SBS - The best value in QMS software

Risks arising from control measures vs. ineffective control measures

ThatSinc

Involved In Discussions
#1
Hi All,

I hope everyone is enjoying 2021, as much as possible, so far...

looking to confirm/clarify some understanding on risks arising arising from control measures vs. ineffective control measures - particularly around instructions for use and labelling, and translations of both.

If we take the example of cleaning a reusable product between uses to control the risk of biocontamination and infection;

Hazard: Infectious Agents (Bacteria/Virus)
RFSE: User does not sufficiently clean device prior to reuse
Hazardous Situation: Contaminated Device used on patient
Harm: Infection


If the control measures are that the instructions for use contain a full cleaning protocol, including compatible and validated automated cleaning systems and protocols, I would consider that the user not understanding the instructions would be a failure on the verification of effectiveness of the control measure - and the residual P1 and P2 values would be high, not that unclear instructions for use is a new hazard or hazardous situation.
I consider a lack of translation in this too, rather than a hazard in its own right.

Despite translations being available the Notified Body had previously stated that there is no explicit consideration for translations in the risk management file and so "inadequate translation" was added as a hazard which I disagree with.

I am suggesting that the control measures section includes reference to the translation process and relevant list of instructions documents in all languages.

Would you agree on this approach, or would you consider the need for a new line item in the hazard analysis? If there is a need for a new line in the hazard analysis, how would you approach this, as to me the hazard, rfse, hazardous situation, and harm are all the same.


Thanks in advance,

TS.
 
Elsmar Forum Sponsor

indubioush

Quite Involved in Discussions
#2
Sound like you have two sequences of events. In one, the user doesn't clean the the device even though they understand the instructions. In the other one, the user cannot understand the translated instructions, and so they do not clean the device adequately. The P1 value for each of these may be different.
 

yodon

Staff member
Super Moderator
#3
I don't necessarily find the feedback irrational. As @indubioush notes, you have a risk of the improper cleaning. The event leading to it could be incorrect / incomplete / improper translation (for the intended audience). Your control could be proper translation. You can get the translation itself validated (for the intended audience) and comprehension would be part of usability validation (using representatives from the intended audience).
 

adir88

Involved In Discussions
#4
If you have an approved translation service provider (certified to ISO 17100 etc.) and your QS requires you to use an approved TSP for all translations (including in-country reviews), I would not recommend adding this as a sequence of events in your risk analysis. You have controls in your quality system that are built to ensure that translations are done by competent people, and you make sure that these requirements are met when your IFU is approved and released for use in manufacturing. This is quite an odd request and I have never seen a requirement for validating translations in this regard. At my company, we do not list quality requirements as risk control measures otherwise you end up listing all kinds of procedures and job instructions.

I completely agree that this has more to do with the verification of effectiveness of the risk control measure. Hopefully you have implemented this risk control measure in your design and have some design validation evidence to demonstrate that the risk control measure is effective and hopefully this is sufficient.
 

ThatSinc

Involved In Discussions
#5
Sound like you have two sequences of events. In one, the user doesn't clean the the device even though they understand the instructions. In the other one, the user cannot understand the translated instructions, and so they do not clean the device adequately. The P1 value for each of these may be different.
The P1 value for the occurrence of the hazardous situation, which is the contaminated device being used on a patient, considers this.
The factors that affect this are all considered when reviewing the control measures required.
The sequences of events that could lead to a hazardous situation are considered, as required by the standard, but not explicitly documented.

I'm not sure whether you're suggesting that a separate line would be required, or would you include the separate sequence of events within the same hazardous situation?
I would not find it value adding to essentially re-list every single hazard/hazardous situation that is controlled by instructions for use with an additional "translations not accurate" and/or "instructions for use not provided" line that exposes the user to the same hazard, then has control mechanisms for ensuring that the translations are correct and that each product is packed with an IFU.
I would actually find that for the purposes of overall risk that this would potentially misrepresent the number of risks a device has.

I don't necessarily find the feedback irrational. As @indubioush notes, you have a risk of the improper cleaning. The event leading to it could be incorrect / incomplete / improper translation (for the intended audience). Your control could be proper translation. You can get the translation itself validated (for the intended audience) and comprehension would be part of usability validation (using representatives from the intended audience).
I don't find the feedback irrational, I agree that there is a risk of improper cleaning and the risk file did not explicitly call out translations originally.
The reference to the risk control measure was to the English version and no comments were made regarding any languages.

It was more the approach to resolving the situation on a new line item being included in the risk management file rather than referencing the controls and verification of controls in the originally documented risk.


If you have an approved translation service provider (certified to ISO 17100 etc.) and your QS requires you to use an approved TSP for all translations (including in-country reviews), I would not recommend adding this as a sequence of events in your risk analysis.
How would you document the potential for lack of understanding or inappropriate translations?

At my company, we do not list quality requirements as risk control measures otherwise you end up listing all kinds of procedures and job instructions.
I would agree with this, the specification (instructions for use in all languages) is the control measure - how you ensure you meet that specification (translation process) falls under process control. However there are a number of process controls that do exist throughout manufacturing that are direct control measures on contamination/sterility etc so don't think that it's necessarily something you shouldn't do.


I completely agree that this has more to do with the verification of effectiveness of the risk control measure. Hopefully you have implemented this risk control measure in your design and have some design validation evidence to demonstrate that the risk control measure is effective and hopefully this is sufficient.
The translation process and verification of translations includes forward/backward translation and a read by an SME in the appropriate language - this was already in place, and was accepted at the time, but the update to the risk file was managed after the fact.
 

indubioush

Quite Involved in Discussions
#6
I'm not sure whether you're suggesting that a separate line would be required, or would you include the separate sequence of events within the same hazardous situation?
I wasn't really suggesting anything. I only wanted to call your attention to the different sequences of events. I don't know the class of your device or the level of risk that it has. I also do know how much you are relying on your user to understand your instructions for use.

You disagree with your notified body regarding the hazard of inadequate translation; however, it is best to make them happy. The most conservative route would be to add line item with inadequate translation as the hazard, and have the control measure point to the product requirement that translations undergo the process you describe. The verification of effectiveness is the usability validation.

Keep in mind that sometimes you have to retrospectively document risk management activities. You should always take credit for something you are already doing that reduced a risk.
 

ThatSinc

Involved In Discussions
#7
I don't disagree with the NB that there's a risk of inadequate cleaning as a result of poor translation of the user manual.
I disagree with the people that have updated the risk assessment to include inadequate translation is a hazard.
I see it as an initiating event that could lead to a ineffective cleaning, leading to use of a contaminated device and patient exposure to the hazard of infectious agents, leading to infection.

As a part of the control measure of implementing the instructions for use they are, by necessity of the quality system procedural requirements, translated into all applicable languages. The verification of effectiveness in regards to user comprehension is performed as part of the translation process (whether this would be considered acceptable in lieu of true usability validation is an entirely separate topic that is outside of my current scope, thankfully).

This was discussed at the time with the NB and was understood and the feedback was to "update the risk file to include it" and the way that they decided was to add it as a hazard.

Whilst it may seem like semantics, adding inadequate translation as a hazard that could lead to infection opens up a whole can of worms, you would logically need to apply the same approach to all risks where the instructions for use are mitigating a hazard and every harm that is associated with those risks would need a new line including inadequate translation as a hazard.

The whole system is currently being remediated due to more recent findings, and this previous finding has become a topic of discussion.
 

indubioush

Quite Involved in Discussions
#8
I disagree with the people that have updated the risk assessment to include inadequate translation is a hazard. I see it as an initiating event
I fully support you in this as I do agree with your point. I think this shows that you have a true grasp of the risk management standard and what each of the terms mean. I think as long as you document the translation-related risks as a hazard-related use scenarios in your usability file, you should be okay.
 

ThatSinc

Involved In Discussions
#9
My guidance has been over-ruled.

There is now a line for "inadequate instructions for use provided" with the control measure of "instructions for use provided"
and another line for "user does not understand instructions for use" with the control measure of "instructions for use provided"

Despite my guidance that both of those issues are related to inadequate effectiveness of the instructions for use control measure, identified for other hazards.

Has anybody had to manage situations like this?
It's become quite a sticking point, and I think I may have to just go with it.
 

Tidge

Trusted Information Resource
#10
I can't tell if you have a larger team problem with lack of experience or lack of imagination. Is this still an issue where an NB doesn't trust your translations? If instead it is 'folks can't figure out your equipment', a usability validation should establish how well user classes interact with the device. It is atypical that a medical device has as part of its intended use, an explicit function for altering/updating the cognitive ability and mental models of the intended user classes.

Based on the posts here, I tend to agree that an 'inadequate translation' would be an ineffective risk control... or, if you prefer: evidence contrary to the effectiveness of a risk control. It isn't completely unheard of to occasionally update risk management files with specific lines when a particular design element fails in some spectacular/noticeable way. I have seen this done in an effort to drive more detailed analysis for the specific failure mode. I cannot recall doing this in a general way for 'translations'; however I have had some specific (new) risk controls added to a device related to the need to support characters (in a font set) used by other languages, for display of text messages on a device.
 
Thread starter Similar threads Forum Replies Date
L Sampling Plan Risks AQL - Acceptable Quality Level 6
A API Spec Q1 Purchasing Process - Supplier Reevaluation based on Supplier Risks 5.6.1.4 Oil and Gas Industry Standards and Regulations 15
A Environmental Compliance obligations and risks (ISO 14001:2015 6.1.3) ISO 14001:2015 Specific Discussions 3
A IEC 62304 safety classification, External Controls and off-label use related risks IEC 62304 - Medical Device Software Life Cycle Processes 5
D ISO 14971:2019 vs MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks" ISO 14971 - Medical Device Risk Management 5
silentmonkey Are risks in supply chain and development activities within scope of MDD? EU Medical Device Regulations 4
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
A Managing overseas travel risks to food handlers Food Safety - ISO 22000, HACCP (21 CFR 120) 3
T ISO 14971-2019 doubt - Evaluate if estimated risks are acceptable ISO 14971 - Medical Device Risk Management 9
M Informational US FDA – URGENT/11 Cybersecurity Vulnerabilities in a Widely-Used Third-Party Software Component May Introduce Risks During Use of Certain Medical Dev Medical Device and FDA Regulations and Standards News 0
Jacquie Collins 6 Risks and Opportunities ISO 14001:2015 ISO 14001:2015 Specific Discussions 6
D How to Identify the Risks and Opportunities required for QMS Processes? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Are Risks and Opportunities Required as Part of the Process Definition ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
H Addressing of Undesirable side-effects, harms, risks and side-effects in clinical evaluation report (CER) EU Medical Device Regulations 12
M Informational How To Avoid Compliance & Timeline Risks When Selecting A Medical Device Supplier Medical Device and FDA Regulations and Standards News 0
M Informational Understanding Costs And Risks For HFE Usability Studies — Part 1: Testing In-House Medical Device and FDA Regulations and Standards News 0
M FDA News Safety Alert – USFDA warns about safety risks of teething necklaces, bracelets to relieve teething pain or to provide sensory stimulation Medical Device and FDA Regulations and Standards News 0
B ISO 17025 8.5 Actions to address risks and opportunities ISO 17025 related Discussions 7
A Risks and Opportunities associated to Legal Compliance - 6.1.3 ISO 14001:2015 Specific Discussions 4
O Examples of the external and internal issues and their risks and opportunities IATF 16949 - Automotive Quality Systems Standard 2
A Risks related to Method Validation and Stability Studies Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
qualprod ISO 9001 Risk control method - What could be the better way to control risks? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
R Redundancy between Process risks and Process Performance indicators ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Q Risks and opportunities that could be associated with the purchasing department ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Q ISO 14001:2015 Clause 6.1: Actions to address Risks & Opportunities ISO 14001:2015 Specific Discussions 2
Sidney Vianna Guidance on Management of Psychosocial Risks in the Workplace Occupational Health & Safety Management Standards 5
H Depth in the organization for Interested Parties and Risks & Opportunities ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
A Compliance Obligations - Implementing 6.1.1 and 6.1.3 NOTE - Determine risks and... ISO 14001:2015 Specific Discussions 1
I Is risk acceptability really needed if all risks must be reduced as far as possible? ISO 14971 - Medical Device Risk Management 6
Q ISO 9001:2015 - Clarification in 6.1.2 Note 1 (Options to Address Risks) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Q Practical guide to scan for Risks in all QMS systems without missing any ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
Q Risks Examples in Top Management ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
O How will you handle Clause 6.1 - Risks and Opportunities for AS9100 Rev. D Auditors? Risk Management Principles and Generic Guidelines 22
Q SWOT Outputs - Risks, Opportunities and Improvements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Q Source of practice to Evaluate Risks? (ISO 9001:2015) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Q Opportunities only derived from Risks? Detecting Risk & Opportunities in ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
A Does KPI for Processes need to be correlated with the specific Risks for Processes? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
R Actions To Address Risks and Opportunities IATF 16949 - Automotive Quality Systems Standard 1
W Chinese Authorized Representative - What are the regulatory risks? China Medical Device Regulations 3
M Informational Is Identification of Risks and Opportunities required for QMS Processes? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 96
V Deleting Risks if a particular Risk has been Eliminated ISO 14971 - Medical Device Risk Management 3
A Informational Confusion about Risks for Processes in ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 44
R OHSAS 18001:2007 Section 3 - Controlling Work Place Risks Occupational Health & Safety Management Standards 3
D Biological and Chemical Risks to the user in the Hazard Analysis ISO 14971 - Medical Device Risk Management 1
C Risks involved in requesting Cert to ISO9001:2015 right when released ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
R Risks to Health - Patient and Clinician ISO 14971 - Medical Device Risk Management 4
Marc The Risks of Generic Drugs Coffee Break and Water Cooler Discussions 24
Ajit Basrur FDA issues Guidance Document - Benefits-Risks Factors to consider for 510(K) US Food and Drug Administration (FDA) 1
x-files [QMS] Identification and Evaluation of Aspects, Impacts and Risks... ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2

Similar threads

Top Bottom