Risk Management and EN ISO 14971, what Medical
Risk Management and EN ISO 14971, what Medical Device Manufacturers need to know about European Expectations for Risk Management Suzanne Halliday Copyright © 2013 BSI. All rights reserved. This Presentation 1. ISO 14971:2007 2. Risk Management – European Requirements 3. EN ISO 14971:2012 – Content Deviations 4. BSI Audits Copyright © 2012 BSI. All rights reserved. 2 ISO 14971:2007 Copyright © 2012 BSI. All rights reserved. 3 Risk • Combination of the probability of occurrence of harm and the severity of that harm Asteroid hitting the earth Probability = low Severity = high Overall risk? Copyright © 2012 BSI. All rights reserved. Epilation due to adhesive bandage removal Probability = high Severity = low Overall risk? 4 Risk Management • Systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, controlling and monitoring risk Update Analyse Risk Benefit Analysis Evaluate Control Copyright © 2012 BSI. All rights reserved. 5 ISO 14971 – Main body (Clauses 1-3) 1 2 3 Scope Terms and definitions General requirements for risk management 3.1 Risk management process Copyright © 2012 BSI. All rights reserved. 6 ISO 14971 – Main body (Clauses 1-3) 1 2 3 Scope Terms and definitions General requirements for risk management 3.1 Risk management process 3.2 Management responsibilities Copyright © 2012 BSI. All rights reserved. 7 ISO 14971 – Main body (Clauses 1-3) 1 2 3 Scope Terms and definitions General requirements for risk management 3.1 Risk management process 3.2 Management responsibilities 3.3 Qualification of personnel Copyright © 2012 BSI. All rights reserved. 8 ISO 14971 – Main body (Clauses 1-3) 1 2 3 Scope Terms and definitions General requirements for risk management 3.1 Risk management process 3.2 Management responsibilities 3.3 Qualification of personnel 3.4 Risk management plan Copyright © 2012 BSI. All rights reserved. 9 ISO 14971 – Main body (Clauses 1-3) 1 2 3 Scope Terms and definitions General requirements for risk management 3.1 Risk management process 3.2 Management responsibilities 3.3 Qualification of personnel 3.4 Risk management plan 3.5 Risk management file Copyright © 2012 BSI. All rights reserved. 10 ISO 14971 – Main body (Clauses 4-9) Clause 4: Risk analysis Clause 9: Postproduction information Clause 5: Risk evaluation Clause 8: Risk management report Clause 6: Risk control Clause 7: Residual risk evaluation Copyright © 2012 BSI. All rights reserved. 11 ISO 14971 – Overview of Annexes Annex A (informative) Rationale for requirements Copyright © 2012 BSI. All rights reserved. 12 ISO 14971 – Overview of Annexes Annex A Annex B (informative) Rationale for requirements (informative) Overview of the risk management process for medical devices Copyright © 2012 BSI. All rights reserved. 13 ISO 14971 – Overview of Annexes Annex A Annex B Annex C (informative) Rationale for requirements (informative) Overview of the risk management process for medical devices (informative) Questions that can be used to identify medical device characteristics that could impact on safety Copyright © 2012 BSI. All rights reserved. 14 ISO 14971 – Overview of Annexes Annex A Annex B Annex C Annex D (informative) Rationale for requirements (informative) Overview of the risk management process for medical devices (informative) Questions that can be used to identify medical device characteristics that could impact on safety (informative) Risk concepts applied to medical devices benefit estimation risk control qualitative analysis “as low as reasonably practicable” ... probability Copyright © 2012 BSI. All rights reserved. 15 ISO 14971 – Overview of Annexes Annex A Annex B Annex C Annex D Annex E (informative) Rationale for requirements (informative) Overview of the risk management process for medical devices (informative) Questions that can be used to identify medical device characteristics that could impact on safety (informative) Risk concepts applied to medical devices (informative) Examples of hazards, foreseeable sequences of events and hazardous situations Copyright © 2012 BSI. All rights reserved. 16 ISO 14971 – Overview of Annexes Annex F (informative) Risk management plan Copyright © 2012 BSI. All rights reserved. 17 ISO 14971 – Overview of Annexes Annex F Annex G (informative) Risk management plan (informative) Information on risk management techniques PHA FTA FMEA HACCP HAZOP Copyright © 2012 BSI. All rights reserved. 18 ISO 14971 – Overview of Annexes Annex F Annex G Annex H (informative) Risk management plan (informative) Information on risk management techniques (informative) Guidance on risk management for in vitro diagnostic medical devices Copyright © 2012 BSI. All rights reserved. 19 ISO 14971 – Overview of Annexes Annex F Annex G Annex H Annex I (informative) Risk management plan (informative) Information on risk management techniques (informative) Guidance on risk management for in vitro diagnostic medical devices (informative) Guidance on risk analysis process for biological hazards Copyright © 2012 BSI. All rights reserved. 20 ISO 14971 – Overview of Annexes Annex F Annex G Annex H Annex I Annex J (informative) Risk management plan (informative) Information on risk management techniques (informative) Guidance on risk management for in vitro diagnostic medical devices (informative) Guidance on risk analysis process for biological hazards (informative) Information for safety and information about residual risk Copyright © 2012 BSI. All rights reserved. 21 Risk Management – European Requirements Copyright © 2012 BSI. All rights reserved. 22 Medical Devices – European Regulatory Requirements Benefits Risks Risks Benefits Copyright © 2012 BSI. All rights reserved. 23 The Medical Device Directives – Where is ‘Risk’? MDD 93/42/EEC “Risk” Essential Requirements: 1 2 6 7.2, 7.4, 7.5, 7.6 8.1, 8.6 9.2, 9.3 11.2, 11.4 12.1, 12.5, 12.6, 12.7 13.5, 13.6 41 Copyright © 2012 BSI. All rights reserved. AIMDD 90/385/EEC Essential Requirements: 1 5 8 9 10 11 15 18 IVDD 98/79/EC Essential Requirements: A–1 2 B – 1.2 2.1, 2.2, 2.5, 2.7 3.2, 3.3, 3.4 5.3 6.2, 6.3, 6.4 7.1 8.6, 8.7 24 24 EN ISO 14971:2012 • European harmonised standard for Risk Management • Allows the presumption of conformity to MDD, AIMD, and IVD • Published July 2012 & harmonised as of 30 August 2012. Copyright © 2012 BSI. All rights reserved. 25 Copyright © 2012 BSI. All rights reserved. • The previous version of the European Harmonised Standard • Obsolete as of 30 August 2012 EN ISO 14971:2012 • The current International Standard EN ISO 14971:2009 ISO 14971:2007 What is the difference? • Changes within Foreword & Annex Zs only • No change to requirements (Normative Text) • i.e. clauses or requirements of the standard are exactly the same 26 Why was EN ISO 14971:2012 created? • A solution to formal objections raised by Swedish Competent Authority & European Commission on the harmonised status of a number of European Standards • Revision of Annex Z’s was made to provide greater clarity on applicability & alignment of ISO 14971 clauses with requirements of AIMDD, MDD & IVDD Copyright © 2012 BSI. All rights reserved. 27 Example – EN ISO 14971:2012 Annex ZA (MDD) • “Explains to which requirements, under which conditions and to what extent presumption of conformity can be claimed.” Copyright © 2012 BSI. All rights reserved. 28 EN ISO 14971:2012 – Content Deviations Copyright © 2012 BSI. All rights reserved. 29 EN ISO 14971:2012 – Content Deviations Essential Requirements (ERs) Impacted Deviation MDD AIMDD IVDD 1 – Treatment of negligible risks 1, 2, 6, 7.1 1, 5, 9 A.1, A.2, B.1.1 2 – Discretionary power of mfr as to acceptability of risks 1, 2, 6, 7.1 1, 5, 9 A.1, A.2, B.1.1 3 – Risk reduction “as far as possible” vs. “as low as reasonably practicable” 1, 2, 6, 7.1 1, 5, 6, 9 A.1, A.2, B.1.1 4 – Discretion as to whether a risk-benefit analysis needs to take place 1, 6, 7.1 5&9 A.1 & B.1.1 5 – Discretion as to the risk control options / measures 2 & 7.1 - A.2 & B.1.1 6 – Deviation as to the first risk control option 2 & 7.1 - A.2 & B.1.1 7 – Information of the users influencing the residual risk 2 & 7.1 - A.2 & B.1.1 Copyright © 2012 BSI. All rights reserved. 30 Deviation No. 1 MDD (AIMD) IVD ‘...all risks, regardless of their dimension, need to be reduced as much as possible (and need to be balanced, together with all other risks, against the benefit of the device).’ ‘D.8.2 ...the manufacturer may discard negligible risks.’ ISO 14971 Copyright © 2012 BSI. All rights reserved. 31 Deviation No. 3 ‘....risks to be reduced "as far as possible" without there being room for economic considerations.’ MDD AIMD IVD ‘3.4 & D.8 …contains the concept of reducing risks "as low as reasonably practicable.” ISO 14971 The ALARP concept contains an element of economic consideration.’ Copyright © 2012 BSI. All rights reserved. 32 Have all risks been reduced as far as possible? Extent of damage 10 9 8 7 Probability of occurrence 6 5 4 3 There must another step – ALARP concept cannot be applied in isolation, risks must be reduced as far as possible Copyright © 2012 BSI. All rights reserved. 2 1 1 2 3 4 5 6 7 8 9 10 33 Have all risks been reduced as far as possible? There must another step – ALARP & Broadly Acceptable do not meet the requirements of the Directives. Copyright © 2012 BSI. All rights reserved. 34 Deviation No. 2 MDD (AIMD) IVD ‘....all risks have to be reduced as far as possible (and that all risks combined, regardless of any "acceptability" assessment, need to be balanced, together with all other risks, against the benefit of the device).’ ‘5, 6.4, 6.5 & 7 ...manufacturers have the freedom to decide upon the threshold for risk acceptability.’ ‘D.6.1 …only nonacceptable risks have to be integrated into the overall risk-benefit analysis.’ ISO 14971 Copyright © 2012 BSI. All rights reserved. 35 Deviation No. 4 MDD AIMD (IVD) ‘....an overall risk-benefit analysis must take place in any case, regardless of the application of criteria established in the management plan of the manufacturer....(and requires undesirable side effects to "constitute an acceptable risk when weighed against the performance intended“).’ ‘6.5 ...an overall riskbenefit analysis does not need to take place if the overall residual risk is judged acceptable when using the criteria established in the risk management plan. ISO 14971 D.6.1 "A risk/benefit analysis is not required by this International Standard for every risk.“’ Copyright © 2012 BSI. All rights reserved. 36 Has a risk benefit analysis been conducted for all risks? Frequent Probable Occasional 2 6 Conduct Risk v Benefit 4 Acceptable 3 Remote Consider Risk v Benefit 3 Improbable 2 There must be a risk benefit analysis for all risks and an overall risk benefit analysis Copyright © 2012 BSI. All rights reserved. 37 Deviation No. 5 ‘....”to select the most appropriate solutions”.....by applying cumulatively what has been called "control options” or "control mechanisms" in the standard.’ MDD IVD ‘6.2 ...obliges the manufacturer to "use one or more of the following risk control options in the priority order listed.’ ‘6.4 …indicates that further risk control measures do not need to be taken if, after applying one of the options, the risk is judged acceptable according to the criteria of the risk management plan.’ ISO 14971 Copyright © 2012 BSI. All rights reserved. 38 Deviation No. 6 ‘..."eliminate or reduce risks as far as possible (inherently safe design and construction)".’ MDD IVD ‘6.2.... obliges the manufacturer to "use one or more of the following risk control options in the priority order listed: (a) inherent safety by design (b) protective measures (c) information …" without determining what is meant by this term.’ ISO 14971 Copyright © 2012 BSI. All rights reserved. 39 Have risks been designed out if possible? Part Number 7 5 35 IFU instructs not to cut mesh and not to place sutures closer than 5mm to edge Updated Rating RPN Revision Risk Reduction Action PRO Failed repair Initial Rating SEV Design of mesh / cutting edge System Effect RPN Suture pulls out on the edge Local Effect PRO Cause of Failure SEV Mesh Failure Mode 7 3 21 Risks must be designed out if possible. All risk control options must be applied until risks have been reduced as much as possible and any additional control option(s) do not improve the safety Copyright © 2012 BSI. All rights reserved. 40 Deviation No. 7 ‘....users shall be informed about the residual risks. This indicates that....the information given to the users does not reduce the (residual) risk any further.’ MDD IVD ‘2.15 & 6.4 …residual risk is defined as the risk remaining after application of risk control measures.’ ‘6.2 …regards "information for safety" to be a control option.’ ISO 14971 Copyright © 2012 BSI. All rights reserved. 41 Have residual risks been incorrectly reduced? Device IFU warning RPN 12 PRO 3 Updated Rating SEV 4 Risk Control RPN Death Initial Rating PRO Emboli Effect SEV Implant Failure Mode 4 1 4 A warning does not reduce the probability of occurrence of an emboli. Copyright © 2012 BSI. All rights reserved. 42 BSI Audits Copyright © 2012 BSI. All rights reserved. 43 Conformity Assessment Quality System External Resource n=70 Americas n=50 EMEA n=40 AsiaPacific Microbiologist n=20 Copyright © 2012 BSI. All rights reserved. Technical Specialist n=80 44 BSI Audit – Key Questions • Are you aware of EN ISO 14971:2012? How are you ensuring you meet the directive requirements? • Have you reviewed your existing Risk Management files, if needed? Is there a plan in place to do so? Copyright © 2012 BSI. All rights reserved. 45 BSI Audit – Key Questions • Have all risks been reduced as far as possible? • Has a risk benefit analysis been conducted for all risks? • Have all risks been designed out if possible? • Have risks been incorrectly reduced by warnings placed on IFUs or provided in training? Copyright © 2012 BSI. All rights reserved. 46 Questions? Copyright © 2012 BSI. All rights reserved. 47
© Copyright 2024