Is Testing ever a legitimate Risk Mitigation?

funkgirl

Involved In Discussions
In my experience and understanding of risk management techniques and ISO 14971, mitigation of identified risks is achieved by designing the risk out of the device. Testing itself is not something I've ever seen as a mitigation. Let's say biocompatibility. The mitigation is to select materials that are known or expected to be safe for the intended use (in my case, implantation). The ISO 10993 testing is the verification that the mitigation of selecting appropriate materials mitigated the risk.

I've recently started with a new company who use testing as the mitigation itself, which does not click for me at all. Is this inappropriate or just taking me out of my comfort zone?

For consideration, the device is an implantable tissue-based product and has no software and no mechanical elements.

Thanks in advance for a sanity check!

Tina
 

Marcelo

Inactive Registered Visitor
Risk control, the ways risks are reduced, is performed by three options:
a) inherent safety by design;
b) protective measures in the medical device itself or in the manufacturing process;
c) information for safety.

Testing is not one of them.

Testing usually is part of the verification of implementation and/or effectiveness of a risk control measure.

In relation to your comment on biocompatibility (which is related to the medical device, not to materials), the risk controls are not only related to selecting materials. In fact, you apply the process of ISO 10993 together with ISO 14971 to deal with biological hazards.

Some of the possible controls are reduction of exposure routes or time, change of materials, or change to production processes to eliminate residues or additives. Sometimes you need to use them all.
 

funkgirl

Involved In Discussions
Thanks Marcello! Here are a few examples of what I'm dealing with - any thoughts?

B7.1 Patient infection caused by loss of sterility due to packaging failure
4
2
R2
B7.1.1 Product labelling states that the product should be discarded if the packaging is breached
B7.1.2 Shelf life testing verifies package integrity throughout the specified shelf life and following simulated transportation


B2.2 Adverse reaction due to high endotoxin concentrations from failure of manufacturing process to reduce endotoxins to concentrations known to be safe
3
3
R2
B2.2.1 Endotoxin testing is a batch Release Specification
B2.2.2 Endotoxin testing requirement as part of Design Verification
B2.2.3 Endotoxin testing requirement as part of Process Validation
 

Marcelo

Inactive Registered Visitor
any thoughts?

Yes, you (or someone in your company responsible for risk management, including biological risk evaluation) should probably try to better understand ISO 14971 and ISO 10993-1 :p

Regarding your examples...

In the first example, I understand that the risk control measure is to have a package which has a specified reliability during the device lifecycle. The testing, as I mentioned in the previous post, would verify the risk control, but it's not the risk control.

The second example makes even less sense, as I mentioned you should follow ISO 10993-1 together with ISO 14971 as detailed in ISO 10993-1 (you can also check ISO TR 15499).
 

rothlis

Involved In Discussions
I ran across this comment today and wanted to propose that the "test" mitigations are not quite as out of touch with reality as it might appear. While I agree that the mitigations should identify the control rather than the verification, it is not so unusual to specify a risk control with a known test in mind as the means for establishing the acceptance criteria. Keep in mind that risk controls need to trace to requirements and verification, and verification needs the requirement to provide an objective metric for the verification. So, in the biocompatibility example, it actually might not be considered sufficient if the mitigation just says "Use materials that are known or expected to be safe" because 'safe' is too ambiguous to verify objectively. However, if the mitigation said "Use materials which meet the requirements of ISO 10993-1" then you have something explicit and objectively verifiable and, if you think about it, this really isn't much different from saying "Materials are tested to ISO 10993-1".
 

Peter Selvey

Leader
Super Moderator
This is one of those cases where it depends on the context or situation.

Many risk controls are state of the art and well established. In such a case it's common to fudge over the details, with good reason.

For example, in an electrical device, I could write a medium sized book about the safety issues associated with just the appliance inlet (fire, thermal, cord retention, corrosion, electrical insulation, electrical conductivity, mechanical rigidity, fixing means; detailing the true risk controls from raw materials, physical characteristics, design tests, production controls, installation and more).

But instead we mumble something about "fire" and "electric shock" and refer to "IEC 60601-1 test" as a risk control.

There are times when this oversimplification is a problem. For example, a manufacturer recognises that water ingress is a potential issue. Instead of designing in features that provide water protection, they actually use testing as a risk control. They do the test, and some water gets in. Then they decide the location is OK, nothing bad happened, and judge the risk is acceptable.

Why is this wrong? In practice, a test is far from comprehensive. It's difficult to cover all the possible permutations, settings, conditions, options, variations in production, ageing and so on. Instead, most tests are more like spot checks. This approach works well when combined with good design and reasonable design margins (i.e. a little overkill). So, a good designer will add waterproof gaskets and position the remaining ventilation holes to places where the water won't be able to get near critical parts. The designer is then confident of a pass result before the test is performed.

That said, an experienced manufacturer might do all that stuff (gaskets, sensible vent holes) without spelling it out in the risk management file. So it could still end up like the first case, where the risk control is referred to as "IPX2 test".

Purists might argue that it's better to spell everything out just in case, to avoid the former try-and-see situation. It means, the literal risk control (gaskets and vent hole positions) should be referred to as the risk control, and IPX2 test is just verification.

But I think that is naive, because it does not take into account the true real volume of risk controls in a typical medical device. I suspect there are >>10,000 risk controls in a medium risk medical device (remember the number of issues handled by a simple appliance inlet, let alone thinking about functional and performance issues). And even referring to a "gasket" is major oversimplification; a gasket designer would be happy to talk for hours about the detail of what goes into reliable gasket design.

The true problem that ISO 14971 does not have a filter function to allow manufacturers to switch between different levels of documentation, ranging from no documentation (if it's already well covered by normal practice, standards and state of the art), through to detailed documentation for example in the case of new solutions, where R&D is required to establish the type and parameters of the risk control, or special cases where conflicting design or other issues force a level of risk to remain.

Instead we end up with a file full of fluff which naive auditors can easily find some meaningless semantics to argue about.

And, the final point (sorry!) is that if designers are so bad that they use a test-first approach instead of good design, semantics isn't going to fix things. This is a real concern with the rise of copy cat manufacturers that see a medical product and say "hey, I could make that at 1/3 the price" only to find they are way out of their depth. We need auditors with the guts to write a non-conformity report citing a lack of qualification and experience, not about the semantics in a risk management file.

:2cents:
 

funkgirl

Involved In Discussions
Hi Peter! This is Tina O'Brien from New Zealand - formerly with FPH Regulatory Affairs. Thank you so much for your response - it's very helpful in forming my argument for modifying the practice at my new company.
 
Top Bottom