Risk Management File for Extra Oral RX Equipment

[mmojica]

Hello to everyone:
I offer my apologies because my english language is so bad.
My name is Marcelo Mojica and I work for a Mexican company that manufacture Extra oral X ray equipments.
I observe this is a great forum, and your attitude is always positive and always looking to help others.
For that reason I would like to request your help because I need to make a risk management file to my device, I buyed the ISO 14971 but believe me, that is not easy to me because I never done this before.
Do you have a guide or example that can help me in this issue?
I'll appreciate your generosity.
Thanks in advance for your help.
Best regards.

Marcelo.

 

[Marcelo]

Hello Marcelo and welcome to the Cove!

There?s really no guide in implementing ISO 14971 (ISO TR 24971 is named Guidance on the application of ISO 14971 but it?s a bit misleading, because it only deals with 6 separate topics). There is a handbook from CSA - PLUS 14971 (2nd ed. pub. 2007), but I also think this document does not clearly show how to implement the standard.

One of the reasons for this is that the standard needs to be embedded in the medical device manufacturer design process, and also in the QMS, during the product lifecycle, and there?s no defined way to do that, as the implementation will change for each company.

Regarding examples, it?s even worse, because risk management documentation has confidential information, and people usually do not share those.

 

[mmojica]

Thanks for your answer Marcelo.
Could you help me with a simple question?
The Risk Management Plan is the same that Risk Management File?
I?m sorry if this is an stupid question but I?m a beginner on this area.
At this moment my equipment is under testing process in a Lab in USA and they are requirement me a Risk Management File to my equipment.
My "big goal" is to obtain the FDA approval, and as you know, a lot of tests and paperwork is needed to reach that.

 

[Marcelo]

No, the risk management plan is created for each device and details how you are going the apply the risk management process to that device.

The risk management file is a document (in fact it is more of a placeholder) for all the information, for example, documents and records, that are created by the risk management process.

 

[mmojica]

Ok Marcelo, thanks for your answer and support.
In my opinion I?m in a big trouble, a lot of work is waiting to me.
One of my "big concerns" is that I understand that risk management process must be implemented from the first stages of design, and in this case, this not was done.

 

[Marcelo]

One of my "big concerns" is that I understand that risk management process must be implemented from the first stages of design, and in this case, this not was done.

You are correct, the expectation is that risk management is applied during design, not after the product is designed. You will have to create information backwards, and although it may seem simpler, it?s not. My experience is that, in those cases, people only think about the finished device. This is a problem because for the risk management process to be applied, you can?t take into consideration risk control measures already implemented.

 

[Ronen E]

You are correct, the expectation is that risk management is applied during design, not after the product is designed. You will have to create information backwards, and although it may seem simpler, it?s not. My experience is that, in those cases, people only think about the finished device. This is a problem because for the risk management process to be applied, you can?t take into consideration risk control measures already implemented.

I partly disagree.

Risk management can commence at any stage, better late than never. Yes, it's preferable to begin at the beginning, but that's water under the bridge for the OP (as for many others).

I think that it's OK to look at a device and consider the CURRENT risk, taking into account all the control measures already implemented. That would be the "baseline". Then, if additional risk mitigation is necessary, it can be addressed under Risk Control. The only requirement for doing that is to unambiguously identify the design version and state, and the time point at which the evaluation takes place, so that it is extra-clear what the baseline relates to.

To the OP - There is no mandatory regulatory requirement under the FDA to have a risk management file by ISO 14971. In general, the FDA's requirements / expectations of risk management are quite limited and quite vague. I recommend checking what actually comes from the regulation or FDA officials, and what is just a nosie generated by the system.

Cheers,
Ronen.

 

[Marcelo]

Risk management can commence at any stage, better late than never. Yes, it's preferable to begin at the beginning, but that's water under the bridge for the OP (as for many others).

Well, yes, but I was trying to say ISO 14971 (not risk management in general) was created to be used during design, not after a device is designed.

I think that it's OK to look at a device and consider the CURRENT risk, taking into account all the control measures already implemented. That would be the "baseline". Then, if additional risk mitigation is necessary, it can be addressed under Risk Control. The only requirement for doing that is to unambiguously identify the design version and state, and the time point at which the evaluation takes place, so that it is extra-clear what the baseline relates to.

Well, it depends on how you do it. What I was trying to make clear i that you cannot consider the current risk control measures when identifying hazards and hazardous situations, otherwise, most of the time you would conclude that are nor risk. You need to consider current controls as control. For example, my device uses electricity, and I conclude that my device does not have an electrical hazard because it already complies with specific clauses of IEC 60601. This makes no sense (and I?ve seen this a lot), you use the clauses of IEC 600601 to control the risks.

There is no mandatory regulatory requirement under the FDA to have a risk management file by ISO 14971. In general, the FDA's requirements / expectations of risk management are quite limited and quite vague. I recommend checking what actually comes from the regulation or FDA officials, and what is just a nosie generated by the system

Agreed. But if you do not know risk management, there?s also the possibility that asking you confuse you more :-(

 

[mmojica]

To the OP - There is no mandatory regulatory requirement under the FDA to have a risk management file by ISO 14971. In general, the FDA's requirements / expectations of risk management are quite limited and quite vague. I recommend checking what actually comes from the regulation or FDA officials, and what is just a nosie generated by the system.

Ronen, Thanks for your comments.
Great information about FDA?s requirements, but unfortunately the laboratory that is doing the safety tests to my equipment, is requirement me a Risk File based on a document of 52 pages (provided by the lab) that contain "the minimum" topics that a "good risk file" needs to cover, I investigate a little and I found that all these topics comes from the ISO 14971. That's the reason why I buyed this standard. But one thing is to have the standard, and another is to have the experience to develop a Risk management file.

 

[Marcelo]

Great information about FDA?s requirements, but unfortunately the laboratory that is doing the safety tests to my equipment, is requirement me a Risk File based on a document of 52 pages (provided by the lab) that contain "the minimum" topics that a "good risk file" needs to cover, I investigate a little and I found that all these topics comes from the ISO 14971.

Are you testing your device to IEC 60601?