Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.
  • Google has changed ad sizes for some reason. I am investigating and will get the sizes reduced to what they have been until now. I apologise for the inconvenience.

MDD Europe: Use EN ISO 14971:2012 or ISO 14971:2007

M

medgar

#1
I am having a little trouble navigating my way through the versions of standards that I need to comply with MDD 93/42/EEC.

En 60601-1 applies to my device. Amendment 1 of 60601-1 3rd edition quotes ISO 14971:2007 as a normative reference.

Which version, EN ISO 14971:2012 or ISO 14971:2007, am I required to comply with?

My thoughts are EN ISO 14971:2012 because risk assessment is applied to Essential Requirements (ER) beyond those ER covered by 60601-1.

Any advice would be greatly appreciated.
 

Ronen E

Problem Solver
Staff member
Super Moderator
#3
Re: MDD Europe: Do I use EN ISO 14971:2012 or ISO 14971:2007 ?

Hi,

Is the device going to be manufacturd (i.e. finished) in Australia? If so, you'll have to comply with the Australian medical devices regulations (2002) as well. If you go through a TGA conformity assessment (i.e. yours is not a "natural" class I device and it's not export only - class I override), you can get the EC clearance by means of the AU/EC MRA: http://www.tga.gov.au/about/international-eu-mra-amendments.htm (BTW, the TGA has a NB status in the EC MDD context).

In that case you will "bypass" most direct MDD requirements and be subject to the Australian ones. This means that among ISO 14971:2007 and EN ISO 14971:2012, the former will apply to you (you'd also be subject to IEC 60601-1, 3rd edition).

Cheers,
Ronen.
 
S

Spazz

#4
Re: MDD Europe: Do I use EN ISO 14971:2012 or ISO 14971:2007 ?

Which version, EN ISO 14971:2012 or ISO 14971:2007, am I required to comply with?

My thoughts are EN ISO 14971:2012 because risk assessment is applied to Essential Requirements (ER) beyond those ER covered by 60601-1.
I believe the answer is both, depending on context.

EN ISO 14971:2012 and ISO 14971:2007 are identical, except that EN 14971 includes informative annexes which describe how the standard relates to the Essential Requirements. We declare to EN 14971 for Europe and ISO 14971 for the rest of the world.

For the purposes of 60601, the risk management methods described by either are applicable, since they're identical.
 
M

medgar

#5
Re: MDD Europe: Do I use EN ISO 14971:2012 or ISO 14971:2007 ?

Hi All,
Thank-you for your advice. Having read these comments, I suspect that I may have been looking at the problem 'backwards'.

At the core of the problem, is meeting the Essential Requirements (EU)/Essential Principles (Aust) 1 & 2. They seem 'relatively' clear in their treatment of residual risk and the non acceptance of ALARP principle (well, as much as possible for these type of documents :rolleyes:).

To apply ISO 14971:2007 as it stands would not really meet these two aspects of the ER/RP. EN 14971:2012, via the appendix, appears to provide a 'road map' to modify ISO 14971:2007 so that these aspects of the ER/EP are met => conformity.

Could this be a contributing factor to the OJEU flag on EN 60601-1 3rd Edition which indicates that this standard does not necessarily cover the requirements of the MDD?
 

Ronen E

Problem Solver
Staff member
Super Moderator
#6
Re: MDD Europe: Do I use EN ISO 14971:2012 or ISO 14971:2007 ?

At the core of the problem, is meeting the Essential Requirements (EU)/Essential Principles (Aust) 1 & 2. They seem 'relatively' clear in their treatment of residual risk and the non acceptance of ALARP principle (well, as much as possible for these type of documents :rolleyes:).
You are making a wrong assumption. WRT the MDD, EN ISO 14971:2012 does clarify that the ALARP concept is void. However, in Australia, MEDICAL DEVICE STANDARDS ORDER (STANDARDS FOR RISK MANAGEMENT) 2008 clearly says that compliance with ISO 14971:2007 satisfies EP 1(b) and 2(2), at least for identification of risks purposes. Other than that there is no limitation on the methods and criteria you apply to risk reduction and acceptance.

http://www.comlaw.gov.au/Details/F2008L01699/d8308495-e2e3-43a5-9755-2c14ba4a3c70

Could this be a contributing factor to the OJEU flag on EN 60601-1 3rd Edition which indicates that this standard does not necessarily cover the requirements of the MDD?
I don't think so, because that indication was there long before the mess that led to the issue of EN ISO 14971:2012.

Cheers,
Ronen.
 
M

medgar

#7
Re: MDD Europe: Do I use EN ISO 14971:2012 or ISO 14971:2007 ?

However, in Australia, MEDICAL DEVICE STANDARDS ORDER (STANDARDS FOR RISK MANAGEMENT) 2008 clearly says that compliance with ISO 14971:2007 satisfies EP 1(b) and 2(2), at least for identification of risks purposes.
I agree. For the purpose of risk identification, ISO 14971:2007 is fine. In this aspect I think ISO 14971:2007 and EN ISO 149712012 are the same.

However, as a Risk Management standard (incl treatment of risk) ISO 14971:2007 falls short of the requirements for conformity. This is also in the MD Std Order:

"... but not to be used as a specific means to implement the reduction of risk"

My reasoning in my previous post was, to show conformity using a risk management standard, EN ISO 14971:2012 would be appropriate because it specifically deals with the 'short comings' in ISO 14971:2007 with regards to the reduction of risk.
 

Ronen E

Problem Solver
Staff member
Super Moderator
#8
Re: MDD Europe: Do I use EN ISO 14971:2012 or ISO 14971:2007 ?

"... but not to be used as a specific means to implement the reduction of risk"
I wonder what is the meaning of the word "specific" here. If they meant to say "ISO 14971:2007 will not provide presumption of conformity for anything beyond risk identification" they could have omitted the word "specific". That would have said that using it as a method for risk reduction is not good enough. Regardless, the MDSO language says nothing about the validity of the ALARP concept. I doubt that the TGA based the above phrasing on objections to the ALARP concept, because by the time the MDSO was issued, ALARP was by far the industry and regulators mainstay. It took some more years before this debate began large scale.

Either way, for me it's really discouraging and sad to see that people (a) think that ISO 14971 has significant shortcomings*; and (b) that EN ISO 14972:2012 has fixed any. I think that EN ISO 14971: 2012 is ridiculous and cowardly, does not add any real value or clarity, and is essentially political.

*) It's not that I think ISO 14971 is perfect; however, IMO it does a very good job in what it's supposed to do. If anything, the whole concept of upfront theoretical risk analysis, and the concept of "risk acceptability" have shortcomings. The way to resolve these shortcomings is not by demonising them; it's by making people aware of them and providing guidance based on common sense and real-world experience.

All the best with your implementation of EN ISO 14971:2012 and CE marking.

Cheers,
Ronen.
 
Last edited:

RobertvanBoxtel

Involved In Discussions
#9
Let's try to go back to the main differences of ISO 14971 and EN ISO 14971.
The EU regulators amended the MDD in 2007, with some specific wording added and sections changed. For example and more specifically, take a look at ER 1 in Annex I.
As a result of this amendment, some of the wording used in ISO 14971 did not line up with the MDD. Therefore, the process of harmonization of standards was followed, resulting in 7 content deviations.

My first reaction at the time was the same: B...S...

However, if you really read the argumentations and think a little bit further, in light of REAL risk management most of them do make sense. For example, it makes you think about whether mentioning a hazard in the IFU, does that really mitigate anything. I agree, in some cases, there is no other option left and helping my clients on this, I run into these challenges. On the other hand, we all know what happens with IFU's in hospitals, so thinking that mentioning hazards in IFU's will reduce risks, keep dreaming. So thinking about other mitigation options, already most times inherent to the device use, is not time lost.

Another item to think about is that you need to continue risk reduction as far as possible (ER 1) without taking into consideration of the cost (econimics) is a nice political statement, but not realistic. Nevertheless, think back on your devices, did you really look into risks in detail? For example: do you know how your device is used in a clinical setting? No, I mean really know? Write down the procedure steps and think about what can go wrong and how through design you can make changes / adapt.

I found it refreshing to think again on the devices through these deviations and re-assessing the typically old, long time ago established risk management files.
 

Ronen E

Problem Solver
Staff member
Super Moderator
#10
Let's try to go back to the main differences of ISO 14971 and EN ISO 14971.
The EU regulators amended the MDD in 2007, with some specific wording added and sections changed. For example and more specifically, take a look at ER 1 in Annex I.
As a result of this amendment, some of the wording used in ISO 14971 did not line up with the MDD. Therefore, the process of harmonization of standards was followed, resulting in 7 content deviations.

My first reaction at the time was the same: B...S...

However, if you really read the argumentations and think a little bit further, in light of REAL risk management most of them do make sense. For example, it makes you think about whether mentioning a hazard in the IFU, does that really mitigate anything. I agree, in some cases, there is no other option left and helping my clients on this, I run into these challenges. On the other hand, we all know what happens with IFU's in hospitals, so thinking that mentioning hazards in IFU's will reduce risks, keep dreaming. So thinking about other mitigation options, already most times inherent to the device use, is not time lost.

Another item to think about is that you need to continue risk reduction as far as possible (ER 1) without taking into consideration of the cost (econimics) is a nice political statement, but not realistic. Nevertheless, think back on your devices, did you really look into risks in detail? For example: do you know how your device is used in a clinical setting? No, I mean really know? Write down the procedure steps and think about what can go wrong and how through design you can make changes / adapt.

I found it refreshing to think again on the devices through these deviations and re-assessing the typically old, long time ago established risk management files.
Re-running old risk management sessions is a good idea, but it doesn't require the 7 deviations.

Basically what you're saying is that if someone did a bad job implementing ISO 14071:2007, the 7 deviations will set them straight. Interesting. Or, in your own words: keep dreaming :)

The problem isn't with the standard. It's with people / companies not committed, and that won't be fixed by the 7 deviations.

Cheers,
Ronen.
 
Top Bottom