RISK VS. RISK
"Risk-based ...", a source of confusion to the medical products industries.
Some say this should be a
generalized approach throughout a company. This is partially correct. If a company is primarily addressing ISO
9001, then they are focused on ISO 31000, Risk Management, which addresses all
manner of business risk.
However, if we are dealing
with medical products, the U.S. FDA wants to see “risk” tied specifically to to
patient (and user) risk. The recently revised ISO 14971:2019 requires the patient risk be considered in all applicable company's QMS systems.
I have always recommended
that companies tie such key medical product risk-based decisions to a Product
Risk Document - ISO 14971 Risk
Management File / Review, or ICH Q9 file;
-
Cite specific line items, e.g., from a FMECA;
-
Include “Normal” as well as “Failure / Fault” in Hazard List / FMECAs.
“Risk” in FDA-regulated
industries usually means patient risk, not business, IT, legal, etc., risks,
though some are obviously tied together.
If you are marketing medical products both in the U.S. and EU / overseas,
then your documentation will have to clearly address both types of risk,
product / patient, and business.
ISO 14971 patient risk /
safety vs. ISO 31000 business risk / financial risk / schedule risk / compliance risk / “safety”, et al.
Understanding such patient
“risk” will determine how far to proceed on test cases, failure investigations
/ root cause analysis, degree of documentation, etc., needed to resolve a
medical product risk issue.
Additional references:
"FDA has identified a risk-based orientation as one of the driving principles of the CGMP initiative. The progress outlined below reflects FDA's commitment to the adoption of risk management principles that will enhance the Agency's inspection and enforcement program, which is focused on protecting the public health." (bottom paragraph, page 3; emphasis added).
- https://www.fda.gov/media/77391/download
Additional references:
"Pharmaceutical cGMPs for the 21st Century - A Risk-Based Approach", September 2004:
- https://www.fda.gov/media/77391/download
John E. Lincoln jel@jelincoln.com
Updated 05/23/2022; 06/20/2022
ISO 14971:2019 in its Introduction defines risk as 1) Patient risk; 2) User (clinician ...) risk; and/or 3) Use environment risk. - JEL 02/06/2023
ISO 14971 is risk management for devices (and the device's QMS); ICH Q9 is risk management for drugs. Recently, the FDA has also used "risk" in the context of security risk, especially related to cybersecurity issues, but even here the emphasis is on patient safety. - JEL 09/06/2023
... and CGMP compliance risk, which also emphasizes people risk. - JEL 10/20/2024
No comments:
Post a Comment