The quality environment has evolved to require the use of a risk based approach throughout the quality management system. ISO 13485:2016 Medical devices—Quality management systems –Requirements for regulatory purposes published March 1, 2016, characterizes risk to include two components:
The 2016 version of ISO 13485 has an increased focus on risk compared to the prior 2003 edition of the standard. Risk management is now required throughout the quality management system (QMS) rather than being specific to product development. A risk based approach is needed for control of QMS processes. In fact, the word risk was found 40 times within the body of the ISO 13485:2016 whereas the 2003 version only mentions risk on four occasions all within Section 7, Product Realization. Table 1 identifies the sections of ISO 13485:2016 which now cite requirements for risk.