Embed Size (px)
Citation preview
Slide 1 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Creating a Risk-Based CAPA Process
ISO14971
ISO 13485, Clause 8.5.2 /
8.5.3
Slide 2 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Inputs to the CAPA Process
CAPA is the heart of a Quality Management System (QMS) and indicates how effective the QMS is:
CAPA’s
Risk Analysis
MAUDE
Clinicals
Effectiveness
Service
Mngt. Review
Internal Audits
VOC SurveysNCMR’s
Complaints
Validation
Slide 3 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Where is risk as in Input?
CAPA’s
Risk Analysis
MAUDE
Clinicals
Effectiveness
Service
Mngt. Review
Internal Audits
VOC SurveysNCMR’s
Complaints
Validation
Slide 4 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Why Risk-Based?• 21 CFR 820 – 1 instance of the word “risk”• ISO 9001:2008 – 3 instances of the word “risk”• ISO 9001:2015 – 43 instances of the word “risk”• ISO 13485:2003 – 4 instances of the word “risk”• ISO 13485:2015 – 47 instances of the word “risk”
“13485 Plus” is a guidance document that was published by the Canadian Standards Association in February 2006. I have been recommending it over all other guidance documents for quality system implementation since 2010. It mentions the word “risk” 60 times.
http://bit.ly/13485Plus
Slide 5 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
14971 Plus - http://bit.ly/ShopCSA
Slide 6 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
14971 Plus =Standard + Gap + Bonus Tools
Slide 7 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Bonus Tools in 14971 Plus
Slide 8 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Risk Management is a Process
4 – Risk Analysis
5 – Risk Evaluation
6 – Risk Control
7 – Residual Risk Acceptability
8 – Risk Management Report
9 – Production & Post-production Info
RiskAssessment
RiskManagement
Slide 9 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Risk is Filter & Prioritization Tool
CAPA
CAPA
Quality Issues
Quality Plan
Risk Analysis
Trend Analysis
Formal CAPA
We use a risk-based approach
We always initiate a CAPA
“Death by CAPA”
Slide 10 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Mitigation vs. Control• In the 2007 version of ISO 14971, the term
“mitigation” was removed.
• Mitigation implies elimination of risks, while control implies reducing and monitoring risks.
Slide 11 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Corrective Action (ISO 9001:2015)• Clause 10.2 – Nonconformity & Corrective Action
– 10.2.1 When a nonconformity occurs, including those arising from complaints, the organization shall:
a) react to the nonconformity, and as applicable:1. take action to control and correct it;2. deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
1. reviewing the nonconformity;2. determining the causes of the nonconformity;3. determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;d) review the effectiveness of any corrective action taken;e) make changes to the quality management system, if necessary.Corrective actions shall be appropriate to the effects of the nonconformities encountered.NOTE 1 In some instances, it can be impossible to eliminate the cause of a nonconformity.NOTE 2 Corrective action can reduce the likelihood of recurrence to an acceptable level.– 10.2.2 The organization shall retain documented information as evidence of:a) the nature of the nonconformities and any subsequent actions taken;b) the results of any corrective action.
Slide 12 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Definition of Risk in ISO 9001• ISO 9001:2015, Clause 3.09 [Source: ISO DIS 9000:2014, 3.7.4] - effect of
uncertainty on an expected result– Note 1 to entry: An effect is a deviation from the expected — positive or
negative– Note 2 to entry: Uncertainty is the state, even partial, of deficiency of
information (3.50) related to, understanding or knowledge (3.53) of, an event, its consequence, or likelihood.
– Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:209, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
– Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
– Note 5 to entry: The term “risk” is sometimes used when there is only the possibility of negative consequences
Slide 13 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Preventive Actions in ISO 9001:2015
Annex A.4 – Risk-based Approach“One of the key purposes of a quality management system is to act as a preventive tool. Consequently, this International Standard does not have a separate clause or sub-clause titled 'Preventive action’. The concept of preventive action is expressed through a risk-based approach to formulating quality management system requirements.”
Slide 14 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Corrective Action (ISO 13485:2015)Clause 8.5.2 – The organization shall take action to eliminate the cause of nonconformities in to prevent recurrence. Corrective actions shall be appropriate to the effects of the nonconformities encountered. The organization shall document a procedure to define requirements for:a) reviewing nonconformities (including complaints);b) determining the causes of nonconformities;c) evaluating the need for action to ensure that nonconformities do not recur;d) planning and documenting action needed and implementing such action in
a timely manner, including, as appropriate, updating documentation;e) verifying that the corrective action does not adversely affect the ability to
meet applicable regulatory requirements or the safety and performance of the medical device; and
f) reviewing the effectiveness of corrective action taken.Records of the results of any investigation and action taken shall be maintained
Slide 15 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Preventive Action (ISO 13485:2015)Clause 8.5.3 – The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems. The organization shall document a procedure to describe requirements for:a) determining potential nonconformities and their causes,b) evaluating the need for action to prevent occurrence of nonconformities,c) planning and documenting action needed, and implementing such action in
a timely manner, including, as appropriate, updating documentation,d) verifying that the action does not adversely affect the ability to meet
applicable regulatory requirements or the safety and performance of products, and
e) reviewing the effectiveness of the preventive action taken, as appropriate.Records of the results of any investigations and of action taken shall be maintained
Slide 16 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
21 CFR 820.100a) Each manufacturer shall establish and maintain procedures for implementing corrective and preventive
action. The procedures shall include requirements for:1) Analyzing processes, work operations, concessions, quality audit reports, quality records, service
records, complaints, returned product, and other sources of quality data to identify existing and potential causes of nonconforming product, or other quality problems. Appropriate statistical methodology shall be employed where necessary to detect recurring quality problems;
2) Investigating the cause of nonconformities relating to product, processes, and the quality system;3) Identifying the action(s) needed to correct and prevent recurrence of nonconforming product and
other quality problems;4) Verifying or validating the corrective and preventive action to ensure that such action is effective
and does not adversely affect the finished device;5) Implementing and recording changes in methods and procedures needed to correct and prevent
identified quality problems;6) Ensuring that information related to quality problems or nonconforming product is disseminated
to those directly responsible for assuring the quality of such product or the prevention of such problems; and
7) Submitting relevant information on identified quality problems, as well as corrective and preventive actions, for management review.
b) All activities required under this section, and their results, shall be documented.
Slide 17 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Containment & Correction• 21 CFR 820.90 – Control of Nonconforming
Product (new language in ISO 13485:2015, Clause 8.3)
• 21 CFR 806 – Recalls/Corrections & Removals
Slide 18 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Risk Controls• Inspection – 21 CFR 820.80
• Process Validation – 21 CFR 820.75
Slide 19 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
21 CFR 820.250Statistical Techniquesa) Where appropriate, each manufacturer shall establish and
maintain procedures for identifying valid statistical techniques required for establishing, controlling, and verifying the acceptability of process capability and product characteristics.
b) Sampling plans, when used, shall be written and based on a valid statistical rationale. Each manufacturer shall establish and maintain procedures to ensure that sampling methods are adequate for their intended use and to ensure that when changes occur the sampling plans are reviewed. These activities shall be documented.
Slide 20 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Definition of Risk in ISO 13485
• ISO 13485:2015, Clause 3.14 [Source: ISO 14971:2007, definition 2.16] – combination of the probability of occurrence of harm and the severity of that harm
P1 & P2 from Annex E of ISO 14971:2007
Slide 21 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Hazard vs. Harm• ISO 14971, Clause 2.3 – Hazard is a “potential
source of harm”[ISO/IEC Guide 51:1999, definition 3.5]
• ISO 14971, Clause 2.2 – Harm is a “physical injury or damage to the health of people, or damage to property or the environment”[ISO/IEC Guide 51:1999, definition 3.3]
Slide 22 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Risk Analysis
CAPA & Risk Management Tasks
22
CAPA Opene
d
CAPA Close
d
CAPA Initiation
Root Cause Analysis
Corrective Action Plan Implementation Effectiveness
Verification
HazardIdentification
Risk ControlOption Analysis
RiskAssessment
Risk ControlEffectiveness Verification
RiskManagement
Plan
Slide 23 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Process Types & Risk Controls
• Manual Processes• Semi-Automated
Processes• Automated Processes• Batch Processes
• 100% Inspection• Sampling Plans• Automated Inspection• Process Validation
Trend Analysis & Statistical Techniques
Slide 24 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Quality Management System Planning
ISO 13485:2015, Clause 5.4.2Top management shall ensure that:a) the planning of the quality management system is carried out in order
to meet the requirements given in 4.1, as well as the quality objectives, and
b) the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.
NOTE: Quality management system planning normally includes identification and implementation of action items that are intended to accomplish quality objectives, monitoring the progress toward completion of action items, and revision to the planning based on monitoring.
Slide 25 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Change Management Advice• Training Plan – Competency (ISO 13485:2015,
Clause 6.2.2b)
• Monitoring & Measurement Plan– ISO 13485:2015, Clause 8.2.2 – Internal Audit– ISO 13485:2015, Clause 8.2.3 – Monitoring &
Measurement of Processes
• Update your Master Validation Plan & Revalidation Requirements
Slide 26 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Other Training Webinars
http://medicaldeviceacademy.com/implementing-risk-management-process-compliant-iso-149712007-address-seven-deviations-identified-en-iso-149712012/
http://medicaldeviceacademy.com/5-ways-improve-capa-process/
How to Improve Your CAPA Process
Slide 27 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Q & A
Slide 28 of 28
Rob Packard, Presidentwww.MedicalDeviceAcademy.com
Do You Need Help Updating Your Quality System to ISO
13485:2015?
Rob Packard
+1.802.281.4381
rob13485
