Risk management according to ISO 14971 - When to document risk controls?

david316

Involved In Discussions
#1
Hello,

When conducting risk management according to 14971 should you document risk controls that are already part of the "prototype" design. For example, a mains powered medical device might be designed with a power cord permanently attached to the device, rather than a detachable power cord, to try and reduce the likelihood of the device losing power. In the risk management should you assume this feature isn't there, assess if the risk is unacceptable, and if so document this feature as a risk control? Alternative should you assume the feature is in place and review how it could fail and document any required risk controls to prevent failure?

Thanks
 
Elsmar Forum Sponsor
#2
I think I understand your question.

Document this feature as a method of risk control, if there is a potential of harm, but only if it's not been documented before There's no need to duplicate work.
 

Marcelo

Inactive Registered Visitor
#3
You should perform risk management without controls at first, otherwise you will get double/triple/whatever controls.

Just take care that some controls are not enough and then you may need additional controls, in this case you have to take into consideration the first one.
 
Last edited:

yodon

Staff member
Super Moderator
#5
This could be an interesting discussion. I frequently see companies doing risk control this way, assuming some basic features. For example, on a syringe, an obvious risk control is to put flanges at the top of the body to minimize the likelihood the syringe could slip out (and break the needle off, etc.). They typically have an 'existing controls' column and generally conclude these measures are sufficient (and no additional controls are required).

The problem I see is that these "pre-controls" are not verified and so there's no way to determine if they are as effective as hoped. Further, they don't even assess these then for the intended use. There's no traceability back to them for analysis of production and postmarket data.

I would agree with @Marcelo Antunes in general, but there may be a case to be made for some really basic controls. From what I've seen, though, it's taken too far.

When we do risk analysis, we take the 'clean slate' approach. Seems to be cleanest in the long run.
 

Marcelo

Inactive Registered Visitor
#6
The problem is also a conceptual one. Risk management should "initially" be performed before design inputs, so you really do not have anything yet, only a concept at most. This, if you follow a common product design process.

The problem is that usually manufacturers do not follow in the right way a common product design process, for example, it's very usual to include solutions as design input requirements (which does not make sense).
 
Last edited:

david316

Involved In Discussions
#7
This could be an interesting discussion. I frequently see companies doing risk control this way, assuming some basic features. For example, on a syringe, an obvious risk control is to put flanges at the top of the body to minimize the likelihood the syringe could slip out (and break the needle off, etc.). They typically have an 'existing controls' column and generally conclude these measures are sufficient (and no additional controls are required).

The problem I see is that these "pre-controls" are not verified and so there's no way to determine if they are as effective as hoped. Further, they don't even assess these then for the intended use. There's no traceability back to them for analysis of production and postmarket data.

I would agree with @Marcelo Antunes in general, but there may be a case to be made for some really basic controls. From what I've seen, though, it's taken too far.

When we do risk analysis, we take the 'clean slate' approach. Seems to be cleanest in the long run.
This is the exact problem I foresee if you assume the risk control is already in place. In my mind, if removal of part of the design creates unacceptable risk, it should be documented as a risk control and its effectiveness verified.
 
#8
In the specific case of the syringe, the use of the relevant international standard (e.g. ISO 7886, ISO 8537) to design and test the device would capture many of the hazards, associated risks, risk control measures, and the verifications and validations of them.
This approach also works for the general case by identifying the product and other relevant standards while in the concept phase.
 

Tiago Alfenas

Starting to get Involved
#9
Good morning everyone!
Taking advantage of the question, I would like to know if software risk management has to be in a separate document or can be treated in the same file with other risks?
 
Thread starter Similar threads Forum Replies Date
K Understanding Risk Management Requirements according to AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
J 10993-1:2009 what are the changes? Is the risk management according to 14971? ISO 14971 - Medical Device Risk Management 8
J HELP NEEDED ! Risk Management Exercise ISO 14971 - Medical Device Risk Management 12
O Should a Covid vaccine and testing policy be included as part of ISO9001 or AS9100 risk management? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 10
D Does Risk Management apply to re-labeler (MDR) EU Medical Device Regulations 1
H Risk Management Plan in agile process ISO 14971 - Medical Device Risk Management 14
U Supply risk management Manufacturing and Related Processes 4
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 5
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
B Time necessary for all Risk Management activities ISO 14971 - Medical Device Risk Management 2
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
O CQE Handbook - Missing Section VII - Risk Management Misc. Quality Assurance and Business Systems Related Topics 1
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3

Similar threads

Top Bottom