Risk Management Team

#1
Hi,

I am preparing a risk management file for a medical device (classified as Class I) to be submitted to a lab for IEC 60601-1 and IEC 60601-1-2 testing. I am the only person doing all risk management activities, so my risk management team has only one member.
Are there any requirements for the number of people preparing the Risk Management Plan and Report for a medical device? Clauses 3.2 and 3.3 of ISO 14971 only define the management responsibilities and qualifications of the personnel. I do not see a minimum number of personnel.

Can someone provide some insight on this? Thanks!

Regards,
AF
 
Elsmar Forum Sponsor

Tidge

Trusted Information Resource
#2
I don't think it is possible for a single person to prepare the final report on acceptability, unless that person is a member of MWER. If MWER has already established the foundation for acceptability, I suppose afterwards (practically) it could be a one-man show. The "one man" would have to have a rather wide and deep understanding of both medical and engineering issues.
 
#3
I don't think it is possible for a single person to prepare the final report on acceptability, unless that person is a member of MWER. If MWER has already established the foundation for acceptability, I suppose afterwards (practically) it could be a one-man show. The "one man" would have to have a rather wide and deep understanding of both medical and engineering issues.
Tidge, I'm asking this question from standards and regulatory points of view but not from technical aspects. I'm not sure what you mean by "a member of MWER". I have a wide and deep understanding of engineering issues for this particular medical device.

AF
 

Peter Selvey

Leader
Super Moderator
#4
I don't think there is anything written in the standard itself, but it can be impractical to manage both the qualifications and conflicts of interest (which comes from quality systems such as ISO 13485 and regulations like e.g. 21 CFR 820.20 (b)(1)). Also if a serious incident occurred and the investigation found that only one person was involved in risk management, it's likely to be a potential source of negligence.

That said, if it is a low risk device and the docs are mainly being prepared for test labs, it's probably going to be OK in the sense (a) there is no rule in ISO 14971 itself (b) the test lab is not going to dig in deep about qualifications, and (c) the conflicts of interest aspect is outside their scope. And assuming it's low risk, the chances of a serious incident are inherently low. So you could roll the dice, but keep in mind that it's more to do with being a low risk device and keeping your head down rather than being OK in general.
 

Al_Z1

Starting to get Involved
#5
ISO TR 24971-2020 recommends, that:
"Consider the need to include the following topics in the education of risk management experts:
— management of a risk management program for medical devices;
— ethics, safety, security and liability;
— concepts of risk, risk acceptability and benefit-risk analysis;
— probability and statistics for risk management and reliability;
— risk management and reliability in design and development;
— relevant standards and regulations;
— risk estimation including methods to determine the severity and probability of occurrence of harm;
— risk assessment methodology;
— methods for risk control;
— methods for verifying the effectiveness of risk control measures;
— methods for analysing production and post-production information."
IMHO, It is almost impossible to unite all this in one person.
 

Tidge

Trusted Information Resource
#6
Tidge, I'm asking this question from standards and regulatory points of view but not from technical aspects. I'm not sure what you mean by "a member of MWER". I have a wide and deep understanding of engineering issues for this particular medical device.
Simply put: Members of MWER (Management with Executive Responsibility) are the ones who can be fitted for handcuffs and jumpsuits.

From the perspective of ultimate Risk Acceptability: MWER is who decides to put the device on the market. I suppose there are two 14971-compliant approaches to making this decision:
  1. MWER establishes the policies and practices independent of specific products and precise designs. The group/person responsible for the product follows MWER's established policies and reports back to them if the product has an acceptable risk profile.
  2. Every product is treated ad hoc. MWER makes some decision on risk acceptability without having an established policy.
Neither case allows "one man" to decide if the product is safe.... that is "free from unacceptable risks", no matter the individual qualifications. As @Peter Selvey points out: his would be no evidence of objectivity (keeping it simple: who would be measuring effectiveness of risk controls?), and very likely there would be a conflict of interest.

If (2) is the path, I choose to disbelieve that MWER has implemented any of the required regulatory practices in other areas.
 

Tidge

Trusted Information Resource
#7
I want to make a series of points about one specific statement; this is not intended to be confrontational or accusatory, I want to use it for illustrative purposes.
I have a wide and deep understanding of engineering issues for this particular medical device.
Compliance (to 14971) risk management for medical devices also requires a wide and deep understanding of the medical uses for the device , as well as an ability to speak competently about the current state of medicine and the role the device plays in it. As was mentioned above, a low-risk medical device (e.g. toothbrush) that is basically mimicking a competitor on the market could possibly escape serious scrutiny by regulatory authorities if there is a general societal consensus about risks and design choices... but there is no "stay out of jail" as an inoculation against a manufacturer NOT performing due diligence.

I have a rather high self-assessment of my own ability to "one man" as risk file, as long as I had the appropriate levels of company support. However: the Dunning–Kruger effect is a valid warning/explanation. I can only write for myself, but in the absence of qualified peers: I would feel obligated to put so much extra effort into certain areas (or alternatively, get MWER to formally approve my actions and decisions in areas where I know I don't have full confidence in my assessments) that the project would either end up taking more effort, or the RM files would simply have a "prepared by" statement and have to be approved by MWER.

It doesn't have to be MUCH extra work from MWER: Basically all I would feel I would want for a "low risk" medical device is a specific set of deliverables relating to the medical aspects... I could probably prepare a document suite (including the RM plan) that shouldn't take more than 16 hours (of their time, not mine) of a 3rd party medical expert to approve, and I've reverse-engineered enough designs that I could probably get a requirements set approved by somebody with design authority that does need more than 16 hours (again, their time not mine). Assuming there is any sort of documentation at the manufacturer, those two roles would need to be brought back in at the end to assess/agree/rubber-stamp my work. The strategy for plans and benefit-risk assessments would probably need to be vetted by the company's legal reps as well, independent of 'compliance' if this stuff is being outsourced.
 

yodon

Leader
Super Moderator
#8
To elaborate a bit on a point @Tidge brought out:

wide and deep understanding of the medical uses for the device , as well as an ability to speak competently about the current state of medicine and the role the device plays in it
Recent interactions with risk file reviewers has been that they are questioning how harms and severity scores were established. In essence, they're looking for someone with suitable clinical background to give credence to the analysis.
 

Tidge

Trusted Information Resource
#9
I've had this type of interaction as well. With one "third party" I got the sense that the individual was hoping to improve their own marketability as a consultant (eventually) :)
 
#10
I don't think there is anything written in the standard itself, but it can be impractical to manage both the qualifications and conflicts of interest (which comes from quality systems such as ISO 13485 and regulations like e.g. 21 CFR 820.20 (b)(1)). Also if a serious incident occurred and the investigation found that only one person was involved in risk management, it's likely to be a potential source of negligence.

That said, if it is a low risk device and the docs are mainly being prepared for test labs, it's probably going to be OK in the sense (a) there is no rule in ISO 14971 itself (b) the test lab is not going to dig in deep about qualifications, and (c) the conflicts of interest aspect is outside their scope. And assuming it's low risk, the chances of a serious incident are inherently low. So you could roll the dice, but keep in mind that it's more to do with being a low risk device and keeping your head down rather than being OK in general.
Thanks Peter. Yes, it is a low-risk measurement device (class I): (a) a toothbrush-size, wireless, and handheld device, (b) 3V non-rechargeable battery-powered, (c) with no accessible part, (d) with no SIP/SOP. The docs are mainly being prepared for test labs.

I agree that "conflicts of interest" is a big concern from the regulatory prospective.

Is it acceptable to hire a third-party person to review the RMF or he/she should be part of my company?

AF
 
Thread starter Similar threads Forum Replies Date
M Clinical evaluation interface with the risk management process EU Medical Device Regulations 9
J ISO 10993-1:2018 Format to Perform Risk Management Process US Food and Drug Administration (FDA) 1
B Risk Management Procedure updates needed for 14971:2019 ISO 14971 - Medical Device Risk Management 11
M Intended Use vs Actual Use and Scope of Risk Management EU Medical Device Regulations 8
S IDCB 0129/0160 Clinical Risk Management ISO 14971 - Medical Device Risk Management 2
S Risk Management File - Procedure Packs ISO 14971 - Medical Device Risk Management 3
G Risk Management for IEC 60601-1 and IEC 60601-1-2 IEC 60601 - Medical Electrical Equipment Safety Standards Series 15
K Do you have separate clinical risk management group or experts in your manufactures? EU Medical Device Regulations 4
Sidney Vianna ISO Practical Guide on ISO 31000:2018 - Risk Management Other ISO and International Standards and European Regulations 0
T Risk Assessment and Management Misc. Quality Assurance and Business Systems Related Topics 0
J HELP NEEDED ! Risk Management Exercise ISO 14971 - Medical Device Risk Management 12
O Should a Covid vaccine and testing policy be included as part of ISO9001 or AS9100 risk management? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 13
D Does Risk Management apply to re-labeler (MDR) EU Medical Device Regulations 1
H Risk Management Plan in agile process ISO 14971 - Medical Device Risk Management 14
U Supply risk management Manufacturing and Related Processes 4
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 5
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6

Similar threads

Top Bottom