How do I meet the Medical Devices Risk Assessment requirement?

[Kari]

We do have typical quality system elements in place (incoming, in-process, and final inspection points; training sytems; process controls; preventive maintenance, etc.). Would we summarize these as our means of meeting the risk assessment requirement?

In the past I have seen risk assessment tied to the product itself (i.e., if a certain component "x" in the device fails, then the device would fail "y" causing a certain effect "z" on the patient. The severity of effects are ranked and additional controls are added to minimize serious risks.) Since we are a contract manufacturer and do not have this type of information about the devices we manufacture (our customers do), would we limit the risk assessment to our system controls?

Thanks for your help

Kari

 

[Al Rosen]

We do have typical quality system elements in place (incoming, in-process, and final inspection points; training sytems; process controls; preventive maintenance, etc.). Would we summarize these as our means of meeting the risk assessment requirement?

In the past I have seen risk assessment tied to the product itself (i.e., if a certain component "x" in the device fails, then the device would fail "y" causing a certain effect "z" on the patient. The severity of effects are ranked and additional controls are added to minimize serious risks.) Since we are a contract manufacturer and do not have this type of information about the devices we manufacture (our customers do), would we limit the risk assessment to our system controls?

Thanks for your help

Kari

Part of your risk assessment would be to list all the possible defects and the outcome or result of the defect occurring and not being detected during production. List the severity along with the likliehood or probability of the defect occuring and then not being detected.

Severity:
1 Catastrophic risks. Probable Likelyhood of Harm, including Death or serious injury.

2 Significant Risk. Death or serious injury possible

3 Tolerable Risk. Death or serious physical injury not likely due to direct effect of use of device.

4 Insignificant Risk. Death or serious physical injury not likely under any foreseeable conditions.

The probabilities can be devided into groups as well.

The probability of occcurence and not detecting the catasrophic and significant risks should be reduced to 0 and the tolerable risk reduced to as low as possible.

You may want to look at EN 1441 and find An Introduction to Risk/Hazard Analysis for Medical Devices and QUANTIFIED RISK ASSESSMENT TECHNIQUES (PART 1) helpful.

 

[Bwana.Jo]

Basic Approach to Risk

Hi, Kari

I'd like to deliver one consideration which I taught 5years ago when I had started learning EN 1441 'Risk Analysis'.

Thing is important to distinguish among of similar words, in case of foreigner, like me. You can do differ meaning from each other. [Risk, Hazards, Harm, Danger, Peril,...]

I emphasize all the time to my staffs and colleagues what signal word should be in mind whenever you say or heard 'RISK' is that "REDUCIBLE".

Access tool is deviced as known standard 1441 and/or 14971.
Means of approach is estimated considering <Probability> and <Sevirity> of that potential existing hazards which can be evaluateed as simplified categories as like <High, Med, Low>.
The RPN (Risk Priority Number) can be extracted thru calculation of occasion using this 1441 / 14971. You have to establish a 'Matrics' which can be referred to foreseeable risk in order to minimise or reduce that risk prior to 'taken actions' as well as 'Risk Assessment'.

What I emphasis again 'Risk is Reducible'.

And the other important thing in Quality is '(Prevent) Reoccurance' against <MRB, SCAR, Non-conforming Material, CAPA,.. case of happening in undesirable event under QMS (Quality Management System)>.

This also can be controlled thru statistical method with kept an eye-open or generated log book.

I'd like to convince or recommend you that my useful operating (associating) is establish. The meaning of 'Establish' describes in FDA QSR 820.3 (k) plus associating my interpretation of ISO 13485 essence

[FONT=Arial]< define - document - implement --> generate records - cummulate (file to become a data) - find a trend (analysis and take an action to improve) - measure (re-evaluation) - effective ? - efficacy >[/FONT]

till by updated now from involved in Medical Device field.
Sorry for poor english to transfer my thought to you..

Any comments.. would be appreciated.

Alex.Jo

 

[wrodnigg]

Since EN 1441 was withdrawn by 2000-12-00, EN ISO 14971 is the only standard for risk management one should follow for regulatory conformity.

regards~ghw

 

[amjadrana]

risk assessment

For design procedure, ISO 14971:2000 version should be followed to do risk management. The hazards should be identifed and then mitigated through appropriate means. Details can be found in the standard itself. It is a easy to read and apply standard.

 

[rose24m03]

Risk management

Are you in the US? ASQ Silicon Valley section has good Risk Management class. The course has workshop/exercise on how to use various risk management tools (e.g. FMEA, FMECA, HACCP, HAZOP, FTA). It's very useful.

 

[Kari]

As a contract manufacturer, we only build to specs provided by our customers (we do not do any design work) . For the most part, we assemble circuit boards, however we do have a couple of customers for whom we build finished devices.

Given this, we really have no idea of what the potential risks would be to patients if defects go undetected. Therefore, wouldn't it be logical/acceptable , for our risk management program to focus on minimizing risks to the product itself? (i.e., defect prevention, etc.)

Thanks for your assistance/advice.

Kari

 

[Jim Wynne]

As a contract manufacturer, we only build to specs provided by our customers (we do not do any design work) . For the most part, we assemble circuit boards, however we do have a couple of customers for whom we build finished devices.

Given this, we really have no idea of what the potential risks would be to patients if defects go undetected. Therefore, wouldn't it be logical/acceptable , for our risk management program to focus on minimizing risks to the product itself? (i.e., defect prevention, etc.)

Thanks for your assistance/advice.

Kari

First, a disclaimer: I have no experience in medical devices or FDA stuff, so I'm speaking here from a more general point of view.

The responsibility for design integrity lies solely with the designer (or the owner of the design). This means that if you are given specifications and a PO that says that you are to supply products that meet the specifications, if the product blows up due to a design defect (and you met the customer's specified requirements) there is no way that you could or should have been expected to anticipate the problem.

As a matter of practicality, there should be a contract review process, during which an attempt is made to identify design issues that might prevent you from making products that meet specifications, but that should be the extent of your concern with regard to potential risks.

 

[Kari]

To "fine tune" my question: Do I

1. claim risk management as an permissible exclusion,

or

2. just "make it fit" (i.e., show how our QS is used to minimize risks to product)?

or

3.???

 

[Jim Wynne]

To "fine tune" my question: Do I

1. claim risk management as an permissible exclusion,

or

2. just "make it fit" (i.e., show how our QS is used to minimize risks to product)?

or

3.???

I'll leave this to the FDA experts here, because I don't know what's expected in this regard.