Practical Implementation of ISO 14971

#1
I’m trying to implement a more robust and well-defined procedure at my company for risk management activities per ISO 14971, and I’m having a lot of trouble coming up with methods that are effective, efficient, and consistent. I was hoping some of the people here might have some insights.

My current thinking is that the process should be centred around a risk traceability matrix that co-ordinates and records information from all other activities. In that matrix, you would record hazards, hazardous situations, harms, risk estimation and assessment, risk control measures etc.

As specific risk analysis tools are employed throughout the development process, information from these activities would then be used to populate the matrix, with the outputs of these processes being translated into hazards, hazardous situations, harms, and foreseeable event sequences as necessary. My intent with this is to allow individual subordinate analysis techniques (FTAs, FMEAs, PHAs) etc to be freely performed and updated throughout the development process, and the relevant findings incorporated into the overall ISO 14971 risk table without significant disruption.

Has anyone else approached risk management in this way and found it effective?


The other big issue I’m having is in consistent definition of hazards and hazardous situations without excessive duplication. For example, I have a device with a deployable/retractable fixation system that anchors it to subcutaneous tissue. For the duration of use this anchor is expected to support loads applied to protruding length of the device. To me it seems that there is an obvious hazard / hazardous situation here but documenting it seems to become complicated.

I could document it as follows (format is Hazard / Foreseeable Sequence of Events / Hazardous Situation / Harm):
Mechanical force (interaction between anchor and tissue) / Tissue anchor is deployed during use / Loading of tissue by tissue anchor / Tissue injury.

Or I could split it into further smaller hazardous situations:
Mechanical force (interaction between anchor and tissue) / Tissue anchor is deployed during use / Loading of tissue by tissue anchor during deployment / Tissue injury.
Mechanical force (interaction between anchor and tissue) / Tissue anchor supports transmitted loadings during use / Loading of tissue by tissue anchor whilst deployed / Tissue injury.
Mechanical force (interaction between anchor and tissue) / Tissue anchor is retracted after use / Loading of tissue by tissue anchor during retraction / Tissue injury.


It gets even more difficult when I try to consider conditions that may exacerbate mechanical interactions. For instance: If the user applies excessive force to the device during use there’s an obvious possibility of harm. What I can’t figure out is whether this scenario should be treated as a contributor in a sequence of events leading to a hazardous situation (Loading of tissue anchor whilst deployed), or should it be considered to constitute its own hazardous situation (something like Excessive loadings transmitted to tissue anchor).

I think I may have a fundamental misunderstanding of how I define my hazards, hazardous situations, and foreseeable sequence of events, because I run into issues like this near constantly. In many cases (except for the simplest ones) I can find justifications for defining a particular event or situation as either a contributing event, or its own hazardous situation.
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
Welcome to The Cove!

I support splitting into smaller hazardous situations if the severity is different among them and particularly if actions to address the different hazardous situations would vary.

When doing risk assessment for medical device, ISO 14971 asks us to also consider (3.13) reasonably forseeable misuse. I see you are trying to do this and want to encourage you to go deep enough in your risk identification as developer. I think FTAs can be very helpful to identify the core risk and I encourage you to leverage them to help sirt out details.

Excessive loadings transmitted to tissue anchor? seems to me a good failure mode in a design FMEA. What is it about the device that allows excessive loading? Is that risk severe enough to be addressed? If so, how will you do it; and then, what was the effect of your actions?

The thing is, the Product and Design FMEAs do not need to be limited to traditional structure. If you want to include Hazard / Foreseeable Sequence of Events / Hazardous Situation / Harm, I see no reason not to do so.

Whatever tools you use, and I hope you allow yourself to branch out and not limit yourself to FMEA, the tools are just a component to the risk management process that ISO 14971:2019 addresses. The FDA's Guidance for Industry is not a new document, but its advice still looks sound to me. FDA has also published Factors to Consider Regarding Benefit-Risk in Medical Device Product Availability, Compliance,and Enforcement Decisions, as well as Factors to Consider When Making Benefit-Risk Determinations in Medical Device Premarket Approval and De NovoClassifications.

I hope this helps!
 
#3
Hi Jen, thanks for your advice.

I like the idea of splitting the hazardous situations to facilitate better risk estimation and determination of risk controls. However, I still have issues distinguishing whether something should be considered as a a hazardous situation in its own right, or as a foreseeable event contributing to a broader hazardous situation. Would you consider the example of excessive loadings transmitted to the anchor to be its own Hazardous situation?

Going back to the example of the tissue anchor. If we consider only the scenario where the anchor is supporting loadings after deployment there are a lot of factors involved that may lead to tissue harm or influence its severity. Just a few off the top of my head:

  • Inadequate design - poor distribution of loads into surrounding tissue.
  • Damage to anchor compromises load distribution
  • Incomplete or incorrect deployment of anchor compromises load distribution.
  • User implants anchor in diseased or weak tissue - surrounding tissue unable to withstand transmitted loadings.
  • The list goes on.
Up until now I've proceeded by defining relatively broad hazardous situations and working backwards in a sort of pseudo-FTA process to identify causal chains. Eg Hazard: mechanical force (interaction between tissue and anchor) -> HazSit: Harmful loading of tissue by anchor during support of applied loadings.

Should I consider separating out some of these higher level contributors as their own hazardous situation? In this case I'm still very confused as to a consistent definition as to what part of the chain of events constitutes a hazardous situation in its own right.
 

ThatSinc

Involved In Discussions
#4
The other big issue I’m having is in consistent definition of hazards and hazardous situations without excessive duplication.
I think I may have a fundamental misunderstanding of how I define my hazards, hazardous situations, and foreseeable sequence of events, because I run into issues like this near constantly
I've had the same issue myself, despite leading risk management processes for 8 years and having very positive feedback from technical file auditors over that time. This forum has helped significantly with rethinking how I approach hazards/hazardous situations and how the foreseeable sequences of events fit in - but note I'm still (re)learning myself, so don't take this as gospel, but want to keep the conversation going.

Hazards, Hazardous Situations and R.F.S.E

Do you have a copy of the new TR24971? I've found that has clarified a few things for me too.

As @Jen Kirley has said, splitting the hazardous situations to allow the controls to be readily identified and specific is a good start.

Previously I was finding that I was documenting the actual exposure of the patient/user to the hazard as the hazardous situation, and documenting the causes of the exposure in the sequence of events.
I was taking the guidance from the standard very literally and linearly; hazards lead to hazardous situations through sequences of events, hazardous situations lead to harm.

e.g. under infusion as a hazardous situation, device impacts user as a hazardous situation.

It resulted in so many sequences of events resulting in the same hazardous situation and a complete tangle when trying to define probabilities, it sounds like this might be your issue too?

Whereas now I think of hazardous situations more closely aligned with their definition in the standard; hazardous situations allow a hazard to cause harm.

I could document it as follows (format is Hazard / Foreseeable Sequence of Events / Hazardous Situation / Harm):
Mechanical force (interaction between anchor and tissue) / Tissue anchor is deployed during use / Loading of tissue by tissue anchor / Tissue injury.

When I struggle defining it now, I've started looking at a hazardous situation with regards to how I control it, to either prevent it from occurring or prevent harm from occurring if it occurs.

Assuming you think you need control mechanisms for these scenarios, what would they be?
 

indubioush

Quite Involved in Discussions
#5
It think it would benefit you to perform various FMEAs prior to trying to compile your larger risk matrix. As an alternative, you could create separate categories in your matrix to allow you to focus on only one source of risk.

Design FMEA - only focus on the design and how different components/assemblies could cause harm.
Process FMEA - only focus on how the manufacturing process could contribute to harm.
Use FMEA - only focus on how use errors could result in harm.
Hazard analysis - first document risks that are not associated with a fault condition (i.e., normal risks), then, using the information already documented in your FMEAs to add in the rest

Now instead of a random thought of "user applies excessive force to the device during use," you will have this use error listed as a hazardous situation associated with a particular step during use of the device. This would be listed in detail in the UFMEA.

Now instead of "Inadequate design - poor distribution of loads into surrounding tissue" you will have the specific fault condition listed in your DFMEA under the "anchors" section.
 

Tidge

Quite Involved in Discussions
#6
I have a few thoughts, they aren't exactly random but depending on your specific approach will impact if/how the advice can work for you. This advice is offered in the spirit of "seems like the risk file may have too many lines" for folks trying to visualize/represent the risk analysis in 2-dimensions as a matrix (i.e. on paper). A multi-dimensional, relational database allows more freedom (and links between the elements of the risk analysis) but representing the information from such a risk analysis to all necessary parties (internal and external) is trickier.

1) I have found the best reason for having multiple lines for otherwise similar use cases/sequences of events is when those lines end up with different risk ratings (usually because of P1, P2 differences). For medical devices used in extreme circumstances, it is common that the least acceptable risks are those with rather low severity harms but occur frequently. It is generally true that risk controls for high-severity harms will also work for low-severity harms, but the acceptability space is usually different.

I wrote number 1 first, because

2) My preference is: for a given hazard I don't like to see different lines with the same (pre-control) severity/P1/P2 ratings and the same (effective) risk controls. Too many lines clutter the risk analysis and can in extreme circumstances (*see below) give misleading assessments of final acceptability. In my preferred matrix/paper approach to risk analysis I'm content to identify the use cases in the lines of analysis while making sure that the use cases have enough information so that it is clear how the sequence of events in the risk analysis can derive from the use cases. If the same risk control(s) apply evenly to similar use cases for the same hazards I wouldn't find that much value in having multiple lines of analysis.

(*) How "too many lines" can mislead folks about the risk acceptability: Occasionally I observed that some folks would mistakenly believe that they'd done a good (enough) job addressing risks because a great majority of lines of risk analysis were addressed by a relatively few (effective) risk controls. Simply adding more lines of analysis for specific hazards that would be mitigated by already existing risk controls doesn't necessarily explain anything about the acceptability of risks for other hazards.
 
Thread starter Similar threads Forum Replies Date
A Exploding the Myths Surrounding ISO 9000: A Practical Implementation Guide Book, Video, Blog and Web Site Reviews and Recommendations 28
P Random Sampling at Receiving Inspection: A Practical Implementation needed Inspection, Prints (Drawings), Testing, Sampling and Related Topics 13
A What are Practical data center best practices IEC 27001 - Information Security Management Systems (ISMS) 0
N Best practices for capturing audit objective evidence in a practical manner? Internal Auditing 3
B Practical ideas for information labelling in healthcare environment IEC 27001 - Information Security Management Systems (ISMS) 2
M Getting into biotech QA from aerospace - Is it practical? Career and Occupation Discussions 2
Q Practical guide to scan for Risks in all QMS systems without missing any ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
Sidney Vianna Blockchain Technology - Any examples of practical application? The Reading Room 21
Q Practical Way to raise NCR's in an Assembly Workshop ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
C Practical use of Heat Input calculation for Manual MIG Welding Manufacturing and Related Processes 4
M Practical Methods using Sampling by Variables Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
R Looking for Practical Advice in Managing Measurement Uncertainties Measurement Uncertainty (MU) 3
WEAVER Is GR&R really practical for a Measurescope? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 12
A 6 Sigma: Could you share some practical examples of 6 Sigma Projects in your company? Six Sigma 3
L oPRP or CCP? Practical example Food Safety - ISO 22000, HACCP (21 CFR 120) 2
L Working closer and better with Suppliers - Practical ideas to improve? Supplier Quality Assurance and other Supplier Issues 8
R Suggestions for a practical way to manage Contract Review Contract Review Process 5
O Practical 8-D or similar Problem Solving worksheet or form Excel .xls Spreadsheet Templates and Tools 5
M Need practical guide on TS 16949 Clause 7.6 Requirement IATF 16949 - Automotive Quality Systems Standard 1
M Practical Guidance on TS 16949 Clause 7.5.3 - Product Status Identification IATF 16949 - Automotive Quality Systems Standard 3
C Practical Examples of completed ISO 19011:2011 Audit Reports General Auditing Discussions 5
T Practical Problem Solving - Does anyone have a practical problem solving template? Document Control Systems, Procedures, Forms and Templates 6
S Practical Data Collection Process Recommendations? Design and Development of Products and Processes 6
S OPRP or HACCP Plan - Opinions and Practical Example Wanted Food Safety - ISO 22000, HACCP (21 CFR 120) 17
S Validation of Production Process - Practical Example ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
F Toyota A3 Practical Problem Solving (PPS) Document Needed Nonconformance and Corrective Action 1
L Corrective Action Request Assessment and Prioritisation Criteria - Practical Examples Nonconformance and Corrective Action 14
Q Father Of The Practical CMM, James Coggin (RIP) Coffee Break and Water Cooler Discussions 1
I Practical definition of IEC62304 Software Items and Software Units IEC 62304 - Medical Device Software Life Cycle Processes 7
A Definition Modify, Magnify, Minify, and Substitute - Seeking practical ways of differentiation Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 17
L Please share some practical SPC exercises for training purpose Statistical Analysis Tools, Techniques and SPC 4
M Practical Reasons Behind The ISO 13485/QSR Regulations ISO 13485:2016 - Medical Device Quality Management Systems 6
L Employee motivation and empowerment - Please some practical methods IATF 16949 - Automotive Quality Systems Standard 20
G Practical Screw Thread Information & Tolerances General Measurement Device and Calibration Topics 98
R Practical Problem Solving for Management Development Quality Tools, Improvement and Analysis 3
D Internal Auditing ? A Practical Approach General Auditing Discussions 4
Anerol C Definition Rework vs. Repair - What's the practical difference? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 43
ScottK How far is it practical to take a Process FMEA? FMEA and Control Plans 14
L Practical Ideas for TS 6.2.2.4 - Personel are aware of the relevance and importance.. Training - Internal, External, Online and Distance Learning 5
M Stakeholder Analysis - Practical success stories wanted ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
J Q Leading and Lagging Indicators - Difference (practical) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Z Design and Development Planning - Is It Sufficient and Practical or Not Design and Development of Products and Processes 0
C Interpretation and Practical Application of ISO 17025 - Development of a System ISO 17025 related Discussions 81
G Practical examples of VOC and CTQ flowdown Six Sigma 8
D What practical measures can be taken to improve customer satisfaction? Customer and Company Specific Requirements 21
Govind Here is a Practical Test for QMS Effectiveness ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
I ISO 13485 Practical Internal Audit Checklist - Standard vs. Process Based Internal Auditing 26
S I need help creating a practical preventive action process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
J Auditing to ISO 9001:2000 - What is the Process Model in PRACTICAL terms General Auditing Discussions 17
L Practical ISO 14001 Aspect and Impact Assessment Miscellaneous Environmental Standards and EMS Related Discussions 8

Similar threads

Top Bottom