An example of risk analysis of class I MD

[Tidge]

Presumably the item in question is not an ointment or cream, but some sort of device. Personally I'm having trouble imagining what sort of 'cosmetic device' suddenly now has a medical purpose. I jumped to decorative contact lenses only because I'm aware of some past FDA crackdowns in that area. Maybe a foot spa? There are likely bigger issues with the new marketing plan than trying to comply with 14971, but a rigorous application the standard would be a benefit to the manufacturer, even if they only see having a RMP as some sort of paperwork exercise.

The fact that a product has been on the market as a cosmetic is not necessarily relevant.

The sole point of relevance I see as being potentially useful, for the specific circumstance described here: If the device has already been on the market, presumably the manufacturer is aware of the harms that arise from the use of the device because they have been taking complaints and/or collecting data about their market. If they are trying to start an assessment of risks from scratch, they absolutely need to have some basic understanding of the harms, whether they intend to 'calculate' acceptability or not.

 

[Watchcat]

I'm having trouble imagining what sort of 'cosmetic device' suddenly now has a medical purpose.

Many cosmetic devices walk a fine line between cosmetic and medical devices. Manufacturers often try to stay on the cosmetic side of the line, because of the lower regulatory burden. They do this by choosing their words very carefully in their labeling and advertising.

It is not uncommon for these manufacturers to identify a medical market that they decide is lucrative enough to warrant the cost of the higher regulatory scrutiny. If so, all they need to do to convert the device from cosmetic to medical is change the claims.

Depending on regulatory definitions, it is also possible for a product to be a medical device in one jurisdiction and a cosmetic device in another, just like it may be one class of device in one jurisdiction and a different class in another. In that case, all you need to do to suddenly convert a product from a cosmetic device to a medical device, is to decide to market it in a jurisdiction where it is regulated as a medical device.

 

[Ronen E]

Presumably the item in question is not an ointment or cream, but some sort of device.

Welcome to the wonderful world of formulated medical devices (a sort of devices) - some of which are certainly creams and ointments, others are solutions, powders etc. To qualify as medical devices they need to function chiefly not through a metabolic, pharmacological or immunological mechanism (each of which has quite a precise definition) a chemical reaction in or on the body or (specifically) through being metabolised. For example, an ointment may serve as a physical barrier, a powder may serve as a packing agent etc. I suggest not jumping to conclusions whilst we weren't told what the product is and what it's intended for (before and after the "change").

Added in edit: I initially related to the EU medical devices definition (see struckthrough text), and later recalled that that discussion evolved in an FDA context so replaced it with the relevant wording from the FDA's definition. The argument is not really affected by that, though the FDA's definition is not as specific.

If the device has already been on the market, presumably the manufacturer is aware of the harms that arise from the use of the device because they have been taking complaints and/or collecting data about their market.

I think you presume a little too much.
The nature of any received complaints (and their occurrence/reporting rate) may well be related to the manufacturer's claims, the distribution channels etc., i.e. as what the product has been marketed, and for what. They may not have gotten many (or any) complaints related to the medical use because such use didn't occur yet (because no one has intended it and promoted it, yet).
Second (as already noted), they might have not been collecting data about "their market" (Q: what market - medical or cosmetic?), not because they're a dodgy company or a lazy/sloppy team, but simply because it's not required or expected for cosmetics at the same level that's expected for medical devices (in most jurisdictions). Proactive data collection costs money.

If they are trying to start an assessment of risks from scratch, they absolutely need to have some basic understanding of the harms, whether they intend to 'calculate' acceptability or not.

Exactly my (bigger) point: Understanding the harms (and their realisation mechanisms) is paramount for assessing and evaluating risks, which is both what the standard requires (in contrast with calculation) and what is practical in the vast majority of cases in which a new product is brought to the market (new use = new product, in medical devices terms).

 

[Watchcat]

a rigorous application the standard would be a benefit to the manufacturer, even if they only see having a RMP as some sort of paperwork exercise.

Color me skeptical, but the point may be moot, as I have yet to see a company rigorously apply anything it saw as some sort of paperwork exercise.

 

[Watchcat]

Here you go:

http://demo.onyx-healthcare.com/product/112/certification/RM report_1511051.pdf

Would be interested to hear Tidge's and Ronen E's high-level assessment (gut reaction?) as to whether this is likely to serve as a useful template.

 

[Watchcat]

I know that this product is really safe

Sigh.

 

[Ronen E]

Here you go:

http://demo.onyx-healthcare.com/product/112/certification/RM report_1511051.pdf

Would be interested to hear Tidge's and Ronen E's high-level assessment (gut reaction?) as to whether this is likely to serve as a useful template.

It's too long for any kind of assessment, but my gut feeling is that it's worth investing the time going through if one has no other template (and likes working by someone else's). I have my own template, which is about the same length, and is actually just a walk through ISO 14971 (taken quite literally).

 

[Watchcat]

I'm not big on using other people's documents as templates, but I think looking at an example or two if you've never prepared that type of document before can be helpful, especially in situation where someone is likely to be reviewing your document, and that someone has seen a lot of them, and therefore may have certain expectations about format and content.

For that purpose, I'd be inclined to want to see more than one example. I found this one easily by googling "risk management report" content OR format OR outline. I expect there are more to be found.

 

[Ronen E]

especially in situation where someone is likely to be reviewing your document, and that someone has seen a lot of them, and therefore may have certain expectations about format and content.

Not so much from an auditor or official reviewer standpoint, but I have seen "a lot of these", and I can tell you that this one seems like one of the better ones. Most of the ones I've seen (including many that have passed regulatory scrutiny with flying colours) were quite poorly implemented and reported, or in plain French - c**p. If I was to judge by what the average auditor is likely to expect / look for (based on my not-unlimited experience), they don't really look for something like this (fine) example you provided. If I'm, on the other hand, to judge by my own professional compass, this example is quite good (caveat: haven't thoroughly reviewed it yet).

I found this one easily by googling "risk management report"

Not sure it matters to Google (only Spinoza's God knows what's in its algorithm), but to me a "risk management report" is something more limited, and that example is more along the lines of a completed "risk management file".

 

[Tidge]

Would be interested to hear Tidge's and Ronen E's high-level assessment (gut reaction?) as to whether this is likely to serve as a useful template.

It definitely appears that in this example the first 38 pages are meant to cover multiple elements of a risk management file, and not everything is something that I would include within a risk management plan/report. I generally prefer to keep multiple documents, where the individual documents 'belong to' the most appropriate group of people. My bias: my experiences have been with manufacturers of diverse product lines with individual products within product lines, so maintaining separate policy documents outside of individual risk files is what I am most familiar with.

The major area of concern I have in the approach of this example is (scant? ambiguous? quasi-boilerplate?) in the area of post-production monitoring and how it feeds back into the RM process. If this specific example is intended to cover all of 14971, I don't see how it is satisfying the clauses of section 10 (of 14971:2019, section 9 of 14971:2012).

Here is a more targeted issue, but I believe it is a comment somewhat general to implementation of 14971: Specific to this example, I feel that there may be some ambiguity about who came up with the severity of harm ratings... my strict reading of the file implies that it was the Engineering R&D associate. Engineering associates are typically not qualified to make a determination as what types of injury require professional medical intervention. (Feel free to view this as a potential audit finding against 13485 - Human Resources). This is the sort of assessment that I'd recommend be 'owned' by a different group of people. As with my earlier comment about dividing up the information, including the actual rating systems within a RM Plan/Report (as opposed to a more general policy document that is referenced by the RMP/RMR) implies that different RM Plans treat severity (of similar harms) differently (possibly depending on the device/product line).