PREVENTIVE ACTION RISK ASSESSMENT

1. Purpose

This document provides the process for Quality Risk Assessment in compliance with ISO13485 for processes, products, events such as non conformance, as applicable and required by regulations

2. Approval

(Version at end of page)

Signed V23; BN 05.06.2024

3. Scope

The process covers all documents and process and products as defined in the SOP.

This Policy must be read-with and comply with the Protection of Personal Information Act 04 of 2013, ("POPI"), the Company POPI Policy, PAIA Manual and processing of personal information envisaged under this Policy must be done in accordance with the aforementioned.

4. Responsibilities

Approval: Author of the document, Henry Manyike, Managing Director

Changes: Author of the document, Bonang Ntuli, Administrator

5. Definitions

Preventive Action - to prevent a hazard and/or risk from occurrence using a risk based approach and/or a risk assessment

Risk - combination of the probability of occurrence of harm and the severity of that harm

Hazard: Something with the potential to cause harm

Hazardous Outcome: A description of how someone could be hurt or damage could occur as a result of interacting with the hazard

Risk Rating: The overall judgement of the level of risk which may arise from the hazard, based upon the likelihood of the event occurring and the potential severity of the consequence

Mitigation / Control Measures: Method used to reduce or control risks arising from identified hazards; in consideration of mitigating (justifying / qualifying) circumstances, which are provided by the level of risk from the risk evaluation, the Control and Risk Management Decision

Residual Risk: The level of risk remaining once control measures have been applied to reduce

Probability - the extent to which an event is likely to occur, measured by the ratio of the favorable cases to the whole number of cases possible

Severity - measure of the possible consequences of a hazard; the fact or condition (of something bad or undesirable) happening / occurring, very great; intense

CCP - Critical Control Point is the point where the failure of a process, procedure, activity that could cause harm to customers and to the business, or even loss of the business itself.

6. Abbreviations

SOP- Standard Operating Procedure

QMS - Quality Management System

PARA - Preventative Action Risk Assessment

SHEQ - Safety, Health, Environment and Quality

NCCA – Non Conformance Corrective Action

CCP - Critical Control Point

7. References

ISO13485 clauses 8.2.4 & 5.6

ISO14971:2012

PROCEDURE FOR PREVENTIVE AND CORRECTIVE ACTION AND HANDLING OF NONCONFORMING PRODUCT

8. Procedure

8.1 ISO13485 RISK REQUIREMENTS

Risk Management is covered in Design & Development (7.3) for manufactured products by the manufacturer

The standard mentions Risk (not limited to);

8.2 PROCESS RISK BASED APPROACH

The Risks identified for Processes e at the start of generating a new procedure and after a trigger for the review if the risk is identified as an outcome of management review, internal audits and any other identified improvement opportunity. 

The risk is evaluated using the following table where the justification for determining a Risk Aspect as Low, Medium or High, for the Probability and Severity, is included in the table

Overall Risk is

• High:High = High, Med:High = High

• High: Med = Med,  Med: Med = Med,  Low:High = Med,  Low: Med = Med

• High:Low = Low, Low: Low = Low

refer  Documentation

8.3 PRODUCT RISK ASSESSMENT

The guide of the general risk management process is followed for Manufacturers and for specific product risk a protocol, plan and record as a "RASE" Risk assessment safety evaluation is performed with the following included included in the document

• 1. a Risk Management Plan; 

  2. a report following: Identify the Risk, evaluation of the Risk and for Components & Product, determination of the risk acceptance, with Control Measures and 

  3. provision of a Risk reduction as required

8.4 GENERAL RISK MANAGEMENT PROCESS

• 1. The general process of Risk assessment is : Risk Quality risk management is a systematic process for the assessment (identification and Analysis), • evaluation, •control, • communication and • review of risks

  2.  The Assessment Criteria; the Product, system quality and safety evaluation is determined through the ALARP (as low as reasonably possible)

  3. The standard “This means that risks have to be reduced ‘as far as possible’, ‘to a minimum’, ‘to the lowest possible level’, ‘minimized’ or ‘removed’, according to the wording of the corresponding essential requirement.”

ALAP - AS LOW AS POSSIBLE

8.5 TECHNIQUES

Various techniques are used namely;

• 1.  HACCP – Hazard Analysis Critical Control Point, where the process is to Identify hazards and define acceptable levels, assess and Evaluate the organization's hazards, with probability and severity evaluation the Selection of measures to control the hazards. There is the establishment of the Critical Control Point with monitoring and verification to control the High Risk Hazard

  2.  FMEA - Failure Mode Effects Analysis, a "bottom up" approach looking at the basic defect / hazards at the component level, assessing the effect, identifying potential solutions, . Failure mode effects criticality analysis (FMECA) adds the Probability of occurrence and severity of failure to the FMEA

  3. Fault Tree Analysis (FTA) is a deductive, "top-down" approach to failure mode analysis, which identifies a failure or safety hazard where an attempt is made to identify all possible ways to create that hazard; a chart is constructed using logic symbols such as "and" plus "or" gates    

8.6 QUALITY RISK ASSESSMENT & PLAN

A spreadsheet is used to record the Risk Assessment events refer Document for a template, which can be change to suit the product, event, item; and activities in line with SANS ISO14971 (notations if (Step)) and SA GMP guideline;

1) PROCESS

2) Item

3) Activity

4) "Hazard Sources; KNOWN or FORESEEABLE HAZARD

5) "Type of Risk (Quality, Product Safety, OHS), catergorised Biological, Physical, Chemical, Allergenic, Analytical, System, not applicable (B, P, C, Al, An, S, n/a)               

6) RISK EFFECT                  

7) SEVERITY x PROBABILITY (Rating step 3) go to Assessment Criteria

8) CONTROLS                     

9) Legal and Other Requirements

10) "Risk Reduction necessary Y/N (Step 4)"

11) (Risk reduction focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable) level (determined from the Assessment Criteria.  Risk reduction might include actions taken to mitigate the severity and probability of harm)

12) "5 Terminate/Isolate/Substitute/Prevent, 4 Behaviour based/Training/Reduce, 3 Engineering/SOP, 2 Administrative

/Recovery/Supervisor approval, 1 PPE/Treatment"

13) Detectability (H,M,L)

14) Risk Management Decision: Terminate, Treat, Tolerate, Transfer, Maintain  "(Step 5 )

15) Control Measures - List SOP" / control description where applicable to mitigate the Risk / Hazard as established        

16) CCP                      

17) "Risk Reducible Y/N (Step 5)"                  

18) "MANAGEMENT PLAN (Step 6)"

19) " MONITORING"

20) "VERIFICATION RESPONSIBILITY'

21) "RESOURCES"

22) "Residual Risk acceptable Y/N (Step 7)"              

23) "Other Hazards introduced Y/N (Step 9)"             

24) "All identified Hazards considered Y/N (Step 10)"            

25) "Overall residual Risk Acceptable Y/N (Step 11)" - evaluation to verifying that the action does not adversely affect the ability to meet applicable regulatory requirements or the safety and performance of the medical device

26) "Plan and eta Date" to record planning and documenting action needed and implementing such action, including, as appropriate, updating documentation;

In the event that a CORRECTIVE ACTION is required then follow PROCEDURE FOR CONFORMANCE AND CORRECTIVE ACTION

9. Risk Based Approach

In the event of non compliance follow SOP  NON CONFORMANCE CORRECTIVE ACTION

Risk Based Approach Report

[Risk Assessment to is found in SOP PREVENTIVE ACTION RISK ASSESSMENT   refer Document]

9.1 Trend Analysis and Continual Improvement

The analytical reviews of internal audits, and any other quality related matters, are reported through Data Analysis to management and as part of the input to management review

The Trend analysis may identify any potential and recurring incidents, where corrective action must be reported at the management review to facilitate continual improvement.

10. REVISION HISTORY

Revision 23, 05.06.2024 - BN - approved by HM

Revision 22, 20.09.2022 - NT - 8.2 PROCESS RISK BASED APPROACH redefined for establishing High, Medium and Low overall risk

Revision 21, 18.05.2022 - NT - approved by HM

Revision 20, 17.11.2021 - NT - signed off from TNA

Revision 19, 05.02.2021 (TNA) New format with Responsibilities, Risk based approach, Approval and Records added and new googlesite format.   Amending links and forms

Revision 18, Digitally signed on 15.10.2020 by NT

Revision 1-17, unknown due to googlesite change to new googlesite

11. RECORDS

Name                                     Retained by/ in                             Retention period                 Hard copies Destroyed by

Quality Risk assessment                       Management Representative                       5 years                                Management Representative 

Risk Based Approach                            refer Document                                   Indefinite                             Management Representative