Subscribe to newsletter

How Risk Management is integrated in the revised ISO 13485:2016

#How Risk Management is integrated in the revised ISO 13485:2016

The word “risk” is mentioned over 15 times in the revised ISO 13485:2016; which is considerably more compared to the previous version, where it is mentioned twice. In the ISO 13485:2003, risk management was applicable for activities related to product realization, including the design and development of medical devices.  The revised ISO expands risk management to more processes; e.g., purchasing and training. This means quality management systems need to be updated.

In the new ISO 13485:2016 clause 4.2.1 it is mentioned: The organization shall apply a risk-based approach to the control of the appropriate processes needed for the quality management system. Anything that affects the quality system needs to be viewed from that risk perspective. This is nothing new, but what are appropriate processes? In general, the revised ISO requests companies to make risk-based decisions related to purchasing and product realization activities and other aspects of the quality management system, like training.

The term risk, used in the standard, pertains to safety or performance requirements of the medical device, or meeting applicable regulatory requirements. Failure Mode Effect Analyses (FMEA) are typically used to assess design or production controls, but can also be used to incorporate other aspects of the quality system. Below, several chapters of the ISO 13485:2016 are highlighted, the italic phrasings are literally from the standard, and it is explained how risk management can be implemented pragmatically. Clauses regarding risk management that were already addressed in the previous version of the standard, are not dealt with as they are already known for many years. But first, to define the right mind-set, the definition of risk and risk management, according to the revised standard, is the following:

Clause 3 Terms and definitions

Definition: risk

"combination of the probability of occurrence of harm and the severity of that harm" - [SOURCE: ISO 14971:2007, 2.16]

Definition: risk management

"systematic application of management policies, procedures, and practices to the tasks of analysing, evaluating, controlling and monitoring risk" - [SOURCE: ISO 14971:2007, 2.22]

Clause 4 Quality management system

4.1 General requirements


When the organization chooses to outsource any process that affects product conformity to requirements, it shall monitor and ensure control over such processes. The organization shall retain responsibility of conformity to this International Standard and to customer and applicable regulatory requirements for outsourced processes. The controls shall be proportionate to the risk involved and the ability of the external party to meet the requirements in accordance with 7.4. The controls shall include written quality agreements.

When processes are outsourced, the standard requires that the controls that are going to be put in place for suppliers should be considered from a risk perspective. It starts with the selection of the supplier. Consider that the purchased item is a critical component for the device, what will be the risk if the supplier does not have a Quality Management System, including aspects like a complaint handling process? And when the supplier is selected, what happens if the supplier doesn't meet the specifications of the purchased components? How will that affect the final device? The standard determines that organizations should consider such risks and that they should have risk controls in place to mitigate possible hazards.


The specific approach and activities associated with software validation and revalidation shall be proportionate to the risk associated with the use of the software.

For some cases where software is used, the approach is straightforward. If electronic batch records are used, the risks of the software should be considered, which is normal routine. Also for implementing ERP-software systems, a risk-based approach is appropriate in the organization. But what if data of equipment is sent to a server and used in an Excel-spreadsheet to determine the process capability of the equipment, should that be validated? Software validation can be very complex and organizations often do not know what exactly, or how to validate the software. Therefore, a risk based approach to determine the criticality of the software is strongly recommended, it provides justification that any possible hazard of the software has been anticipated.

Clause 6 Resource management

6.2  Human Resources

The methodology used to check the effectiveness of a training is proportionate to the risk associated with the work for which the training or other action is being provided.

The risks should be considered if the given training is not fully understood. Consideration should specifically be given to what could be the consequences, if employees interpret the essence of a certain training incorrectly and what the subsequent impact could be on a product’s quality.

The aspect ‘proportionate’ is clarified further by the following comparison:  Training on the job in the field of final inspection of a medical device should be properly checked for effectiveness, as the risk of an improperly performed inspection is fairly obvious. However, if an employee wishes to improve his or her level of the English grammar, then the check of the English course that was followed is of less importance. However, if it is a desire to have all procedures in English and the employees are not native English speakers, the risk can be considered to be higher. An ineffective training could have consequences for the safety of the device and the hazard involved. Therefore, the organization should have risk controls in place to avoid mistakes and should have preventive procedures in place also for training.

Clause 7 Product realization

7.4 Purchasing

7.4.1 Purchasing process

The organization shall document procedures to ensure that purchased product conforms to specified purchasing information. The organization shall establish criteria for the evaluation and selection of suppliers. The criteria shall be proportionate to the risk associated with the medical device. And non-fulfillment of purchasing requirements shall be addressed with the supplier proportionate to the risk associated with the purchased product and compliance with applicable regulatory requirements.

The extent of verification activities shall be based on the supplier evaluation results and proportionate to the risks associated with the purchased product. When formulating a risk-based approach to evaluate new or existing suppliers, it is important to first identify the critical control points for the purchased component. These are the points in the process, where failure could result in significant harm to patients and to the business. FMEA can also be used to identify areas of significant risk at suppliers that demand special attention and to ensure that the risk stays as low as possible.

Clause 8 Measurement, analysis and improvement

8.2 Monitoring and measurement

8.2.1 Feedback

The organization shall document procedures for the feedback process. This feedback process shall include provisions to gather data from production as well as post-production activities. The information gathered in the feedback process shall serve as potential input into risk management for monitoring and maintaining the product requirements as well as the product realization or improvement processes.

With feedback obtained from users, patients, and other stakeholders, an organization could consider changing the design of a medical device or certain processes, e.g. production, shipping, etc. In the case where a device should be stored and distributed in a temperature range of 15 - 25 °C, which is assumed “room temperature”, consider what would be the harm to the safety and performance of the device when it is shipped by plane under “normal” conditions. Is the impact negligible when shipped at higher or lower temperature? So the question is whether the actual situation is aligned with the required temperature range? And if not, would this result in negative feedback from the user? Feedback needs to be evaluated and could be an input to risk management, bearing in mind the safety of the patient and performance of the device.

8.3 Control of non-conforming product

8.3.4 Rework

The organization shall perform rework in accordance with documented procedures that take into account the potential adverse effect of the rework on the product.

The heading of this sub-clause is new in the standard, however, the clause itself remains the same. The word “risk” is not mentioned in this clause, but “adverse effect” can be understood as a risk. Certainly something to focus on; if rework of the device can occur before or after delivery, it should be considered which risks are introduced into the device. For example, the device is packaged and during inspection there is an irregularity in the seal, could the device be re-packaged? And how many times is re-packaging allowed? And what is the effect of the device during re-packaging? Is extra heat treatment safe for the device and will the device still function according to the requirements? Are the features of the whole batch of devices completely equal with the included reworked devices and what is the hazard of having differences of these features in one batch?

Also, if the device has been delivered and is returned due to a non-conformity (e.g. equipment for analyzing purposes), the potential risks should be considered, before being returned back into the field.


From the above explanation of several clauses of the revised ISO 13485:2016 standard, it is clear that the new standard puts more emphasis on risk management; there are more but also different sorts of activities, in comparison to the previous standard. Selected software for supporting the product realization processes should be challenged with risk management. Focus should also be kept on training. Could this training affect the safety or performance of the device, and what are the risks and hazards if the training is misunderstood or wrongly interpreted. And further, what will be the impact on the device when selecting a new supplier or when the device is reworked? With a pragmatic approach and the examples given above, each organization should be able to update its quality management system appropriately. The result will not only be compliance to the risk management requirements of the new standard but also the better allocation of the organization’s resources, i.e. the activities that would benefit most, will be appropriately addressed.

For consideration:

Although the standard mentions nothing about risk management regarding management reviews, these meetings are a huge opportunity for achieving improvements. When conducting management review meetings, it should be specifically addressed how risk management is incorporated into the areas under review. As mentioned before; all Quality Management System processes can be approached risk based.

Blog by: Claar van Berge Henegouwen

Request a review!


#Hoe geef je vorm aan de GDS norm?

Batchdefinitie, training van personeel, validaties en kwaliteitssystemen zijn speerpunten tijdens GDS inspecties door de IGZ. Bent u er klaar voor? Lees er meer over in deze blog.

Om de patiënt te ondersteunen bij de therapietrouw wordt er al langere tijd gebruik gemaakt van geautomatiseerde geneesmiddeldistributiesystemen (GDS).  Geneesmiddelen worden daartoe in een apotheek verpakt in doseringseenheden die het de patiënt eenvoudiger maken om op tijd de juiste medicatie te gebruiken.

In 2015 en 2016 heeft de Inspectie voor de Gezondheidszorg (IGZ) de inspectie van apotheken met GDS activiteiten hoog op de agenda staan. De kans is reëel dat de Inspectie langskomt of al langs geweest is in uw apotheek om te toetsen of uw apotheek voldoet aan de GDS norm. Bent u hierop voldoende voorbereid?


In 2002 bracht de IGZ een rapport uit naar aanleiding van inspecties bij 11 GDS apotheken. Eén van de aanbevelingen van dit rapport was het opstellen van een veldnorm, met het advies GMP (Goede Manieren van Produceren) voor bepaalde onderdelen te hanteren.

In 2007 heeft het KNMP bestuur de eerste versie van de GDS norm vastgesteld, gevolgd door een herziening in 2011. Volgend jaar viert de norm haar tienjarig bestaan. In de praktijk blijken er verschillen in verwachting te bestaan tussen de IGZ en de GDS apotheken, over de interpretatie van de GDS norm. De IGZ bevindingen tonen aan dat bijna 10 jaar na het vaststellen van de GDS norm veel GDS apotheken nog niet op het afgesproken niveau zijn.

Xendo heeft meer dan 25 jaar ervaring in de interpretatie en implementatie van GMP en aanverwante kwaliteitssystemen.

Vanuit onze ervaring willen we onze gedachten over de volgende actuele onderwerpen delen:

  1. Kwaliteitsysteem
  2. Training (van personeel)
  3. Batchdefinitie en batchgewijs werken
  4. Validaties


Een belangrijk doel van een goed functionerend kwaliteitssysteem is het vastleggen van wat er is gedaan, wanneer en door wie.  De bekende en uiterst belangrijke  hoofdregel van GMP is “als het niet is opgeschreven, is  het niet gedaan”.  De andere even bekende en belangrijke hoofdregel sluit daar naadloos op aan:  “Doe wat je zegt en zeg wat je doet”.  Indien beide regels goed zijn ingevoerd is er volledige traceerbaarheid van inkomend materiaal naar het eindproduct en weer terug (of vice versa). Deze transparantie is noodzakelijk volgens GMP, maar ook volgens de GDS norm. Het betekent dat het GDS proces is vastgelegd in eigen procedures en werkinstructies (GDS 3.1.1).  Hier aan toegevoegd zijn invulformulieren, logboeken en elektronische systemen.  Wijzigingen en gesignaleerde fouten worden eenduidig vastgelegd zodat de zorgvuldigheid waarmee men altijd al heeft gewerkt ook aantoonbaar is voor de Inspectie (GDS 5.4.1 en 5.4.2). Om alle documenten op elkaar te laten aansluiten is het belangrijk dat het kwaliteitssysteem daarover helderheid en overzicht verschaft. In het geval waar documentatiesystemen ‘organisch gegroeid’ zijn kunnen eventuele extra eisen of aanpassingen niet gemakkelijk in de documentatiesystemen doorgevoerd worden.  Dat kan de oorzaak zijn dat integrale aanpassingen aan  documentatiesystemen lang zijn uitgesteld  of helemaal niet uitgevoerd. De onvermijdelijke extra documenten worden dan los toegevoegd en de gewenste overzichtelijke documentatie piramide valt op enig moment uiteen in een hoopje los zand.

Training (van personeel)

Om een variatie op een bekend gezegde te gebruiken:  ‘Een kwaliteitssysteem is zo goed als de zwakste schakel’. 

Het is belangrijk dat iedere medewerker aantoonbaar geschikt is voor het werk dat hij of zij doet. Training binnen een GDS organisatie is dan ook uitermate belangrijk (zie GDS 1.2). Dit betreft training over de opzet en structuur van het documentatiesysteem en in het bijzonder training van alle van toepassing zijnde procedures en werkinstructies. De vastlegging van de trainingen is van belang voor de aantoonbaarheid. Dit lijkt logisch, echter is in de praktijk niet altijd vanzelfsprekend. Gelukkig is dit goed op te pakken. Onze ervaring is dat iedereen graag wil weten hoe het moet en wil meewerken om het proces te verbeteren, zeker als medewerkers zelf mogen meedenken en bijdragen.

Batchdefinitie en batchgewijs werken

De GDS norm (3.2.3) vereist een definitie van een batch en laat tegelijkertijd  ruimte om deze zelf te definiëren, dit kan dan ook per GDS apotheek verschillen. Bij de definitie wordt gekeken naar een optimum tussen de grootte van de batch, samenhang binnen de batch en de inrichting van het productieproces. Op deze manier wordt het productieproces inzichtelijk en controleerbaar gemaakt. Batchgewijs vrijgeven geeft een groot vertrouwen dat producten op een juiste en consistente manier zijn geproduceerd en geschikt zijn voor de patiënt.


In de GDS apotheek geldt dat zowel de apparatuur als de processen gevalideerd moeten zijn (GDS 2.6.2).

Valideren betekent het verkrijgen van (gedocumenteerd) bewijs dat een specifiek proces of apparaat consequent resultaten produceert die voldoen aan vooraf vastgestelde specificaties en/of eisen. Het validatieproces bevat verschillende stappen beginnend bij een zogenaamde User Requirement Specifications (URS), gevolgd door een aantal kwalificatiestappen (IQ, OQ en PQ). Denk bijvoorbeeld aan validatie van het (GDS) apparaat (en eventuele fotocontrole), de aansturingssoftware en toegangsrechten van gebruikers(groepen). Ook de validatie van de schoonmaak van de GDS machine is belangrijk. Het uitvoeren van een validatie vereist de nodige tijd en kan best een uitdaging zijn wanneer u voor het eerst een validatie uitvoert, echter de winst zit in het feit dat objectief aangetoond wordt dat een apparaat of proces een voldoende mate van zekerheid biedt voor het beoogde doel. Daarnaast wordt tijdens het validatietraject kennis vergroot van de systemen en processen.

Tot slot

De kwaliteit van de GDS apotheek wordt sterk bepaald door de aanpak van de vier genoemde onderwerpen. Hiernaast zijn er diverse andere relevante onderwerpen die mede van belang zijn voor het aantonen van optimale productkwaliteit en borgen van patiëntveiligheid.

Patiënt en IGZ mogen verwachten dat hun producten van hoge, aantoonbare kwaliteit zijn en tijdig geleverd worden; dit is tegelijkertijd de grote uitdaging waar de GDS apotheken voor staan. Hierbij geldt een bekend citaat: “Het leveren van kwaliteit kost geld, het niet leveren van kwaliteit kost kapitalen”.

Wilt u reageren neem dan contact of bent op zoek naar advies op maat? Neem dan gerust contact op of bezoek ook eens onze website.

Blog door: Mathijs Addink MSc PharmD - Xendo
Contact:  Hanny Nelis - Managing consultant, Xendo

The revised Annex 16 on QP  Certification and Batch  Release, are you prepared?

#The revised Annex 16 on QP Certification and Batch Release, are you prepared?

As far as changes in GMP legislation effect our daily work, the revised Annex 16 might prove to be quite a transformation. To account for rapid changes in the pharmaceutical landscape, the revision has been adapted substantially to include just about every development in the last fourteen years as well as new legislation coming into force. Especially the Qualified Persons (QP) will most likely see their workload increase to be able to ensure that batches are certified in a GMP compliant manner prior to their release. Because schedules are tight as it is, we have summarized some significant changes to the revised Annex 16 to get you up to speed.


After considerable time, on 15 April 2016 the revised version of Annex 16 will replace the one that has been in effect since January 2002. The revision process started back in October 2011 with an EMA Concept Paper on Revising Annex 16  followed by a Public Consultation from 5 July to 5 November 2013 for which no less than 30 reactions have been received. Finally resulting in a document which should probably last for quite some time.

Structure of the document

One of the changes that is difficult to miss, is the restructuring of the document. Sections containing different scenarios related to the origin of manufacture and possible existence of a mutual recognition agreement (MRA) have been omitted and the order has been changed to reflect the process of certification of a batch followed by GMP assessment by third parties, handling of unexpected deviations and finally the release of a batch.

Complexity of the supply chain and falsified medicines

Supply chains can be increasingly complex as more and more countries are involved, even in the EU. Each manufacturing site in the EU is obliged to have at least one QP (1.4) and Appendix I is added to prescribe the contents of the confirmation statement on the partial manufacturing (transfer of QP responsibilities between sites). The contents of a batch certificate needed for the certification are described in Appendix II.

The entire supply chain has to be documented, in a diagram for example (1.7.2).  Risks should be determined through risk assessments and safeguards should be built in to reduce the risks of falsified medicines finding their way into the supply chain ( 1.5.7). All arrangements between sites and parties should be in the form of written agreements.

For companies operating outside of the EU Annex 16 has another effort at hand. For medicinal products manufactured outside the EU and destined for release in the EU or for export, the complexity of the supply chain and locations of manufacturing sites is even higher. So basically the same process of certification is applicable, however with additional requirements (1.5). Mentioned specifically, are the storage and transport of a batch and any samples taken at the manufacturing site, for instance. This is allowed as long as these samples are fully representative for the batch. Formal quality risk management is required to support this assumption and the procedure should also be justified and documented (1.5.6).

New legislation for active pharmaceutical ingredients and excipients

In 2013, the import of active pharmaceutical ingredients (APIs) from outside the EU has been subjected to additional measures according to the ‘falsified medicines directive’ (2011/62/EU).  APIs can only be imported if they are accompanied by a written confirmation from the competent authority of the exporting third country stating compliance of the manufacturing process and the manufacturing site with EU GMP.  

Also in 2013 the revised GDP guidelines (2013/C 343/01) came into force,  containing requirements for GDP to cutback the number of falsified drug substances and drug products and requiring additional tasks for the supply chain that should be covered in quality agreements. Recently, legislation for excipients has been issued (Guidelines 2015/C 95/ 02). It is now required to carry out formalised risk assessment for ascertaining the appropriate GMP for excipients of medicinal products for human use.

The QP has to assure compliance with all legal requirements mentioned above.

Investigational medicinal products

The revised version specifically mentions inclusion of investigational medicinal products (IMPs) whereas the previous Annex 16 may be applied for IMPs.

Responsibilities of the QP

The revision specifies the responsibilities in much more detail. According to section 1.6, the QP must now personally ensure that several operational responsibilities are fulfilled prior to certification of a batch. These comprise of:

  • permission for certification under the terms of the manufacturing and importation authorisation (MIA)
  • compliance with national legislation
  • use of a register to record the certification.

In addition, the QP has the responsibility for ensuring that 21 points  are secured. In comparison to section 8 of Annex 16 of July 2001, at least 10 additional items have been added:

  • supplier management of starting materials and excipients (1.7.6)
  • GMP and GDP compliance of APIs (1.7.7) 
  • importation of APIs (1.7.8)
  • manufacturing of excipients (1.7.9)
  • TSE status (1.7.10)
  • finished product quality control (1.7.13)
  • regulatory post-marketing commitments (1.7.14)
  • technical agreements (1.7.18)
  • self-inspection programmes (1.7.19)
  • arrangements for distribution and shipment (1.7.20)
  • safety features of the packaging (1.7.21)

It is evident that all these duties may be delegated to other (trained) personnel or third parties. As a result of this the QP should have on-going assurance that reliance on the pharmaceutical quality system is well founded. In case third parties are involved this assurance should be done in accordance with Chapter 7 of Volume 4. Special attention is given to audits and the use of risk assessments to determine the critical aspects to be audited and the frequency of repeated audits (2).

Continuous training

More emphasis is placed on the requirement for the QP to have detailed knowledge of the product(s) and the processes as well as technical developments and GMP and should be able to prove continuous training regarding these aspects (1.2).

Handling of unexpected deviations

New to Annex 16 is the inclusion of the EMA 2009 reflection paper on dealing with unexpected deviations and the effect on batch certification. The QP may consider certification of the batch only when all specifications present in the MA are met, the impact has been assessed via a quality risk management process, a thorough investigation has been carried out and the root cause has been corrected. In other words: the manoeuvring space for the QP is limited, but clear.

What has not changed?

The principles of Annex 16 have not changed regarding the role of the QP in certification and subsequent batch release of medicinal products for human or veterinary use holding a MA or made for export. As always, the QP is still responsible for ensuring that each individual batch has been manufactured and checked in compliance with national laws of the Member State where certification takes place, in accordance with the requirements of the marketing authorisation (MA) and with Good Manufacturing Practice (GMP). Emphasised in the revised version of Annex 16 is that the marketing authorisation holder (MAH) has the ultimate responsibility for the performance of a medicinal product over its lifetime, its safety, quality and efficacy, as also laid down in Chapter 1 of Volume 4 

In conclusion

Several new aspects have been added to the revised edition of Annex 16, next to the restructuring of the entire Annex. As a consequence there is an increase of the  responsibilities of the QP within the EU to ensure compliance of the pharmaceutical quality system  with the requirements laid down in the MA, GMP and national legislation. To be able to do that is a challenge for pharmaceutical companies. So again, are you prepared?

Read the full text here: