Posts tagged "RISK"

RISK MANAGEMENT (02) – THE BENEFITS OF FAILURE MODE AND EFFECT ANALYSIS (FMEA)

November 26th, 2019 Posted by ISO 14971, RISK Assessment, Risk Management 0 thoughts on “RISK MANAGEMENT (02) – THE BENEFITS OF FAILURE MODE AND EFFECT ANALYSIS (FMEA)”

The Quality RISK Management system 9 major benefits and what are the 5 top areas you should consider using it?

Here in this post, you will hear all about the QRM system and the fundamental of the FMEA process. This post and all other future posts refer to not just the Medical Device industry but also the Automotive and Pharma so some adaptation to your world may be required but still, all principals will be uncovered here. For the automotive it is common to say that the severity of the failure mode is taken into consideration as well as the effect the failure mode, should it occur, will have on the component, system, process, vehicle, or customer. The two main types of FMEAs used in the automotive industry are design FMEAs (DFMEA) and process FMEAs (PFMEA).

 

  1.   An effective FMEA will add to upper reliability, enhance safety and improve quality.
  2.   There will be a shortage of innovative ideas that will help improve similar designs or processes.
  3.   Manufacturing and design efficiency will increase.
  4.   Documents on the improvements made as a result of corrective action implementation will be available (better CAPA effectiveness).
  5.   It will prevent late changes in issues.
  6.   It will reduce the chances of repeating the same failure in the future.
  7.   The cost and time for system development reduce.
  8.   There will be an encouragement for teamwork and effective communication between functions – collaboration.
  9.   It helps improve company competitiveness and image.

Patient Safety

In the industry of live science, manufacturers, vendors, and quality analyst have to combat challenges that involve Patient Safety, Staying Competitive, and Regulatory GxP requirements. The challenges are unavoidable due to the rapidly changing and evolving environment. It is up to these professionals to produce products that are;

  • Fit for purpose.
  • Right first time.

Regulatory agencies always expect a risk-based compliance model that will balance Cost and Compliance effort against Product Quality and Patient Safety. It is impossible to test quality into products, hence, it is imperative that they come with the design. One of the ways to ensure built-in quality with the design is to incorporate some of the latest theories and technology into the design control, manufacturing and post-marketing surveillance process.

Following encouragement from regulatory bodies, the medical device, automotive and pharmaceutical industry are using Quality Risk Management and Quality by Design to incorporate new standards. In some standards such as ICH Guidance Q9 (Quality Risk Management) and ISO 14971, three major topics are addressed namely;

  1. Risk Management
  2. The Identification of Risk
  3. Risk Minimization

Quality Risk Management is a systematic process of assessing, controlling, communicating and reviewing of risks that might disrupt the quality of a Medical/Automotive/Pharma product. However, to achieve QRM, Quality Assurance should be treated as a proactive process. In other words, try to identify potential problems, effects and find solutions to them before they occur. This is the reason for practicing Failure Mode and Effect Analysis (FMEA) is necessary.

 

FMEA Risk Management

Orcanos RISK management reports

Explaining Risk

As we go further into the discussion of Quality Risk Management, it is important to define Risk. Risk is the combination of the potential for harm to occur and the severity of that harm.

Mathematically, Risk = Probability * Severity.

For example, there is a low probability of occurrence of a hazardous event happening during a drug/car/device manufacturing process. The reason is that it has happened just once in the last ten years. However, the severity of the hazard is high, since it can lead to death and destruction of many to use it. Therefore, the resulting risk in such an event is high and it must not be ignored.

Orcanos quality system includes fully comply RISK management system which allow your to configure and practice the FMEA. You can change the calculation factors according to your device level of concern and to make sure it is all audit traced for all changes and modifications. Orcanos system will generate for your the FMEA table automatically with the traceability to mitigation by design.

Source of Risk

A lot of risks comes with the manufacturing process of medical/automotive/pharmaceutical products. The sources of these risks include;

  • Poor Facility Design
  • Poor Process Design
  • Poor Control Plans and SOPs
  • Poor Storage
  • Poor Material Flow
  • Safety Hazards
  • Poor Logistics
  • Raw Material Variation
  • Unclear Customer Expectations
  • Poorly Developed Specifications and Limits
  • Cross Contamination
  • Lack of Product Understanding
  • Poor post-marketing surveillance
  • Poor CAPA processes 

To manage risk effectively, it is crucial to understand the level of risk at each stage of production or application.

Understanding Quality Risk Management (QRM)

Quality Risk Management (QRM) is a systematic way of identifying risks to patient/passenger  safety and product quality, then analyze the risk and design a plan to either reduce or manage the risk. It is important that QRM follows the scientific rationale and the approach should follow scientific principles based on;

  1. Quality Risk Management (ISO 14971)
  2. Quality By Design (QbD)

The goal of QRM is to convert scientific knowledge on the design control, manufacturing process, post-marketing surveillance (PMS) and product into documentation. For example, both equipment qualification and design specification are documentations that highlight product use and ways to reduce risk to product quality and patient safety. It is the same standard principle that experts and regulatory bodies follow. It can be summarized as;

  1. Identify the risks: What can go wrong?
  2. Analyze the risk: What is the probability of something going wrong? What will be the impact? How severe will the damage be?
  3. Estimate the risk priority number (RPN): determine the level of risk and decide if it is high or acceptable.
  4. Should the risk be too high, develop and implement control measures to manage or reduce the risk
  5. Analyze the remaining risks and determine if they are acceptable.
  6. Validate the risk mitigation
  7. Conduct effectiveness check on the 

Risk Full Traceability Matrix

Potential Areas for Quality Risk Management and Application

In the life science industry, below are some of the areas to consider when deciding to implement or apply QRM.

Integrated Quality Management: it includes the following area;

  1. Documentation
  2. Auditing/Inspection
  3. Change management
  4. Change Control
  5. Quality Defects
  6. Training and Education
  7. Periodic Review
  8. Quality Events
  9. Customer Compliant

Development: it covers the following;

  1. Critical Process Parameters (CPPs)
  2. Specification
  3. Verification and Validation
  4. Manufacturing Controls

Facilities, Equipment, and Utilities: it includes;

  1. Design of Facility and Equipment
  2. Hygiene
  3. Computer Systems and Computer Controlled Equipment
  4. Qualification of Facility/Equipment/Utilities
  5. Aspects of Facilities
  6. Calibration/Preventive Maintenance
  7. Cleaning of Equipment and Environmental Control

 

Materials Management: it includes;

  1. Use of Materials and Storage
  2. Assessment and Evaluation of Supplier
  3. Logistics and Distribution Conditions

Production: it covers the following;

  1. In-process /Sampling and Testing
  2. Validation
  3. Production Planning

Laboratory Control and Stability Studies: it includes the following area;

  1. Retest Periods and Validation
  2. Out of Specification Results

Packaging and Labelling: it includes;

  1. Selection of Container Closure Systems
  2. Package Design
  3. Label Control

Reference Links

Risk Management – orcanos FMEA Risk Management Tool
Generate Risk Management File Risk Management (ISO 14971) by Orcanos, based on FDA 2017 Recalls
Orcanos Risk Management – Add Traceability Matrix ALM Requirements Traceability Matrix Tools
10 Reasons why to use EQMS 21 CFR Part 820
RISK MANAGEMENT (01) – INTRODUCTION TO QUALITY RISK MANAGEMENT (QRM)

 

 

 

 

 

 

 

 

 

Tip Of The Week – RISKs To Protect Your Medical Device From the Next Cyber Security Attack

July 9th, 2017 Posted by Software Lifecycle Management 0 thoughts on “Tip Of The Week – RISKs To Protect Your Medical Device From the Next Cyber Security Attack”

 

Author: Rami Azulay | Master ALM for Medical Device

In this article we have compiled a set of RISKs that you may want to consider in your RMF file, to better protect your medical device from future Cyber Security attacks. While the 2017 data is still sketchy, we can determine that security hacks of electronic medical records have more than doubled in 2015, costing the healthcare system at least $50 billion. This information is as per a new report from the American Action Forum. Recent 2017 cyber security attacks have not surpassed health care systems, and so we must address  how we should handle  such breaches.

It is our goal at ORCANOS to address health care systems security. We are seeking to come up with true practical actions that can be performed by any medical device vendor. Through  our ORCANOS | RISK management system, you can address cyber security events that are related to medical devices. This system is now available for you on our evaluation system;  you may  register on our web site www.orcanos.com.

A RISK based approach is the best way for any medical device vendor to both analyse  and mitigate cyber security breaches. The RISK system also forces the vendor to walk through the device design analysis so as to understand possibilities for security breaches.

In this post, the RISK based process is shortened for you, and we update you on  recent cyber attacks, as well as suggest how you can  handle them; based on  your device. The full list of RISKs on our evaluation system is available for FREE.

Electronic Health Record Systems

The most widely attacked systems at this time, are Electronic Health Record (EHR) systems. These attacks are not EHR specific, but impact other systems that are connected to the EHR. While the adoption of EHR systems promises tremendous benefits, including better care and decreased healthcare costs; serious unintended consequences from the implementation of these systems have emerged. Why is healthcare data such a target?  For one, data indicate that health care information is worth 10 to 20 times more than credit cards information on the black market (selling for at least $10 each). Additionally, medical information compared to credit card fraud, can be used in different ways – to access bank accounts, defraud insurers and governments, and obtain prescriptions.

So here are 4 ways to control this risk.

 

Electronic health records can be compromised

Hazard Cause Of Failure Effect Of Failure Risk Control
Electronic health records can be compromised
  • Have been developed from erroneous or incomplete design specifications;
  • Be dependent on unreliable hardware or software platforms;
  • Have programming errors or bugs;
  • Work well in one context or organization, but be unsafe or fail in another;
  • Change how clinicians do their daily work, thus introducing new potential failure modes.
Impact of Electronic Health Record Systems on Information Integrity: Quality and Safety Implications
  • Inoculate system by encrypting data-at-rest
  • Conduct an annual HIPAA security risk analysis
  • Conduct more frequent vulnerability assessments and penetration testing
  • Invest in the security awareness of your workforce

Pacemakers or insulin pumps vulnerability to high profile attacks

The recent introduction of Internet Of Things (IOT) into  medical device softwares, has  significantly exposed them to potential cyber attacks. One  case study discusses  an attack on of a “smart” insulin pump. According to the study, a hacker  could  kill the patient by ordering an insulin injection when none was needed. So-called “smart” devices are notoriously weak  when it comes to digital security. We have  seen too many high profile cases where  significant preventable damage was done. Equipment manufacturers often can’t be bothered to insert  reasonable security measures into the equipment they sell. This  means that  if your device is in some way connected to a network, it is critical that you ensure that access to your device is only possible by authorized personnel, and that your communication protocols are all encrypted or scrambled to the highest security network layer.

Pacemakers or insulin pumps vulnerability to high profile attacks

 

Hazard Cause Of Failure Effect Of Failure Risk Control
Pacemakers or insulin pumps vulnerability to high profile attacks There are ways for a hacker to spoof communications between the remote control and the insulin pump Potentially forcing the pump to deliver unauthorized insulin injections Those communications needs to be encrypted, or scrambled, to prevent hackers from gaining access to the device

There are far more  RISKs we would like you to know about, which can  help you improve existing security, protecting your device from the next cybersecurity attack.  Over the past 12 years, ORCANOS has gathered intelligence and experience to provide you with the best system to manage security RISKs. Go ahead and register today for your FREE 30 days evaluation system.

 

 

Sources:

 

Why there is a change in the approach regarding labeling as RISK mitigation

July 24th, 2013 Posted by 510(k), CE Marking, FDA, IEC60601, ISO 14971, Recall, RISK Assessment, Risk Management 0 thoughts on “Why there is a change in the approach regarding labeling as RISK mitigation”

A recent recall on Bryan Medical Tracoe Mini 3.0mm Tracheostomy Tube: class 1 recall – mislabeled packaging has proven some of the justification regarding the change in approch when putting labeling as part of the RISK mitigation. In the above case in the RISK assessment we should expect to see that not just labeling should be used to differentiate between the different devices but also packaging and coloring could be a good way to use on the device. Such mistake in labeling could affect patient safety since an oversized tracheostomy tube may cause permanent injury to the trachea. This product may cause serious adverse health consequences, including death. When we come to RISK assessment and decide to use labels as mitigation we may want to consider mistakes in packaging and address such cases as well or even perform change by design to avoid use of the device on the wrong application.

Orcanos

Contact

8 Tozeret Ha'aretz Street
Tel Aviv, Israel
+972-3-5372561
info@orcanos.com

Copyright © Orcanos, All rights reserved. | Privacy policy | Terms of use