Risk Management of Medical Devices

Risk Management of Medical Devices
According to ISO 14971
Johanny Pestalozzi, PhD

1
2
RISK MANAGEMENT OF MEDICAL
DEVICES
ACCORDING TO ISO 14971
Content
▪ Fundamentals of risk management
& relevance of ISO 14971 in MedTech
▪ General requirements for a
risk management system
▪ Components of the risk management process
SECTION 1:
FUNDAMENTALS OF
RISK MANAGEMENT
& RELEVANCE OF ISO
14971 IN MEDTECH
3
SECTION 1
FUNDAMENTALS OF RISK MANAGEMENT
& ISO 14971 IN MEDTECH
▪ Risk Management
“Systematic application of management
policies, procedures, and practices to the tasks of
analyzing, evaluating, controlling and monitoring risk”
▪ Risk
“Combination of the probability of occurrence of harm
and the severity of that harm”
– Hazard
potential source of harm (detrimental effect)
– Probability
Measure of the possibility of a hazard occurring
– Severity
Measure of the possible consequences of a hazard
Source: ISO 14971:2019
4
SECTION 1
FUNDAMENTALS OF RISK MANAGEMENT
& ISO 14971 IN MEDTECH
1) Mother cooks lunch Phone ringing

2) Phone rings Thermal energy (high temperature)
3) Mother forgets
to turn off the
stovetop The stovetop remains hot
and is accessible
Touch the hot surface
2nd degree skin burns
Fig. 1: Basic concept of risk

Source, ISO 14971:2019
SECTION 1 ▪ Relevance of risk management in MedTech
➢ Ensure safety (patients, operators, and
FUNDAMENTALS OF RISK environment)
& effectiveness (reliability)
MANAGEMENT ➢ Compliance with regulations for market
& ISO 14971 IN MEDTECH approval
EU: MDD (93/42/EEC, Ess. Req.) & MDR
(EU 2017/745, GSPR)
USA: Quality System (21 CFR Part
820.30 – Design control/validation)
▪ ISO 14971
Most relevant standard for RM
➢ Versions
2012 (harmonized in the EU; pres.
conformity for MDD)
2019 (recognized in the USA, not
harmonized for CE marking)
➢ EU: combination SoA (v2019) +
harmonized (v2012)
+ Annexes of MDR (GSPR) 6
SECTION 2: GENERAL
REQUIREMENTS FOR A
RISK MANAGEMENT
SYSTEM
7
SECTION 2
GENERAL REQUIREMENTS
FOR A RISK MANAGEMENT SYSTEM
1. Risk management 2. Management 3. Competence of 4. Risk management 5. Risk management

process responsibilities personnel plan file
• Implement a • Commitment • Possess • Following risk • Documentation

system to (policy risk knowledge and mgmt. process of entire risk
identify, assess accept. criteria) experience with • Scope of management
and control to ensure a particular activities, activities
risks & hazards proper MD/risk mgmt. description of • Traceability of
resources and techniqe MD, lifecycle, risk analysis,
assignment of respons., criteria evaluation,
competent risk accept., etc. verification, etc.
personnel
Fig. 2: Elements of the risk management process 8
Source: ISO 14971:2019

SECTION 3:
COMPONENTS OF THE
RISK MANAGEMENT
PROCESS
9
SECTION 3
COMPONENTS OF THE RISK MANAGEMENT PROCESS
Fig. 3: Elements of
the risk Risk Analysis Risk Evaluation Risk
management Assessment
process
Source
ISO 14971:2019 *Evaluation of
*Risk Control Overall Residual Risk
Risk Management &
(Scope of) RM
Plan
*Production & Post-

Risk Management
Production
Review
Activities 10
1. Risk Analysis
– Define intended use & reasonably foreseeable
SECTION 3 misuse
– MD’s Qual. and quant. characteristics that affect
COMPONENTS OF THE
safety
– Identification of hazards & hazardous situations (HS)
– Risk estimation (PxS) of each HS (sources, e.g., PMS,
RISK MANAGEMENT experts, literature, etc.)
2. Risk Evaluation
PROCESS – Determine if risk is acceptable or not=f(criteria in

risk mgmt. plan)
– Acceptable risks become residual risks / non-
acceptable (risk control)
3. Risk Control
– Analysis of RC options (i) inherently safe design and
manufacture;
(ii) protective measures in MD or in the
manufacturing process;
(iii) information for safety and training to users’
– Verification of each risk control’s effectiveness (e.g.,
D&D V&V)
– Residual risk evaluation=f(criteria in risk mgmt. plan)
– Benefit-risk analysis (not acceptable, no suitable risk
control) /
(- relationship) modify MD or its intended use
– Evaluation of RC & completeness: (i) new hazards;
(ii) impact to old hazards
11
SECTION 3
Risk estimation
12
Fig. 4: Example of a risk acceptability matrix

Source: www.greenlight.com
4. Evaluation of overall residual risk (ORR)
 Assess risk of the entire MD (influence of all
SECTION 3 individual residual risks)

 If ORR acceptable: (i) inform users of relevant risks;
COMPONENTS OF THE (ii) disclose risks in labeling / not acceptable: further

RC measures or change MD/intended use
RISK MANAGEMENT 5. Risk Management Review

 Evaluate the execution of the risk management plan
PROCESS (before production commercialization)
 Revision to ensure (i) proper risk mgmt. adoption;
(ii) residual risks are acceptable; (iii) suitable
methods for documenting and evaluating feedback
6. Production and Post-Production Activities

 Manufacturer should maintain a Complaint
Management System
 Information collection (e.g., from user, supply chain,
publicly available, etc.)
 Information review (e.g., new hazards arise, no
longer acceptable residual risks, change SoA, etc.)
 Actions (e.g., determine if re-analysis of risks, input
for change mgmt., decisions on marketed MD,
improve risk mgmt. activities, etc.)
13
Risk Management Techniques
1) Product Hazard Analysis (PHA)
– Identification of hazards and hazardous
SECTION 3 –
situations (top-down)
Possible to use early in the development
process
COMPONENTS OF THE (little info on design details & operating
procedures)
– Use of risk screening questions, e.g., ISO/TR 24
RISK MANAGEMENT –
971 Annex C
Evaluate e.g., materials used/produced,
equipment used, work env.
PROCESS 2) Fault Tree Analysis (FTA)
– Identification and prioritization of hazards and
h. situations
– Useful in safety engineering (early development)
to link interfaces
– Applies input from another technique (“top
event”) to identify causes
3) Failure Mode and Effects Analysis (FMEA)

– Systematic identification of effects of individual
components
– Suitable in design maturity
– Consequences of a failure are systematically
identified & assessed (bottom-up)
14
SECTION 3
Product Hazard Analysis

(PHA)
Fault-Tree-Analysis
DFMEA (FTA)
Post-Market Surveillance PFMEA / UFMEA
(PMS)
Disposal
Intended Use
Storage
Production
Implementation
Design
Reprocessing
Concept
Transport &
Installation
Specification
Fig. 5: Risk Management Techniques Along a MD Lifecycle
Risk Management Application

1) Initial design of MD (address hazards) 15
2) Change in design/production process (ensure no harm)
3) After product recall (improvement)
THANK YOU!
Q&A
16

Risk Management of Medical Devices

Uploaded by

Copyright:

You might also like

Risk Management of Medical Devices

Uploaded by

Document Information

Original Description:

Copyright

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Risk Management of Medical Devices

Uploaded by

Copyright:

Risk Management of Medical Devices

According to ISO 14971

Johanny Pestalozzi, PhD

1) Mother cooks lunch Phone ringing

2nd degree skin burns

Fig. 1: Basic concept of risk

1. Risk management 2. Management 3. Competence of 4. Risk management 5. Risk management

• Implement a • Commitment • Possess • Following risk • Documentation

Fig. 2: Elements of the risk management process 8

Source: ISO 14971:2019

*Production & Post-

PROCESS – Determine if risk is acceptable or not=f(criteria in

Fig. 4: Example of a risk acceptability matrix

SECTION 3 individual residual risks)

COMPONENTS OF THE (ii) disclose risks in labeling / not acceptable: further

RISK MANAGEMENT 5. Risk Management Review

6. Production and Post-Production Activities

3) Failure Mode and Effects Analysis (FMEA)

Product Hazard Analysis

Fig. 5: Risk Management Techniques Along a MD Lifecycle

Risk Management Application

You might also like