PREVENTIVE ACTION RISK ASSESSMENT

1. Purpose

This document provides the process for Quality Risk Assessment in compliance with ISO13485 for processes, products, events such as non conformance, as applicable and required by regulations

2. Approval

(Version at end of page)

Signed V2 NG 20.02.2025

3. Scope

The process covers all documents and process and products as defined in the SOP

4. Responsibilities

Approval: Bruce Manuel

Changes: Nicholas Gilbert

5. Definitions

Preventive Action - to prevent a hazard and/or risk from occurrence using a risk based approach and/or a risk assessment

Risk - combination of the probability of occurrence of harm and the severity of that harm

Hazard: Something with the potential to cause harm

Hazardous Outcome: A description of how someone could be hurt or damage could occur as a result of interacting with the hazard

Risk Rating: The overall judgement of the level of risk which may arise from the hazard, based upon the likelihood of the event occurring and the potential severity of the consequence

Mitigation / Control Measures: Method used to reduce or control risks arising from identified hazards; in consideration of mitigating (justifying / qualifying) circumstances, which are provided by the level of risk from the risk evaluation, the Control and Risk Management Decision

Residual Risk: The level of risk remaining once control measures have been applied to reduce

Probability - the extent to which an event is likely to occur, measured by the ratio of the favorable cases to the whole number of cases possible

Severity - measure of the possible consequences of a hazard; the fact or condition (of something bad or undesirable) happening / occurring, very great; intense

CCP - Critical Control Point is the point where the failure of a process, procedure, activity that could cause harm to customers and to the business, or even loss of the business itself.

6. Abbreviations

SOP- Standard Operating Procedure

QMS - Quality Management System

SHEQ - Safety, Health, Environment and Quality

NCCA – Non Conformance Corrective Action

CCP - Critical Control Point

7. References

ISO13485 clauses 8.2.4 & 5.6

ISO14971:2012

PROCEDURE FOR PREVENTIVE AND CORRECTIVE ACTION AND HANDLING OF NONCONFORMING PRODUCT

8. Procedure

8.1 ISO13485 RISK REQUIREMENTS

Risk Management is covered in Design & Development (7.3) for manufactured products by the manufacturer

The standard mentions Risk (not limited to);

8.2 PROCESS RISK BASED APPROACH

The Risks identified for Processes at the start of generating a new procedure and after a trigger for the review if the risk is identified as an outcome of management review, internal audits and any other identified improvement opportunity. 

The risk is evaluated using the following table where the justification for determining a Risk Aspect as Low, Medium or High, for the Probability and Severity, is included in the table

Overall Risk is

• High:High = High, Med:High = High

• High: Med = Med,  Med: Med = Med,  Low:High = Med,  Low: Med = Med

• High:Low = Low, Low: Low = Low

refer  Document

8.3 PRODUCT RISK ASSESSMENT

The guide of the general risk management process is followed for Manufacturers and for specific product risk a protocol, plan and record as a "RASE" Risk Assessment Safety Evaluation is performed with the following included in the document

• 1. a Risk Management Plan; 

  2. a report following: 

Identify the Risk, 

evaluation of the Risk and for Components & Product, 

determination of the risk acceptance, 

with Control Measures and 

• 3. provision of a Risk reduction as required

8.4 GENERAL RISK MANAGEMENT PROCESS

• 1. The general process of Risk assessment is : Risk Quality risk management is a systematic process for the assessment (identification and Analysis), • evaluation, •control, • communication and • review of risks

  2.  The Assessment Criteria; the Product, system quality and safety evaluation is determined through the ALARP (as low as reasonably possible)

  3. The standard “This means that risks have to be reduced ‘as far as possible’, ‘to a minimum’, ‘to the lowest possible level’, ‘minimized’ or ‘removed’, according to the wording of the corresponding essential requirement.”

ALAP - AS LOW AS POSSIBLE

8.5 TECHNIQUES

Various techniques are not applicable.

8.6 QUALITY RISK ASSESSMENT & PLAN

A spreadsheet is used to record the Risk Assessment events refer Document for a template, which can be changed to suit the product, event, item; and activities in line with SANS ISO14971 (notations if (Step)) and SA GMP guideline;

1)          PROCESS

2)          Item

3)          Activity

4)          "Hazard Sources; KNOWN or FORESEEABLE HAZARD

5)      "Type of Risk (Quality, Product Safety, OHS), catergorised Biological, Physical, Chemical, Allergenic, Analytical, System, not applicable (B, P, C, Al, An, S, n/a)               

6)          RISK EFFECT                  

7)          SEVERITY x PROBABILITY (Rating step 3) go to Assessment Criteria

8)          CONTROLS                     

9)          Legal and Other Requirements

10)        "Risk Reduction necessary Y/N (Step 4)"

11)      (Risk reduction focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable) level (determined from the Assessment Criteria. Risk reduction might include actions taken to mitigate the severity and probability of harm)

12) "5 Terminate/Isolate/Substitute/Prevent, 4 Behaviour based/Training/Reduce, 3 Engineering/SOP, 2 Administrative/Recovery/Supervisor approval, 1 PPE/Treatment"

13)        Detectability (H,M,L)

14)        Risk Management Decision: Terminate, Treat, Tolerate, Transfer, Maintain  "(Step 5 )

15)        Control Measures - List SOP" / control description where applicable to mitigate the Risk / Hazard as established        

16)        CCP                      

17)        "Risk Reducible Y/N (Step 5)"                  

18)        "MANAGEMENT PLAN (Step 6)"

19)        " MONITORING"

20)        "VERIFICATION RESPONSIBILITY'

21)        "RESOURCES"

22)        "Residual Risk acceptable Y/N (Step 7)"              

23)        "Other Hazards introduced Y/N (Step 9)"             

24)        "All identified Hazards considered Y/N (Step 10)"            

25)        "Overall residual Risk Acceptable Y/N (Step 11)" - evaluation to verifying that the action does not adversely affect the ability to meet applicable regulatory requirements or the safety and performance of the medical device

26)       "Plan and eta Date" to record planning and documenting action needed and implementing such action, including, as appropriate, updating documentation;

In the event that a CORRECTIVE ACTION is required then follow PROCEDURE FOR CONFORMANCE AND CORRECTIVE ACTION

9. Risk Based Approach

In the event of non compliance follow SOP  NON CONFORMANCE CORRECTIVE ACTION

Risk Based Approach Report

[Risk Assessment to is found in SOP PREVENTIVE ACTION RISK ASSESSMENT   refer Document]

9.1 Trend Analysis and Continual Improvement

The analytical reviews of internal audits, and any other quality related matters, are reported through Data Analysis to management and as part of the input to management review

The Trend analysis may identify any potential and recurring incidents, where corrective action must be reported at the management review to facilitate continual improvement.

10. REVISION HISTORY

Revision 2 NG 20.02.2025 Change of ownership.

Revision 1 New HJM 9.09.2024

11. RECORDS

Name   Retained by/ in Retention period Hard copies Destroyed by

Quality Risk Assessment Management Representative 5 years Management Representative

Risk Based Approach each SOP