Risk Benefit Analysis - ISO 14971:2012 Requirements

Marcelo Antunes

Addicted to standards
Staff member
Admin
#11
Maybe I should have used the word "mitigate" rather than "address".
Hum, I don't think it would be better, because then your statement would say "because the Clinical Evaluation needs to mitigate residual risks anyway". The Clinical evaluation does not mitigate anything, it provides input to the risk management process to decide if the risk is acceptable or not (in particular, clinical risks, although did include several other stuff which I may not agree with - at least, not all the included stuff).
 

Marcelo Antunes

Addicted to standards
Staff member
Admin
#12
Yet we STILL have to do it to provide a risk file that will be acceptable to the technical file reviewer!
Right, but if there's no way to do it, than it's very difficult to discuss. As you mentioned, anything would be "hand-waving". In fact, most anything that is not too crazy would have to be accepted. My approach to clients is similar to what you mention, I include a column in my risk management summary for risk/benefit analysis that links to the clinical evaluation (where the benefit assessment is right now) and to the justification for risk acceptability and write a small text explaining why the benefit outweighs the risk. But again, it's simply more "hand-waving".

... make the assertion that the company has reviewed the (individual) residual risk against the benefits and concluded that the benefits outweigh the risks.
...that ongoing field use has demonstrated that the benefits are confirmed to outweigh the residual risk, both individually and in aggregate...
I would take care with mentioning that you only reviewed the "residual" risks against benefits because it's a "risk/benefit analysis", not a "residual risk/benefit analysis". This is art of the current problem of ISO 14971, the way the "get out of jail free card"template was used included only residual risks, but this not make much sense, in particular when we are talking about clinical risks that may not really have ways for mitigation (beyond some general information for safety).
 

Marcelo Antunes

Addicted to standards
Staff member
Admin
#13
In Reply to Parent Post by Willgray888 View Post

when I say risk I mean failure effect rather than failure mode.

Risk is the failure effect (severity of harm) factored together with its probability of occurrence. It's a little tricky for our intuition to grasp because it's a state rather than an object.
An easier way to think of it in this case is risk is what happens to the patient/user/etc. The same as the benefit.

We have to make comparison with comparable things. Failure modes that happen in the device cannot be compared to benefits that happens to patients.
 

Ronen E

Just a person
Super Moderator
#14
Marcelo,

I don't understand the (apparent) extra-importance you place on the word "residual", in your replies both to me and to yodon. In my understanding, in the current context "residual" would mean, in everyday language, "actual" or "updated" (risk). It is simply the level of risks that actually (as verified) remains in real presence after the mitigation means have been implemented. If you follow this line, there is not much point in trying to account for (or mitigate) some theoretical risk level that existed earlier; rather, it seems reasonable and practical to further work with the residual risk, ie the one that is actually present.

In that sense I think that the clinical evaluation IS helpful in mitigating such risk, especially when you consider that risk is (at least as I stated) a perceived state of things. Such mitigation doesn't necessarily need to change anything about the device, or any other object or physical aspect of reality. It can, alternatively reduce the level of assessed/evaluated risk by providing new/more information, or new insight into existing information (eg through more analysis). Further, if the Clinical Evaluation includes clinical investigation (eg a clinical trial involving the subject device) it may actively provide information showing the risk to be lower, thus actively mitigating it.

Added in edit: The clinical evaluation will not always be able to mitigate the residual risk, however it should aim at that, and in case of failure (ie when the evaluation concludes that the residual risk is real and correct and can't be practically reduced by means of clinical investigation / assessment) it should be stated clearly in the updated CER. I guess this is why I initially used the term "address" rather than "mitigate" - it is more neutral and doesn't presuppose that risk reduction will always be possible / practicable.
 
Last edited:

Ronen E

Just a person
Super Moderator
#15
An easier way to think of it in this case is risk is what happens to the patient/user/etc. The same as the benefit.

We have to make comparison with comparable things. Failure modes that happen in the device cannot be compared to benefits that happens to patients.
I think that the definition offered in the 1st paragraph is not complete. It's like saying that risk=potential harm, which is inaccurate in my opinion. It ignores the probability aspect of the risk, and once again treats risk as an object rather than as a state.

The same applies to benefit, because benefits (especially clinical ones) also have a probabilistic nature. Attaining a given benefit is usually not 100% guaranteed. So, the presence of a benefit is also a (probabilistic) state, and thus they can be compared. I would say that benefit is exactly the negative of risk (and vice versa of course).
 

Marcelo Antunes

Addicted to standards
Staff member
Admin
#16
Marcelo,

I don't understand the (apparent) extra-importance you place on the word "residual", in your replies both to me and to yodon. In my understanding, in the current context "residual" would mean, in everyday language, "actual" or "updated" (risk). It is simply the level of risks that actually (as verified) remains in real presence after the mitigation means have been implemented. If you follow this line, there is not much point in trying to account for (or mitigate) some theoretical risk level that existed earlier; rather, it seems reasonable and practical to further work with the residual risk, ie the one that is actually present.
I was trying to point out that the regulations, such as the MDD/MDR, require a risk/benefit analysis, not a residual risk/benefit analysis. What it means in practice is that all risks, including residuals risks, need to be taken into consideration.

In particular, there are risks that may be acceptable without mitigation, for example. By definition, they are risks, but not residual risks. And they are one factor that need to be taken into consideration on the risk/benefit analysis.

In that sense I think that the clinical evaluation IS helpful in mitigating such risk, especially when you consider that risk is (at least as I stated) a perceived state of things. Such mitigation doesn't necessarily need to change anything about the device, or any other object or physical aspect of reality. It can, alternatively reduce the level of assessed/evaluated risk by providing new/more information, or new insight into existing information (eg through more analysis). Further, if the Clinical Evaluation includes clinical investigation (eg a clinical trial involving the subject device) it may actively provide information showing the risk to be lower, thus actively mitigating it.
If we are following general risk management principles, such as the ones defined in ISO 14971, there are only three ways to mitigate risks - inherit safety, protective measures or information for safety. A clinical evaluation does not do any of the 3. It does help to get information so any of the 3 can be included or changed. But the information it gives in itself do not mitigate the risk.
 

Marcelo Antunes

Addicted to standards
Staff member
Admin
#17
I think that the definition offered in the 1st paragraph is not complete. It's like saying that risk=potential harm, which is inaccurate in my opinion. It ignores the probability aspect of the risk, and once again treats risk as an object rather than as a state.

The same applies to benefit, because benefits (especially clinical ones) also have a probabilistic nature. Attaining a given benefit is usually not 100% guaranteed. So, the presence of a benefit is also a (probabilistic) state, and thus they can be compared.
You are right, I did not want to give a complete definition (which is rather difficult, in fact) but to give another general way of looking at risk, and trying to point out that we need to focus on what might happen to the patient/user/etc.

As you know from discussion here and in practice, a lot of people still think that they should stop analyzing when they identify the device failure.
 

Ronen E

Just a person
Super Moderator
#19
the regulations, such as the MDD/MDR, require a risk/benefit analysis, not a residual risk/benefit analysis.
While you are technically right, I think that the intent was to address residual risks in the RBA. There is no point in considering the current state of expected benefits ("benefit" in short) against risks that exited earlier but are not real any more. What's relevant for the RBA (id we look at it not as a purely theoretical exercise but as something meaningful and realistic) is considering the current benefit against the current (=residual) risk.

all risks, including residuals risks, need to be taken into consideration.

In particular, there are risks that may be acceptable without mitigation, for example. By definition, they are risks, but not residual risks.
I think that this is where we diverge. In my interpretation "residual risks" are the current ones, whether any mitigation means were applied or not. The "dry" definition says that residual risks are those that remain after mitigation means have been applied. "Mitigation means that have been applied" for a given risk may be an empty set, eg when there are no possible / practical mitigation means available, or - as you noted - when the risk is already deemed acceptable.

If we are following general risk management principles, such as the ones defined in ISO 14971, there are only three ways to mitigate risks - inherit safety, protective measures or information for safety. A clinical evaluation does not do any of the 3. It does help to get information so any of the 3 can be included or changed. But the information it gives in itself do not mitigate the risk.
The MDD says (ER 2):

In selecting the most appropriate solutions [The solutions adopted by the manufacturer for the design and construction of the devices], the manufacturer must apply the following principles in the following order:

— eliminate or reduce risks as far as possible (inherently safe design and construction),

— where appropriate take adequate protection measures including alarms if necessary, in relation to risks that cannot be eliminated,

— inform users of the residual risks due to any shortcomings of the protection measures adopted.
It speaks of the device's design and manufacture in general (in my interpretation first and foremost of the initial design), not specifically of risk mitigation. In my understanding risk mitigation is the attempt to bring risk (again, in my interpretation a perceived state, not an objective physical aspect ot reality) down, to at least an acceptable level. Following this line of thought, any means that can do it with confidence (including collection and analysis of new/existing information) should be considered mitigation means.

As to ISO 14971, I think that there is a wide consensus (probably including yourself) that it is currently worded in a flawed / problematic way, in various clauses. What I'm trying to do here is to offer a fresh perspective that might hopefully be of some utility in that standard's upcoming update (probably being a little naive here :))
 

thelastdon99

Starting to get Involved
#20
Time to jump start this conversation again... I recently went through an audit that resulted in these two risk related findings:

1. Risk Analysis is incomplete. Cannot asses if all 3 risk control options(D.P.I.) have been applied to each risk mitigation.
2. Risk Benefit Analysis was not applied for each risk individually.

1. a) My risk assessment has a checkbox for "Design, Process, and Information" for each risk. Some of the risks only have one of three, others two of three, and some have all checked. According to the auditor and their interpretation of 14971:2012 ZA #5 The manufacturer must apply all control options even if previous control options have reduced the risk to an
acceptable level. Why would you apply "labeling" for something if you've already designed it out and it no longer needs labeling as a mitigation? You wouldn't! So how can I check that box if I didn't apply labeling? I can't. So what do I do? Provide a justification each time I apply less than all three options? Can anyone show me how you are meeting this requirement and what evidence you are providing to auditors because i'm at a loss as to how i can meet this requirement.

2. a) How is everyone applying RB to individual items? My only thoughts mirror what Yodon mentioned earlier in the post, to just do some handwaving by adding a column with a canned statement for each item that RB has been assessed by the members of the cross-functional risk analysis team and determined that the benefits outweigh the risks. Pretty silly since the overarching RB assessment/conclusion already accomplishes this. Or do i need to provide a justification of how the team came to the conclusion specific to each line item?
 

Top