Installation Related Issues and Risk Management


Involved In Discussions

Where do you draw the lines on what is included in the Safety Risk Management Process? Do you include installation-related issues? For example, if the device breaks due to a wrong action during installation, would you conduct a Post-Production Risk Assessment (PPRA) on it? Do you have installation-related issues on your Hazard Analysis or Use Error Analysis?
Another example is if there is a safety issue with the device's crate, would that be part of the Risk Management Process, would you conduct a PPRA on it? In my opinion only, Medical Device-related issues should be part of the Risk Management Process based on ISO 14971, but I want to ensure I am interpreting it correctly.

Thank you very much in advance!


Quite Involved in Discussions
Absolutely have to include installation-related issues especially where you are using subcontracted installers in another country to that where you are based (and where the safety laws in that country may be less stringent than in your "base" country). It starts with the selection of the subcontractors for the installation work. If you later send your own people to site to commission, they can check the installation as part of a pre-commissioning survey. If you don't send your own people/representatives to site, how do you monitor and judge the standard of installation work?Safety of shipping crates etc - also your responsibility as the manufacturer. you can conduct risk management activities up to a point - for example you may provide lifting eyes and issue instructions on how to lift, but you won't be there to see how the subcontractor etc actually handles the cases; you could request/insist that they send you a video recording of handling operations but........


Involved In Discussions
Thank you so much for answering, Chris. Is this required by ISO 14971, or is this something that the Health and Safety department should consider?

Should I have a Use Error Analysis within my ISO 14971 Risk File to include all the errors that could be done by the installation techs and how we will mitigate them? I want to ensure we handle the different issues in the proper departments and within the correct standards. Please let me know what your thoughts are.


Quite Involved in Discussions
Should I have a Use Error Analysis within my ISO 14971 Risk File to include all the errors that could be done by the installation techs and how we will mitigate them?

I'd say in most cases this will be a yes, most definitely, with very few exceptions.

If once you have sold the device to a customer it gets shipped, and they manage the rest or you contract out installation work etc. then any issues with regards to packaging causing harm, the installation process causing harm, or being a part of a chain of events that could cause harm - it needs to be a part of your risk file.

If the completion of manufacture and installation is always performed by the manufacturer, and the device is under the control of the manufacturer until it's commissioned and is then ready for use - you could possibly omit some of these things, but the control of those processes would still fall under the manufacturer control and likely fit within a pFMEA.


Trusted Information Resource
It is necessary to consider the risks during use; for facility-based medical devices I've always included use cases for installation and servicing.

There are, of course, limits on risk controls. For example, it used to be common for users of rather expensive, complicated electrical equipment to lop the ends off of power cords and replace the plugs with ones of their own preference... no matter how much effort went into the design or product. This ought to be recognized as a NO-NO (at the point of use), but it is practically impossible to prevent this from happening (to devices that draw power from wall MAINS).


Quite Involved in Discussions
Agreed with everyone above, this definitely belongs in your risk file.

This also would tie back to the servicing and installation requirements in ISO 13485. You'd need to demonstrate appropriate requirements and acceptance criteria for installation, commensurate with the risk of the product. If you have contracted out the installation, you need to show appropriate controls for the service provider... again commensurate with the risk involved. Having a documented risk analysis for the installation steps will help to demonstrate that you have the right controls in place from a QMS perspective.
Top Bottom