Manufacturing Quality: Risk Management

Risk Managment is not permission to take risks. Risk management and the tools of risk analysis are there to justify doing what you should be doing, not what you want to do. There is a fundamental misunderstanding of the burden of risk management and how wide spread it is supposed to be within the organization. 

The executives that do not get risk management paradigms see it as a vehicle for justifying their organizational goals. I wish that mode of thinking was rare. 

Risk management is all encompassing. Get that first and foremost. Risk analysis is part of every step. It starts from development and design. It transitions from product to manufacturing process. It is in every part of the life cycle including retirement. For instance, you are ready to retire a product or a feature. You need to determine the risk to your customers on the elimination or retirement. Think about removing a headphone jack from a phone or taking a product that is fundamental to a small populations quality of life or survival. If you say your company has a risk management system think about how far it is implemented. Has it penetrated all aspects of every process? Are there feedback loops? Are there metrics about those feedback loops. 

Is your product so good that it does not need improvement in some way? Not just in its intrinsic quality but also customer experience, supply chain, servicing, design and manufacturing processes?  

Points to note:

  • ISO 14971 impacts each device process and quality system
  • ISO 62304 impacts medical device software in the same framework of risk as 14971
  • Risk Management programs describe the program; tools and frameworks should be defined in sub-procedures such as risk analysis methods (i.e. FTA or FMEA)
  • Continuous improvement and correction systems require feedback loops into all processes including design and manufacture. 
  • Servicing and kitting processes require all the same evaluations and risk controls as all other risk based processes.
  • Outsourced services are to be included in risk evaluations and controls
  • Quality Agreements to third parties need to account for responsibilities to risk management programs and feedback loops.

What are the next steps?:

  • Obtain and read the associated regulations and guidance. Read all of the annexes as well. 
  • Ensure your technical file and 510K/PMAs 
  • Products require risk analysis; these need to be kept up to date
  • A general risk narrative should be developed for the business processes
  • A general risk analysis should be developed for the quality management system
  • A risk analysis is required for all aspects of product realization and manufacturing (development, design, manufacturing and servicing)

Ensure that responsible people accept the residual risk and that the risk is as low as reasonably practical. Further for products put into commerce in the EU risk needs to be as low as possible. 

 

Quality Assurance: Being right is only part of compliance

Every quality professional has been through it. If you have not then either you can skip and whistle across water or you may be delusional. The dilemma is: Being right and no one listening. Let's face the truth that what we do while we know is essential, is pretty boring to most. Why boring? There is a rant that I will be going on for a while.  

What happens is there is a tendency for us to be tuned out. The complexity of what we do, coupled with the word "no" or the phrase "Yes, however.." infuriates those that want to produce product. They see our mandate against progress or operation. When you have well intentioned people on both sides, this tends to work out. When you have people who may be good people but are driven only by mandate, you have a problem.

Then comes of the complexity of those that do not want to listen as their goal do not align with your own. That tends to be the big bullshit lie. That they are your goals. Its compliance. Its the law.  It should be their goals as well. Right?

How many of you are shaking your heads in my over simplistic view of regulation. Yeah I get it. But that is kind of the point. 

Most folks have a saturation point on how much they want to hear and the steps that they want to follow. The steps need to be spoon fed. Then in their willful ignorance they are flabbergasted to the details when the steps in their head are complete but a system is not full. implemented. 

Of course you are having musings of why hasn't their been communication? Why wasn't their a project plan? Why...why...why?

What I have found in most start ups is there are few executives that understand the complexities of their wants with little true understanding of their needs. Couple that with a resistance of executives to only want to lead through milestone and mix in poor project management skills among the technical side and you have a complete mischaracterization of scope through passive/behavioral rooted dissonance. 

So its not about being right. Its not just about the organization structure.. Its not about understanding the mission. It is about ensuring the stakeholders and decision makers understand the effort, complexity, gating and steps. The commitment of resources and treasure needed to make everything go from red on the project schedule to green. That they understand the what they do impacts lives and failure to do so trivializes their company and your role.

More to come...stay tuned.