Risk Management for Medical Software?

Q

QMS eager - 2010

#1
Hey everyone!

First of all I wanna thank you all for a very comprehensive and helpful Forum! Looking around here have helped me a lot during the last few weeks.

I´m a newbee in the Quality area, working in a small company in Europe (4 employees) who are currently working to implement a Quality Management System and Risk Management System according to ISO 13485, ISO 14971 and IEC 62304. We have a quite suffed schedule and our investors require us to gain CE mark before the end of summer. So we need to implement and applicate a good QMS and Risk Management System fast, accurate and efficient.

In my point of view, our biggest RISK in attempt to reach our goal is the RISK MANAGEMENT of the software. Does anyone have any useful tips regarding how to implement RISK MANAGEMENT for medical software (CE CLass IIa) when it comes to issues as ACCEPTANCE LEVELS, PROBABILITY and VALIDATION and ELIMINATION of UNACCEPTABLE RISKS.

I have so far revised ISO 13485, ISO 14971, IEC 62304, TIR320412 and a draft from the european version on how to implement 14971 with respect to software application.

THANKS!
 
Elsmar Forum Sponsor
T

temujin

#3
Hello,

I have so far revised ISO 13485, ISO 14971, IEC 62304, TIR320412 and a draft from the european version on how to implement 14971 with respect to software application.
The FDA´s "Principles of Software Valitadion" and the GHTF´s paper on how to implement a risk management system are also valuable sources.

Risk Management is nothing more than common practice/sense set into system. Are you making only the software? Otherwise, in my opinion there is no need for a separate risk management system for the software.

In the end, software does not kill. Hardware does.

regards
t.
 
Q

QMS eager - 2010

#4
Thanks for your reply, I will revise the suggested documents!

Our product is pure software used by radiologists for medical imaging post-processing. It is used to perform data analysis and visualizations based on medical images. Hence, there is no monitoring involed and no immediate life-threathening risks involved while using the software. However, the software and it´s resulting output will form the basis of the diagnosis and as far as I can understand we still have to consider risks associated with wrong diagnosis based on hazards/defects in our software output. Here are where things start to be complicated. Or is it as easy as implement test protocolls confirming that all functions deliver output as expected, or do we have to evote the software in a larger context?
 

Roland Cooke

Quite Involved in Discussions
#5
I would say both.

Have you evaluated the risks of the way the software actually works "on the surface", i.e. the way data is input, the way the data is crunched,and the way the 'answer' is presented back to the clinician?


Then, as a separate exercise what are the risks in the way the software actually works (i.e bugs etc)?

How will upgrades/patches be handled?


In the end, software does not kill. Hardware does.
I don't agree with this statement.
 
Q

QMS eager - 2010

#6
Thanks heaps Roland!

We have of course validated the software in terms of accurate functions, algorithms used within the software in order to deliver accurate output, as well as easy to interpret and accurate user interfaces.

We have also evaluated our software regarding risks with wrong or faulty input and eliminated such risks by means that we do not handle input containing the wrong parameters. However, we have not done much concerning the QUALITY of the input vs the QUALITY of output (assuming right input but with poor resolution). Of course our software still performs the right algortihms and calculations even though the QUALITY of the input is poor, but the output might not be good enough for diagnosis. Looking at that issue, the final output from our software might be insufficient for diagnostics and hence lead to faulty diagnosis due to insufficient quality of the original input. Can those risks be considered eliminated only be defining the desired quality of the input data? Still a forseeable misuse would be to use input with poor quality, wouldn´t it?

Thanks
 

Roland Cooke

Quite Involved in Discussions
#7
Well you quickly reached the limit of my software knowledge! (I have people for that :D)

I think you probably know the answers to your own questions here. But if you consider your obligations under legal liability, and also simple ethics, that might help focus things.

If you can't amend the software any, and you aren't confident of your user's ability to know how much "good input" is enough, then it may perhaps be that those risks can be handled by mandatory user training etc.
 
Last edited:
W

Watchwait

#8
<snip>and a draft from the european version on how to implement 14971 with respect to software application.
QMS: What draft are you referring to? Since this a draft document, would you mind sharing this draft with those of us that might have similar concerns?:thanx:
 
Last edited by a moderator:
Q

QMS eager - 2010

#9
It is a draft on how to implement ISO 14971 for Medical Software. I´m sorry but I don´t have the possibility to share the draft as it is under the rules of copyright. Our organization bought the draft from the organisation developing it (as I didn´t do it myself and the one responsible for the purchase currently has vacation I can not yet adviceyou on how to purchase the draft.)
 
W

Watchwait

#10
It is a draft on how to implement ISO 14971 for Medical Software. I´m sorry but I don´t have the possibility to share the draft as it is under the rules of copyright. Our organization bought the draft from the organisation developing it (as I didn´t do it myself and the one responsible for the purchase currently has vacation I can not yet adviceyou on how to purchase the draft.)
Can you please advise the complete name and number of the draft? Perhaps I already have it and don't know it!:thanx:
 
Thread starter Similar threads Forum Replies Date
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
T Using Risk Management in ISO 10993 - Medical Device Accessory 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
J What ever happened to Medical Device Risk Management, anyway? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 17
A Implementing Risk Management in a Medical Device "Distributor Only" company ISO 13485:2016 - Medical Device Quality Management Systems 2
Marc Are you looking for ISO 14971 - Medical Device Risk Management? Risk Management Principles and Generic Guidelines 1
N Risk Management for 510k Exempt Class I Medical Device ISO 14971 - Medical Device Risk Management 7
A FDA Guidance for Risk Management for Medical Devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
N Medical Device Failure Rate as part of the Risk Management Report ISO 13485:2016 - Medical Device Quality Management Systems 10
E Risk Management Methods in Medical Device Component Manufacturing ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M ISO 14971 Medical Device Risk Management FAQ ISO 14971 - Medical Device Risk Management 38
Q Advice about Risk Management for a Medical Device Distributor ISO 13485:2016 - Medical Device Quality Management Systems 7
T Risk Management in a very small low tech, Class 1 Medical Device Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 3
N Minor Concern - Medical Device Software and Risk Management ISO 14971 - Medical Device Risk Management 2
A Where can I buy EN ISO 14971:2009 (Medical Device Risk Management)? ISO 14971 - Medical Device Risk Management 11
Q ISO 14971 Class II Medical Devices - Product Realization & Risk Management ISO 14971 - Medical Device Risk Management 5
Marc The FDA and IEC 80001-1 (Risk Management for Medical Device IT networks) Other Medical Device Related Standards 2
I PFMEA RPN Numbers Medical Device Risk Management FMEA and Control Plans 1
K ISO 62304 Software Risk Management and Medical Device Class IEC 62304 - Medical Device Software Life Cycle Processes 5
R Rate the Effectiveness of Risk Management in the Medical Device Industry Other Medical Device and Orthopedic Related Topics 7
bio_subbu Supply Chain Risk Management for the Pharmaceutical and Medical Device Industries ISO 14971 - Medical Device Risk Management 2
T Medical Device Risk Management Plan ISO 14971 - Medical Device Risk Management 11
M Link between Risk Management, Usability Engineering and R&D in Medical Devices ISO 14971 - Medical Device Risk Management 2
M ISO 14971:2007 Risk Management - Class I A Sterile Medical Device ISO 14971 - Medical Device Risk Management 4
Q Books / Literature: Risk Management for Medical Device Software recommendations Other Medical Device and Orthopedic Related Topics 4
V ISO 14971:2007 Application of Risk Management to Medical Devices ISO 14971 - Medical Device Risk Management 9
D Risks related Wire & Cable for Electronic Medical device - Risk Management Other Medical Device and Orthopedic Related Topics 1
Y Risk Management Plan for Medical Device - ISO 14971 ISO 14971 - Medical Device Risk Management 1
M Risk Management for Class I Medical Devices? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
T Software to Manage Compliance to ISO 14971 (Medical Device Risk Management). ISO 13485:2016 - Medical Device Quality Management Systems 9
R Medical Device Software Risk Management and ISO 14971:2007 ISO 14971 - Medical Device Risk Management 7
W Application of Risk Management - ISO 14971:2007(E) Medical Devices ISO 14971 - Medical Device Risk Management 69
J FMEA "Types" - ISO 14971 (Medical Devices - Application of Risk Management) ISO 14971 - Medical Device Risk Management 7
Q Risk Management Plan for a Class III Medical Device (Bone Void Filler) ISO 13485:2016 - Medical Device Quality Management Systems 5
A ISO14971:2001 - Risk Management for Medical Devices - Help need copy ISO 14971 - Medical Device Risk Management 10
I Applicability of Risk Management for Medical Devices - ISO 14971:2000 ISO 14971 - Medical Device Risk Management 20
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1

Similar threads

Top Bottom