Professional Documents
Culture Documents
Notes From The Chair: Volume 43, Number 2 August 2015
Notes From The Chair: Volume 43, Number 2 August 2015
August 2015
Editor: Steven Walfish asq.org/biomed
2 B I O F E E D B A C K / Augus t 2015
Normative content in standards includes prescriptive requirements and serves as the
basis for determining compliance with the standard. In contrast, informative content pro-
vides supplemental descriptive information to aid understanding (not requirements).
Internet Resources for Finding Standards
Internet search engines provided by regulatory agencies, SDOs, and third-party
distributors can be useful for finding standards. However, they can sometimes provide
conflicting or outdated information. Confusion can be resolved by comparing results from
different sources, and leaning toward SDOs as the most authoritative source.
Here are some SDO search engine links: ISO, IEC, CEN, CENELEC, BSI, AAMI, ASTM
For the U.S. FDA perspective, the FDA Recognized Consensus Standards search engine
is a good resource.
For Europe, the Harmonised Standards Reference Lists (MDD, AIMDD, IVDMDD) are
an important resource. Compliance with harmonized standards provides a “presumption of
conformity” with the applicable requirements of the associated European directive.
Standards Searching Tips
1. Compare results found on national SDO websites to results from international standards
body websites (ISO/IEC, CEN/CENELEC).
2. Review the cross-references in each standard to learn what other standards may
be applicable.
3. Maximize value by purchasing EN ISO (or EN) standards instead of the corresponding
ISO (or IEC) standards. The normative content is typically identical, and the harmo-
nized EN versions have additional informative annexes that can facilitate European
regulatory compliance.
4. ISO publishes and sells standards in English, French, and Russian. IEC publishes and
sells standards in English and French. Corrigenda documents (error or ambiguity correc-
tions) are free of charge from both organizations.
5. CEN and CENELEC publish European (EN) consensus standards in English, French,
and German but do not directly sell standards. The CEN/CENELEC National Standards
Bodies sell them. They add their national prefix, and in some cases the publication
date is delayed beyond the year of original publication by CEN/CENELEC.
6. When CEN adopts an ISO standard they add the “EN” prefix in front of the “ISO”
prefix. When CENELEC adopts an IEC standard they replace the “IEC” prefix with the
“EN” prefix.
Resources for Previewing Consensus Standards Information
Determining whether a standard applies to your device sometimes requires the
content of the standard to be reviewed. Since consensus standards are protected by
copyright law and must be purchased, this can be costly. However, there are ways to
determine the scope and applicability of consensus standards without purchasing them
(see examples below).
BSI provides overview and product details information for each standard. The over-
view typically describes the standards scope and section headings. The product details
section provides information such as cross references and equivalence relationships to
other international standards.
The Estonian Centre for Standardization provides free previews of standards. These
previews include the first few pages, typically including the scope, normative references,
and the beginning of the terms and definitions section. For a minimal charge, this site pro-
vides 24-hour previews of entire standards.
cont. on p. 4
3 B I O F E E D B A C K / Augus t 2015
Strategies for Standards Determination
1. Determine in which countries the devices will be distributed.
Most companies develop their devices so they can be marketed throughout the world.
However, if there is a particular geographical focus, the relative importance of vari-
ous standards can be determined. For example, if the firm’s primary goal is to perform
a clinical investigation in Europe, then FDA Recognized Standards need not play a
pivotal role to prepare the standards list. The focus should be to identify the “EN” stan-
dards applicable to the device with particular focus on “harmonised” EN standards.
2. General Standards
The following standards apply to most medical devices.
• Quality Management System – ISO/EN ISO 13485, FDA 21 CFR 820
• Clinical Investigation – ISO/EN ISO 14155
• Risk Management – ISO/EN ISO 14971
• Usability Engineering – EC/EN 62366-1
• Labeling – EN 1041, European Directives, FDA 21 CFR 801
• Label Symbols – ISO/EN ISO 15223-1, EN 980
3. Screening Questions
The following screening questions can be helpful to narrow down the applicable standards.
• Is it a medical device? – General standards apply
• Does device contact patient? – ISO/EN ISO 10993-x series
• Is it an electromedical device?
Base standards – IEC/EN 60601-1
Collateral standards – IEC/EN 60601-1-x
Particular standards – IEC/EN 60601-2-x
Performance standards – IEC/EN 60601-3-x
• Is it associated with software? – IEC/EN 62304
• Is it provided sterile? How sterilized? How packaged?
Sterile packaging – ISO/EN ISO 11607-x
Sterile package testing – ASTM F88, F1140, F1980, F2096, etc.
Sterility assurance level – EN 556-1
Microbiology – ISO/EN ISO 11737-x
Ethylene oxide – ISO/EN ISO 11135, ISO/EN ISO 10993-7
Radiation – ISO/EN ISO 11137-x
Moist heat – ISO/EN ISO 17665-1
• Is it resterilized by the user? – ISO/EN ISO 17664
• Is it implantable?
General requirements – ISO/EN ISO 14630
Instrumentation – ISO/EN ISO 16061
See Consensus Standards Determination Example on next page.
What next?
Once the relevant standards are identified and obtained, the next challenge is inter-
preting and applying them to medical devices being developed. After that, continual
surveillance of changes to the standards is vital for maintaining state-of-the-art devices.
Sam Lazzara has a master’s degree in engineering and is an ASQ Certified Biomedical Auditor (CBA) with more
than 30 years of medical device industry QA/RA experience. Quality systems that he has developed or guided
have passed dozens of regulatory audits, enabling worldwide marketing for his many clients. Lazarra has engi-
neering degrees from Case Western Reserve University and Brown University. Visit his blog for more valuable tips:
http://medicaldevicequality.blogspot.com/.
cont. on p. 5
4 B I O F E E D B A C K / Augus t 2015
Consensus Standards Determination Example
Subject Device: Orthopedic Hip Joint Replacement (radiation sterilized)
Applicable Regions: Europe, United States
What follows is a list of top-level consensus standards (as of June 2015) that apply to marketing the
subject device. These standards, together with the applicable regulations, and lower-level particular
standards and guidance documents, are the foundation for design input requirements from a regula-
tory compliance standpoint.
General Standards
Designation/Revision Title
EN 62366-1:2015 Medical devices – Part 1: Application of usability engineering to medical
devices (IEC 62366-1:2015)
EN ISO 13485:2012 Medical devices – Quality management systems – Requirements for regu-
latory purposes (ISO 13485:2003/TC1:2009)
EN ISO 14971:2012 Medical devices – Application of risk management to medical devices
(ISO 14971:2007, Corrected version 2007-10-01)
5 B I O F E E D B A C K / Augus t 2015
ASQ Standards Committee
by Heather Crawford
ASQ is an American National Standards Institute (ANSI) Accredited Standards
Developer Organization (SDO); originally accredited as an SDO in March 1977. The ASQ
Standards Committee serves as ASQ’s consensus body, and is an official committee of the
Society reporting to the ASQ board of directors. As an accredited SDO, ASQ is audited by
ANSI every five years; the most recent reaccreditation audit occurred December 2014.
The ASQ Standards Committee is responsible for consensus development and approval
of generic standards and other documents that apply quality management principles, tools,
and technology. The committee develops American National Standards (ANS), techni-
cal reports (TR), and other documents reflecting the most current technology in quality.
Product-specific standards and documents as well as safety-related documents are not
included in the scope of this committee.
The ASQ Standards Committee is composed of ASQ division representatives, general
interest members, and observing members. Divisions have been actively involved with the
development of ASQ’s quality standards since the early years. Without input from the divi-
sions, neither ASQ nor the Standards Committee could develop standards that reflect the
most current technology in quality.
ASQ divisions are one major source of new ideas for quality standards. Their members
serve as the technical experts of ASQ and are aware of trends and practices that indicate
where and when a standard might be needed. Through their representatives, ASQ divisions
bring their ideas to the attention of ASQ’s Standards Committee. Ideas are formalized into
work proposals, and may be developed into an ANS. Once approved, an ANS is maintained
as current and relevant through timely revision and reaffirmation.
The ASQ Standards Committee discusses ideas and determines the need for future stan-
dards. It also works with divisions that develop new standards or reaffirm/revise existing
standards. The ASQ Standards Committee follows the consensus process established by
ANSI and its own ANSI-approved operating procedures.
6 B I O F E E D B A C K / Augus t 2015
Development through publication
Of the six primary stages for ISO standards development, three are mandatory with the
remaining three being optional. Each stage is summarized below in sequence.
10: Proposal Stage
New Work Item Proposal
(NWIP) submitted to a TC Figure 1 – Stages to Publish an
for vote to confirm a new International Standard
International Standard (IS) is
warranted. Approval of a new
work item requires affirmative • Proposal
vote by a simple majority of 10
P-members and minimum num-
ber of P-members, i.e., four • Preparatory (optional)
in committees ≤16 and five in 20
committees with ≥17 members,
committing to actively partici- • Committee (optional)
pate in the project. 30
This stage is not required for
revision or amendment to a pub- • Enquiry
lished ISO standard. However, 40
an NWIP ballot is required if
the revision or amendment will • Approval (optional)
expand the scope of the pub- 50
lished standard.
20: Preparatory Stage • Publication
60
Parent TC establishes a
Working Group (WG) to prepare
a Working Draft (WD) of the new
item. P-members who agreed to
actively participate are expected to provide technical expert(s) to the WG. Successive WDs
may be prepared until the WG is satisfied. The WD is forwarded to the parent committee to
decide if the item will proceed to the Committee Stage (30) or Enquiry Stage (40).
30: Committee Stage
Draft standard prepared by the Working Group (WG) is shared as a Committee Draft
(CD) for a comment period ranging from two to four months. Comments from other national
bodies are considered with the goal to reach consensus on technical content of the doc-
ument. The parent committee comments and votes on the CD. Successive CDs may be
shared until consensus on technical content is obtained.
40: Enquiry Stage
Draft International Standard (DIS) is submitted to the ISO Central Secretariat, and
subsequently distributed to national bodies on the committee for a three-month period to
comment and vote. Each national body may submit one vote that shall be positive, nega-
tive, or abstention. If a two-thirds majority of P-members vote affirmative and no more than
one-fourth of total votes are negative, the DIS is approved.
An approved DIS may proceed to the Publication Stage (60). If comments indicate a
significant change to the document, the committee may choose to include a Final Draft
International Standard (FDIS), as described in the next stage.
50: Approval Stage
This stage is optional if the DIS was approved in the Enquiry Stage. The parent
committee may elect to circulate an FDIS based on DIS voting results and comments
cont. on p. 8
7 B I O F E E D B A C K / Augus t 2015
received. An FDIS is not atypical if comments received on the DIS result in technical
changes to the document.
The FDIS is distributed to committee member countries for a two-month vote. FDIS
approval requirements are the same as DIS approval, i.e., affirmative vote by at least two-
thirds of P-members and negative votes constituting no more than one-fourth of total votes.
60: Publication Stage
Editorial corrections may be made to the document within a defined period. Publication
by the ISO Central Secretariat of the final document as an International Standard (IS) com-
pletes this stage.
Following publication
The Review and Withdrawal Stages complete the life cycle of an IS. These stages are
summarized below.
90: Review Stage
Each published IS is subject to systematic review to determine if the IS should be con-
firmed, revised, converted to another document type, or withdrawn. A maximum of five
years is to elapse between publication of an IS and its systematic review. Timing is based on
either initial publication year of the IS or the year of its most recent reaffirmation. There is
no maximum number of times an IS may be reaffirmed.
95: Withdrawal Stage
A standard should be withdrawn if it has not been adopted for use in a minimum of five
countries. Recommendation for withdrawal is communicated to national bodies with a two-
month period to object to the withdrawal.
A withdrawn standard may be reinstated if its necessity is determined at a later date.
The standard would be issued as either a DIS or FDIS for voting by member national bodies.
If approved, the standard is published as a new edition having a new publication date and
explanation of the standard results from reinstatement of the prior edition.
***
For greater detail on how an International Standard is developed, refer to the publi-
cation ISO/IEC Directives, Part 1: Procedures for the technical work, available online at
http://www.iec.ch/members_experts/refdocs/iec/isoiecdir-1%7Bed11.0%7Den.pdf.
8 B I O F E E D B A C K / Augus t 2015
Risky Business: Demystifying EN ISO 14971:2012
by Sam Lazzara
Table 1
cont. on p. 10
9 B I O F E E D B A C K / Augus t 2015
Table 1 (continued)
ISO 14971:2007 contains a risk management process flowchart that is not consistent
with the European Directives. Manufacturers with CE-marked devices should avoid ref-
erencing that flowchart in their quality system procedures. The process flow depicted in
Figure 1 is consistent with the European content deviations.
In summary, the European interpretation of risk management in the Essential
Requirements of the Directives has led them to the following conclusions that are in conflict
with ISO 14971:
• All identified risks, regardless of magnitude, must be reduced as far as possible,
without economic considerations.
• Risk/Benefit analysis is always required.
• Labeling information may not reduce risk.
cont. on p. 11
cont. on p. 12
Within your own standard operating procedures (SOPs), you can determine which
categories require the SQA. Our recommendation would be to require an SQA for Critical,
Category 1, and Category 2. All your other suppliers, including contractors and consultants,
cont. on p. 14
Making sure the agreements meet the specific relationship of the supplier
The first thing to do is to perform a gap assessment against the basic requirements.
Also, look at the most recent FDA warning letters to see if there are any situations that
you need to add to your existing SQA. Being proactive will prevent having to deal with
major issues later.
The second part of this exercise is to construct the SQA to be flexible to allow the
different business relationships you might have with your suppliers. The decision of what
goes in the SQA should be based on the risk assessment and the business relationship. For
example, the same requirements for a contract manufacturer providing a finished device
for you would have fewer requirements for a component supplier.
An example that supports this approach is outlined in a 2012 warning letter, in which
the agency looked at five agreements that it found woefully inadequate. Here are examples
of what FDA cited in three of those agreements:
• The agreement … does not address complaint handling, medical device reporting,
labels/labeling content, product recall, or maintenance of device history records.
• The agreement … does not address complaint handling and maintenance of device
history records. Further, the term of the agreement expired on the third anniversary of
the effective date.
• The agreement … does not address product design changes, complaint handling,
medical device reporting, recalls, label/labeling content, or maintenance of device
history records. Additionally, the agreement is not signed and dated.
An agreement should outline the key roles and responsibilities of the parties. Metrics
and due dates should be clearly identified to avoid scope creep. Remember, the SQA is a
two-way document that should identify key suppliers and indicate whom to notify if FDA
shows up for an inspection. You don’t want to be in a situation where someone from your
company is unable to answer the agency’s questions or, worse, answers them incorrectly.
Introduction
A product manufacturer’s obligation for product safety extends across the whole prod-
uct life cycle—from concept to salvage/disposal. In the United States, manufacturers and
retailers of consumer products are obligated to report certain product safety issues to the
Consumer Product Safety Commission; manufacturers and operators of aircraft are obligated
to report certain aviation safety issues to the Federal Aviation Administration; manufacturers
and user facilities of medical devices are obligated to report certain medical device safety
issues to the Food and Drug Administration.
Safety is the continual application of effective risk management activities, not the
momentary absence of known hazards. Risk management is applied across the complete
product life cycle. The principle is enshrined in many well-recognized industry standards
(e.g., for medical devices, ISO 9001, ISO 13485, and ISO 14971) and is a fundamental
engineering best practice. Correct application of life cycle risk management is your primary
tool for minimizing unintended harms to patients and providers, reducing product recalls,
limiting product liability, and protecting employees and shareholders.
Risk Management
Figure 1 shows the general approach to
risk management. Risk is future uncertainty Figure 1
of the deviation from an expected outcome.
In product risk management, complaints
of desirable deviations are rare and we are
typically only concerned with undesirable
(unsafe/ineffective) deviations. Risk is gen- As
se
erally quantified as some combination of
ss
the severity of harm of the identified hazard
me
tion
nt
Mitiga
identified hazard.1
Risk
Nearly every senior executive under-
stands financial risk management: “The
management
identification, analysis, assessment, control,
and avoidance, minimization, or elimina-
tion of unacceptable risks. An organization
may use risk assumption, risk avoidance,
Id e n
risk retention, risk transfer, or any other tificatio n
strategy (or combination of strategies) in
proper management of future events.”2 But
the strategies for financial risk management
do not map well to product risk management; risk avoidance and risk transfer (from manu-
facturer to customer3) ultimately result in unintended risk assumption and risk retention by
1. Samaras, GM. “Use, Misuse, and Abuse of the Device Failure Modes Effects Analysis.” MD+DI
Online (and later print Magazine August 2013).
2. http://www.businessdictionary.com/definition/risk-management.html Accessed 6/11/15.
3. Minimizing Type II errors (Producer Risk) at the expense of Type I errors (Consumer Risk).
cont. on p. 16
4. Samaras, GM. “Medical Device Mechatronics Maturity.” Medical Electronics Design Online (and
later print Magazine, January 2013).
5. Samaras, GM. “Reducing latent errors, drift errors, and stakeholder dissonance.” WORK: A Journal
of Assessment, Prevention, and Rehabilitation, 41(s1):1948-1955 (2012).
cont. on p. 17
Table 2
6. Samaras, GM. “The Use, Misuse, and Abuse of Design Controls.” IEEE Engineering in Medicine and
Biology Magazine 29(3):12-18, 2010.
cont. on p. 18
Conclusion
Product life cycle risk management is an engineering approach for increasing product
safety and reducing unintentional harms, product recalls, and product liability. Unlike
financial risk management, product risk avoidance and risk transfer ultimately result in
manufacturer risk assumption and risk retention. The terminology used for premarket
risk management and postmarket risk management differ, but the underlying engineering
activities are essentially the same. Not doing complete and correct premarket risk man-
agement undermines the viability of your product in the marketplace; not doing complete
cont. on p. 21