ISO 14971:2019 vs MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks"

DamienL

Involved In Discussions
#1
Hi. Our organisation uses FMEAs for evalulaton and control of risks. It works something like this, which I hope is similar to the way some of you might also do it. Firstly, we would identity Risk control measures to reduce the risk associated with a particular hazard. After implementation, we would then re-evaluate the risk (i.e., re-score it) and then determine whether this "residual risk" is considered acceptable or not. If acceptable, then we would be done and dusted --> move on to the next hazard.

So firstly, I want to get thoughts as to whether that sounds about right to any other folks using FMEA? Secondly, and the point of this post, is what then are we supposed to do about MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks". Like it or not, our FMEAs are often full of every possible, hypothetical risk we can think of - are we really supposed to discuss each one in the labelling? Sometimes the risk to start with is so low that we wouldn't even implement additional risk control measures. In this case, section 6 of 14971:2019 says to treat this initial risk estimate as the "Residual Risk". So every hazard that is risk assessed in the FMEA ends up with a "residual risk" estimate. And we could have a hundred of these (in a bad FMEA).

14971 says that "the manufacturer shall inform users of significant residual risks" which makes total sense, but that's not what the MDR is saying. I'm obviously missing something here so any direction would be appreciated.

PS - I know some may feel that FMEA is the root of many a problem, but it's what we've been using for ever and won't be switching. Old dogs, etc.

Thanks, Damien
 
Elsmar Forum Sponsor

v9991

Trusted Information Resource
#2
hope you considered the interim step wrt Benefit-Risk analysis.,
"(81) Any statistically significant increase in the number or severity of incidents that are not serious or in expected side-effects that could have a significant impact on the benefit-risk analysis and which could lead to unacceptable risks should be reported to the competent authorities in order to permit their assessment and the adoption of appropriate measures. "
https://www.medical-device-regulation.eu/wp-content/uploads/2019/05/CELEX_32017R0745_EN_TXT.pdf

and integrating each of the remaining risks after benefit-risk analysis; to be mapped against each of the constituent element of labelling.
CHAPTER III REQUIREMENTS REGARDING THE INFORMATION SUPPLIED WITH THE DEVICE
23. Label and instructions for use
23.1. General requirements regarding the information supplied by the manufacturer
23.2. Information on the label
23.3. Information on the packaging which maintains the sterile condition of a device (‘sterile packaging’)
https://www.medical-device-regulation.eu/wp-content/uploads/2019/05/CELEX_32017R0745_EN_TXT.pdf


Further, in the context of ISO 14971, "Annexure J , J.3 Disclosure of residual risk(s)" provides certain guidance.

note :- I am new to device regulation, and my post is more of an conversation, than experience or expertize.
 

mihzago

Trusted Information Resource
#3
@DamienL I had the same question a few months ago, which I posed here and on RAPS forum; never got an answer, and frankly I still don't know.

As you noticed, the MDR states that "Manufacturers shall inform users of any residual risks" whereas ISO 14971:2019 mentions significant residual risks, which is more practical and reasonable. I hope that everyone, including the NBs are conveniently ignoring the "any residual risk" requirement.
 

ThatSinc

Involved In Discussions
#4
I don't see how it can be considered feasible to notify the users of all residual risk - where even basic devices can have multiple risks and, by definition, once control measures are taken whatever is left is residual risk.
It will essentially require all devices to have literature provided.

I appreciate that 14971 is a global standard, and is not meant to directly align with any given regulation, but there are a number of concepts between the MDR and 14971 that I feel that there will still have to be a number content deviations if 14971 is to be harmonised.
 

indubioush

Quite Involved in Discussions
#5
PS - I know some may feel that FMEA is the root of many a problem, but it's what we've been using for ever and won't be switching. Old dogs, etc.
Perhaps you have been told this before, but FMEAs alone will not ensure compliance to ISO 14971 unless you are doing modified FMEAs in which you account for risks that could happen without a "fault condition."

I think it is apparent that the MDR has a lot of issues with confusing wording. I would argue that ISO 14971:2019 is considered state of the art. I think it would be reasonable for you to make a statement in your risk management report that residual risks below a certain level will not be disclosed to the end user. However, you may want to take a second look at the way you are writing up these residual risks. You may be able to combine them in to a smaller list of potential harms. It is the residual risk you need to disclose, not all of the potential hazardous situations.
 

ThatSinc

Involved In Discussions
#6
statement in your risk management report that residual risks below a certain level will not be disclosed to the end user
I have incorporated this into my risk acceptability criteria.

Where under the MDD and MDR any risk must be reduced, and be weighed against the benefits before being considered acceptable, the risk acceptability criteria become somewhat redundant

The acceptability matrix includes 4 regions from negligible to critical, including consideration for control measures in accordance with harmonised standards, and that the risk will be considered acceptable if further control measures would introduce new risks etc, and the requirement for the top two tiers that residual risk must be disclosed.
 
Thread starter Similar threads Forum Replies Date
B Timeframe for updating QMS / transitioning from ISO 14971:2012 to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 10
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
M Gap analysis on ISO 14971:2019 with previous revision ISO 14971 - Medical Device Risk Management 4
B New ISO 14971:2019 Harm: unreasonable psychological stress, and cybersecurity ISO 14971 - Medical Device Risk Management 13
A EN ISO 14971:2019 does not include the Annex Zs ISO 14971 - Medical Device Risk Management 4
Ronen E Informational What's new in ISO 14971:2019 ISO 14971 - Medical Device Risk Management 2
T ISO 14971-2019 doubt - Evaluate if estimated risks are acceptable ISO 14971 - Medical Device Risk Management 9
Y When will Notified Bodies require MedDev manufacturers to fully implement ISO 14971:2019? ISO 14971 - Medical Device Risk Management 1
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 2
S Practical Implementation of ISO 14971 ISO 14971 - Medical Device Risk Management 6
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
B ISO 14971 Applied to Software ISO 14971 - Medical Device Risk Management 2
D Recent changes to ISO 14971 - SOP required for managing standard revisions ISO 13485:2016 - Medical Device Quality Management Systems 1
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 3
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Informational ISO 14971 / ISO TR 24971 revision update – atualizações sobre a revisão Medical Device and FDA Regulations and Standards News 1
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
Q Information for safety EN ISO 14971:2012 - Customer Risk Reduction ISO 14971 - Medical Device Risk Management 6
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
A Our auditor requires us to attend a training on EN ISO 14971:2012 Other ISO and International Standards and European Regulations 3
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F IMDRF opened a Consultation on Annex E & F and the link to ISO 14971 ISO 14971 - Medical Device Risk Management 4
M Updates to EN 62366 & ISO 14971? Other Medical Device Related Standards 3
D IEC 60601-1 and ISO 14971 Assessment IEC 60601 - Medical Electrical Equipment Safety Standards Series 24
M Example ISO 14971 policy and risk criteria ISO 14971 - Medical Device Risk Management 0
P ISO 13485 and ISO 14971 - one mandates the other? ISO 13485:2016 - Medical Device Quality Management Systems 8
D Rationale for Risk Acceptability Matrix - ISO 14971 ISO 14971 - Medical Device Risk Management 9
H Task analysis and ISO 14971 ISO 14971 - Medical Device Risk Management 9
M ISO 14971 and Stand-Alone Diagnostic Software ISO 14971 - Medical Device Risk Management 4
dgrainger Benefit - What is the definition of Benefit in ISO 14971? ISO 14971 - Medical Device Risk Management 7
Y Training as a risk control for ISO 14971 ISO 14971 - Medical Device Risk Management 13
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
thisby_ ISO 14971 - ALARP and P2 - New ISO 14971 does not allow the concept of ALARP? ISO 14971 - Medical Device Risk Management 3
C What is the difference between "Overall Risk" and "Risk"? (ISO 14971) ISO 14971 - Medical Device Risk Management 10
B New EU Medical Device Regulation & Reconciling with EN ISO 14971 EU Medical Device Regulations 41
B IFU and deviation 7 in ISO 14971 Annex ZA ISO 14971 - Medical Device Risk Management 1
B Interpreting Deviations 5 & 6 in Annex ZA in ISO 14971:2012 ISO 14971 - Medical Device Risk Management 1
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1
B Clarification on interpretation of some EN ISO 14971:2012 & IEC 62304:2006 req's ISO 14971 - Medical Device Risk Management 46
H ISO 14971 vs. IEC 62304 vs. 98/79/EC vs. ISO 13485 (Software Medical Device) ISO 14971 - Medical Device Risk Management 1
M ISO 14971 and ISO TR 24971 revision ISO 14971 - Medical Device Risk Management 32
F ISO 14971:2012 and the FDA ISO 14971 - Medical Device Risk Management 5
M ISO 14971:2007 Revision Approved - The Delft ISO TC 210 plenary meeting - Nov 2016 ISO 14971 - Medical Device Risk Management 2
S Organizing Risk Analysis and Controls for a New Medical Device (ISO 14971) ISO 14971 - Medical Device Risk Management 4

Similar threads

Top Bottom