PREVENTIVE ACTION RISK ASSESSMENT

1. Purpose

This document provides the process for Quality Risk Assessment in compliance with ISO13485 for processes, products, events such as non conformance, as applicable and required by regulations

2. Approval

(Version at end of page)

Signed V32  ML  29.10.2029

3. Scope

The process covers all documents and process and products as defined in the SOP

This Policy must be read-with and comply with the Protection of Personal Information Act 04 of 2013, (“POPI”), the Company POPI Policy, PAIA Manual. And processing of personal information envisaged under this Policy must be done in accordance with the aforementioned.

4. Responsibilities

Approval: Author of the document, Monica Lucas

Changes: Management Team

5. Definitions

Preventive Action - to prevent a hazard and/or risk from occurrence using a risk based approach and/or a risk assessment

Risk - combination of the probability of occurrence of harm and the severity of that harm

Hazard: Something with the potential to cause harm

Hazardous Outcome: A description of how someone could be hurt or damage could occur as a result of interacting with the hazard

Risk Rating: The overall judgement of the level of risk which may arise from the hazard, based upon the likelihood of the event occurring and the potential severity of the consequence

Mitigation / Control Measures: Method used to reduce or control risks arising from identified hazards; in consideration of mitigating (justifying / qualifying) circumstances, which are provided by the level of risk from the risk evaluation, the Control and Risk Management Decision

Residual Risk: The level of risk remaining once control measures have been applied to reduce

Probability - the extent to which an event is likely to occur, measured by the ratio of the favorable cases to the whole number of cases possible

Severity - measure of the possible consequences of a hazard; the fact or condition (of something bad or undesirable) happening / occurring, very great; intense

CCP - Critical Control Point is the point where the failure of a process, procedure, activity that could cause harm to customers and to the business, or even loss of the business itself.

6. Abbreviations

SOP- Standard Operating Procedure

QMS - Quality Management System

SHEQ - Safety, Health, Environment and Quality

NCCA – Non Conformance Corrective Action

CCP - Critical Control Point

7. References

ISO13485 clauses 8.2.4 & 5.6

ISO14971:2012

PROCEDURE FOR PREVENTIVE AND CORRECTIVE ACTION AND HANDLING OF NONCONFORMING PRODUCT

8. Procedure

8.1 ISO13485 RISK REQUIREMENTS

Risk Management is covered in Design & Development (7.3) for manufactured products by the manufacturer

The standard mentions Risk (not limited to);

8.2 PROCESS RISK BASED APPROACH

The Processes are evaluated using the following table where the justification for determining a risk Aspect as Low, medium or High, for the Probability and Severity, is included in the cell of the table

Overall Risk is

• 1. LOW for Low:Low and Medium:Low or Low:Medium and the Aspect requires no further Action- ALAP (As low as possible)

  2. MEDIUM for Medium:Medium and the Aspect must be monitored

  3. HIGH for High:High and Medium:High or High:Medium must provide a control measure

8.3 PRODUCT RISK ASSESSMENT

The guide of the general risk management process is followed for Manufacturers and for specific product risk a protocol, plan and record as a "RASE" Risk assessment safety evaluation is performed with the following included in the document

• 1. a Risk Management Plan; 

  2. a report following: Identify the Risk, evaluation of the Risk and for Components & Product, determination of the risk acceptance, with Control Measures and 

  3. provision of a Risk reduction as required

8.4 GENERAL RISK MANAGEMENT PROCESS

• 1. The general process of Risk assessment is : Risk Quality risk management is a systematic process for the assessment (identification and Analysis), • evaluation, •control, • communication and • review of risks

  2.  The Assessment Criteria; the Product, system quality and safety evaluation is determined through the ALARP (as low as reasonably possible)

  3. The standard “This means that risks have to be reduced ‘as far as possible’, ‘to a minimum’, ‘to the lowest possible level’, ‘minimized’ or ‘removed’, according to the wording of the corresponding essential requirement.”

ALAP - AS LOW AS POSSIBLE

8.5 TECHNIQUES

Various techniques are used namely;

• 1.  HACCP – Hazard Analysis Critical Control Point, where the process is to Identify hazards and define acceptable levels, assess and Evaluate the organization's hazards, with probability and severity evaluation the Selection of measures to control the hazards. There is the establishment of the Critical Control Point with monitoring and verification to control the High Risk Hazard

  2.  FMEA - Failure Mode Effects Analysis, a "bottom up" approach looking at the basic defect / hazards at the component level, assessing the effect, identifying potential solutions, . Failure mode effects criticality analysis (FMECA) adds the Probability of occurrence and severity of failure to the FMEA

  3. Fault Tree Analysis (FTA) is a deductive, "top-down" approach to failure mode analysis, which identifies a failure or safety hazard where an attempt is made to identify all possible ways to create that hazard; a chart is constructed using logic symbols such as "and" plus "or" gates    

8.6 QUALITY RISK ASSESSMENT & PLAN

A spreadsheet is used to record the Risk Assessment events refer Document for a template, which can be changed to suit the product, event, item; and activities in line with SANS ISO14971 (notations if (Step)) and SA GMP guideline;

1) PROCESS

2) Item

3) Activity

4) "Hazard Sources; KNOWN or FORESEEABLE HAZARD

5) "Type of Risk (Quality, Product Safety, OHS), catergorised Biological, Physical, Chemical, Allergenic, Analytical, System, not applicable (B, P, C, Al, An, S, n/a)               

6) RISK EFFECT                  

7) SEVERITY x PROBABILITY (Rating step 3) go to Assessment Criteria

8) CONTROLS                     

9) Legal and Other Requirements

10) "Risk Reduction necessary Y/N (Step 4)"

11) (Risk reduction focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable) level (determined from the Assessment Criteria.  Risk reduction might include actions taken to mitigate the severity and probability of harm)

12) "5 Terminate/Isolate/Substitute/Prevent, 4 Behaviour based/Training/Reduce, 3 Engineering/SOP, 2 Administrative/Recovery /Supervisor approval, 1 PPE/Treatment"

13)   Detectability (H,M,L)

14)   Risk Management Decision: Terminate, Treat, Tolerate, Transfer, Maintain  "(Step 5 )

15)   Control Measures - List SOP" / control description where applicable to mitigate the Risk / Hazard as established        

16)   CCP                      

17)   "Risk Reducible Y/N (Step 5)"                  

18)   "MANAGEMENT PLAN (Step 6)"

19)   "MONITORING"

20)   "VERIFICATION RESPONSIBILITY'

21)     "RESOURCES"

22)    "Residual Risk acceptable Y/N (Step 7)"              

23)    "Other Hazards introduced Y/N (Step 9)"             

24)    "All identified Hazards considered Y/N (Step 10)"            

25)    "Overall residual Risk Acceptable Y/N (Step 11)" - evaluation to verifying that the action does not adversely affect the ability to meet applicable regulatory requirements or the safety and performance of the medical device

26)    "Plan and eta Date" to record planning and documenting action needed and implementing such action, including, as  appropriate, updating documentation;

In the event that a CORRECTIVE ACTION is required then follow PROCEDURE FOR CONFORMANCE AND CORRECTIVE ACTION

9. Risk Based Approach

In the event of non compliance follow SOP  NON CONFORMANCE CORRECTIVE ACTION

Risk Based Approach Report

The Risk Assessment to is found in SOP PREVENTIVE ACTION RISK ASSESSMENT   refer Document

9.1 Trend Analysis and Continual Improvement

The analytical reviews of internal audits, and any other quality related matters, are reported through Data Analysis to management and as part of the input to management review

The Trend analysis may identify any potential and recurring incidents, where corrective action must be reported at the management review to facilitate continual improvement.

10. REVISION HISTORY

Revision 32; 29.10.2024 - ML - Checked and Confirmed.  Digitally signed by ML.

Revision 31; 21.11.2023 - ML - Checked and Confirmed.  Digitally signed by ML.

Revision 30; 17.10.2022 - ML - Checked and Confirmed.  Digitally signed by ML.

Revision 29; 07.10.2021 - ML - Formatting. Digitally signed by ML.

Revision 28; 02.08.2021 - ML - POPI information added. Digitally signed by ML.

Revision 27;  10.05.2021 - ML -  Digitally signed by ML

Revision 26, 06.05.2021 - TNA - New format with Approval, Scope, Responsibilities, Risk based approach and Records added.

Revision 25, Digitally signed on 29.12.2019 by SCR

Revision 1-24, unknown due to googlesite change to new googlesite

11. RECORDS

Name Retained by/ in Retention period Hard copies Destroyed by

Werkomed Quality Risk Assessments Google Site indefinite n/a