Risk Management Manual

XXX SDN.BHD.
RISK MANAGEMENT MANUAL
Doc. No.: Revision: 0

Page: 1 of 20
TABLE OF CONTENTS
DOCUMENT TITLE PAGE

NUMBER
PREFACE
A) Company Profile
B) Scope and Field of Application
C) Field of Application
1. SCOPE
2. DEFINITION
3. HACCP SYSTEM REQUIREMENTS
XXX SDN BHD Organization Chart Appendix I
Assemble RISK MANAGEMENT Team Member Appendix II
XXX Documents & ISO 14971: 2001 Cross References Appendix III
XXX SDN.BHD.

Page: 2 of 20
PREFACE
A) COMPANY PROFILE
Pls add in your company profile

XXX SDN.BHD.

Page: 3 of 20
C) SCOPE AND FIELD OF APPLICATION
This manual describes system requirements for contracts between XXX SDN BHD and her customer, and
demonstrates XXX SDN BHD’s capability to control the processes that determine the acceptability of product
supplied at the location of specified below :-
General Information
Company : XXX SDN BHD
Address : Pls add in your company address.
Telephone No. :
Facsimile No. :
Website :
E-mail :
Factory Size : 11.16 Acres.
No of Employee : xxx persons
Shift Operation : Not applicable

XXX SDN.BHD.

Page: 4 of 20
1. SCOPE
Standard for Certification
ISO 13485 : 2003
Guidance Standard
ISO 14971: 2000
Scope of Registration
Safe processing of product as below from the time of receiving, processing and delivery of finished
products. The hazards addressed are biological, environmental, physical, mechanical hazards and etc.
Products Registered:
XXX SDN.BHD.

Page: 5 of 20
2. DEFINITION
2.1 Terms and Definition
Terms Definition
Harm Physical injury or damage to the health of people, or damage to property or the
environment.
Hazard Potential source of harm.
Hazardous Circumstance in which people, property or the environment are exposed to one or more
Situation hazard(s).
Residual Risk Risk remaining after protective measures have been taken.
Risk Combination of the probability of occurrence of harm and the severity of that harm.
Risk Analysis Systematic use of available information to identify hazards and to estimate the risk.
Risk Assessment Overall process comprising a risk analysis and risk evaluation.
Risk Control Process through which decisions are reached and protective measures are implemented
for reducing risks to, or maintaining risk within, specified levels.
Risk Evaluation Judgment, on the basis of risk analysis, of whether a risk which is acceptable has been
achieved in a given context based on the current values of society.
Risk Management Systematic application of management policies, procedures and practices to the tasks of
analyzing, evaluating and controlling risk.
Risk Management Set of records and other documents, not necessary contiguous, that are produced by a risk
File management process.
Safety Freedom from unacceptable risk.
Severity Measure of the possible consequences of a hazard.
Principle 1 Carry out Risk Analysis to identify hazard(s) associated with a medical devices
Principle 2 Carry out Risk Evaluation to estimate and evaluate the associated risk.
Principle 3 Carry out Risk Control to control the risks and monitor in the effectiveness of the
control.
Principle 4 Compiling the post-production information.
Principle 5 Establish documentation concerning all procedures and records appropriate to these
principles and their application.
Based on EN ISO 14971: 2000 Annex D

XXX SDN.BHD.

Page: 6 of 20
2.2 Type of Hazards
Types Example
Biological hazards These include bio-contamination, bio-incompatibility, incorrect formulation
(chemical composition), toxicity, allergenicity, mutagenicity, oncogenicity,
teratogenicity, carcinogenicity, re-and/or cross-infection, pyrogenicity, inability
to maintain hygienic safety, degradation.
Environmental hazards These include electromagnetic fields, susceptibility to electromagnetic interface,
emissions of electromagnetic interference, inadequate supply of power,
inadequate supply of coolant, storage or operation outside prescribed
environmental conditions, incompatibility with other devices with which it is
intended to be use, accidental mechanical damage, contamination due to waste
products and/ or medical device disposal.
Physical & Mechanical Hazards arising from functional failure, maintenance and ageing and
hazards contributory factors. These include erroneous data transfer, lack of, or inadequate
specification for maintenance including inadequate specification of post-
maintenance functional checks, inadequate maintenance, lack of adequate
determination of the end of life of the medical device, loss of electrical/
mechanical integrity, inadequate packaging (contamination and/ or deterioration
of the medical device), re-use and/ or improper re-use, deterioration in function
(e.g. gradual occlusion of fluids/ gas path, or change in resistance to flow,
electrical conductivity) as a result of repeated use.
Others Hazards resulting from incorrect output of energy and substances. These include
electricity, radiation, volume, pressure, supply of medical gases, and supply of
anaesthetic agents.
Hazards related to the use of the medical device and contributory factors. These
include inadequate labeling, use by unskilled/ untrained personnel, sharp edges
or points etc
Energy hazards. These include electricity, heat, mechanical force, vibration,
magnetic fields etc.
Hazards due to inappropriate, inadequate or over-complicated user interface
(man/ machine communication). These include mistakes and judgment errors,
complex or confusing control system, ambiguous or unclear device state,
insufficient visibility, audibility or tactility etc.
Based on EN ISO 14971: 2000 Annex D

XXX SDN.BHD.

Page: 7 of 20
3.0 General Requirements for Risk Management
3.1 National or Regional Regulatory Requirements

XXX shall establish, document and maintain a Quality Management System to ensure that all known
potential risks within the field of Application of Risk Management to Medical Devices are identified and
that all relevant risks are controlled in such a manner that the products of our company do not harm the user
/ consumer. Cross-references of the XXX procedures & ISO 14971 Clauses shall refer to Appendix III.
Where appropriate, the XXX shall comply to relevant national or regional regulatory requirements
which applicable to the manufactured medical devices.
3.2 Risk Management Process

The XXX shall establish and maintain a process for identifying hazards associated with medical
devices, estimating and evaluating the associated risks, controlling these risks and monitoring the effectiveness
of the control. The XXX shall documented the risk management process which include:
(a) Risk Analysis
(b) Risk Evaluation
(c) Risk Control
(d) Post-production Information
The XXX shall also document the new product design/ development process and shall incorporate the
appropriate parts of the risk management process.
Related Quality Procedures: -

1. UGM-P19 Risk Management Process Analysis
3.3 Management Responsibilities

3.3.1 Policy
The top management of our company is committed with regard to identification, evaluation and control of
risks related to product safety. The following Risk Management Policy is being established to provide a
direction to all employees to achieve our Organisation Risk Management Objective, its also provide a
framework for establishing and reviewing Risk Management objectives: -
XXX SDN.BHD.

Page: 8 of 20
PLS ADD IN YOUR RISK MANAGEMENT POLICY
In order to achieve the Risk Management Policy, employee at all levels throughout the organization shall
declare, implement and maintain the following Risk Management Objectives: -
 PLS ADD IN RISK MANAGEMENT OBJECTIVES
The Risk Management Policy & Objectives are communicated and ensures its being understood within the
organization by:
a) Displayed it at various strategic area;

b) Existing members briefed by their respective Heads on the policy;
c) New members are to be briefed during their induction/orientation.
The company’s management shall review the continuing suitability and effectiveness of the Quality
Management System at defined intervals to fulfill the requirement of customers and authorities and to
satisfy the company’s stated Risk Management Policy and meet the company’s Risk Management
objective. At least once a year the management review shall be conducted to ensure the system is effective
and up-to-date.

1. UGM-P05 Management Review
3.4 Qualification of Personnel

3.4.1 Task, Responsibilities & Authorities
The Managing Director is the leader responsible for overall Quality Management System, Risk
Management Policy and Risk Management Objective of XXX Sdn. Bhd. He shall appoint personnel who
need the organisational freedom and authority to:
XXX SDN.BHD.

Page: 9 of 20
a) Initiate action to prevent the occurrence of any non-conformities relating to the product, process and
Quality Management System.
b) Identify and record any problems relating to the product, process and Quality Management System.
c) Initiate, recommend or provide solutions through designated channels.
d) Verify the implementation of solutions.
e) Control further processing, delivery of non-conforming product until deficiency or unsatisfactory
condition has been corrected.
To achieve the above purpose, the top management shall identify resource requirements and provide
adequate resources, including the assignment of trained personnel for management, performance of work
and verification activities including internal audits.
Respective department Job Descriptions have been identified and communicated to relevant employees to
facilitate implementation of the Quality Management System. The Company Organisation Chart is set out
on Appendix I.
1. UGM-Jxx Relevant departmental Job Description
3.4.2 Risk Management Team
XXX has set up the Risk Management Team to develop, establish, maintain and review the Quality
Management System. The Risk Management Team members’ working experience and qualification are
defined in Appendix II.
The Managing Director has appointed the Technical Manager as Quality Management Representative, who,
irrespective of other responsibilities, shall have the defined authority for:
a) Ensuring that a Quality Management System is established, implemented and maintained in

accordance with Quality Management System.
b) Reporting on the performance of Quality Management System to the management for review and as
a basis for improvement of the Quality Management System.
c) Liasing with external parties on matters relating to Quality Management System.
3.5 Risk Management Plan

XXX shall prepare a risk management plan in accordance with the risk management process for the
particular medical device or accessory being considered. The risk management plan shall be part of the risk
management file.
XXX SDN.BHD.

Page: 10 of 20
This plan shall include the following:

a) The scope of the plan, identifying and describing the medical device and the life cycle phases for which
the plan is applicable;
b) A verification plan;
c) Allocation of responsibilities;
d) Requirements for review of risk management activities; and
e) Criteria for risk acceptability
XXX shall maintain the record of the plan changes during the life cycle of the medical device in the risk
management file.

3.6 Risk Management File

XXX shall record and maintain the result of all risk management activities in the risk management file for
the particular medical device or accessory being considered.

1. UGM-P02 Control of Quality Record
4.0 Risk Analysis
4.1 Risk Analysis Procedure

XXX shall maintain the record of the risk analysis record in the risk management file.
The conduct and result of the risk analysis shall include at least the following:
a) A description and identification of the medical device or accessory that was analysed;
b) Identification of the person(s) and organization which carried out the risk analysis;
c) Date of the analysis

4.2 Intended Use/ Intended Purpose and Identification of Characteristic Related to the Safety of the Medical
Device
XXX shall describe the intended use/ intended purpose and any reasonably foreseeable misuse for the
particular medical device or accessory being considered. XXX shall list those entire qualitative and
XXX SDN.BHD.

Page: 11 of 20
quantitative characteristics that could affect the safety of the medical device and, where appropriate, their
defined limits.
4.2.1 Product Information
A complete description of our product should be made to assist in the identification of all possible risks
associated with the product. The following should be taken into consideration: -
a) Information on raw materials.

E.g. Delivery method, packaging & storage conditions, preparation before use and etc.
b) Information on each product / product category.

E.g. Raw materials used, sensitive chemical identified, storage and distribution conditions.
Potential users and consumers shall be identified for each product / product category. Consumer groups
known to be especially vulnerable shall be indicated. The intended use with regard to storage, preparation
and serving. To ensure optimum consumer safety, below conditions shall be taken into consideration: -
a) Product storage, preparation and serving where applicable.

b) Distinctive product labelling, if any.
c) Product with specific requirement.
d) Product shelf life and etc.

1. - Respective Product Description
2. - Respective Raw Material &Packaging material Profile
4.2.2 Process Information
XXX product flow diagrams shall be prepared for all products / product categories covered by the scope of
the Quality Management System. The Risk Management Team shall periodically (at least once annually)
verify the product flow diagram in order to timely identify, document the changes/modifications of the
process and to be able to assess the risks for the safety in time.
The flow diagram shall include the following: -

a) The sequence of all steps in the manufacturing process including critical buffer and interim storage’s,
transport pipes, distribution valves and etc.
b) Where raw materials and intermediate product (input) join the flow (including subcontracted work).
c) Where loops for reworking and recycling take place.
d) Where intermediate products, by-products and waste (output) are removed where necessary
XXX SDN.BHD.

Page: 12 of 20
e) Provisions for cleansing and disinfections of machines, equipment and tools.

f) Provisions with start-up, shutdown, emergency, stops and etc.

2. UGM-P11 Product Realization and Production Provision Control
XXX shall maintain the records in the risk management file.
4.3 Identification of Known or Foreseeable Hazards

XXX shall compile a list of known or foreseeable hazards associated with the medical device in both
normal and fault conditions. XXX shall also identify the previously recognized hazards.
XXX shall maintain and record the list and the foreseeable sequences of events may result in a hazardous
situation in the risk management file.

4.4 Estimation of the Risk (s) for each hazard

XXX shall use the available information and data to estimate the risk (s) in both normal and fault conditions
for each identified hazard. A listing of the possible consequences for the hazards, which the probability of
the occurrence of harm cannot be estimated, shall be prepared.
XXX shall record the estimation of the risk in the risk management file.
XXX shall record any system used for qualitative or quantitative categorization of probability estimates or
severity level in the risk management file.

5 Risk Evaluation
XXX shall using the criteria defined in the risk management plan to estimate the each identified hazard.
XXX shall maintain and record the results of this risk evaluation in the risk management file.

XXX SDN.BHD.

Page: 13 of 20
6 Risk Control
6.1 Risk Reduction
When risk reduction is required, XXX shall follows the process specified in 6.2 to 6.7 to control the risk (s)
so that the residual risk (s) associated with each hazard is judged acceptable.

2. UGM-P15 Monitoring and Measurement of Product and Non-conformity Control
6.2 Option Analysis

XXX shall identify risk control measure(s) that are appropriate for reducing the risk(s) to an acceptable
level. Risk control shall consist of an integrated approach in which the XXX shall use one or more of the
following in the priority order listed:
a) Inherent safety by design;
b) Protective measures in the medical device itself or in the manufacturing process;
c) Information for safety
XXX shall maintain and record the selected risk control measures in the risk management file.
XXX shall conduct a risk/ benefit analysis of the residual risk for the further risk reduction had determined
impractical during option analysis. Otherwise, XXX shall proceed to implement the selected risk control
measures.

6.3 Implementation of Risk Control Measure(s)

XXX shall implement the risk control measure(s) selected in Option Analysis and maintain the relevant
record in the risk management file.
XXX shall verify the effectiveness of the risk control measures and maintain the record of the result of the
verification in the risk management file.
XXX shall also verify the implementation of the risk control measure and maintain the verification results
in the risk management file.

XXX SDN.BHD.

Page: 14 of 20
6.4 Residual Risk Evaluation

XXX shall using the criteria defined in the risk management plan to evaluate any residual risk that remains
after the risk control measure(s). XXX shall apply further risk control measures if the residual risk does not
meet the criteria.
XXX shall document all relevant information necessary to explain the residual risk(s) if the residual risk is
judged acceptable.

6.5 Risk / Benefit Analysis

XXX shall gather the and review data and literature on the medical benefits of the intended use/ intended
purpose to determine whether the residual risk had been outweigh, especially if the residual risk is judged
unacceptable by using the criteria established in the risk management plan and further risk control is
impractical. If this evidence does not support the conclusion that the medical benefits outweigh the residual risk,
then the risk shall remain unacceptable. If the medical benefits outweigh the residual risk, XXX shall generate
all the relevant hazards.
XXX shall maintain all the relevant information necessary to explain the residual risk and the record of the
results of this evaluation in the risk management file.

6.6 Other Generated Hazards

XXX shall review periodically on the risk control measures to identify if other hazards are introduced.
XXX shall assess the associated risk(s) if any new hazards are introduced by any risk control measures. XXX
shall maintain and record the result of this review in the risk management file.

XXX SDN.BHD.

Page: 15 of 20

3. UGM-P06 Internal Audit
4. UGM-P08 Continual Improvement
6.7 Completeness of Risk Evaluation

XXX shall assure that the risk(s) from all identified hazards have been evaluated. XXX shall maintain and
record the result of this assessment in the risk management file.

7 Overall Residual Risk Evaluation

XXX shall decide if the overall residual risk posed by the medical device is acceptable using the criteria
defined in the risk management plan after all risk control measure have been implemented and verified.
XXX shall gather the and review data and literature on the medical benefits of the intended use/ intended
purpose to determine whether the residual risk had been outweigh. If this evidence does not support the
conclusion that the medical benefits outweigh the residual risk, then the risk shall remain unacceptable.
XXX shall maintain and record the results of the overall residual risk evaluation in the risk
management file.

8 Risk Management Report

XXX shall maintain the record of results of the risk management process in a risk management report. The
risk management report shall provide traceability for each hazard to the risk analysis, the risk evaluation, the
implementation and verification of the risk control measures, and the assessment that the residual risk (s) is
acceptable. The risk management report shall form a part of the risk management file.
9 Post- Production Information

XXX SDN.BHD.

Page: 16 of 20
XXX shall establish and maintain a systematic procedure to review information gained about the medical
device or similar devices in the post-production phase. XXX shall evaluate the information for possible
relevance to safety, especially the following:
a) If previous unrecognised hazards are present;
b) If the estimated risk(s) arising from a hazard is no longer acceptable;
c) If the original assessment is otherwise invalidated.
If any of the above conditions is satisfied, the results of the evaluation shall be fed back as an input to the
risk management process
XXX shall carry out a periodically for the risk management process. If there is a potential that the residual
risk(s) or its acceptability has changed, the impact on previously implemented risk control measures shall
be evaluated.
XXX shall maintain and record the result of this evaluation in the risk management file.

2. UGM-P10 Customer Requirement, Communication and Satisfaction
4. UGM-P06 Internal Quality Audit
5. UGM-P08 Continual Improvement
XXX SDN.BHD.

Page: 17 of 20
XXX SDN BHD ORGANIZATION CHART

XXX SDN.BHD.
Doc. No.: Revision: 0 Page: 18 of 20
ASSEMBLE RISK MANAGEMENT TEAM MEMBER
Name Department Responsibility Risk Management Academic Qualification

# Job Function
1
XXX SDN.BHD.

Page: 19 of 20
XXX Documents & ISO14971: 2000 Cross-References
ISO ISO 14971:2000 System Related Document Title

14971 Element Docum
Clause ent No.
Ref.
3 General Requirements for UGM-RM
Risk Management UGM-QM
3.1 National or Regional UGM-RM
Regulatory Requirements
3.2 Risk Management Process UGM-P19
UGM-RM
3.3 Management Responsibilities UGM-QM
UGM-RM
UGM-P05
3.4 Qualification of Personnel UGM-QM
UGM-RM
UGM-Jxx
3.5 Risk Management Plan UGM-RM
UGM-P19
3.6 Risk Management File UGM-RM
UGM-P19
4 Risk Analysis UGM-RM
UGM-P19
4.1 Risk Analysis Procedure UGM-RM
UGM-P19
4.2 Intended Use/ Intended - Respective Product Description
Purpose and - Respective Raw Material &Packaging material
identification of Profile
Characteristics Related
to the Safety of the
Medical Device
4.3 Identification of Known or UGM-P19
Foreseeable Hazards
4.4 Estimation of the Risk (s) for UGM-P19
each Hazard
5 Risk Evaluation UGM-P19
6 Risk Control UGM-P19
6.1 Risk Reduction UGM-P19
UGM-P15
XXX SDN.BHD.

Page: 20 of 20
6.2 Option Analysis UGM-P19

UGM-P15
6.3 Implementation of Risk UGM-P19
Control Measure(s) UGM-P15
6.4 Residual Risk Evaluation UGM-P19

6.5 Risk/ Benefit Analysis UGM-P19
6.6 Other Generated Hazards UGM-P05
UGM-P06
UGM-P08
UGM-P19
6.7 Completeness of Risk UGM-P19
Evaluation UGM-P05
7 Overall Residual Risk UGM-P19
Evaluation UGM-P05
8 Risk Management Report UGM-RM
9 Post-Production Information UGM-P19
UGM-P10
UGM-P05
UGM-P06
UGM-P08

Risk Management Manual

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management Manual

Uploaded by

Copyright:

Available Formats

XXX SDN.BHD.

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

DOCUMENT TITLE PAGE

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

Pls add in your company profile

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

C) SCOPE AND FIELD OF APPLICATION

Company : XXX SDN BHD

Address : Pls add in your company address.

Factory Size : 11.16 Acres.

No of Employee : xxx persons

Shift Operation : Not applicable

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

Standard for Certification

ISO 13485 : 2003

ISO 14971: 2000

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

2.1 Terms and Definition

Based on EN ISO 14971: 2000 Annex D

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

2.2 Type of Hazards

Based on EN ISO 14971: 2000 Annex D

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

3.0 General Requirements for Risk Management

3.1 National or Regional Regulatory Requirements

3.2 Risk Management Process

Related Quality Procedures: -

3.3 Management Responsibilities

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

PLS ADD IN YOUR RISK MANAGEMENT POLICY

 PLS ADD IN RISK MANAGEMENT OBJECTIVES

a) Displayed it at various strategic area;

Related Quality Procedures: -

3.4 Qualification of Personnel

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

Related Quality Procedures: -

1. UGM-Jxx Relevant departmental Job Description

3.4.2 Risk Management Team

a) Ensuring that a Quality Management System is established, implemented and maintained in

3.5 Risk Management Plan

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

This plan shall include the following:

Related Quality Procedures: -

3.6 Risk Management File

Related Quality Procedures: -

4.0 Risk Analysis

4.1 Risk Analysis Procedure

Related Quality Procedures: -

RISK MANAGEMENT MANUAL

Doc. No.: Revision: 0

4.2.1 Product Information

a) Information on raw materials.

b) Information on each product / product category.