An example of risk analysis of class I MD

#1
Good morning,

My name is Marco, I'm not an expert in medical devices field. With the company where I work I must write a Technical dossier and a risk management following the iso 14971.
I've already read that ISO but i don't know how to set up the risk management report.
The product is already on the market as cosmetic. It has all the features to become a medical device.
I know that this product is really safe but unfortunatly the manufacturer never planned a periodic review.
I really don't know how to start with the risk analysis and management.
Does some format or MD's risk analysis example exist?
 
Elsmar Forum Sponsor

Tidge

Involved In Discussions
#2
A Risk Management Report should not be created in isolation to attempt to satisfy 14971. At the very least, the manufacturer should establish a Risk Management Plan that describes the device, the process/methodology used for risk management throughout the product's life cycle, and a statement about the current risk acceptability of the device.

If you were to generate a Risk Management Report document whose entire content could be reduced to "We know the product is really safe", this would not meet the intent of 14971. For multiple reasons, including that the manufacturer ought to have a mechanism by which customer complaints can feed into the risk profile while the device is available for use.
 

Ronen E

Problem Solver
Staff member
Moderator
#3
Good morning,

My name is Marco, I'm not an expert in medical devices field. With the company where I work I must write a Technical dossier and a risk management following the iso 14971.
I've already read that ISO but i don't know how to set up the risk management report.
The product is already on the market as cosmetic. It has all the features to become a medical device.
I know that this product is really safe but unfortunatly the manufacturer never planned a periodic review.
I really don't know how to start with the risk analysis and management.
Does some format or MD's risk analysis example exist?
Hi,

To me ISO 14971 is quite self-explanatory, including what a RM Report should include (the annexes are very informative and quite enlightening). BTW, an updated version (2019) is about to become available. If you feel ISO 14971 is not enough as guidance, consider also purchasing ISO 24971 - a dedicated guidance on implementing ISO 14971. The updated version is about to get published in early (January?) 2020, and I believe it's going to be useful. I wouldn't buy the 2013 version - I think it doesn't add a lot of value above and beyond ISO 14971 itself.

If you still feel that written guidance is not enough, and you (as well as anyone else in your org) lack experience in implementing ISO 14971, I strongly recommend you engage someone experienced to walk you through. Disclosure: I do this kind of work as part of my business.

Good luck!
 
#4
A Risk Management Report should not be created in isolation to attempt to satisfy 14971. At the very least, the manufacturer should establish a Risk Management Plan that describes the device, the process/methodology used for risk management throughout the product's life cycle, and a statement about the current risk acceptability of the device.

If you were to generate a Risk Management Report document whose entire content could be reduced to "We know the product is really safe", this would not meet the intent of 14971. For multiple reasons, including that the manufacturer ought to have a mechanism by which customer complaints can feed into the risk profile while the device is available for use.
Thank you for your answer.
We won't generate a Risk Management Report declaring that the product is safe. I have some problems to assign risk score. What is it based on?
About Customer complaints i was thinking to generate a SOP about the handling of complaints.
 

Tidge

Involved In Discussions
#5
We won't generate a Risk Management Report declaring that the product is safe. I have some problems to assign risk score. What is it based on?
Trying to avoid a specific implementation of RM, and also trying to not man-splain 14971: A 'risk score' can be based on

0) Hazards / Hazardous Situations / Use Cases
1) Harms (to Patients, Users, Environment)
2) P1 = Probability of a Hazardous Situation Occurring
3) P2 = Probability of a Hazardous Situation leading to a Harm

Once a manufacturer has established a methodology for scoring, prior to scoring individual devices the acceptability criteria for the (types of) devices should be established. These acceptability criteria (along with the troublesome 'As Low As Possible' refrain) are the metrics used to evaluate the risk profile of the device. This may seem counter-intuitive at first, but typically Class I devices have LOWER thresholds for unacceptability (HIGHER thresholds for acceptability) than Class II or class III devices.

Depending on the nature of the specific device, you may want to have an independent assessment of both the Harms (and their ratings) and the acceptability criteria for the types of products being manufactured. For many types of (especially simple) devices a thorough literature and database review may be sufficient. I'm not convinced that external auditors concern themselves too much with the actual genesis of risk acceptability ratings, as long as those ratings look familiar to them. It may be that the push to "As Low As Possible" with mandatory Risk Benefit Analysis for every line in a risk file has made the 'true origin' of the risk acceptability ratings meaningless.

About Customer complaints i was thinking to generate a SOP about the handling of complaints.
If so, the Risk Management Plan would reference the SOP, and the mechanism by which complaints can feed into corrective actions.
 
Last edited:
#6
Thank you very much.
I'm sorry if still I insist on the topic.
I know that an maybe auditor wants to see some tables, some calculations as R=PxG etc.
If i don't know anything about my product I cannot give a "number" assigne a "value" to calculate my risk. In my opinion (I'm not expert) it's better to establish a risk managment based on a simple HACCP (that is permitted by 14971) at least for the first year on the market as MD, than I'll have a something real and concrete to change and upgrade my risk managment.
 

Tidge

Involved In Discussions
#7
If you are trying to comply with 14971 you need to have a methodology described in an approved Risk Management Plan, and then you need to apply the methodology. Ideally, you have some documented assessment that the risks are acceptable prior to marketing the medical device.

Quite frankly: if this device has been on the market 'as a cosmetic' and the manufacturer can't calculate risks associated with the device's use as a medical device until after at least a year on the market, it sounds like the sort of medical device that is not acceptable for use. A quick search of the FDA warning letter database for 'adulterated' or 'misbranded' devices show plenty of examples of manufacturers who might have avoided those troubles by implementing a 14971-compliant process. I think there was at least one example in the past few years of a cosmetic contact lens manufacturer that ran afoul of FDA in part because the manufacturer was very lax in the area of risk management.

(perhaps) less inflammatory: Can anyone attest that they've been successful defending a risk management file that is based only on HACCP?
 

Ronen E

Problem Solver
Staff member
Moderator
#8
Quite frankly: if this device has been on the market 'as a cosmetic' and the manufacturer can't calculate risks associated with the device's use as a medical device until after at least a year on the market, it sounds like the sort of medical device that is not acceptable for use.
(My emphasis)

I respectfully disagree. ISO 14971:2007 doesn't require calculating anything. It requires assessment and evaluation.

The fact that a product has been on the market as a cosmetic is not necessarily relevant. Cosmetics are not necessarily subject to the same level of scrutiny as medical devices or pharmaceuticals, and therefore lesser postmarket data collection is not necessarily an indication of lack of manufacturer diligence or potential product adulteration. Cosmetic contact lenses are quite an extreme example in that it's almost a borderline device. A cosmetic could be something like a moisturising cream sold OTC in a supermarket - such a product could be the subject of postmarket data collection, analysis and quantitative update of the risk evaluation, but if that didn't happen I still wouldn't conclude malpractice (or even negligence) on the manufacturer's part.
 

Watchcat

Trusted Information Resource
#9
I'm not an expert in medical devices field. With the company where I work I must write a Technical dossier and a risk management following the iso 14971.
What are you an expert in? Manufacturing? Engineering? Product development? Compliance? Marketing?
 
#10
If you are trying to comply with 14971 you need to have a methodology described in an approved Risk Management Plan, and then you need to apply the methodology. Ideally, you have some documented assessment that the risks are acceptable prior to marketing the medical device.

Quite frankly: if this device has been on the market 'as a cosmetic' and the manufacturer can't calculate risks associated with the device's use as a medical device until after at least a year on the market, it sounds like the sort of medical device that is not acceptable for use. A quick search of the FDA warning letter database for 'adulterated' or 'misbranded' devices show plenty of examples of manufacturers who might have avoided those troubles by implementing a 14971-compliant process. I think there was at least one example in the past few years of a cosmetic contact lens manufacturer that ran afoul of FDA in part because the manufacturer was very lax in the area of risk management.

(perhaps) less inflammatory: Can anyone attest that they've been successful defending a risk management file that is based only on HACCP?
Good morning.
I read on the ISO that approaches as HACCP are premitted by the ISO. I don't know if someone attested in the past a successfully risk management based only on HACCP, I just know that the manufacturer has never write a risks management plan, so I have nothing to work on it.
 
Thread starter Similar threads Forum Replies Date
J Does anyone have an example of Risk-Benefit Analysis per ISO 14971? Other ISO and International Standards and European Regulations 2
A An Example of a Risk Analysis Report for a Class II Medical Device (Oxygen Mask) ISO 14971 - Medical Device Risk Management 29
B Section 7.2.2.2 Organization Manufacturing Feasibility - Risk Analysis example? IATF 16949 - Automotive Quality Systems Standard 1
O Example Risk Analysis Procedure or Flow Chart - TS 16949 Document Control Systems, Procedures, Forms and Templates 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
D Validation of existing equipment - Risk based approach example ISO 13485:2016 - Medical Device Quality Management Systems 3
M Example ISO 14971 policy and risk criteria ISO 14971 - Medical Device Risk Management 0
O Example of Turtle Diagram with Risk/Opportunities General Auditing Discussions 1
B Process Risk Assessment Example for a Manufacturing Company Quality Tools, Improvement and Analysis 2
P Example Risk Assessment for CAPA's Document Control Systems, Procedures, Forms and Templates 5
M Example of a Risk Assessement File for Medical Device Other ISO and International Standards and European Regulations 2
S Aspect vs. Impact and Hazard vs. Risk - Short/clear explanation & example Miscellaneous Environmental Standards and EMS Related Discussions 11
D AS9100C Risk Management Procedure Example AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 111
K Risk Management Policy example and advice wanted ISO 14971 - Medical Device Risk Management 3
O Supplier Risk Assessment template or example needed Supplier Quality Assurance and other Supplier Issues 5
D Risk Assessment - Problem Management Process - Seeking Model/Example Software Quality Assurance 1
M Example of statement for procedure pack MDR Article 22? Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 0
N Post Market Surveillance Package Example Wanted ISO 13485:2016 - Medical Device Quality Management Systems 1
D Calibration Process Flow Map Example Wanted General Measurement Device and Calibration Topics 3
D Redacted 510(k)s - Example wanted Document Control Systems, Procedures, Forms and Templates 14
F Hi friends, can anyone show me an example of a procedure for ISO 13485 6.4.1 Work Environment? ISO 13485:2016 - Medical Device Quality Management Systems 2
DuncanGibbons Looking for example aerospace part CAD files to be used for a case study Career and Occupation Discussions 2
Jimmy123 Example of a P-Diagram for Process FMEA - Uncontrollable noises FMEA and Control Plans 38
D Monitoring and measuring resources - Example of how section ISO 9001 7.1.5 would apply to a manufacture of software ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A ISO/TS 22163 Item 5.2.4 Safety policy - Example wanted Other ISO and International Standards and European Regulations 2
F Internal Audit - Procedure example Internal Auditing 5
I Functional Safety Analysis/Report Example IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
H Man Hour Plan 145.A.30 example needed EASA and JAA Aviation Standards and Requirements 0
R Real Example of a currently marketed Procedure Pack CE Marking (Conformité Européene) / CB Scheme 1
D Example for Accessories of "Annex XVI non-medical devices" and how to classify it now with respect ot EU MDR Other Medical Device Regulations World-Wide 1
MichaelDRoach Oganization's Self Declaration of Conformance to ISO 28000 wording example wanted Supply Chain Security Management Systems 1
A Australia TGA Medical Device Sponsor Agreement - Example or Template Other Medical Device Regulations World-Wide 11
J ISO 13485 8.4 Analysis of Data - Procedure example ISO 13485:2016 - Medical Device Quality Management Systems 1
S Question about a basic additive variance/tolerance example Quality Tools, Improvement and Analysis 2
N ISO 9001: 2015 - Example standards policies, procedures, acknowledgements and checklists ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M AS9100d (section 7.1.3) example of compliance in machine shop environment. AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
supadrai How does the FDA count violations of, for example, misbranding? (Medical Devices) Other US Medical Device Regulations 1
E Labware cleaning validation protocol example Qualification and Validation (including 21 CFR Part 11) 1
D Laboratory Manual ISO/IEC 17025 Example wanted ISO 17025 related Discussions 2
P Template or example Excel list of ISO certificates issued to clients ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
T Example wanted - Template for internal audit IATF 16949 IATF 16949 - Automotive Quality Systems Standard 1
D System Level FMEA example wanted FMEA and Control Plans 2
E Example of 9001:2015 audit report with non-conformances ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A IATF 16949 Cl. 8.4.1.2 Supplier Selection Process - assessment example IATF 16949 - Automotive Quality Systems Standard 11
D Where I can find an ISO 13485:2016 Audit Schedule example? ISO 13485:2016 - Medical Device Quality Management Systems 4
R Clinical evaluation Meddev (2.7.1 revision 4) - Example or Template EU Medical Device Regulations 4
A IATF 16949 - 9.2.2.1 Internal Audit Programme - looking for example IATF 16949 - Automotive Quality Systems Standard 5
S Looking for an example of a medical device file ISO 13485:2016 - Medical Device Quality Management Systems 1
C PFMEA example with machining (lathe+mill) FMEA and Control Plans 1
L Simple Example for PFMEA / Control Plan Training Training - Internal, External, Online and Distance Learning 1
Similar threads


















































Top Bottom