Risk Management integrated pub
-
Upload
manfred-walder -
Category
Documents
-
view
279 -
download
0
Transcript of Risk Management integrated pub
Integrated Risk ManagementHow to connect Risk Management throughout the Quality Management System
The disconnected Risk ManagementSeparation in Lifecycle:
•Risk Management in sub systems of the Quality Management System o Design/Product Risk Managemento Risk Management with your Supplierso Risk Management for Manufacturingo Post Market Risk Management
Separation in Method:•Patient/User focus, product focus, manufacturing focus, and supplier focus•Different severity scales (3, 5 or 10 point scales)•Different calculation of occurrences•Use of detectability
How to start with an integrated approach?• Get Senior Management approval for an integrated Risk
Management project• Appoint project lead and project team (team needs to
be cross functional)• Define Risk Management Integration Strategy and get
it approved by Senior Management• Include culture, system, goals and KPI’s into your
strategy
Integrated RM Strategy Elements
Culture Systems Goals & KPI’s
Focus of today’s presentation
It Starts with the Risk to the Patient/User
Hazard
Sequence of Events
Hazardous
Situation
Harm
Severity of Harm
Probability of Occurrence of
Harm RISK
Exposure
• Manage the risk associated with the use of a medical device (ISO14971)
• Understand the risks and benefits of a medical device
• Manage the risk by system, product family or therapy
P1
P2
P1 x P2
Risk Chain – Responsibility and Control
Functional Outputs (electrical current, thermal
energy, force)
Disturbances to the Environment
(EMC, debris, packaging)
Outputs from Device Attributes
(biocompatibility, sterility)
Hazards
Likelihood of Occurrence
Product Design and Manufacturing Product Use
Exposure
Hazardous Situation
Company Responsibility
Company Control Patient/HCP Control
Controlling the OutputsDesign Controlled Manufacturing
ControlledPatient/HCP Controlled
Functional Outputs
Specified, reviewed, verified and validated during design
Verified or validated processes used to confirm every product meets product specification.
Follow labels and approved procedures (Instructions for use, labels, surgical techniques, medical procedures)
Disturbances to the Environment
Identified and mitigated during design process. Limits established in Product Specification.
Controls established and/or inspections to verify products are within established limits.
Handle in prescript way (Instructions for use, labels)
Outputs from the Device Attributes
Identified during design process and documented in Product Specification
Mostly depends on validated processes to confirm product compliance.
Use in prescript way (Instructions for use, labels) Control Risk throughout the Product Lifecycle
Process to Output InteractionDesign Operations Quality
Device Outputs Examples
Design
Input
Design
Output
Design
Review
Design
Verification
Design
Validation
Design
Transfer
Supplier
Control
Receiving Inspectio
n
In process Inspectio
n
Process
Validation
Calibratio
n
Preventiv
e Maintenance
Label
Control
Complain
t Managemen
tCAP
A
Field Action
Change
Managemen
t
Nonconforming Material
Functional Outputs electrical current, thermal energy, force ● ● ◕ ● ●◑ ◕ ◔ ◕ ● ◕ ◔ ◕ ◔ ◔ ◕ ● ◔Disturbance to the Environment EMC, debris, packaging ◕ ◕◑ ◕◑◑◑ ◔ ◕◑ ◔ ◔ ◔ ◔ ◔ ◕ ◕ ◔Outputs from Device Attributes biocompatability, sterility ● ● ◕ ● ●◑ ◕ ◔ ○ ●◑ ◔ ◔ ◔ ◔ ◕ ● ◔
Legend: Definition:
●High interaction/broad scope Interaction means the ability of the process to create or change hazards
◕High interaction/narrow scope Scope means the ability of the process to impact a small or larger portion of the product population
◑Low interaction/broad scope
◔Low interaction/narrow scope
○No Interaction
Risk Management in Design• The severity of the Harm determines the severity of the Hazard• The severity of the Hazard determines the severity for each
device output • Each device output is specified within the operating limits of
the device• Anticipate use of the device outside the operating limits• Device output specifications and operating limits are verified
and validated during the design process.• The Device Master Record (DMR) documents the approved
product design for manufacturing• A well done and maintained Risk Plan and Risk Management
File (RMF) are a great starting point for the next product generation.
Concepts for integrationDesign Build Use
Verified and Validated Device Design
(DMR/RMF)
Products fully
compliant to Device Design
Risk Objective:• Manage applicable quality system,
sourcing, manufacturing and packaging processes to deliver only products which are 100% compliant to the design specification (DMR).
Concept:• Transpose severity of device
outputs to manufacturing and packaging process requirements.
• “What is the risk of not meeting the device specification?”
• Reduce likelihood of failing to meet specification for high risk specifications.
Delivery from Design Team: Expectation from Patient/User, Health Care Provider and Regulators:
Supply Chain Risk
Part
Part
Part
Part QualificationAdjust qualification requirements based on Risk Level e.g. PPAP
Supplier QualificationAdjust qualification requirements based on Risk Level e.g. supplier audits
SupplierIncoming Inspection
IQCAdjust inspection requirements and sampling plans
Manufacturing
Final Inspection
Final InspectionAdjust inspection requirements and sampling plans
Manufacturing
Risk Level Determination
Part number
Part Description
Device Classification
Part Risk
Supplier Risk
245765 Microcontroller256741 Test connector
• Determine a methodology for Risk Level assessment which works for your company and meets requirements
• Keep it easy to execute and integrated with available data sources
Bill of Material
Risk Inputs
Risk Level InputsDevice Classification
FDA Classification
1 Class I devices2 Class II devices3 Class III devices
Part Risk Description
1 Contributes to non critical device output
2 Contributes indirectly to critical device output
3 Contributes directly to critical device output
Supplier Risk Description
1 Well established manufacturing process, existing facility
2 n/a3 New manufacturing process, new
manufacturing facility, new inspection and test requirements
• Select appropriate rankings for your Risk Inputs
• Preferably these rankings are already available (e.g. through other processes)
Risk Level CalculationRisk Level Calculation:
Risk Level = Product Classification x Part Risk + Supplier RiskScore Risk Level
1-5 Low6-8 Medium
9-12 High
Part number
Part Description
Device Classification
Part Risk
Supplier Risk
Risk Level
245765 Microcontroller 2 2 1 5256741 Test connector 2 3 3 9
• Align the Risk Level calculation and scoring with the risk acceptability levels of your company and keep them consistent
• Verify your calculation method of Risk Levels before use
Example:
Risk Level based executionPart number
Part Description
Device Classification
Part Risk
Supplier Risk
Risk Level
Supplier Qualification
Part Qualification
245765 Microcontroller 2 2 1 5 Self Assessment 5 Sections256741 Test connector 2 3 3 9 On-site system
and process audit
16 Sections
Risk Level
Supplier Qualification Part Qualification
Low Supplier Self-assessment (supplier questionnaire)
COC, HSF, Component Specification, Packaging Specification, Labeling and Traceability
Medium Supplier on-site quality system audit
COC, HSF, Component Specification, Packaging Specification, Labeling and Traceability, FA Submission Warrant, FAI Report
High Supplier on-site quality system and process audit
COC, HSF, Component Specification, Packaging Specification, Labeling and Traceability, FA Submission Warrant, FAI Report, Process Capability Evaluation, Inspection Method, GR&R, Process Control Plan, Process Flow, IQ,OQ,PQ, Material Certification, Drawing Review, FMEA
Process Risk
Test System ValidationAdjust validation requirements based on Risk Level
CalibrationAdjust calibration intervals
Process ValidationAdjust OQ an PQ requirements based on Risk Level
Process Validation
Computer Software Validation
Calibration
Test System Validation
(MSR)
Computer Software ValidationAdjust validation requirements based on Risk Level
Process Capability/Gage R&R
Process Capability Measurement System Capability
Risk Level Best Good Best GoodHigh Cpk > 2 Cpk > 1.67 Cg > 2 Cg > 1.67Medium Cpk > 1.67 Cpk > 1.33 Cg > 1.67 Cg > 1.33Low Cpk > 1.33 Cg > 1.33
• Setting your validation up for success
• Concentrating resources where they are needed most
• Avoiding compliance gaps in supporting processes
True product variance
Measured product varianceMeasurement System Capability
Measurement System impact
Process Validation – Acceptance Sampling
Risk Level Confidence Level
Reliability Level
Attribute Data Sample
Size, c=0Variable Data Sample Size
***Poisson Data Sample
SizeHigh 95% 99% 299 *20 20
Medium 95% 95% 59 *20 20Low 95% 90% 29 *20 20
• Samples for process validation are often a challenge (e.g. small patches, cost, time to build)
• Put the focus and effort where the highest risk is
Reference: Crossley, Mark (2000) the Desk Reference of Statistical Quality Methods. 1st Ed., ASQ Quality Press.
Where C is the confidence level, R is the reliability, and n is the sample size. For 95% confidence level, C = 0.95Ref: Crossley 2000
Notes: * minimum sample size to assess process normality. ** should be used for microbiological evaluations of devices
Quality System Risk
KPI and TrendingEstablish critical limits and alerts based on Risk Level
Customer ComplaintsAdjust escalation requirements based on Complaint Code (Risk Level)
Nonconforming Material
Customer Complaint
sCAPAAdjust CAPA due dates based on Risk Level
KPI and Trending
CAPA HHE
Nonconforming MaterialAdjust escalation requirements based on Exception Type
Health Hazard EvaluationAdjust due dates based on Risk Level
CAPA – Feeder Information• Structure information in feeder processes so
they can be mapped easily to risk levels• Examples: defect coding, complaint coding, trending alerts
based on indicators• Allow for an adjustment of the risk level in the
CAPA system (with justification)• Advantages of having the risk level connected
with the source information:• Easier for an operator to assign a defect code rather than
assessing the impact to patient/user• Provides more consistent assignment of risk levels• Allows early phases of CAPA to be executed faster• For certain codes it allows to initiate a CAPA directly
Issue Investigation / CAPA Request
CAPA
Audi
ts
Cust
omer
Com
plai
nts
Nonc
onfo
rmin
g M
ater
ial
Man
agem
ent R
evie
w
Othe
r pro
cess
es
CAPA – Advantages of Risk LevelsHow can you use the Risk Level information in CAPA:
Thoroughness
• Establish different time lines for each CAPA phase based on Risk Level
• Create spare capacity to support fast timelines for high risk CAPA’s
Speed
Effectiveness
• Different requirements for tools used in root cause analyses
• Minimum requirements for cross functional team• Use different confidence levels and reliability levels based
on the identified risk (similar to validation acceptance sampling)
Conclusion• A fully integrated Risk Management System ALWAYS needs to
start with the risk to the patient/user• Managing risk by System, Product Family or Therapy can help
to make your risk management more effective and efficient• Well structured device outputs can help to align the risk
management between design and manufacturing• Establish one Risk Level assessment method and use it
consistently across the company• Connect all applicable sub systems to the Risk Levels• Differentiate on how you execute your processes based on
Risk Level to achieve higher compliance, effectiveness and efficiency.
Own it!Seek Solutions!Make it happen!
Thank You!
Manfred Walderwww.linkedin.com/in/manfredwalder