13485cert

Risk Management – It’s Not My Job

In Contract Manufacturers, International Standard, ISO, ISO 14971, Medical Device, QA, QC, Quality, Quality Management Systems, Risk Analysis, Risk Management, Supplier Audit, Supplier Audits, Supplier Qualification, Supplier Quality on January 5, 2011 at 4:12 am

There’s no deeper meaning to this week’s YouTube selection. I just thought I would share one of my favorite guitar soloists with you. The recording quality is only good, but just watching Tim play reveals how freakishly good he is. I highly recommend the live CD with Dave Matthews and Tim Reynolds. If someone knows of a better quality recording that I can post in my blog, please let me know.

Have you experienced a discussion similar to this?

Auditor: “How do you manage risk throughout the production process?”

Auditee: “That is the responsibility of our customers. We will prepare a risk analysis if customers pay for it, but usually customers do the risk analysis.”

Most contract manufacturers in the medical device industry exclude design from their Quality Management Systems. Unfortunately, most of the contract manufacturers also associate risk management with only the design process. Risk Management cannot be “not applicable” in an ISO 13485 Quality Management System. The requirement of section 7.1 is: “The organization shall establish documented requirements for risk management throughout product realization. Records arising from risk management shall be maintained.” The Standard also references ISO 14971 as a source of guidance on Risk Management.

                For a contract manufacturer, compliance with ISO 14971 is not my primary concern as an auditor. My primary concern is to verify that contract manufacturers analyze risks associated with the processes that they perform and do their best to minimize those risks. What I don’t understand is why more companies don’t want to have strong risk management process. Risk management is how we prevent bad things from happening. Bad things like scrap, complaints and recalls. Should we expect our suppliers to have a strong risk management process?

                Duh.

                Contract manufacturers should be doing everything they can to get better at risk management. During pre-production planning they should be asking, “What happens if…” The contract manufacturer knows best HOW things will fail in production, while the customer knows best WHAT happens when things fail in production. In order to be safe and effective, both companies need to collaborate on risk analysis.

                The reason companies avoid doing risk analysis is because it’s time consuming and tedious.

                 Too bad, so sad.

                 Balancing my checkbook is time consuming and tedious too, but I balance my checkbook to prevent an overdraft charge. Not doing risk analysis can be much more painful. Scrapping out a part can cost tens or hundreds of dollars. Complaints can cost thousands of dollars. Recalls can cost millions of dollars.

                If I owned a contract manufacturing company, I would make sure that everyone in the company is involved in risk management, because we don’t want scrap, we can’t afford mistakes that lead to complaints, and a recall will put us out of business.

Advertisements
  1. PS – Sometimes device failures result in death.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: