by Marci Crane
Localization Manager, MasterControl
For medical manufacturing professionals, the MD&M conferences and exhibits are some of the most valuable professional networking tools available. At MD&M East, medical manufacturing professionals, from the eastern United States and from areas spread across the world, meet together with regulatory, quality, compliance, and manufacturing experts to glean and share knowledge. Tracks covered over the course of the most recent conference, held June 13.-15, 2016, focused on “Market Value and Consumer Health, New Technologies, Big Data, and Mobile Product Risk.”
One of MasterControl’s most seasoned quality experts, Walt Murray, presented at the recent conference on risk management, which for the last two years has been an especially salient topic for medical device and medical manufacturing professionals. Between changes in the ISO 13485 regulations and the general management and coordination of regulations and standards across the medical manufacturing industry, risk management is changing in distinct ways that are affecting the medical device and manufacturing sectors.
Risk Management is NOT Enterprise, Project, or Financial Risk Management
- A Quality System process-based approach
- Business COQ orientation
- Sometimes referred to as “operational risk management”
- Sometimes called “safety risk management”
- Minimization of harm to the patient, user, or the environment
In his presentation, Murray also showed and demonstrated (using examples) how risk management can be seamlessly integrated with compliance management and quality management processes. These processes can “meet in the middle” as Murray showed with one of his visual diagrams and this “middle” can be referred to as systematic event management processes. To learn more about these processes and seamless integration contact Marci Crane at firstname.lastname@example.org to receive Murray’s complete slide deck.
Types of Operational Risk; FDA as an Example
- Business Continuity
Murray also shared principles for understanding the value of risk and for managing risk. These principles included those listed below. An effective organization should understand at all levels that risk management:
- Creates and protects value
- Is an integral part of all organizational processes
- Is part of decision making
- Explicitly addresses uncertainty
- Is systematic, structured and timely
- Is based on the best available information
- Is tailored
- Is aligned with external and internal context of a risk profile
- Takes human and cultural factors into account
- Is transparent and inclusive
- Is dynamic, iterative and responsive to controlled change
- Facilitates continual improvement in the organization
Risk Management Regardless of the Regulation or Standard Worldwide
Whether a medical device and/or medical manufacturing company is required to adhere to regulations and/or standards created and enforced in the U.S. the EU or other geographies throughout the world (e.g. Canadian quality regulations, the JHM adoption of the ISO 14971 manufacturing or product, of the TGA Annex 20 stipulations for the risk management process within a QMS) the company is surely in need of a good understanding and solid application of risk management principles and the integration of risk processes with in conjunction with additional quality processes.
Sometimes risk vigilance extends beyond the “typical” areas of risk management. In his presentation, Murray also expounds on environmental management (ISO 14001), health and safety management (ISO 18001), and finance/insurance/legal management (SOX) and how these can be managed in cohesive and efficient processes.