Grouping of Products for Risk Analysis

[BenBurk]

Hello,
I'm wondering if the following approach would be legit and in compliance with ISO 14971:

1. Group different products based on common characteristics.
2. Conduct a risk analysis to identify risks that overlap / are the same for each product of the product group (see 1.).
3. Define mitigation measures for the risks defined in 2. These measures have to be implemented for each product of the respective group (see 1.).
4. Conduct a product specific risk analysis in which you only check for risks that are not covered in the product group risk analysis.
5. Define mitigation measures for product specific risks and implement them.
6. Create a risk report based on the group risk analysis and product specific risk analysis (2. and 4.).

From my view, this approach should be possible. What is your opinion on this ?

 

[Marcelo]

Hello,
I'm wondering if the following approach would be legit and in compliance with ISO 14971:

1. Group different products based on common characteristics.
2. Conduct a risk analysis to identify risks that overlap / are the same for each product of the product group (see 1.).
3. Define mitigation measures for the risks defined in 2. These measures have to be implemented for each product of the respective group (see 1.).
4. Conduct a product specific risk analysis in which you only check for risks that are not covered in the product group risk analysis.
5. Define mitigation measures for product specific risks and implement them.
6. Create a risk report based on the group risk analysis and product specific risk analysis (2. and 4.).

From my view, this approach should be possible. What is your opinion on this ?

Hello, and welcome to the Cove!

1, 2 - Normally, no. Risk management is applicable to each device or family (basically, each design). You can perform parts of the process in general (for example, it's common to have a document with lists of hazards or harm for some types of devices), but these are used as a basis for the application of ISO 14971 for each specific device.

3 - This is not feasible. Risk control measures are very specific for each device, including even similar devices (because they may be related to specific characteristics of the intended use).

4 - No, see 1.

5 - No.

6 - No.

Also, besides not being a good engineering practice, this won't be acceptable to any reviewer with a good knowledge of product risk management.

 

[BenBurk]

Hi Marcelo,
thank you for your reply and feedback.
I do not agree with your reasoning though.

Let's assume you have a group of medical devices.
The common characteristics of that group are:

- They are based on the same technology with the same basic architecture.
- They are used by the same user group with same characteristics.
- They have certain similiar design features that apply to all of the devices.
- etc..

With this in mind:

1,2) You do not skip the device / design specific risk analysis. Instead you identify risks that apply to all of the devices of a certain group.
If there are additional risks from those in the group analysis you assess them in the product / design specific risk analysis.
The same applies if risks from the group analysis differ significantly for the specific device.

3) The risk control measures identified in the "group" analysis would still be included for each and every device.

Let's assume that all devices in your group are using the same display. You identified "bad readability due to direct sunlight".
As a risk control measure you define that a sunlight readable display has to be used). This measure will have to be implemented for each device in the respective group.

In addition, product specific risk control measures would also be implemented.

"Also, besides not being a good engineering practice .." <= Why is this considered as such ?
If you don't mind, please add a reference for me to research this in more detail.

I do not agree that there is only one legitimate approach to complying to ISO 14971. At its core, it is expected to assess all risks that arise from the use of the device to user and / or patient, implement measures to minimize the risk as far as possible resulting in a product with a positive risk / benefit ratio.

I do not see how the approach described above does not fulfill this requirement.
Product specific risk analysis is not skipped nor is it cut short. Instead common / alike risks are not explicitly listed in the product specific risk analysis but are still mentioned in the final product risk profile and are mitigated as well.

 

[Marcelo]

The problem is that "group of devices" is not a defined term anywhere that I know of. If you mean by a "group of devices" a device family (which is a term usually defined in regulations, for example), then ISO 14971 already applies to that (but you have to perform the process for each family, anyway).

The rest of your comments are more or less what I mentioned, you can do anything you want regarding analysis, create lists, etc., but it is something "extra" to facilitate the application of the risk management process for a specific device or family. But you still need to transpose all the information to the specific risk analysis (you may try to link things, but from my experience it may create a lot of trouble, in particular when related to verifying completeness and assessing changes).

"Also, besides not being a good engineering practice .." <= Why is this considered as such ?
If you don't mind, please add a reference for me to research this in more detail.

I mentioned this in the context of what you seemed to be implying - to do something like a "bulk" risk analysis. Your further comments seems to have clarified that. However, your comments still look to imply that you would simply link things to a generic document, which as I mentioned above, may create trouble.

You identified "bad readability due to direct sunlight".

This is not a risk, as it does not have the exposure and related harm of the patient/user/etc. In particular, and I also mentioned this above, risks will depend on the intended use (including intended user) of the device, so even for the same similar devices, different intended uses will change the risks. This is the other aspect that I would be concerned in the approach you mentioned.

For example, if you look at the problem you mentioned (and I'm not discussing it being a risk or not), of "bad readability due to direct sunlight", if the intended use of the device is to be used in closed environments, this problem does not exist.

I do not agree that there is only one legitimate approach to complying to ISO 14971. At its core, it is expected to assess all risks that arise from the use of the device to user and / or patient, implement measures to minimize the risk as far as possible resulting in a product with a positive risk / benefit ratio.

Again, it seems that I understood your original comment wrong. I did not try to imply that applying ISO 14971 can only be done thru one way. In fact, one of the strengths (unfortunately, it's also a big weakness due to some problems) is that it's a generic standard (as always based on good safety engineering practices of the last 50 or 80 years), and you may comply with it with several ways.

I do not see how the approach described above does not fulfill this requirement.
Product specific risk analysis is not skipped nor is it cut short. Instead common / alike risks are not explicitly listed in the product specific risk analysis but are still mentioned in the final product risk profile and are mitigated as well.

I still think that this approach will in practice create some problems and possible gaps, and for these reasons, I've never seen this done that way anywhere in the literature of risk management (I've seem some examples of approaches that tried to to that but used things as starting points, as I mentioned).

You certainly won't see NASA doing somethings like this (and they tried), because it was noted that, for optimal performance, you need to focus risk management activities in the particular problem, even if they share common characteristics.

In fact, ISO 14971 even mentions that in NOTE 1 to 4.1:

NOTE 1 If a risk analysis, or other relevant information, is available for a similar medical device, that analysis or information can be used as a starting point for the new analysis. The degree of relevance depends on the differences between the devices and whether these introduce new hazards or significant differences in outputs, characteristics, performance or results. The extent of use of an existing analysis is also based on a systematic evaluation of the effects the changes have on the development of hazardous situations.

Even in the case above, it's expected that you use the previous analysis as a basis, and not share it with other analysis.

So, related to your initial question - would be legit and in compliance with ISO 14971? I still think that it's not a good way to comply (not that I'm that fixed on complying directly with ISO 14971 because unfortunately, the current and also the newer version to be published in a while have several technical mistakes, so in principle I would say that it's really impossible to fully comply with the standard unless you correct those mistakes and make the correct activities - which I always do).

 

[BenBurk]

Thanks Marcelo for your valuable insights. I guess you're having a point!
Especially

But you still need to transpose all the information to the specific risk analysis (you may try to link things, but from my experience it may create a lot of trouble, in particular when related to verifying completeness and assessing changes).

might really cause problems. I can see that one of the main problems of the approach would be to guarantee the up to dateness and relevance. Have you ever experienced a successful implementation of a "device family approach"?

Regarding your NASA comment, I would really be interested to read more about that (NASA's approach in general).
Are there resources available which you know about / recommend?

 

[Marcelo]

Thanks Marcelo for your valuable insights. I guess you're having a point!
Especially might really cause problems. I can see that one of the main problems of the approach would be to guarantee the up to dateness and relevance. Have you ever experienced a successful implementation of a "device family approach"?

Yes, it's very common for certain types of medical equipment for example (think about an anesthesia system, which is comprised of several modules and in which there is a complete device with all the modules and each other device in the family removes certain modules. The risk management process is performed for the family as a whole).

Regarding your NASA comment, I would really be interested to read more about that (NASA's approach in general).
Are there resources available which you know about / recommend?

Sure, there are several from NASA (and several other basic ones from other sources) - see this for NASA - NASA risk management - OSMA.

IN particular, the following documents are very interesting:

NASA Risk-Informed Decision Making Handbook

NASA Risk Management Handbook

NASA Accident Precursor Analysis Handbook

NASA System Safety Handbook Volume 1, System Safety Framework and Concepts for Implementation

Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners

 

[Ronen E]

Slightly off topic, but just so we don't inadvertently mislead others reading this -

implement measures to minimize the risk as far as possible resulting in a product with a positive risk / benefit ratio.

ISO 14971:2007 doesn't require minimizing risk as far as possible (AFAP), only as low as reasonably practicable (ALARP). Such minimization is only indicated in EN ISO 14971:2012.

 

[Marcelo]

Slightly off topic, but just so we don't inadvertently mislead others reading this -

ISO 14971:2007 doesn't require minimizing risk as far as possible (AFAP), only as low as reasonably practicable (ALARP). Such minimization is only indicated in EN ISO 14971:2012.

In fact, IsO 14971:2007 also does not require minimizing risk as low as reasonably practicable either, as the ALARP comments are only examples in the informative annexes. In fact, ISO 14971 let the implementation decides which approach to use to control risks - ALARP, ALARA, SFAIRP, AFAP, and all the other tens of approach, it also let the implementation defines if de minimis risk will be used or not, and the like - as I mentioned, it's a very high level standard, and this is one of the problems as people do not understand that they have to build and decide on the criteria and approach to risk control (we did include a note in the next edition on this because people did not seem to understand that).

 

[Ronen E]

In fact, IsO 14971:2007 also does not require minimizing risk as low as reasonably practicable either, as the ALARP comments are only examples in the informative annexes. In fact, ISO 14971 let the implementation decides which approach to use to control risks - ALARP, ALARA, SFAIRP, AFAP, and all the other tens of approach, it also let the implementation defines if de minimis risk will be used or not, and the like - as I mentioned, it's a very high level standard, and this is one of the problems as people do not understand that they have to build and decide on the criteria and approach to risk control (we did include a note in the next edition on this because people did not seem to understand that).

Thanks, I stand corrected.

 

[BenBurk]

Thank you both for the valuable input.
Lessons learned