Risk Evaluation Matrix-Product Portfolio

alimary15

Involved In Discussions
Risk management (as defined in ISO 14971 and as required by most regulations) is applicable to the medical device as a whole.

So yes, you would need to focus on the complete device, and as you mentioned, part of the focus is on interactions between each single module - in fact, think of it as interactions in the different configurations.

Ok so basically I might have the following sceneries:

1) If I sell a module as a stand alone device then I focus the RA on only the single module/app that is sold

2) if more modules/apps are enclosed on the same HW then I shall evaluate the overall system in my RA (**Will I have to still make RA for single components (e.g. 1 RA only for HW and 1 RA for the single apps?**)

3) if I have multiple combinations of HW and SW that are sold according to costumers requests, then the same I have to make RA for each possible combination of systems? So if the costumer let's say order a custom made product with a custom-made HW or SW will I have to do RA for this custom made system as well?

Are my assumptions correct?

Thanks, I am still very new to Risk Analysis so these very my doubts of the day! ;)
 

Marcelo

Inactive Registered Visitor
1) If I sell a module as a stand alone device then I focus the RA on only the single module/app that is sold

Yes, if it?s a device itself, yes. Please note that it?s in principle not only the risk analysis., but the full risk management. If we are talking compliance with 14971, for each "device" you will need a full RM file.

2) if more modules/apps are enclosed on the same HW then I shall evaluate the overall system in my RA (**Will I have to still make RA for single components (e.g. 1 RA only for HW and 1 RA for the single apps?**)

The same principle here, the question is, what is the medical device? In this case, you would need the RM file for the system. Risk management from 14971 and regulations is for the medical device, not components.

3) if I have multiple combinations of HW and SW that are sold according to costumers requests, then the same I have to make RA for each possible combination of systems? So if the costumer let's say order a custom made product with a custom-made HW or SW will I have to do RA for this custom made system as well?

Yes, sure, because the possibilities can create their own risks.

In fact, my first approach would verify if I can create 1 RM process that encompasses all the possibilities you mention, this way things would be easier. From what I understand, you have a kind of device family in which there would be a complete, complex device with all modules, and variations below it.
 

alimary15

Involved In Discussions
Yes, if it?s a device itself, yes. Please note that it?s in principle not only the risk analysis., but the full risk management. If we are talking compliance with 14971, for each "device" you will need a full RM file.



The same principle here, the question is, what is the medical device? In this case, you would need the RM file for the system. Risk management from 14971 and regulations is for the medical device, not components.



Yes, sure, because the possibilities can create their own risks.

In fact, my first approach would verify if I can create 1 RM process that encompasses all the possibilities you mention, this way things would be easier. From what I understand, you have a kind of device family in which there would be a complete, complex device with all modules, and variations below it.
Yes Marcelo this is the case! Modules might be sold as their own or customized in a system according to costumer neeeds. Would it be OK to start a RM process on the full system ( adding to the HW all possible modules) and perform analsys on their interation? If the RM process is successful, How am I able to demostrate tjat a new system with only a sub-comnination of modules wouldn't create different risks? Thanks!
 

Marcelo

Inactive Registered Visitor
Yes Marcelo this is the case! Modules might be sold as their own or customized in a system according to costumer neeeds. Would it be OK to start a RM process on the full system ( adding to the HW all possible modules) and perform analsys on their interation? If the RM process is successful, How am I able to demostrate tjat a new system with only a sub-comnination of modules wouldn't create different risks? Thanks!

I didin?t say that you would not need to analyze the risks of a system with only a combination of the modules - you would need to do that too. However, you could to that under the same RM process of the full system, instead of creating a new process (and related documentation) for that combination module.
 
Top Bottom