ISO 13485 Clause 7.1

2 Replies

ISO 13485 Clause 7.1

Posted by Beverly Wideman on Sep 7, 2018 12:42 pm

Hello, I am needing someone to give me their opinion.  I received an audit finding from our ISO 13485:2016 audit.  My auditor says we need to have an FMEA for each QS process.  Not just manufacturing process work instructions FMEAs.  She cited 7.1 as the clause.  I just do not interpret this clause in this way.  Am I way off?  I've been scouring the net for an article or white paper discussing this with an example severity rating table, with no luck.  Ultimately, I'll probably reach out to my auditor to ask for clarification but wanted to chat with the experts first.

Thanks in advance!
Beverly Wideman, CQA

Re: ISO 13485 Clause 7.1

Posted by Ernest Phoon on Sep 7, 2018 9:22 pm

Dear Beverly Wideman ,

You may want to direct your search towards 

International Medical Device Regulators Forum who per FDA @ is a group of medical device regulators from around the world that have voluntarily come together to harmonize the regulatory requirements for medical products that vary from country to country.

In the IMDRF website you will find some write ups of the interpretations on process realization...though a bit dated as they refer to the 2003 version... If you think of how getting experts together to agree on something takes...
Of interest is the following proposed documents from the website
  • GHTF/SG4/N30R20:2006
    Guidelines for Regulatory Auditing of Quality Management Systems of Medica l Device Manufacturers Part 2: Regulatory Auditing Strategy where quote...
"7.0 Auditing Subsystems

For the purposes of regulatory auditing, risk management principle s apply throughout the product realisation process of a medical device and should be used to identify and address safety issues. Risk management activities should be audited concurrently with the relevant subsystems. (For additional guidance see GHTF-SG3/N15 R8: 2005 Implementation of Risk Management Principles and Activities within a Quality Management System.) The purpose of auditing the risk management process is to ensure that an adequate and effective risk management has been established and maintained throughout the product realization process.
Note 1: Certain national and regional regulations have risk management requirements applicable to all stages of the medical device life cycle...

Major Steps: The following major steps serve as a guide in the audit of the Management subsystem:...

3. Verify that the product realisation process incorporates risk management planning, and ongoing review of the effectiveness of risk management activities ensuring that policies, procedures and practices are established for analyzing, evaluating and controlling risk. ISO 13485:2003: 7.1
Reflecting on their output, leads me to recall a case where I had a new client from a different sector using my product. Should we change the Product brief as there were now new requirements, how would it affect the process and the product realization not forgetting validation? Quality Objectives, planning verification activities etc etc Was there a risk in accepting this new client? Who should be aware of it and how should we have documented it?

Hope this helps,
Yours sincerely,

Re: ISO 13485 Clause 7.1

Posted by Beverly Wideman on Sep 8, 2018 9:00 am

Hi Ernest,

I really appreciate this, I will check out your links.

Thank you,
Beverly Wideman, CQA