Reduce risk by management review

E

evan_kim90

Involved In Discussions
Hi,

I have a question regarding risk control measures.
I am making risk management plan for QMS and I am using management review as risk control measure,
EX). Risk - missing standard / Hazard - Inadequate documents control / Risk control measure - Training & Management review

The reason I used management review as a risk control measure, we must discuss any standard change during management review, so it is a good tool to use as a periodic review and update.

Is it a bad idea or not to use it as a risk control measure?
 
Y

yodon

Leader
Super Moderator
I'll vote on the side of "bad idea."

You're not controlling anything. And how would you show that's effective in reducing any risk?

You're doing what's appropriate by discussing standard changes (and hopefully state of the art, issues with similar products, etc.). You're really just driving updates to the risk file and assessing whether your risk management process is effective.
 
H

Hi_Its_Matt

Involved In Discussions
Hi @evan_kim90,
You have posted this question in the ISO 14971 section, but it looks to me like you are doing a QMS-process risk assessment. Can you clarify what type of risk assessment you are performing?

If you are talking about a risk assessment for a specific medical device, then I agree with @yodon that this is not appropriate.
If you are talking about QMS process risk assessment, then it may be appropriate, but I would also argue that the type of analysis you are doing is overkill.

ISO 13485, in clause 4.1.4, requires that organizations “apply a risk based approach to the control of the appropriate processes needed for the quality management system.” I don’t interpret this to mean that you must apply or perform an ISO 14971-style risk analysis process, or an FMEA-style failure analysis process to your quality management system processes. In fact, ISO 14791 is not even referenced by this clause. It is referenced only in Clause 7.1 Planning of Product Realization, in referenced to “documenting one or more processes for risk management in product realization.”
 
E

evan_kim90

Involved In Discussions
yodon said:
I'll vote on the side of "bad idea."

You're not controlling anything. And how would you show that's effective in reducing any risk?

You're doing what's appropriate by discussing standard changes (and hopefully state of the art, issues with similar products, etc.). You're really just driving updates to the risk file and assessing whether your risk management process is effective.
Click to expand...
Hi, @yodon Thanks for the clarification. Actually, I agree with you. It was my idea to consider that a management review might work for risk control, but it catches issues but does not control them. Probably, internal audits make more sense to reduce risk because they will catch and take action as well. Thanks for your opinion.
 
E

evan_kim90

Involved In Discussions
Hi_Its_Matt said:
Hi @evan_kim90,
You have posted this question in the ISO 14971 section, but it looks to me like you are doing a QMS-process risk assessment. Can you clarify what type of risk assessment you are performing?

If you are talking about a risk assessment for a specific medical device, then I agree with @yodon that this is not appropriate.
If you are talking about QMS process risk assessment, then it may be appropriate, but I would also argue that the type of analysis you are doing is overkill.

ISO 13485, in clause 4.1.4, requires that organizations “apply a risk based approach to the control of the appropriate processes needed for the quality management system.” I don’t interpret this to mean that you must apply or perform an ISO 14971-style risk analysis process, or an FMEA-style failure analysis process to your quality management system processes. In fact, ISO 14791 is not even referenced by this clause. It is referenced only in Clause 7.1 Planning of Product Realization, in referenced to “documenting one or more processes for risk management in product realization.”
Click to expand...
Hi, @Hi_Its_Matt. Thanks for your opinion. There was lack of information from standards so confusing for kind of this issue but your opinion gave me a other way to think. Thanks!
 
Y

yodon

Leader
Super Moderator
evan_kim90 said:
Probably, internal audits make more sense to reduce risk
Click to expand...
Um, no, that's really no different.

Risks are controlled by implementing means for inherent safety by design, protective measures, or information for safety. An internal audit (or management review) can do none of those things. They can identify areas to address, but they cannot control any risks.
 
E

evan_kim90

Involved In Discussions
yodon said:
Um, no, that's really no different.

Risks are controlled by implementing means for inherent safety by design, protective measures, or information for safety. An internal audit (or management review) can do none of those things. They can identify areas to address, but they cannot control any risks.
Click to expand...
Hi, @yodon But if we find issue from internal audit, normally we process NC or CAPA and that can be control of risk. No?
 
Y

yodon

Leader
Super Moderator
evan_kim90 said:
if we find issue from internal audit, normally we process NC or CAPA and that can be control of risk. No?
Click to expand...
A nonconformity MAY drive an update to the risk file / design changes that control risk, but finding one isn't controlling the risk. What you do about the finding could be managing the risk.
 
H

Hi_Its_Matt

Involved In Discussions
Evan, to be clear, are you doing a product specific risk analysis? If so what is the Harm (i.e. “injury”) you are trying to mitigate? What is the potential source of that Harm?
 
E

evan_kim90

Involved In Discussions
Hi_Its_Matt said:
Evan, to be clear, are you doing a product specific risk analysis? If so what is the Harm (i.e. “injury”) you are trying to mitigate? What is the potential source of that Harm?
Click to expand...
Hi, I was doing risk based approach for QMS because that was one of auditors finding.
 
You must log in or register to reply here.

Similar threads

E
Labelling can be use as risk control..?
2
Replies
16
Views
841
d_addams
D
V
Traceability in risk analysis
Replies
1
Views
225
Tidge
T
S
Questions on Hazard Analysis (addition of similar hazardous situations, assessment of overall residual risk)
Replies
2
Views
176
d_addams
D
V
Combining risk analysis with 5M Method and how much systematically makes sense
Replies
9
Views
631
Vetty007
V
V
What to include in the risk analysis table?
Replies
2
Views
564
Vetty007
V
Top Bottom