Professional Documents
Culture Documents
Emilia Berg - Risk Management Approach IVD at Roche
Emilia Berg - Risk Management Approach IVD at Roche
Closure
3
What’s new – ISO 14971 Ed. 3
Closure
4
What’s new – ISO 14971 Ed. 3
Overall risk management approach
unchanged
• Scope:
– Includes data and system security
Closure
7
What’s new - IVDR
Increased focus on Risk Management
IVDD IVDR
Nr. of pages 37 157
Mention of «Risk» 34 152
Mention of «Risk management» 0 32
Mention of «Benefit» 1 38
Benefit-
Risk
Performance Post-market
evaluation surveillance
Article 56, Article 78-81,
Annex XIII Part A Annex XIII Part B
What’s new - IVDR
Essential Requirements (IVDD)
vs. General Safety and Performance Requirements (IVDR)*
*Annex I, Chapter II
What’s new - ISO 14971 Ed. 3
Closure
12
Holistic approach for IVD Risk Management
The new approach…
Holistic approach for IVD Risk Management
A first example
14
Holistic Approach for Product Risk Management
Some more examples
Wrong P1 P2
Wrong result Harm to patient
calibration
Electrical P1 P2
Wrong result Harm to patient
interference
P1 P2
Use Error Wrong result Harm to patient
15
Holistic Approach for Product Risk Management
Inner and outer chain risk analysis
16
Holistic Approach for Product Risk Management
Grouping the hazardous situations
Wrong P1 P2
Wrong result Harm to patient
calibration
Electrical P1 P2
Wrong result Harm to patient
interference
P1 P2
Use Error Wrong result Harm to patient
17
Holistic Approach for Product Risk Management
Grouping the hazardous situations
Wrong
calibration
P2
Electrical
interference P1 Wrong result Harm to patient
Delayed result
Use Error Voltage exposure
Infectious exposure
Data breach
Noise
Etc… 18
Holistic approach for IVD Risk Management
Example – Technical Risk Assessment (inner chain)
Wrong sample Use Error Air bubbles in sample Wrong Result Measure 1
treatement path leads to Measure 2
C interference on signal PC
P1 = PA PB PC
Holistic Approach for Product Risk Management
Example – Medical Risk Assessment (outer chain)
Severity of harm S
Rationale for probability Wrong treatment can only occur when additional diagnostics fail and the
(based on chain of events leading patients presents atypical symptoms.
to harm and clinical practice)
20
Holistic approach for IVD Risk Management
Example – Risk management report
Probability of Probability of
Severity of Total Probability of
Hazardous situation Hazardous Potential harm Hazardous Situation Final Risk rating
harm harm
Situation Occurring leading to harm
Delayed result
Voltage exposure
Infection exposure
Data breach
Noise
Holistic approach for IVD Risk Management
Summary
Clinical Benefit
Harm, P2, S
Foreseeable
Intended use
misuse
IT security GSPR
Design Usability
review engineering Performance evaluation and Post-market surveillance
pFMEA dFMEA
22
What’s new - ISO 14971 Ed. 3
Closure
23
Doing now what patients need next
Appendix
Risk management and performance evaluation (IVDR)
IVDR Deliverable Interface to risk management Update Device Part of
requirement class.
Performance Evaluation As a general rule, the performance evaluation plan shall include at least: […] as necessary all QMS
Plan - An indication and specification of parameters to be used to determine, based on the state of Assessment
the art in medicine, the acceptability of the benefit-risk ratio for the intended purpose or
purposes and for the analytical and clinical performance of the device
Performance Evaluation The performance evaluation report shall in particular include: […] Class C, D: all Tech. File***
Report - The clinical evidence* as the acceptable performances against the state of the art in Annually
medicine
Post-Market The PMPF plan shall specify the methods and procedures for proactively collecting and as necessary all QMS
Performance evaluating safety, performance and scientific data with the aim of: Assessment
Follow-up Plan (a) confirming the safety and performance of the device throughout its expected lifetime,
(b)identifying previously unknown risks or limits to performance and contra-indications,
(c) identifying and analyzing emergent risks on the basis of factual evidence,
(d) ensuring the continued acceptability of the clinical evidence and of the benefit-risk ratio
referred to in Sections 1 and 8 of Chapter I of Annex I, and
(e)identifying possible systematic misuse.
The PMPF plan shall include at least: […] a reference to the relevant parts of the performance
evaluation report referred to in Section 1.3 of this Annex and to the risk management referred to
in Section 3 of Annex I
Post-Market The conclusions of the PMPF evaluation report shall be taken into account for the performance Class C, D: all Tech file
Performance evaluation referred to in Article 56 and Part A of this Annex and in the risk management Annually
Follow-Up evaluation referred to in Section 3 of Annex I.
Report
Appendix
Risk management and post-market surveillance (IVDR)
IVDR Deliverable Relation to risk management Update Device Part of
requireme class
nt
Post market The post-market surveillance plan shall cover at least […] As all Tech. File
surveillance plan - suitable indicators and threshold values that shall be used in the continuous necessary
reassessment of the benefit-risk analysis and of the risk management as referred
to in Section 3 of Annex I
Post market […] summarizing the results and conclusions of the analyses of the post-market As A, B Tech. File
surveillance report surveillance data gathered as a result of the post-market surveillance plan. necessary
Periodic safety update Throughout the lifetime of the device concerned, that PSUR shall set out: Annually C, D Tech File
report (PSUR) (a) the conclusions of the benefit-risk determination; Class D:
Elec. Sys.
Trend report Manufacturers shall report […] any statistically significant increase in the frequency As all Elec. Sys.
or severity of incidents that are not serious incidents that could have a significant necessary
impact on the benefit-risk analysis referred to in Sections 1 and 5 of Annex I and which
have led or may lead to unacceptable risks to the health or safety of patients, users or
other persons
The manufacturer shall specify how to manage the incidents referred to in the first
subparagraph and the methodology used for determining any statistically
significant increase in the frequency or severity of such events or change in
performance, as well as the observation period, in the post-market surveillance plan
referred to in Article 79.