ISO 14971:2012 and the FDA

[Frodeno]

Hi Folks,

So the FDA lists ISO 14971:2007 in the recognised consensus standards database. Many EU companies are now 14971:2012 compliant. Is it the case that a 14971:2012 compliant risk file/risk analysis cannot be used with an FDA premarket notification? will FDA recognise the term AFAP over ALARP?

Thanks,

Frodo.

 

[Ronen E]

Hi Folks,

So the FDA lists ISO 14971:2007 in the recognised consensus standards database. Many EU companies are now 14971:2012 compliant. Is it the case that a 14971:2012 compliant risk file/risk analysis cannot be used with an FDA premarket notification? will FDA recognise the term AFAP over ALARP?

Thanks,

Frodo.

Hi Frodo,

What is the context in which you think you need the FDA to endorse your ISO 14971:2007 compliance?

Ronen.

 

[Frodeno]

Hi Ronen,

Thanks for replying. The context of this question is when the risk management documentation is being used within an FDA submission. I`m not expecting FDA to endorse 14971:2007 compliance - I`m wondering about their attitude to accepting documentation prepared using the 2012 version of the standard. Specifically, since many companies now are using the AFAP convention instead of ALARP when describing risk, will FDA accept this.

If FDA are not accepting documentation prepared in compliance with the 2012 version of the standard, does this mean that companies must prepare a 2007 compliant version of their risk documentation for submission purposes? i.e: should EU companies wishing to use thier risk documentation for FDA submission purposes maintain two versions one 2007 compliant and one 2012 compliant ? I would be really interested to hear from anyone who has experience with this.

Frodo

 

[Ronen E]

Hi Ronen,

Thanks for replying. The context of this question is when the risk management documentation is being used within an FDA submission. I`m not expecting FDA to endorse 14971:2007 compliance - I`m wondering about their attitude to accepting documentation prepared using the 2012 version of the standard. Specifically, since many companies now are using the AFAP convention instead of ALARP when describing risk, will FDA accept this.

If FDA are not accepting documentation prepared in compliance with the 2012 version of the standard, does this mean that companies must prepare a 2007 compliant version of their risk documentation for submission purposes? i.e: should EU companies wishing to use thier risk documentation for FDA submission purposes maintain two versions one 2007 compliant and one 2012 compliant ? I would be really interested to hear from anyone who has experience with this.

Frodo

Thanks for explaining.

In my opinion, in the context you describe the actual contents of the risk management documentation is far more important than formal compliance with any given version of the standard. On the other hand this might be something specific to your device - I don't know what it is, what specific controls / guidance apply etc.

I also think that the resulting documentation should not be very different, since the normative (obligatory) part of the 2 versions is identical. What you describe as a difference targeted at "meeting" EN ISO 14971:2012 is actually an enhancement directed at meeting the (underlying) intent of the MDD (as currently interpreted by the Commission), over and above what 14971 requires. Anyway, that excess is conservative relative to the original 14971 requirements and thus I can't imagine the FDA having real issues with a device / manufacturer that goes the extra mile in that direction.

 

[Frodeno]

Thanks again - I fully agree with your comments - my question was a general one rather than pertaining to specific device types but most of my work is in Programmable Electrical Medical Systems (PEMS). The stimulus for my question was an argument that I had with a RA/QA consultant a few weeks ago, who was adamant that FDA do not accept the 2012 version of the standard (specifically in the context of the use of AFAP). I found the reasoning a bit silly and I have a hard time beliving it but I do not have any direct experience of this. Over the coming months I will be preparing a 510(k) and I know that the risk analysis I will be using has been prepared using AFAP etc...so I guess I will see for myself.

 

[mihzago]

I agree with Ronen's assessment.
EN ISO 14971:2012 and ISO 14971:2007 are identical in terms of the normative portion of the standard. The differences are in the Z annexes that are included in the EN version of the standard. These annexes do not specify requirements but provide a guidance for complying with MDD, which are not at odds with complying with FDA requirements related to risk management.