Application of Risk Management - ISO 14971:2007(E) Medical Devices

[Al Rosen]

Re: ISO 14971:2007(E) Medical devices — Application of risk

Ironically, the document that started this post (posted by my co-worker, a great team member) has been retired. Our organization recently integrated risk analysis and design control into one process (which is probably the intent of the standard)

The core idea behond Risk Analysis & Management is:

At each stage of product development (from concept to post-market) you must say "what are the risks", "are there any dangers", "what can go wrong", and "how can someone make a mistake.

If you find a potentional hazard you must say, in the following order, "can we reduce this by changing the design (round instead of sharp edges)", "can we reduce this by some protective measure in the device or manufacture of the device (like an alarm in the device)", and "can we reduce this with information (warning label or good instructions for use)"

Finally, you must document when you asked yourself these questions, what the answers were .

There are many ways you can do this but the way you document should be suited to your organization's needs and resources.

Risk management extends past the design stage to production and user experience.

 

[Marcelo]

If, for design controls, you mean "the whole quality system", you´re right, ISo 14971 was meant to be integrated in your quality system.

Anyway, as Al said, and i´ve said before, ISO 14971 is a lifecycle standard, meaning that it is to be used in every stage of the product life. The whole problem is that "design controls", and other similar regulatory requirements, are usually focused on the design process and begin on the "design input" phase. So, interestingly enough, people tend to use the standard just for the "compliance to regulatory requirements" part of it.

I´m just finishing the making of a training in which i try to go "beyong compliance" with risk management and it´s real difficult to find material and cases in which risk management is REALLY used through the lifecycle.

 

[QA-Man]

Re: ISO 14971:2007(E) Medical devices — Application of risk

Risk management extends past the design stage to production and user experience.

My post was only meant to express the core idea. However I did say from concept to post-market.

 

[Al Rosen]

Re: ISO 14971:2007(E) Medical devices — Application of risk

My post was only meant to express the core idea. However I did say from concept to post-market.

I must have misunderstood the statement about integrating the risk analysis & design control into one document.

 

[QA-Man]

Design control doesn't end with product release. Its a lesson we've learned several times over!

 

[Al Rosen]

Design control doesn't end with product release. Its a lesson we've learned several times over!

That's true, design changes occur throughout the life of the product.

 

[cf252]

Nothing is risk free (or can be proven to be so), however, I quite like the pragmatic approach to risk taken by the United Kingdom General Product Safety Regulations 2005, which maintain the general duty placed on producers and distributors to place on the market (or supply) only products that are safe in normal or reasonable foreseeable use. These regulations then actually define a ‘safe product’ as:

“"safe product" means a product which, under normal or reasonably foreseeable conditions of use including duration and, where applicable, putting into service, installation and maintenance requirements, does not present any risk or only the minimum risks compatible with the product's use, considered to be acceptable and consistent with a high level of protection for the safety and health of persons. In determining the foregoing, the following shall be taken into account in particular—

(a) the characteristics of the product, including its composition, packaging, instructions for assembly and, where applicable, instructions for installation and maintenance,

(b) the effect of the product on other products, where it is reasonably foreseeable that it will be used with other products,

(c) the presentation of the product, the labelling, any warnings and instructions for its use and disposal and any other indication or information regarding the product, and

(d) the categories of consumers at risk when using the product, in particular children and the elderly.

The feasibility of obtaining higher levels of safety or the availability of other products presenting a lesser degree of risk shall not constitute grounds for considering a product to be a dangerous product;”

The regulations do not expect nuclear plant operators to turn off the main cooling pumps to the reactor, they do not assume parents to place a baby seat on a high surface and leave the child unattended etc. They assume normal or reasonably foreseeable use - not acts of sabotage or stupidity.

In some cases it is the Courts who decide what is safe or not and this can lead to odd results eg. the Police officers who risked their lives and shot dead a suspected bomber in London were prosecuted for being in contravention of Health & Safety Regulations!

It is an ideal to start integrating safety at the conception stage of a project but sometimes you are just presented with a fait accompli and have to 'backfit' a safety analysis to an existing product. This can be useful in uncovering information, or the lack of it, and helping to reduce commercial risk in addition to quantifying consumer risks.

HAPPY NEW YEAR from the UK!

 

[Marcelo]

cf252

This approach is very similar to the approach of the MDD (in truth, of all New Approach Directives of the EC) and other regulations. In fact, this is the aproach of the Essential Principles of Safety & Performance of Medical Devices of the GTHF that is widely used nowadays in regulations.

See also (broken link removed) fro mthe World Health Organization.

 

[CBAL08]

I am in the earlier stage of the risk management procedure for medical device and would like to be on the right way from the start.
Could anyone send Risk Management File template or any related document?
Thank you

 

[Watchwait]

Like many others, I've reviewed all the postings here, as well as any examples and attachments herein. The best I've seen to-date are examples of hazard analyses, some with actual traceability to appropriate test results. We have also performed this exercise and have produced a complete hazard analysis.

As a side note, we had our testing agency perform a gap analysis for compliance to IEC 60601-1 3rd Edition. Risk management is a key element of this new edition & ISO 14971:2007 is continually referenced in the 3rd edition.

Our "reviewer" indicated that our hazard analysis, though quite extensive, did not meet the requirements of a full-on risk management file as required by the 3rd edition. I have reviewed both the 3rd edition of 60601-1 & 14971:2007 and believe that we likely have all the information required to complete the file.

However, this this one of those "projects" where, without SPECIFIC formatting guidance (read: templates) we are likely to spend an inordinate amont of time trying to figure out how to present the information required. Clearly, this is more than "just do what's best for your business & everything will be fine".

Also, I notice there have been over 14,000 hits to this thread, which must be indicative of the dire need for some specific samples, templates, anything that will help facilitate creating a Risk Management File that will meet requirements. Given 14k+ hits, I'm betting that by now some kind soul will offer up a nice, tidy set of templates that once filled out will do the job! Data I can provide - formatting I'll leave to the....formatters!