Hello all,
So I'm performing risk analysis using ISO 14971:2012 for a dental software product. I've hit a brick wall on a common topic that I've searched and searched and have found tons of input but not a consistent enough stance to know what approach to take.
Most of our risk analysis for this product references a statement in the manual as a risk control. None of the hazards reach a level in which mitigation is required. Also, we have no alternative controls for these specific hazards we have listed except a prompt in the software that does not require the user to take an action (click "I understand", etc).
Please don't throw rocks quite yet.
So, I've found folks stating everything from "Labeling cannot be considered as risk control" to "Labeling must be considered, but cannot change your severity", to what I'm reading in Annex J.1 as "Information for safety is the least preferred method of risk control, to be used only when other risk control measures have been exhausted".
Someone has mentioned Annex Z as the source for not using labeling (I cannot find a statement in this section).
Again I read in section 6.2 of 14971 that information for safety is an option (albeit the lowest prioritized) as a risk control; the statement "one or more" also reinforces that if information for safety is your only control, that is your one control.
Forgive me if I've missed a section that should lead me to believe otherwise, but I'm reading verbatim from the standard that it is allowed, but not optimal. I'm preparing this for a 510(k) submission, so any feedback or rock throwing is welcomed, I just want to understand this.
Thanks
So I'm performing risk analysis using ISO 14971:2012 for a dental software product. I've hit a brick wall on a common topic that I've searched and searched and have found tons of input but not a consistent enough stance to know what approach to take.
Most of our risk analysis for this product references a statement in the manual as a risk control. None of the hazards reach a level in which mitigation is required. Also, we have no alternative controls for these specific hazards we have listed except a prompt in the software that does not require the user to take an action (click "I understand", etc).
Please don't throw rocks quite yet.
So, I've found folks stating everything from "Labeling cannot be considered as risk control" to "Labeling must be considered, but cannot change your severity", to what I'm reading in Annex J.1 as "Information for safety is the least preferred method of risk control, to be used only when other risk control measures have been exhausted".
Someone has mentioned Annex Z as the source for not using labeling (I cannot find a statement in this section).
Again I read in section 6.2 of 14971 that information for safety is an option (albeit the lowest prioritized) as a risk control; the statement "one or more" also reinforces that if information for safety is your only control, that is your one control.
Forgive me if I've missed a section that should lead me to believe otherwise, but I'm reading verbatim from the standard that it is allowed, but not optimal. I'm preparing this for a 510(k) submission, so any feedback or rock throwing is welcomed, I just want to understand this.
Thanks