This notion of risk-based processes within quality systems is something that has become part of our formal lexicon following the release of ISO 13485:2016, the globally harmonized standard for medical device quality management systems (QMS).

Well before these risk-based processes became a quality system requirement under ISO 13485, many medical device companies were already using this type of approach, perhaps without even realizing it. This is because there’s always been an element of confusion surrounding this topic.

So, what does “risk-based” actually mean? If you look at each of the individual processes within your QMS, there can be different logic and approaches for each as they apply to risk.

From an audit perspective, some areas of your QMS will likely have a higher emphasis on risk. Supplier management has been one of those areas, attracting a great deal of attention from auditors. One main reason being how the commercialization of this industry is rapidly evolving, which impacts the way we conduct business.

 …