Risk Benefit Analysis - ISO 14971:2012 Requirements

#1
Hi All

I'm looking for some advice on risk benefit analysis (RBA). In particular the 14971:2012 requirements.

Currently we only perform RBAs for individual risks that have the highest severity, regardless of final RPN. This is a severity of 10 in our 1-10 scoring where harm to the user starts at 6. Currently no one really knows what a best practice method of writing an RBA looks like. They usually end up being a few paragraphs explaining the risk and why its no problem.

I'm aware that within the 2012 version there is a requirement for RBA's for individual risks and an overall RBA.

I've been doing lots of background reading where it is suggested the overall RBA and individual RBA be linked to the clinical evaluation. Would this take the form of a bridging document referencing the risks from the RMF and where they are assessed in the clinical evaluation. With the overall risk benefit analysis being performed which is reviewed by a clinician.

Any advice, guidance or personal experience would be more than welcome.
Thanks
Will.
 
Elsmar Forum Sponsor

Mark Meer

Trusted Information Resource
#2
...
I'm aware that within the 2012 version there is a requirement for RBA's for individual risks and an overall RBA.
...
Welcome! :bigwave:

Thanks for the question! I've also been curious about the same thing. RBA's for individual risks seems like it could be very onerous documentation wise, but add very little in terms of risk analysis.

Be very interested in what approaches others are taking so that meeting this requirement isn't a huge documentation burden.

(sorry I couldn't be more helpful :eek: )
MM
 

Marcelo

Inactive Registered Visitor
#3
Please note that there's no requirement in ISO 14971 for that.

What does exist is that the annexes to the EN 2012 version mention this as one of the usually crazy deviations.

In fact, it does not make sense to perform a risk/benefit analysis for individual risks (which is the reason no one knows what do to - no one has ever done this before for any implementation of risk management that I know).

What it does make sense is to always perform a risk/benefit analysis for the aggregate risks (overall). In fact, this is one of the proposed changes in the new revision of ISO 14971.

Anyway, any risk/benefit analysis would obviously need to be linked to the clinical evaluation. You can have some thoughts reading the following FDA document: Factors to Consider Regarding Benefit-Risk in Medical Device Product Availability, Compliance, and Enforcement Decisions
 
Last edited:

Ronen E

Problem Solver
Staff member
Moderator
#4
Hello Will and welcome to the Cove :bigwave:

The way I understand things, no bridging document is required because the Clinical Evaluation needs to address residual risks anyway. The Clnical Evaluation and Risk Management processes are supposed to feed each other, on a continuous basis (ie, if one's output changes, the other needs to be updated).
 

yodon

Staff member
Super Moderator
#5
What does exist is that the annexes to the EN 2012 version mention this as one of the usually crazy deviations.

In fact, it does not make sense to perform a risk/benefit analysis for individual risks (which is the reason no one knows what do to - no one has ever done this before for any implementation of risk management that I know).
Yet we STILL have to do it to provide a risk file that will be acceptable to the technical file reviewer!

What I have done (and I'm hoping this opens the discussion more) is, for each risk in my table, make the assertion that the company has reviewed the (individual) residual risk against the benefits and concluded that the benefits outweigh the risks. I realize that's mostly hand-waving but it's been acceptable so far.

Further, though, I *do* essentially bridge the assessment with clinical evaluation / actual use info in the risk management report. I state (in the report) that ongoing field use has demonstrated that the benefits are confirmed to outweigh the residual risk, both individually and in aggregate.

Again, I don't know if there's a better way but I had to do something and this has been working so far. I'd welcome a discussion of other approaches, flaws with this approach, etc.
 

Remus

Involved In Discussions
#6
Risk/benefit analysis is introduced to risk analysis by ISO/TR 24971:2013. Since there isn't any statistical data best way to close each individual residual risk is risk/benefit analysis. Since most of medical device manufacturers don't care anything they are reducing all risks to acceptable level, people are insisting risk/benefit analysis to each residual risk.
 
#7
HI All

Thanks for the welcome and the input. Lots of great stuff to think about.

The way I currently see/understand the requirements surrounding RBAs is similar to how Ronen E. describes. The clinical evaluation covers all the residual risks in making an overall risk benefit analysis decision.

The clinical evaluation references the risks in the RMF and the RMF references where the RBA decision is made for each risk. Essentially both documents will contain a section pointing at the other. I believe in this way both requirements (individual and overall RBA) can be met.

Just so we're on the same page, when I say risk I mean failure effect rather than failure mode.

Let me know what you think
Will.
 

Ronen E

Problem Solver
Staff member
Moderator
#8
when I say risk I mean failure effect rather than failure mode.
Risk is the failure effect (severity of harm) factored together with its probability of occurrence. It's a little tricky for our intuition to grasp because it's a state rather than an object.
 

Marcelo

Inactive Registered Visitor
#9
Hello Will and welcome to the Cove :bigwave:

The way I understand things, no bridging document is required because the Clinical Evaluation needs to address residual risks anyway. The Clnical Evaluation and Risk Management processes are supposed to feed each other, on a continuous basis (ie, if one's output changes, the other needs to be updated).
That's right, however, why should it address only residual risks? It really needs to address all risks. Clinical residual risks are usually addressed in PMS/PMCF.
 
Thread starter Similar threads Forum Replies Date
A Risk-benefit Analysis - Hazard Analysis (HA) and FMEAs ISO 14971 - Medical Device Risk Management 18
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
C Help with Risk/Benefit Analysis Self-help Device for Diabetics ISO 14971 - Medical Device Risk Management 3
J Does anyone have an example of Risk-Benefit Analysis per ISO 14971? Other ISO and International Standards and European Regulations 2
M Estimating the benefit-risk ration under MDR EU Medical Device Regulations 1
M Informational Final guidance – GUIDELINES on the benefit-risk assessment of the presence of phthalates in certain medical devices covering phthalates which are carc Medical Device and FDA Regulations and Standards News 0
M Informational FDA discussion paper – Consideration of Benefit-Risk Approaches for Weight-Loss Devices Medical Device and FDA Regulations and Standards News 0
M Informational US FDA Final Guidance – Consideration of Uncertainty in Making Benefit-Risk Determinations in Medical Device Premarket Approvals, De Novo Classificati Medical Device and FDA Regulations and Standards News 0
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
M Informational EU – 12th Meeting of the Working Group on Guidelines on benefit – risk assessment of Phthalates in Medical Devices Medical Device and FDA Regulations and Standards News 0
M Informational EU – SCHEER – Minutes of the Working Group meeting on guidelines on the benefit-risk assessment of the presence of phthalates in certain medical devic Medical Device and FDA Regulations and Standards News 1
M Medical Device News FDA News - 14-09-18 - Benefit-Risk Factors to Consider for Substantial Equivalence Other US Medical Device Regulations 0
M Medical Device News FDA news - 05-09-18 - Draft - Uncertainty in Benefit-Risk Determinations Other US Medical Device Regulations 0
A MDSAP benefit for manufacturer of low-risk devices Canada Medical Device Regulations 3
AnaMariaVR2 Structured Approach to Benefit-Risk Assessment in Drug Regulatory Decision-Making Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
sagai New Draft Guidance from FDA - Factors considered for Risk/Benefit Determination Other US Medical Device Regulations 4
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 0
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 8
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5

Similar threads

Top Bottom