ISO 14971-2019 doubt - Evaluate if estimated risks are acceptable

Teyla

Starting to get Involved
#1
Hi everyone!
I hope someone can help me with this... :rolleyes:
The new ISO 14971-2019 in 6. Risk evaluation states that if manufacturer evaluate if estimated risks are acceptable. These that are, are treated as residual risk and risk control is not required to be applied.
My question is - that is it? There is a risk and that's OK?
 
Elsmar Forum Sponsor

dubrizo

Involved In Discussions
#2
Yes, there is almost always residual risk. It's incumbent upon the manufacturer to identify, evaluate and reduce risk to acceptable levels; typically done and recorded via FMEA. Residual risk is essentially your accepted/acceptable risk.

I'm sure others will expound on what I've said, but I wanted to provide a direct answer.
 

Ronen E

Problem Solver
Staff member
Moderator
#3
typically done and recorded via FMEA.
Actually FMEA is not the best tool for an ISO 14971-style risk assessment. It's acceptable, but it's not ideal. I won't elaborate here because we've already had many, lengthy discussions about that at Elsmar.
 
Last edited:

indubioush

Quite Involved in Discussions
#4
The new ISO 14971-2019 in 6. Risk evaluation states that if manufacturer evaluate if estimated risks are acceptable. These that are, are treated as residual risk and risk control is not required to be applied.
My question is - that is it? There is a risk and that's OK?
Yes. If a particular hazardous situation has an acceptable level of risk, it is treated as a "residual risk." You then evaluate the overall residual risk taking into account each residual risk.

However, if your device's intended market includes Europe, go read the MDR and annexes in the EU 2012 version of ISO 14971.
 

big boss

Posts Moderated
#5
dear All
I am working on risk management plan according to 2019 edition
and need help to understand the requirement clearly
1-the scope of the planned risk management activities, identifying and describing the medical device and the life cycle phases for which each element of the plan is applicable
* for this point i highlight the product description /intended purpose and highlight the product life cycle (design /product realization / post-production )
2- assignment of responsibilities and authorities;
* for this point we provide a list of the team member,role and duties and of course cross-reference their competence
3-requirements for review of risk management activities;
* indeed i don't clearly understand this point, (however in old edition its written how and when these review activities did) ,
4-criteria for risk acceptability, based on the manufacturer’s policy for determining acceptable
* this point clear for me to determine the Accebptiblity level
5-a method to evaluate the overall residual risk, and criteria for acceptability of the overall residual
* in this point i don't understand if we need to create another acceptability level for residual risk ???
Also if based on the estimated Probability & severity the risk is acceptable so result considers a residual risk ??
6-activities for verification of the implementation and effectiveness of risk control measures;
* as per my understanding verification of implementation may through
  • Compliance to applicable standards and guidelines
  • Clinical evaluation data
  • Comparison with predicate devices
  • Instruction for use of predicate devices
  • Suppliers information
  • Bench-Top tests.
  • Inspection
  • Validation activities and Expert opinion
  • 7-activities related to collection and review of relevant production and post-production information.for
  • for this point below information could be used
  • Data from production and post market surveillance include the following:
  • Customer complaint
  • Customer feedback
  • Clinical evaluation data
  • Nonconformities
  • so can any one help to execute good plan
 

Tidge

Quite Involved in Discussions
#6
I'll try to tackle just one point:
3-requirements for review of risk management activities;
* indeed i don't clearly understand this point, (however in old edition its written how and when these review activities did) ,
This part of the RM Plan is to establish the requirements for RM activities up front for a couple of different reasons:
  1. It avoids having a completely ad hoc approach to RM.
  2. It allows effective remediation should some element of the RM activities be defective.
Here is some (hopefully) practical advice:

RM Plans are different than RM Procedures (or Policies). RM plans should be focused on the device (or family of devices). The RM Plan should identify the specific files that are identified as containing the RM information. Most companies have a dedicated document suite for this purposes.

During development you will likely only need certain RM activities done at certain points of the development. For example, you might want to plan a review of (design) RM files prior to design verification to check the allocation of design outputs to design input requirements. Another example may be delaying development of things like process FMEA until establishing manufacturing methods. In any case, prior to marketing the device you ought to require (i.e. plan) a review of complete RM files.

For the actual 'requirements' of the review, the most solid pre-market question to answer is if the RM file content is that all risks are acceptable (and that any potentially unacceptable risks be disclosed). I want to tread lightly here because of NB-enforced concepts of 'as low as possible' and detailed risk-benefit analyses for every identified risk.. the broader point is the manufacturer establishes (by policy) what is acceptable and that the RM plan reinforces it. The RM Plan would also ideally call out the responsible parties for making the assessment.

A RM Plan is also where you can establish the data sources to be reviewed (at specified intervals) once the device is on the market. Data sources typically include complaints and CA/PA databases.

The Plan is what you are committing to, so don't inflate the plan with non-value added activities.
 

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#8
ISO 14971 Section 4.1 Risk Management Process requires you to C) Control risks. How you control it is in the form of a Risk Management Plan (4.4)

Risk acceptability is a policy from your company, even if you cannot estimate the occurrence chance. Residual Risk is allowed based upon your own policies.


An FMEA may be more practical for a discrete operation rather than an encompassing product lifecycle. An FMEA may be part of a risk management plan, however.
 

adir88

Starting to get Involved
#10
How would one go about putting together a risk management policy?
What expectations are there to have in the policy?
ISO/TR 24971 has an entire annex dedicated to this topic. I think the information in there is very helpful. You should take a look.
 
Thread starter Similar threads Forum Replies Date
B Timeframe for updating QMS / transitioning from ISO 14971:2012 to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
D ISO 14971:2019 vs MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks" ISO 14971 - Medical Device Risk Management 2
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
M Gap analysis on ISO 14971:2019 with previous revision ISO 14971 - Medical Device Risk Management 3
B New ISO 14971:2019 Harm: unreasonable psychological stress, and cybersecurity ISO 14971 - Medical Device Risk Management 13
A EN ISO 14971:2019 does not include the Annex Zs ISO 14971 - Medical Device Risk Management 4
Ronen E Informational What's new in ISO 14971:2019 ISO 14971 - Medical Device Risk Management 2
Y When will Notified Bodies require MedDev manufacturers to fully implement ISO 14971:2019? ISO 14971 - Medical Device Risk Management 1
S Practical Implementation of ISO 14971 ISO 14971 - Medical Device Risk Management 6
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
B ISO 14971 Applied to Software ISO 14971 - Medical Device Risk Management 2
D Recent changes to ISO 14971 - SOP required for managing standard revisions ISO 13485:2016 - Medical Device Quality Management Systems 1
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 3
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Informational ISO 14971 / ISO TR 24971 revision update – atualizações sobre a revisão Medical Device and FDA Regulations and Standards News 1
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
Q Information for safety EN ISO 14971:2012 - Customer Risk Reduction ISO 14971 - Medical Device Risk Management 6
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
A Our auditor requires us to attend a training on EN ISO 14971:2012 Other ISO and International Standards and European Regulations 3
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F IMDRF opened a Consultation on Annex E & F and the link to ISO 14971 ISO 14971 - Medical Device Risk Management 4
M Updates to EN 62366 & ISO 14971? Other Medical Device Related Standards 3
D IEC 60601-1 and ISO 14971 Assessment IEC 60601 - Medical Electrical Equipment Safety Standards Series 12
M Example ISO 14971 policy and risk criteria ISO 14971 - Medical Device Risk Management 0
P ISO 13485 and ISO 14971 - one mandates the other? ISO 13485:2016 - Medical Device Quality Management Systems 8
D Rationale for Risk Acceptability Matrix - ISO 14971 ISO 14971 - Medical Device Risk Management 9
H Task analysis and ISO 14971 ISO 14971 - Medical Device Risk Management 9
M ISO 14971 and Stand-Alone Diagnostic Software ISO 14971 - Medical Device Risk Management 4
dgrainger Benefit - What is the definition of Benefit in ISO 14971? ISO 14971 - Medical Device Risk Management 7
Y Training as a risk control for ISO 14971 ISO 14971 - Medical Device Risk Management 13
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
thisby_ ISO 14971 - ALARP and P2 - New ISO 14971 does not allow the concept of ALARP? ISO 14971 - Medical Device Risk Management 3
C What is the difference between "Overall Risk" and "Risk"? (ISO 14971) ISO 14971 - Medical Device Risk Management 10
B New EU Medical Device Regulation & Reconciling with EN ISO 14971 EU Medical Device Regulations 41
B IFU and deviation 7 in ISO 14971 Annex ZA ISO 14971 - Medical Device Risk Management 1
B Interpreting Deviations 5 & 6 in Annex ZA in ISO 14971:2012 ISO 14971 - Medical Device Risk Management 1
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1
B Clarification on interpretation of some EN ISO 14971:2012 & IEC 62304:2006 req's ISO 14971 - Medical Device Risk Management 46
H ISO 14971 vs. IEC 62304 vs. 98/79/EC vs. ISO 13485 (Software Medical Device) ISO 14971 - Medical Device Risk Management 1
M ISO 14971 and ISO TR 24971 revision ISO 14971 - Medical Device Risk Management 32
F ISO 14971:2012 and the FDA ISO 14971 - Medical Device Risk Management 5
M ISO 14971:2007 Revision Approved - The Delft ISO TC 210 plenary meeting - Nov 2016 ISO 14971 - Medical Device Risk Management 2
S Organizing Risk Analysis and Controls for a New Medical Device (ISO 14971) ISO 14971 - Medical Device Risk Management 4
M The future of ISO 14971:2007 ISO 14971 - Medical Device Risk Management 2

Similar threads

Top Bottom