The second edition of ISO 14971:2007, Application of Risk Management to Medical Devices, has been released. The revised version aligns better with ISO 13485:2003 requirements and provides an improved model for implementing a risk management system.

ISO 14971:2007 specifies a process for a manufacturer to identify the hazards associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls. The requirements of ISO 14971:2007 are applicable to all stages of the life-cycle of a medical device.

You can purchase the standard for $160 at this web page at the ANSI site.

ISO/TR 14969:2004 provides guidance for applying the requirements for quality management systems contained in ISO 13485. It does not add to, or otherwise change, the requirements of ISO 13485. It does not include requirements to be used as the basis of regulatory inspection or certification assessment activities. However, its guidance can be used to better understand the ISO 13485 requirements and to illustrate some of the methods and approaches available for meeting those requirements.

We offer the following ISO 13485 courses:

Understanding ISO 13485
ISO 13485 Internal Auditor
Implementing ISO 13485
ISO 9001 Lead Auditor (with Emphasis on ISO 13485)

Have you heard about FMEA, but remain unsure of its use as a quality tool? Well, FMEA is the acronym for Failure Modes and Effects Analysis.

Failure Modes are the ways in which something might fail. The failures are actual or potential errors or defects, especially those affecting the customer.

Effects Analysis refers to studying the consequences or effects of those failures.

Failures are prioritized according to the seriousness of their consequences, the frequency of their occurrence, and likelihood of their detection. The purpose of FMEA is to take actions to eliminate or reduce failures, starting with the higher priority ones.

FMEA is used during design to prevent failures. Later, it is used for control before and during operation of the process. Ideally, FMEA begins during the earliest conceptual stages of design and continues throughout the life of the product or service. It is a step-by-step approach for identifying all possible failures in a design, a manufacturing or assembly process, or a product or service.

To see an FMEA example from The Quality Toolbox, go to this ASQ web page.

In the last newsletter, I reviewed the proposed changes for clauses 5 and 6 of the draft ISO 9001:2009 standard. This month, we'll look at the suggested changes for clause 7, Product Realization.

7.1 Planning of Product Realization

The only change to the text of clause 7.1 is the addition of "measurement" as one of the required activities to be determined during the planning of product realization.

In planning product realization, the organization shall determine the following, as appropriate:

c) required verification, validation, monitoring, measurement, inspection and test activities specific to the product and the criteria for product acceptance;

7.2 Customer-Related Processes
7.2.1 Determination of Requirements Related to the Product

The slight change of "for delivery and post-delivery activities" to "for delivery, and for post-delivery activities" adds emphasis to post-delivery activities. In addition, a Note has been added with examples of post-delivery activities.

The organization shall determine:

a) requirements specified by the customer, including the requirements for delivery, and for post-delivery activities,

The change below from "related" to "applicable" shifts the meaning from determining legal requirements that are merely associated with the product to those that are relevant and can be applied to the product.

c) statutory and regulatory requirements related applicable to the product, and

The revision below clarifies that the additional requirements aren't just determined, they are determined to be needed by the organization. Since the bulleted list begins with "The organization shall determine", the use of the word "determined" again in the this entry was not appropriate.

d) any additional requirements as needed determined by the organization.

Readers of the current standard may have not have considered the breadth of post-delivery activities as described by the new Note below.

NOTE: Post delivery activities may include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.

7.3 Design and Development
7.3.1 Design and Development Planning

Clause 7.3.1.b states the organization must determine the review, verification, and validation appropriate for each design and development stage. The new Note below explains that although review, verification, and validation have distinct goals, they can be carried out separately or in any combination.

NOTE: Design and development review, verification and validation have distinct purposes. They may be conducted and recorded separately or in any combination as suitable for the product and the organization.

7.3.2 Design and Development Inputs

This clause requires the design and development inputs to be determined and records to be maintained. It lists several types of requirements to be included. The revision below simply changes from "These inputs" to "The inputs".

These inputs shall be reviewed for adequacy. Requirements shall be complete, unambiguous and not in conflict with each other.

7.3.3 Design and Development Outputs

The change below removes the unnecessary word, "provided". It also switches from "a form that enables verification" to "a form suitable for verification". To enable something is to make it possible. However, to be suitable means it is meant for use, or in this case, for verification.

The outputs of design and development shall be provided in a form that enables suitable for verification against the design and development input and shall be approved prior to release.

The text below only strikes "for" and doesn't alter the requirement to share design information with the purchasing, production, and service organizations.

Design and development outputs shall:

b) provide appropriate information for purchasing, production and for service provision,

The new Note below reminds the reader that clause 7, Production and Service Provision, includes sub-clause 7.5.5, Preservation of product. Why do that? Probably to indicate that the design output should consider product preservation, e.g., product packaging.

NOTE: Production and service provision includes preservation of the product.

7.5 Production and Service Provision
7.5.2 Validation of Processes for Production and Service Provision

The requirements of clause 7.5.2 are most often applied to "special processes" in manufacturing where the resulting output cannot be verified by subsequent measurement, or when deficiencies become apparent only after the product is in use. Readers may overlook that this requirement also applies to "service". The new Note below makes that distinction.

NOTE 1: For many service organizations, the service provided does not readily allow the verification before the delivery of the service. These types of processes should be considered and identified during the planning stage (see 7.1).

The new Note below gives examples of production and service processes that typically require validation to demonstrate their ability to achieve planned results.

NOTE 2: Processes such as welding, sterilization, training, heat treatment, call center service, or emergency response may need validation.

7.5.3 Identification and Traceability

This clause states that, where appropriate, the organization must identify the product by suitable means "throughout product realization". The text below refers to inspection and test status of the product, and some readers may have thought it only applied to final product. The planned revision below clarifies that identifying the product status applies throughout product realization, from received product, through in-process product, to final product.

The organization shall identify the product status with respect to monitoring and measurement requirements throughout product realization.

By moving the "records" reference to the end of the sentence below, the meaning has changed from recording the product identification, to keeping any type of record associated with product traceability.

Where traceability is a requirement, the organization shall control and record the unique identification of the product and maintain records (see 4.2.4).

7.5.4 Customer Property

The change below reads better, but hasn't changed the requirement to report customer property issues to the customer and keep records.

If any customer property is lost, damaged or otherwise found to be unsuitable for use, this shall be reported to the customer and records maintained the organization shall report this to the customer and maintain records (see 4.2.4).

The existing Note has been modified to include "personal data" as an example of customer property, broadening the applicability of clause 7.5.4 to more organizations, especially service organizations.

NOTE: Customer property can include intellectual property and personal data.

7.5.5 Preservation of product

If anyone was confused over the meaning of "conformity of product" in the current text, using "conformity to requirements" should be easier to understand in the new text.

The organization shall preserve the conformity of product during internal processing and delivery to the intended destination in order to maintain conformity to requirements.

The current requirement that begins with, "This preservation shall include", doesn't give the flexibility to include, or not include, the identification, handling, packaging, storage, and protection of the product. The change below allows product preservation to be applied as appropriate.

This As applicable, preservation shall include identification, handling, packaging, storage and protection. Preservation shall also apply to the constituent parts of a product.

7.6 Control of monitoring and measuring devices

The only change to this clause is the removal of the reference to clause 7.2.1, Determination of Requirements Related to the Product.

The organization shall determine the monitoring and measurement to be undertaken and the monitoring and measuring devices needed to provide evidence of conformity of product to determined requirements (see 7.2.1) .

Stating that measuring equipment must "be identified" sounds like the organization is to add identification. However, the measuring equipment may come with the identification already in place, thus the wording change below. In addition, measuring equipment is a term that typical covers multiple devices, so the text has been changed from "the" to "their" calibration status.

Where necessary to ensure valid results, measuring equipment shall:

c. be identified have identification to enable the their calibration status to be determined;

ISO 10012:2003, Measurement Management Systems - Requirements for Measurement Processes and Measuring Equipment, replaced the ISO 10012-1 and ISO 10012-2 standards, so the reference was changed in the Note. Since other Notes were added, the first Note became Note 1.

NOTE 1: See ISO 10012-1 and ISO 10012-2 for guidance further information.

Clause 7.6 states that the organization must determine the monitoring and measuring "devices" needed to provide evidence that the product conforms to requirements. The Note below explains that these devices may be measuring equipment or other types of devices used to monitor conformity to requirements.

NOTE 2: Monitoring and measurement devices include measuring equipment (whether used for monitoring or measurement) and devices other than measuring equipment that are used for monitoring conformity to requirements.

Software development organizations may have been unsure how to confirm, per clause 7.6, that their software used for monitoring and measurement has the ability to satisfy the intended application. This new Note explains that it should include verification and configuration management for the software.

NOTE 3: Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.

The National Institute of Standards and Technology (NIST) engineers, together with colleagues from industry and other standards organizations, have completed a five-part series of standards designed to evaluate the accuracy and usability of manufacturing measurements.

The American Society of Mechanical Engineers (ASME) recently published the last in the series, B89.7.3.2 - 2007, Guidelines for the Evaluation of Dimensional Measurement Uncertainty. A copy can be obtained for $35.00. Click on the title above to go to its ASME Product Catalog entry.

B89.7.3.2 - 2007 addresses the evaluation of dimensional measurement uncertainty, with an emphasis on simplified methods for the industrial practitioner. Its introductory methods are consistent with the Guide to the Expression of Uncertainty in Measurement (GUM), the nationally and internationally accepted method to quantify measurement uncertainty.

The five-part series describes ways that measurement personnel can communicate, evaluate, and respond to uncertainties in manufactured part measurements. Adopting these standards on the shop floor should enhance manufacturing productivity and minimize the scrapping of acceptable parts, unnecessary rework, and even litigation.

In the past, shop engineers could relax if component parts varied slightly from specification. Parts just had to "fit together." However, the complexity of many current products requires more advanced measurement capabilities. The ASME standards are needed because measurements often vary each time they are made (even the temperature of the part can change the measurement result by a significant amount).

The B89.7 series also explains dimensional measurement traceability. Traceable measurements demonstrate the connection between the standard international (SI) unit of length (the meter) and the task-specific measurement under consideration; this also requires an uncertainty statement describing the accuracy of the measurement result.

The B89.7 series addresses:

• the role of measurement uncertainty when accepting or rejecting products based on a measurement result and a product specification;
• economically efficient methods to overcome differences between two parties in the evaluation of measurement uncertainty;
• how to determine the economically appropriate decision to accept or to reject a product due to measurement uncertainty; and
• ways to demonstrate dimensional measurement traceability to the SI unit so that all parties can be sure of the reliability of their measurements.

The TL 9000 standard (based on ISO 9001:2000) specifies requirements for suppliers of telecommunications products: hardware, software, and/or services.

A summary document that identifies the unique TL 9000 Release 4.0 requirements has been placed in the Resources section of our web site. The ISO 9001:2000 clause numbers and titles have been boxed in the text to set them off from the TL 9000 R4.0 requirements. The ISO 9001:2000 requirements were not included since the focus of the document is on the TL 9000 R4.0 adders.

TL 9000 identifies its extra requirements as being C = Common, or specific to Hardware (H), Software (S), Services (V), or unique to Hardware-Software (HS) or Hardware-Services (HV). See a copy of the TL 9000 R4.0 Handbook for the full text of the actual TL 9000 R4.0 requirements.

For more information about the TL 9000 R4.0 Handbooks, see the article in our March 2007 newsletter. An excerpt from the summary document at our web site is shown below.

5.3 Quality Policy

5.4 Planning

5.4.1 Quality Objectives

5.4.1.C.1 Quality Objectives

Include quality targets for the measurements in the TL 9000 Measurements Handbook.

5.4.2 Quality Management System Planning

5.4.2.C.1 Long and Short Term Quality Planning

Include long and short-term plans with goals for improving quality and customer satisfaction. Monitor and report performance to these goals.

These plans must address the business factors relevant to the organization and its customers, including performance objectives established jointly with selected customers.

5.4.2.C.1 - Note 1

Example factors that might be considered for planning are cycle time, customer service, training, cost, delivery commitments, and product reliability.

5.4.2.C.1 - Note 2

Top management should demonstrate their active involvement in the long and short-term quality planning.

ISO 9001:2000
Understanding ISO 9001:2000
Implementing ISO 9001:2000
Quality System Documentation
ISO 9001:2000 Internal Auditor
ISO 9001:2000 Lead Auditor

ISO 14001:2004
Understanding ISO 14001:2004
Implementing an EMS
ISO 14001:2004 Internal Auditor
ISO 14001:2004 Lead Auditor

ISO/TS 16949:2002
ISO/TS 16949:2002 Internal Auditor
ISO/TS 16949:2002 Lead Auditor
Understanding and Implementing ISO/TS 16949:2002

AS9100B:2004
AS9100 Internal Auditor
Implementing AS9100
AS9100 Lead Auditor

ISO 17799 / ISO 27001
ISO 17799 - Understanding an ISMS
ISO 17799 - ISMS Implementation
ISO 27001 - ISMS Internal Auditor
ISO 27001 - ISMS Lead Auditor

ISO 20000
Understanding ISO 20000
Implementing ISO 20000
ISO 20000 Internal Auditor

ISO 22000
Understanding ISO 22000
ISO 22000 Internal Auditor

ISO 13485:2003
Understanding ISO 13485:2003
ISO 13485:2003 Internal Auditor
Implementing ISO 13485:2003
ISO 9001 Lead Auditor - ISO 13485 Emphasis

Capability Maturity Model Integration
Introduction to CMMI v1.2

Six Sigma
Introduction to Statistics
Green Belt Certification
Black Belt Certification

Discounts
Enroll and pay for an Atlanta class 30 days in advance and receive a 10% discount. Students at previous Atlanta classes receive a 20% discount on future Atlanta classes.

Books
See our list of ISO 9001, Auditing, and Six Sigma books. Includes book descriptions and links to Amazon.

© 2000-2007 Whittington & Associates, LLC