Risk Management Principles to Your Quality System

    MPO October 200724

    While all manufacturers mustperform risk management ac-tivities, they are most criticalfor medical device companies. Malfunc-tioning medical equipment poses highrisks for consumers, and even small flawscan have tremendous impact on theOEMincluding fines, product recallsand permanent damage to the companysreputation. While every function in a com-pany should have its own policies regard-ing risk management, it is particularlyimportant for the quality department. Therisks associated with devices have obviousties to product quality, and quality man-agers must work to minimize them atevery stage of the design, production andpost-production processes.

    While regulatory bodies acknowl-edge the importance of managing risk,it can be challenging to interpret bestpractices from the language of theirstandards. FDA 21 CFR Part 820 onlymentions risk in the context of designvalidation. ISO 13485, the medical de-vice quality standard, recognizes thatrisk management should be performedthroughout the product lifecycle butoffers no specific guidance about bestpractices. ISO 14971, the risk manage-ment standard for medical devicemanufacturers, offers details on howto perform hazard analysis and riskmitigation. Because there are two sep-arate standards for quality manage-ment and risk management, it mayseem logical to perform these func-tions separately. However, risk assess-ment and mitigation should be a partof every quality activity throughoutthe entire product lifecycle, from de-sign to manufacturing and post-deliv-ery quality control.

    In following a few guiding princi-ples to integrating quality and risk,

    manufacturers can strengthen theirquality management function whileminimizing the impact of harm tousers of their products.

    Build Risk Management Into DevicesEven in the earliest stages of product de-velopment, it is vital to perform risk man-agement activities. Before they begindesign and development, manufacturersmust identify the hazards their devicesmay pose. Quality team members shouldgather information about potential haz-ards from a number of sources, such ashistorical data, laws, codes and standards,informed hypotheses, industry researchand customer feedback. When armed witha thorough, realistic understanding of therisk landscape, manufacturers can designsafer devices.

    While careful quality planning makes itpossible to eliminate certain risks, there areinherent risks in any manufacturing envi-ronment. It is the responsibility of manu-facturers to analyze the severity andlikelihood of each potential risk, determinean acceptable level of risk, and developprograms to control them. Failure mode ef-fects analysis (FMEA) is a popular methodfor managing product-related risk. Thistechnique helps manufacturers identify po-tential sources of failure and measure theconsequences of defects. It also enablesmanufacturers to prioritize all potentialfailures when deciding on actions to helpthem reduce risk.

    The FMEA method is necessary notonly for products, but also for manufac-turing processes. Manufacturers shoulddevise control plans for any potentialprocess failures, such as poorly trainedemployees and malfunctioning equip-ment. These plans should include stepsDan Riordan

    Risk Mangmnt:Risk Management 9/19/07 2:08 PM Page 24

  • 26 MPO October 2007

    RISK MANAGEMENT

    for minimizing the likelihood of thesefailures (requiring mandatory trainingsessions, scheduling regular calibrations)and steps for mitigating the impactshould such failures occur.

    Quality managers also must plan forrisks in the post-production phase. Theyshould ask themselves the followingquestions: What is the likelihood that thislabel would be misinterpreted by a doc-tor in a high-pressure situation? Is theproduct packaged to minimize damageduring shipping? What hazards mayoccur when a patient misuses my prod-uct? When device manufacturers accountfor every possibility, they minimize therisk of liability.

    It is imperative that manufacturersdocument all their risk managementactivities during the advanced productquality planning stage. This helps themdemonstrate their processes to regula-tory bodies and serves as a referencelater in the product cycle. An electronicdocument control system is best forstoring and organizing vast amounts ofproduct-related data, because it en-ables constant revision of documenta-tion with no confusion about whichversion is current. Systems with searchcapabilities enable easy search-and-retrieval of information. And compa-nies that have built-in processes forcommunicating changes to manage-ment for review and approval expediteefficient quality planning.

    Continually Perform Risk ActivitiesWhile quality planning is the critical firststep, it is vital that manufacturers continueto practice risk management long after thedesign and development phases. Consis-tent attention to risks during the manu-facturing process is the best way toimprove product safety and minimize theimpact of hazards.

    The quality department should establishwritten procedures for continual risk as-sessment and control. Management shouldimpress the importance of controlling risk

    on its employeeson a continual basisand reward those who demonstrate com-mitment to the companys risk policies.

    Risk management is particularly chal-lenging to device makers who outsourceall or part of their production. It is diffi-cult to regulate suppliers, but since theOEM will face the consequences of itsoutsourcing partners quality problems, itmust insist on rigorous risk managementstandards. While some OEMs might in-sist that suppliers adhere to the same riskmanagement policies they require, othersmight audit a supplier to ensure itsunique practices meet the OEMs stan-dards. To determine which method isbest, OEMs should evaluate the risk po-tential of outsourced products and partsas well as the level of trust they have fortheir suppliers, based on past perform-ance and company reputation.

    Continuous inspection and testing isthe best way to control risks, both fororiginal equipment and outsourcedgoods. Manufacturers and suppliersshould perform regular calibrations toprevent failure of manufacturing equip-ment. They also must regularly inspectfinished goods and collect and trend datato identify any larger product problemsthat may not immediately be evident.These processes should be detailed in thecontrol plan, and results always shouldbe documented.

    Re-evaluate Processes Based on Real-World CriteriaOnce a product is released on the market,quality managers must keep apprised ofdefects and failures to strengthen theirrisk management processes. Customercomplaints, customer surveys, non-con-formances, medical device reports andproduct recalls all are sources of informa-tion about product hazards. Quality man-agers must assess whether post-marketproblems exceed the level of acceptablerisk they determined during the qualityplanning stages. If so, they then mustpinpoint the issues cause, using methodssuch as fault tree analysis (FTA), which

    offers a top-down way to identify partfailure as a cause of functional failure.Companies that keep scrupulously de-tailed information about their qualityplanning, manufacturing processes andcustomers should be able to identify thesource of problems. From there, qualitymanagers must assess whether the ac-tions they took were sufficient to mitigatethe problem.

    If the risk controls proved inade-quate, or if problems arise that are out-side the scope of previously identifiedrisks, companies should adapt theirprocesses to account for these findings.Management may balk at the costs andefforts of changing product design ormanufacturing processes. But failing tocorrect inherent problems in the systemcan have major effects down the line.Companies that show willingness tolearn from their mistakes win favor withauditors and customers.

    * * *Because of the inherent risks involved inmanufacturing medical devices, compa-nies must define rigorous processes foridentifying, evaluating and controllingrisks. By building risk management intotheir quality processes, companies avoidgovernment censure and improve cus-tomer relations.

    Dan Riordan is the vice president of marketingfor IBS America. He joined the company10 years ago, bringing more than 25 yearsexperience in the technology industry workingwith organizations to provide customers withinnovative business solutions. Recently, he hasbeen instrumental in leading IBS entranceinto the medical device market.

    For 25 years, IBS' compliance manage-ment software solutions have helped thou-sands of companies realize the full benefitsof compliance, including reduced costand risk, improved customer satisfactionand higher profits. IBS is fully certifiedto ISO 9001. For additional information,visit IBS at www.ibs-us.com.

    Risk Mangmnt:Risk Management 9/19/07 2:08 PM Page 26


FINANCIAL RISK MGT 2003

FINANCIAL RISK MGT 2003

Documents
Country Risk Mgt

Country Risk Mgt

Documents
Risk Mgt - Journal on Enterprise Risk

Risk Mgt - Journal on Enterprise Risk

Documents
CreateReportSAPTreas Risk Mgt

CreateReportSAPTreas Risk Mgt

Documents
Commodity Finance Risk Mgt FYoussef.ppt

Commodity Finance Risk Mgt FYoussef.ppt

Documents
Risk Mgt Training

Risk Mgt Training

Documents
Asset Mgt Risk Outlook

Asset Mgt Risk Outlook

Documents
Credit Risk Mgt-DBBL

Credit Risk Mgt-DBBL

Documents
Comm. Bank Risk Mgt(Cb)

Comm. Bank Risk Mgt(Cb)

Documents
Risk Mgt (2)

Risk Mgt (2)

Documents
CORE0101 Oper Risk Mgt Assessment

CORE0101 Oper Risk Mgt Assessment

Documents
C4 Treasury Risk Mgt

C4 Treasury Risk Mgt

Documents
a129 Risk Mgt&Insurance

a129 Risk Mgt&Insurance

Documents
Financial Risk Analysis & Mgt - Copy

Financial Risk Analysis & Mgt - Copy

Documents
Credit risk mgt

Credit risk mgt

Business
Forex n Risk Mgt

Forex n Risk Mgt

Documents
Tax Risk Mgt

Tax Risk Mgt

Documents
Project Risk Mgt

Project Risk Mgt

Documents
Risk Mgt .Neeraj

Risk Mgt .Neeraj

Documents
Risk analysis and risk mgt

Risk analysis and risk mgt

Business
CURRENCY RISK & POLITICAL RISK MGT

CURRENCY RISK & POLITICAL RISK MGT

Documents
Wilks Tourism Risk Mgt

Wilks Tourism Risk Mgt

Documents
risk mgt and financial derivatives

risk mgt and financial derivatives

Documents
Industrial Safety & Risk Mgt

Industrial Safety & Risk Mgt

Documents
Perspectives in Supply Chain Risk Mgt

Perspectives in Supply Chain Risk Mgt

Documents
Enterprise Risk Mgt

Enterprise Risk Mgt

Documents
SF_8 UNIT4 Risk Reporting & Risk Mgt

SF_8 UNIT4 Risk Reporting & Risk Mgt

Economy & Finance
59246 risk mgt

59246 risk mgt

Documents
97445_633601199652031250 risk & disaster mgt

97445_633601199652031250 risk & disaster mgt

Documents
Risk Mgt in Power

Risk Mgt in Power

Documents