The stages required for applying ISO 14971 principles to risk management for medical devices can be typically broken into 6 steps:
Risk management at a high level can be broken down into risk assessment and risk control.
The Manufacturer must first identify the risks associated with the product; for example risks to the operator and risks to the patient. The ISO standard contains risk profile templates that aid in identification of risk elements and analysis. First the risk elements of the product design should be identified by a team made up of subject matter experts that should come from the various areas involved in the organization such as the design, quality, production and business departments. It is vital that a representative mix of ALL these disciplines are involved at this stage of risk identification. Subject matter experts tend to focus on their specific area and do not always have a thorough appreciation of how other elements can have an impact. Once the risk elements of the product design are identified, an analysis of each element can be performed.
The use of standard templates simplifies this process.
A simple method is FMEA (Failure Mode and Effect Analysis), this can either use numerical values or colours to demonstrate risk. See examples of such assessments in Figures 1 and 2 below:
Figure 1: Pictorial Risk Ranking
Figure 2: Numerical Risk Ranking
Risk Evaluation and associated Risk Acceptability Decisions
Following the identification and analysis of the risk during device design, the results of the analysis should be evaluated and decisions made upon how to proceed. The process can be split into two sections, though these are frequently combined.
Risk Evaluation
The stage of risk evaluation determines the controls that need to be implemented to mitigate the risks and must be made in the context of the effectiveness of any existing strategies and controls.
Risk Acceptability Decisions
The Risk Acceptability for the design of the medical device must be then made. The acceptability decisions are prioritised using pre determined assessment criteria. Assessment criteria are usually descriptive, for example:
The purpose of risk control is to reduce the risk(s) to an acceptable level, e.g. by inherent safety or by design and implemented during the Concept Design Phase and verified during design output. The effort used in reducing the risks to an acceptable level should be proportional to the significance / impact of the risks.
Control should be targeted at answering questions, such as:
When introducing a new Medical Device onto the market a number of well-defined risk analysis and evaluation phases should be undertaken. Risk Management and the performance of Risk Assessment are therefore crucial parts of the design, development and control process. They assist manufacturers to understand the product, ensuring that consideration has been given to user requirements, the patient and the operator. When performed with a multi-disciplinary team using appropriate and consistent rules, problems in the design development and use of the device can often be eliminated.
Risk Assessment is a valuable tool and a regulatory expectation that should be used throughout the whole of the product life cycle to ensure a safe and effective product.
Contact us to explore your needs in 'risk management for medical devices' while navigating ISO 14971 and learn how SeerPharma can assist you.
You may also be interested in these posts: