Application of Risk Management - ISO 14971:2007(E) Medical Devices

[Al Rosen]

Like many others, I've reviewed all the postings here, as well as any examples and attachments herein. The best I've seen to-date are examples of hazard analyses, some with actual traceability to appropriate test results. We have also performed this exercise and have produced a complete hazard analysis.

As a side note, we had our testing agency perform a gap analysis for compliance to IEC 60601-1 3rd Edition. Risk management is a key element of this new edition & ISO 14971:2007 is continually referenced in the 3rd edition.

Our "reviewer" indicated that our hazard analysis, though quite extensive, did not meet the requirements of a full-on risk management file as required by the 3rd edition. I have reviewed both the 3rd edition of 60601-1 & 14971:2007 and believe that we likely have all the information required to complete the file.

However, this this one of those "projects" where, without SPECIFIC formatting guidance (read: templates) we are likely to spend an inordinate amont of time trying to figure out how to present the information required. Clearly, this is more than "just do what's best for your business & everything will be fine".

Also, I notice there have been over 14,000 hits to this thread, which must be indicative of the dire need for some specific samples, templates, anything that will help facilitate creating a Risk Management File that will meet requirements. Given 14k+ hits, I'm betting that by now some kind soul will offer up a nice, tidy set of templates that once filled out will do the job! Data I can provide - formatting I'll leave to the....formatters!

Scroll down to the bottom of the page where you will find similar threads. Do they have what you are looking for?

 

[Watchwait]

Hi Al,

Yes, I have - and no they don't. Everything I've come across seems only to address how to develop a hazard/risk analysis. This, I have. What I don't have are the other ~18 pieces of the "Risk Management File" as depicted in IEC 60601-1-4 Medical Electrical Equipment-collateral standard.

To illustrate, I've included a chart from the standard which clearly depicts the extent of the contents of the RMF. Note that there are 18+ folders/files depicted - only one of which is "Risk Management Summary".

Since virtually all manufacturers of active medical devices need to comply with this standard I'm holding out hope that someone has, by now, developed a comnprehensive template for the structuring of the RMF.

 

[Roland Cooke]

One of the problems is that neither ISO13485 nor ISO14971 really distinguish between the systems required by the company that designs and manufactures a high-end, high-risk electromedical device, and the systems required by the company that hand-punches a minimal-risk plastic widget under contract to another company.

 

[Dave-h]

You are so right, this is frequently compounded when one has an auditor who finds it similarly difficult to distinguish between large & small or complex & simple - present company excepted of course

With tasks such as risk assessment and review, in a small busy company, all of the tasks are performed, but not usually in a formal meeting with agendas and minutes, so evidence can be a problem.

D.

 

[Roland Cooke]

With tasks such as risk assessment and review, in a small busy company, all of the tasks are performed, but not usually in a formal meeting with agendas and minutes, so evidence can be a problem.

D.

Unfortunately that's just too bad!

Even as a small company you have to have those systems in place and generate appropriate data.

I don't hear stuff like "We're too small", "The device's risks are obvious" too often any more. But I do still come across many companies, especially smaller ones, struggling with the whole concept however.

The good news is that the methods you use can be customised to fit your particular situation. Annex B (the list of questions) is always useful, for example.

My point is that whilst there are other detailed Appendices within 14971 describing high-end techniques for risk management, there isn't an Appendix on "Basic RM for Joe's Plastic Widget Co."

But that's just the way it is.

 

[jkonholm]

Re: ISO 14971:2007(E) Medical devices — Application of risk

Ironically, the document that started this post (posted by my co-worker, a great team member) has been retired. Our organization recently integrated risk analysis and design control into one process (which is probably the intent of the standard)

The core idea behond Risk Analysis & Management is:

At each stage of product development (from concept to post-market) you must say "what are the risks", "are there any dangers", "what can go wrong", and "how can someone make a mistake.

If you find a potentional hazard you must say, in the following order, "can we reduce this by changing the design (round instead of sharp edges)", "can we reduce this by some protective measure in the device or manufacture of the device (like an alarm in the device)", and "can we reduce this with information (warning label or good instructions for use)"

Finally, you must document when you asked yourself these questions, what the answers were .

There are many ways you can do this but the way you document should be suited to your organization's needs and resources.

Unfortunately, core idea not simple point out the above!
Are they all the risks for your products?
What about indications or contraindications?
I think design and manufacturing phases OK, but other risks still missing. e.g hospital phase.

Am I wrong?

 

[QA-Man]

Alphabet must comes before poetry.

 

[AndyU]

Re: ISO 14971:2007(E) Medical devices — Application of risk

Does anyone have a very simple comparision chart between 2001 and 2007 of ISO 14971?

 

[pksjdm2002]

Hi,

I have a Class III medical device, with no complaints in 3 years. The last Risk analysis performed was back in June 2006. No new risks have been identified. Is it necessary to update the risk anaysis to conform to ISO 14971:2007?

 

[WBubel - 2010]

Hi,

I have a Class III medical device, with no complaints in 3 years. The last Risk analysis performed was back in June 2006. No new risks have been identified. Is it necessary to update the risk anaysis to conform to ISO 14971:2007?

Risk Managment calls for a look at your risk anaysis periodically, 3 years is much too long to wait. Even if nothing has changed, looking at it may bring up additional risks that you have not previously considered. Even if you dont consider a particular item a risk you must identify the risk and explain why it does not apply to your product.