SBS - The best value in QMS software

ISO 14971:2019: Criteria for overall residual risk

#1
Hi All

Per ISO14971:2019; the manufacturer must document the method and criteria for overall residual risk evaluation in the Risk management plan.

I am wondering if you have any idea what could be some possible method and criteria for overall residual risk evaluation.

I am slightly confused by difference between method and criteria.

if i say my criteria is :" " The overall residual risk level is acceptable if all individual risks are determined to be acceptable i.e. after all individual risks have been mitigated to acceptable levels or determined to be acceptable through the BRA analysis."

Then is my method just : "checking all residual risks in my risk files and confirming all risks are acceptable"?

Thank you

Mithilesh P.
 
Elsmar Forum Sponsor

Tagin

Trusted Information Resource
#2
I would look at TR24971:2020 Guidance on the application of ISO 14971. Specifically, at Clause 8 - Evaluation of overall residual risk.

You example above would not be acceptable, as they state in clause 8 (bold added):
The evaluation of overall residual risk is a challenging task that cannot be achieved by adding all individual risks numerically. The difficulty arises for the following reasons:
— Each probability of occurrence of harm is related to a different harm with different severity and can be related to different hazardous situations.
— Probabilities are often known with different degree of uncertainty. Some probabilities could be known precisely from either historical data or testing. Other probabilities might be known imprecisely such as estimates by expert judgment, or cannot be estimated such as the probability of a software failure.
— It is not possible to combine the severities of individual harms within the broad categories usually employed in risk analysis.
Furthermore, the criteria for acceptability of the overall residual risk can be different from the criteria for acceptability of individual risks. The criteria used to evaluate individual risks usually include limits for the probability of occurrence of harm with a particular severity. The criteria used to evaluate the overall residual risk are often based on additional elements, such as the benefits of the intended use of the medical device.
 

yodon

Staff member
Super Moderator
#3
The stars seem to be aligning here with FDA, EU, and 14971 (guidance) all kind of pointing to an analysis. FDA published a couple of guidance docs that give a pretty nice framework for doing your assessment:
We adapted the latter and have used on several projects. Seems to be a solid approach. No pushback yet.
 

ThatSinc

Involved In Discussions
#4
Criteria for overall risk acceptability is, by its nature, a more broad review of the risks of the device.

You could look at
  • Number of risks that are mitigated by IFU alone
  • Number of hazards that a user might be exposed to by the same hazardous situation
  • Where all of the risks sit together, is it a "high risk" device in general or does it just have one or two high risks?

Taking an unlikely example; you could individually have 100 number of risks that have a 1 in a million chance of killing the patient, and each could be acceptable in its own right - but if you took a higher level view of the product, could you say that overall having that many opportunities is acceptable for the product?

Where 14971 only requires benefit-risk analysis for risks that are outside of your risk acceptability criteria, yet MDR etc. require a benefit risk for all risks, consider the overall risk evaluation part of a broad benefit-risk for the device.
 
#5
Does anyone mind to share a Risk Analysis Matrix for Medical Devices and how to calculate the Residual Risk? Also, does someone use Residual Severity as part of the final Residual Risk calculation/acceptability? It will be very appreciate any feedback. Thanks.
 
Thread starter Similar threads Forum Replies Date
B Timeframe for updating QMS / transitioning from ISO 14971:2012 to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 10
D ISO 14971:2019 vs MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks" ISO 14971 - Medical Device Risk Management 5
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
M Gap analysis on ISO 14971:2019 with previous revision ISO 14971 - Medical Device Risk Management 4
B New ISO 14971:2019 Harm: unreasonable psychological stress, and cybersecurity ISO 14971 - Medical Device Risk Management 13
A EN ISO 14971:2019 does not include the Annex Zs ISO 14971 - Medical Device Risk Management 4
Ronen E Informational What's new in ISO 14971:2019 ISO 14971 - Medical Device Risk Management 2
T ISO 14971-2019 doubt - Evaluate if estimated risks are acceptable ISO 14971 - Medical Device Risk Management 9
Y When will Notified Bodies require MedDev manufacturers to fully implement ISO 14971:2019? ISO 14971 - Medical Device Risk Management 1
M ISO 14971 Determination of Competent Persons ISO 14971 - Medical Device Risk Management 4
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
S Practical Implementation of ISO 14971 ISO 14971 - Medical Device Risk Management 6
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
B ISO 14971 Applied to Software ISO 14971 - Medical Device Risk Management 2
D Recent changes to ISO 14971 - SOP required for managing standard revisions ISO 13485:2016 - Medical Device Quality Management Systems 1
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 5
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Informational ISO 14971 / ISO TR 24971 revision update – atualizações sobre a revisão Medical Device and FDA Regulations and Standards News 1
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
Q Information for safety EN ISO 14971:2012 - Customer Risk Reduction ISO 14971 - Medical Device Risk Management 6
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
A Our auditor requires us to attend a training on EN ISO 14971:2012 Other ISO and International Standards and European Regulations 3
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F IMDRF opened a Consultation on Annex E & F and the link to ISO 14971 ISO 14971 - Medical Device Risk Management 4
M Updates to EN 62366 & ISO 14971? Other Medical Device Related Standards 3
D IEC 60601-1 and ISO 14971 Assessment IEC 60601 - Medical Electrical Equipment Safety Standards Series 25
M Example ISO 14971 policy and risk criteria ISO 14971 - Medical Device Risk Management 0
P ISO 13485 and ISO 14971 - one mandates the other? ISO 13485:2016 - Medical Device Quality Management Systems 8
D Rationale for Risk Acceptability Matrix - ISO 14971 ISO 14971 - Medical Device Risk Management 9
H Task analysis and ISO 14971 ISO 14971 - Medical Device Risk Management 9
M ISO 14971 and Stand-Alone Diagnostic Software ISO 14971 - Medical Device Risk Management 4
dgrainger Benefit - What is the definition of Benefit in ISO 14971? ISO 14971 - Medical Device Risk Management 7
Y Training as a risk control for ISO 14971 ISO 14971 - Medical Device Risk Management 13
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
thisby_ ISO 14971 - ALARP and P2 - New ISO 14971 does not allow the concept of ALARP? ISO 14971 - Medical Device Risk Management 3
C What is the difference between "Overall Risk" and "Risk"? (ISO 14971) ISO 14971 - Medical Device Risk Management 10
B New EU Medical Device Regulation & Reconciling with EN ISO 14971 EU Medical Device Regulations 41
B IFU and deviation 7 in ISO 14971 Annex ZA ISO 14971 - Medical Device Risk Management 1
B Interpreting Deviations 5 & 6 in Annex ZA in ISO 14971:2012 ISO 14971 - Medical Device Risk Management 1
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1
B Clarification on interpretation of some EN ISO 14971:2012 & IEC 62304:2006 req's ISO 14971 - Medical Device Risk Management 46
H ISO 14971 vs. IEC 62304 vs. 98/79/EC vs. ISO 13485 (Software Medical Device) ISO 14971 - Medical Device Risk Management 1
M ISO 14971 and ISO TR 24971 revision ISO 14971 - Medical Device Risk Management 32
F ISO 14971:2012 and the FDA ISO 14971 - Medical Device Risk Management 5

Similar threads

Top Bottom