Is there a required format for a risk management policy? In general, separate criteria within one policy are preferred over separate policies to reduce the number of documents that must be managed. For example, if your company is focused on designing and developing products for diabetics, you will not have the same benefit-risk profile for a Class 2 glucose reader and lancet for Type 2 diabetics that you have for an automated Class 3 insulin pumps for Type 1 diabetics. Therefore, if you have product families with high and low risks, then you should address this in your policy with specific criteria for each device family or create a separate risk management policy for each product family. However, not all devices have the same benefit-risk ratio. The purpose of the policy is to establish how the acceptability of risks will be determined. Can you have a different policy for each product family? If someone responsible for risk management activities does not understand this distinction, this shows that risk management training may not be adequate. Appendix A2.4.2 states that “ because does not define acceptable risk levels, top management is required to establish a policy on how acceptable risks will be determined.”.The word “policy” only appears in ISO 14971 seven times, but the last occurrence provides the best explanation: In fact, there is not even a specific cause of the international risk management standard that is specific to the requirement for a risk management policy.
There is no guidance for a risk management policy in either of the European device regulations for CE Marking and there is no guidance in the US FDA’s regulations. Both of these words begin with the letter “p,” but they are not the same. The word procedure is defined (Clause 3.13), a “specified way to carry out an activity or a process,” but there is no definition for policy. ISO 14971:2019 includes a requirement for a risk management policy and a risk management procedure. Your risk management procedure is not your risk management policy ISO 14971:2019 includes a requirement for top management to define and document a risk management policy, but do you have one?
0 kommentar(er)
