More than one Risk Report per Medical Device

[bigsisj91]

This is my first time using this site. I am helping with the Risk Management report for a new controller. The same controller will go into 5 different devices. The hazards, risk, and mitigations would be the same no matter what device the controller is in. Some of our devices are currently available with two other controllers. When we have to change a mitigation for one of the controllers, we have to update that in multiple reports. Some times a report gets mixed causing contradicting information.

1. Is it acceptable to have a separate risk report for the individual device, Controller A, and Controller B? The individual device report would reference the risk reports for the applicable controllers. We would also verify that all hazards/risks/mitigations are covered for each device/controller combination in the reports.
2. Is there anything you would recommend?

 

[ECHO]

I am not sure if I understand your question but here goes.

You can have multiple risk documents for a DHF. For example, if you are developing a device that uses a cloud network, you could have a DFMEA for the device and a DFMEA for the cloud network. Generally when you have a modularized DFMEA structure, you end up generating a lot of overhead for the quality team. The quality team will need to make sure all DFMEAs use the same names and that any items that overlap match in risk ratings just to name a few of those overhead items. When you start modularizing your system and start generating DFMEAs for those modules, you can quickly end up with a half dozen "modules"

 

[indubioush]

It is not clear how many devices you are dealing with. You should have one risk management report for each device. It does not make sense to have a risk management report for a component of the device because you have the discuss the overall residual risk of the device. However, you can have different FMEAs for each component. It sounds to me that you might have too much detailed information in your risk management report if you are having to update it after every mitigation.

 

[ywwang15]

I won't be very comfortable with the statement "The hazards, risk, and mitigations would be the same no matter what device the controller is in." unless strong evidence or a very strong justification has been provided to prove that the usability and the interoperability/compatibility are identical.

If that is the case, my intuition is that it is fine to have a separate risk analysis file for each device, controller A, and controller B. Also, you will need to have the risk analysis of the interoperability/interface between each device and controller. Then for the risk management plan and report of each device, specify the risk analysis file will include the specified device, [controller A and controller B], and the interface of [controller A&device and the controller B&device].

I agree that it sounds to me that your reports have too much detailed information. I think if you have mitigations for a controller, you should update all the risk analysis files for all devices contain this controller, but not necessary for the reports.