LOADING
00

Blog

ISO 14791 Quality Management System Guidelines for SaMD Risk Management

Medical device experts who want to learn more about the SaMD risk management approach and its potential applications should use this resource. Your business may improve results throughout the product lifecycle and comply with ISO 14971 with the support of a well-designed and well-executed risk management system.

The famous quote from Benjamin Franklin that reads, “An ounce of prevention is worth a pound of cure,” is accurate. Early problem detection and mitigation are advantageous and may avert expensive design modifications, production hold-ups, and future recalls. Using this reasoning, you can create a culture that values risk management with the same messaging that supports the development of a quality culture.

Quick checklist for conformity with ISO 14971

Before delving into ISO 14971, quickly assess your company. Following the standard will assist you in determining whether your quality management system (QMS) is ready to support risk management operations.

  1. Is your full product lifecycle covered by a defined risk management plan?
  2. Does your risk management file contain documentation of the risk evaluation and residual risk, risk analysis, risk evaluation, and implementation of risk controls?
  3. Do you have proof that risk controls are being implemented and that their effectiveness has been confirmed?
  4. Do you have proof that a residual risk assessment was conducted?
  5. Is there a mechanism in place to update risk management papers regularly after production?

Risk management: what is it?

The practice of detecting and reducing possible risks is known as risk management. When properly executed, the risk management procedure begins concurrently with the design phase to reduce possible risks right away. The procedure covers post-production data evaluation and is carried out throughout the product lifecycle. The latter guarantees that the advantages of the technology continue to exceed the dangers and that, if feasible, any recently discovered risks are reduced.

What SaMD risk management isn’t

The quality department is not capable of handling risk management on its own.

It is not a procedure that can be finished once and then stored away until a regulator requests to see it to verify compliance.

To check a box is not a process that can be added after the design process.

An overview of ISO 14971

The international standard that outlines the application of risk management to medical devices is ISO 14971. In 2000, ISO 14971 was released in its initial edition. The third edition, which is now in use, was published in 2019. To completely integrate the risk process into the product life cycle, the risk management standard has become more and more focused on incorporating risk into the quality management system (QMS). Additional requirements for the post-market risk management process have been incorporated in the most recent edition of ISO 14971, which mandates that manufacturers examine post-market data to more effectively spot possible patterns.

For the medical device industry, ISO 14971 is the gold standard for risk management and serves as the foundation for implementing risk management in subprocesses like device clinical trials. In December 2019, the public was allowed to comment on a draft version of ICH Q9 Quality Risk Management, marking the final regulatory transition to the ISO 14971 standard.

What has been added to ISO 14971:2019?

Increased post-market risk assessment criteria are one of the main ways that ISO 14971:2019 differs from earlier editions. A system for gathering and evaluating product data after it is introduced to the market must be established by manufacturers as part of a device risk management strategy. Some manufacturers have never established these channels for gathering data; thus, figuring out the best approach to obtain device data may need some ingenuity.

In vitro diagnostic devices (IVD) and software as a medical device (SaMD) are expressly mentioned as being covered by ISO 14971. As SaMD gains popularity, these makers must comprehend risk management and know how to include it in their software products.

Important specifications for ISO 14971

The use of similar terminology with somewhat varied definitions throughout ISO 14971 is one element that contributes to its somewhat confusing nature. This section is for you if you find it difficult to separate your risk assessment from your risk evaluation.

Risk analysis: The process of examining a system or design and determining potential risks that could endanger people, property, or even the environment is known as risk analysis. Imagine this as your team gathering around a table and brainstorming every potential risk that might occur, even if it seems insignificant at the time.

Risk estimation: The process of giving the long list of potential outcomes you generated throughout the analysis a numerical value is known as risk estimation. The likelihood of occurrence and the seriousness of the harm are taken into account during the estimating procedure.

Risk: This is the true depiction of the risk estimation for a particular damage, and it can be expressed numerically or as a scale such as low, medium, or high. For instance, an injury that is serious yet has a very low chance of happening can be considered low-risk. This is sometimes referred to as a risk index.

Risk evaluation:  This procedure involves comparing the risk analysis to a list of predetermined standards for risk acceptance. This often produces a document that summarizes the risk assessment.

Risk assessment: Both the risk analysis and the risk evaluation are included in this more thorough paper.

Risk control: At this stage, the entire risk assessment is examined, and actions are taken to bring the risk down to a manageable level.

Risk management: the entire risk-related procedure. The general phrase for all of the many components and subprocesses is risk management.

Risk Management File: The documentation for everything related to risk management, such as estimation, analysis, acceptable risk ranges, mitigations, etc.

ISO 14971 Implementation

Risk management protocols are required for all makers of medical devices. Following the 2019 amendment, it should have been necessary to examine and update existing procedures to bring them up to date with the standard’s requirements. It is fantastic to have processes, but your process will not be able to be fully implemented without support from the organization and a culture that encourages risk management.

Including risk management in the early stages of design controls

Manufacturers attempt to complete all risk management tasks too late in the design controls phase. In addition to limiting risk management’s capacity to enhance your design, this violates ISO 14971 and ISO 13485 standards. Risk management must be implemented early in the design phase.

A QMS’s design controls procedure guarantees that device development is done in a methodical and rigorous way. During the development phase, this procedure confirms that user and regulatory criteria are fulfilled.

It is possible to assess dangerous scenarios early on and, if necessary, minimize them through design choices by including risk management in these early design decisions. Although it is a requirement of ISO 14971, ISO 13485 also directly incorporates it. Section 7.3.3 of ISO 13485 states that one of the inputs for design and development is the results of risk management. Because of this requirement, manufacturers are compelled to carry out risk management procedures during the design stages and utilize the data obtained from those procedures to inform their judgments regarding the device’s appearance and development. Section 1: Plans for risk management

One of the first steps in your design and development process should be creating a risk management plan. The risk management actions that must take place at every stage of the product lifecycle are specified in the risk management plan that is specific to each medical device. In order to ascertain whether the risks are deemed acceptable, the plan must also specify how the hazards associated with the device will be assessed. Although the strategy should be revised regularly, having a strong initial plan can help to reduce future setbacks.

The first section of the strategy serves as a guide for the specific device’s risk management approach, including who, what, where, and when. This will probably take the form of a table in practice, and it will make clear which activities must take place during each design phase and which ones must continue into the post-market phase. In order to prevent confusion later on in the process, it is crucial that the responsibilities for each task are expressly stated.

Although it should be updated regularly, the original plan should specify exactly who is responsible for carrying out each risk management task and when. Particularly for risky actions that compound, time is crucial. For instance, without completing the risk analysis first, the risk estimation cannot be finished.

The application of the method is explained in Part 2 of the risk management plan. It has to have the following components:

Examine the prerequisites for every risk management task. Who is required to carry out the review? What is included in the review? any necessary permissions.

Criteria for risk acceptance: What is the acceptable degree of risk? If the hazard cannot be given a numerical likelihood, how will acceptance be assessed? Note: To maintain the process’s objectivity, these requirements must be established before risk analysis and estimation.

Criteria for accepting residual risk: What is the acceptable level of residual risk? How is residual risk going to be recognized and assessed?

Make a plan to verify the risk controls. How will the implementation of risk controls into the process be confirmed? How will the efficacy of these controls in lowering risk be assessed?

Make a plan to gather and examine post-production data. From which sources will post-production data be collected? How are those data going to be examined? In what way will it contribute to the continuous process of risk management?

Criteria for risk acceptance

To make the risk analysis process as objective as feasible, it is critical to establish the acceptance criteria early in the development phase. Criteria are less likely to be impacted by information gathered during the development process when they are set in the plan at the very beginning of the design process. Quantitative thresholds derived from the computation of a risk index number might serve as criteria. The frequency, severity, and any other metrics used to measure the danger of the possible injury should be used to compute this risk index number. A greater degree of risk is typically allowed at this stage since the risk acceptability criteria will be applied prior to the implementation of any mitigations or risk controls.

Criteria for accepting residual risk

With the exception of how the criteria are applied, the residual risk acceptance criteria and the risk acceptability criteria are fairly similar. Only after risk controls have been implemented can the residual risk acceptance criteria be used. Only any residual risk that is estimated following the completion of all mitigations will be subject to this acceptance criterion. A device’s failure to achieve the residual risk acceptability levels just indicates that the risk needs to be further reduced, if at all possible.

Make a plan to verify the risk controls.

How mitigations will be validated will be specified in a plan for risk control verification. The verification procedure needs to resemble the checks that would be carried out in the event that a design modification was put into effect via the change control procedure.

To make sure that the mitigation did not inadvertently cause problems with another part of the process or design, the verification plan should take into account whether any validation tasks need to be finished. Steps to ascertain whether the mitigation was successful in lowering the likelihood of the harm happening should also be included in the verification strategy. Determining if mitigations were successful can frequently be challenging, but establishing a strategy enables a concentrated effort to record and, if feasible, quantify the process.

It is important to remember that some mitigations may already be planned regardless of the risk assessment procedure, yet they may still qualify as mitigations. For instance, specific information and symbols must be included on the device labeling following rules. This is a well-known rule and expectation, but labels that include warnings can also be seen as a way to lessen certain possible risks.

Make a plan to gather and examine post-production data.

Because it is a more recent need and is receiving a lot more attention in the present regulatory environment, producers may find it difficult to comply with this one.

Customer complaints and the process and product nonconformance system are the traditional avenues for getting input on the risk management procedure. It is anticipated that this will be expanded to include analysis of data from all supply chain levels, information about the state of the art at the moment, and any data that is accessible to the public.

Literature studies, regulatory database searches for recalls, and perhaps creating new avenues for feedback gathering through physician surveys or other comparable instruments should all be part of the post-production information-gathering plan.

Section 2: File for Risk Management (RMF)

Creating your risk management file is similar to creating a technical or design history file. All the proof that you are identifying hazards, mitigating them, and then reevaluating them after mitigations have been put in place is contained in the RMF. In particular, each hazard’s traceability to the related risk analysis, risk evaluation, risk controls, and residual risk assessment must be included in the RMF.

This does not imply that the RMF has to contain all of the related documents in one large file, but it does require that the papers be referenced.

The precise label, typically the document number, must be specified if labeling is being utilized as a risk control measure. References to the document numbers must also be included if any verification or validation reports were produced.

Section 3: Evaluation of risks

Every piece of medical equipment needs a different risk analysis. Although it should not prevent additional device risk analysis, a risk analysis that has already been finished for a comparable device can serve as a starting point.

A cross-functional team should analyze to ensure that all viewpoints are taken into account. This could entail brainstorming at a table or working cooperatively on a shared document from a distance. The device being examined, the people involved, and the analysis’s scope must all be identified and described in your risk analysis. The scope of a new project will probably be quite wide. Since risk analysis is carried out at every stage of the product life cycle, if you are subsequently analyzing a design or process modification, the scope may be extremely limited.

It could be beneficial to begin a risk analysis for a new project using a divide-and-conquer strategy. The team might split up the type and scope of the analysis. For instance, the initial analysis for the intended use and foreseeable misuse may be best suited to staff members who have more experience with the device’s clinical application. Given their familiarity with complaints, recalls, and applicable standards, the quality and regulatory team may be well-suited to examine safety.

The team should collaborate to identify hazardous circumstances after generating an initial list of dangers based on safety attributes, intended usage, and foreseeable abuse. A comprehensive risk analysis necessitates innovative thinking. It is better to include risks and dangerous scenarios that are extremely unlikely at this point rather than leaving them out. It will be simpler to reduce risk and create a better, safer gadget if your risk analysis is thorough.

Resources for Risk Analysis

It may be helpful to refer to publicly accessible data regarding comparable technologies that are currently available on the market when attempting to identify risks and dangerous circumstances. Their public complaint reporting data may contain information that can help you think of hazards you might not have thought of. Later on in the risk estimation process, this knowledge will also be helpful. The dangers listed in Annex C of IS0 14971 are an excellent place to start when creating a comprehensive study.

Risks, dangerous circumstances, and damages

A hazard, as defined by ISO 14971, is “a possible source of injury.” That definition is vague and devoid of context. Only after going more deeply into the standard and the explanatory annexes does it become clear how to differentiate between the terms and their relationships.

The term “hazard” refers to a more general definition of something that is harmful. It is important to remember that a hazard cannot injure someone until there is a trigger event or occurrence, which makes the situation dangerous. Bacterial contamination, for instance, is seen as dangerous. Bacteria by themselves do not pose a threat to the device; nevertheless, if they are not adequately eliminated (the dangerous scenario) prior to being inserted during surgery, the outcome may be a bacterial infection (the injury).

Numerous dangerous conditions and injuries can result from a single hazard. It could be useful to designate each dangerous scenario with a code for traceability documentation at a later time when organizing your risk analysis documentation. An alpha code that indicates the hazard it represents, followed by a sequential number to identify the line item, might be used, for instance, to identify all hazardous conditions related to bacterial contamination. The third dangerous scenario on the list might be A.3, which would make it obvious to document reviewers that it is connected to hazard A.

Risk assessment

Depending on the availability of quantitative data, risk estimation in the risk assessment can be determined qualitatively, quantitatively, or perhaps a combination of both. Additional description in the documentation is not necessary for a quantitative estimate, which is a calculated chance of occurrence. You must specify the meaning of the high, medium, and low-risk categories in your risk management documents if you are utilizing a qualitative method.

It is necessary to apply a risk estimation for every identified dangerous circumstance. Not every dangerous condition can have its risk of harm occurring estimated. In situations such as these, you can easily determine the potential outcomes. Both the likelihood of the harm happening and the seriousness of the harm must be taken into account when estimating the risk. Usually, you will then give that dangerous circumstance a risk index level. This might be assigned a generic category of risk level for a more qualitative system, or it could be computed using an equation.

There must be some kind of data or information to back up any risk assessment, even if it is qualitative. Depending on the hazard being assessed and the frequency of a hazardous event in the industry, these sources can differ significantly. It is simple to get data from publicly accessible event reports or published literature, and it can be highly specific, particularly if a similar device already exists. A device may need to rely more on reports from various pre-market testing and perhaps even clinical trial or usability testing data if it is new and there are no comparable competitive devices.

Another reliable source for risk estimation is consulting with experts; however, be sure that the qualifications of the experts are recorded in your quality system.

This is still the stage of risk estimating, which ignores the acceptability of the determined risk levels as well as the planned risk control strategies.

Section 4: Assessment of Risk

The risk management plan must have clearly defined the acceptable criteria before the risk evaluation can be finished. Comparing the projected risk level to the criteria to see if it passes or fails should be a simple process if the criteria are well-defined.

Do not panic if the risk does not match the acceptability requirements at this point; risk controls can always be implemented. Certain risks might be tolerable in the absence of risk controls, but if at all practicable, you should still implement risk controls to further reduce the risk. Consider it a way to improve the device and more assurance that the risk will not materialize.

Following the implementation and verification of risk controls, the risk evaluation phase will be reviewed.

Section 5: Management of Risk

Once a risk has been recognized, risk control measures can be implemented to lessen the likelihood that the dangerous event will materialize, particularly if it is likely to occur. Depending on the hazardous circumstance, the type of control used might vary greatly. Some examples of such controls include design features, validation, labeling, and training.

According to ISO 14971, risk control procedures must be implemented in a way that prioritizes “inherently safe design and manufacture” in the design and manufacturing process.

This initial layer will cover things like choosing the right materials, making sure that gadgets do not have sharp edges that could pierce a sterile barrier, or other features built into the product to reduce a potential risk. The next layer of control consists of protective elements of the product or in the production process, including quality control checks, product markings, or safety guards. Information for safety, such as labeling, usage guidelines, and user training, constitutes the last layer of control. Because it depends on the user to perform appropriately and the manufacturer lacks adequate control over user behavior to guarantee consistency, this final layer of control is the least effective.

This preference for controls in order of importance makes sense and forces manufacturers to incorporate safety into the equipment instead of attempting to make up for a hazardous gadget later on through workarounds or user training. Once more, the successful implementation of the risk management process depends on the risk assessment being done at the outset of the design process.

Setting up risk controls

Following the identification of the risk management measures that must be put in place to lower risk, they must be verified in addition to being put into practice. Numerous mitigating factors can be verified through the process qualifications and validation that are part of your regular design and development process.

You must consciously record that the mitigation has been put into place for mitigations that are not already being confirmed by another procedure. Additionally, if at all practicable, the effectiveness of the control measure should be verified as part of the verification of that implementation. Every dangerous scenario found during your risk analysis must have documentation of the implementation and verification processes in your risk management file.

Section 6: Assessing the residual risk

Reviewing the situation after risk control measures have been put in place and confirmed is the last step in properly handling a dangerous situation. The risk that still exists for the entire device is taken into account throughout this evaluation procedure, in addition to the specific dangers and dangerous circumstances.

The residual risk will examine the anticipated advantages that the patient or user will experience when the technology is utilized as intended. To ascertain whether the overall device risk is acceptable, the residual risk is compared to the acceptance criteria while keeping the benefits in mind. To reiterate, to preserve some impartiality in the risk evaluation process, these acceptable criteria ought to have been previously outlined in the risk management plan.

By determining the residual risk for every dangerous scenario, adding a statement outlining the total risk-benefit analysis, and noting whether the risk was deemed acceptable, the entire residual risk can be recorded. It is necessary to identify and communicate any serious dangers that are still present. These remaining risks will be noted in your device’s Instructions for Use (IFU) and, if the device is undergoing clinical trials, will also be included in your investigator’s brochure.

What occurs, then, if the total residual risk does not satisfy the acceptable threshold? You can repeat the process of identifying, putting into practice, and confirming risk controls if the remaining risk is unacceptable. Because the risk management process is cyclical, you may always strive to lower the risk levels to a manageable level by going back to a previous step. Alternatively, the design and development will be stopped, and the residual risk will be recorded as unacceptable in the Risk Management File if the results of your risk assessment simply do not indicate that you will be able to sufficiently decrease the risk.

Section 7: Review of Risk Management Compliance

A thorough evaluation of the entire procedure is the final stage of the risk management process that takes place before the release of the product. Your design controls system should incorporate this review as one of the last checkboxes before releasing the device into clinical or commercial production. This procedure, which resembles a process audit, will probably be delegated to the quality or regulatory team.

This last risk assessment will confirm that the risk management strategy, including the procedures for risk management that will take place once the device enters production, has been developed and put into action. Reviewing your systems to ensure that protocols are in place to ensure that post-production risk management tasks are completed should be a part of that deployment. Additionally, this assessment will confirm that the procedures for gathering and analyzing post-production data have been put in place.

This could entail setting up yearly device user surveys, quarterly metric reporting for certain criteria, or other data collection methods. To guarantee that the data from the original devices is recorded, these data collection channels must be established before the production process is started.

The risk evaluation documentation and the conclusion that the residual risk is acceptable will be confirmed by the risk review, which will finish. The documentation, including the Risk Management File, will be examined to verify this. The paperwork is merely being double-checked to ensure that the device risk is acceptable in its current form.

How to manage risks continuously

Information gathering

At this stage, your risk management plan should outline the methods for gathering post-production data. The risk management strategy should be revised regularly if you discover new information sources or discover that previously intended sources of information are not yielding useful data because it is a dynamic document. The following sources should be taken into consideration once more if you need to find fresh data sources:

  • Data from the manufacturing process: Consider data from receiving inspections, in-process nonconformance data, and any regularly conducted production testing.
  • Data from the user of the device: Is it possible to remotely retrieve user data from electronic devices? What about conducting consumer surveys at conferences or including them in the device packaging?
  • Details provided by installation and maintenance staff: are members cleaning and sterilizing gadgets for future use, or are they your employees maintaining sensitive electronic equipment?
  • Data produced by the supply chain: Verify that your distributors are relaying information from their clients; if this data channel is not enabled, you might not be aware that boxes are being damaged during transportation.
  • Scientific publications and regulatory reports that are accessible to the public Data from device incidents might be a treasure trove for your risk analysis procedures. User experience data or comparisons to a rival gadget can be found in scientific publications.
  • Details regarding the current state of the artIndustry publications, technical journals, and conferences will provide this kind of knowledge. Does a design element make more recent competitive gadgets safer? Is it necessary to update your device’s risk acceptability in light of the evolving state of the art?

Review of information

The most challenging aspect of post-production risk management is data collection and establishing established data collection routes. When you have the data and information, you can start with the risk analysis and use it to feed back into the risk management process.

You must set up a procedure for reviewing the data and information on a regular basis and reviewing the risk analysis documents that are currently in place. Escalation triggers must also be incorporated into the review process so that, in the event that alarming data or information is obtained, the risk analysis documents are evaluated right away.

The risk analysis should be reviewed very carefully, for instance, if you have discovered a higher-than-normal level of process nonconformance that might have a detrimental effect on patient outcomes. If recall efforts are necessary, this may also be done in tandem with assessing the hazardous condition.

Your risk analysis team will need to sort through the new information and data for the normal assessment of the post-production data to see if there are any new dangers or dangerous scenarios that were not previously noted in your risk analysis. They must also ascertain whether any fresh data indicates that the recorded risk assessment might not be correct. For instance, the estimate must be updated and the residual risk must be reassessed if the rate of a certain surgical complication associated with the device is higher than anticipated.

Examine the results.

It is necessary to document and add the reviewed risk management input data to the risk management file. Any choices or actions that were made must be included in this record, which can be done through meeting minutes, a review form, or other means. Any updated versions of the risk assessment documents, such as the analysis, estimation, controls, and residual risk evaluation, will also be included in the documentation. If advancements in the field suggest that the criteria for risk acceptability should be modified, or if additional modifications to the plan are required, the risk management strategy could also need to be revised.

You should then use the results of this review process as an input in your management review process. Although it need not include every detail and minutiae of the risk assessment process, management will utilize this information to assess if the method is appropriate and effective.

A cycle of risk management

The risk management procedure is cyclical, and regular review tasks must be carried out for the duration of the device’s life. As the gadget becomes available for purchase, it is anticipated that the burden of risk management would lessen. Revisions to the risk assessment will become less frequent once the device has been on the market for a few years and incident rates have stabilized. New device data and information shortly after product launch will lead to more frequent revisions.

Every new device will require the creation of a new risk management file and plan. Each device must have its file with clear traceability, but if an existing device is similar, the risk management records for that device can be used as a starting point. To spread the load, it could be better to space out the regular review procedures for every device.

Complying with ISO 14971 successfully

With its stringent criteria, ISO 14971 appears to be a significant load on the quality and regulatory departments. Better device design and safety, which leads to fewer device nonconformances and device field events, could lessen the quality and regulatory load of the process, provided it is well executed.

Once your ISO 14971 implementation is complete, simply continue because ISO 13485:2016 also mandates that risk be taken into account throughout the quality management system. It is time to embrace risk management and use the process to provide a net benefit rather than just another regulatory obstacle to overcome, as regulators continue to place a greater emphasis on continuing risk management efforts. Make an effort to create a corporate culture that values risk management. To help with overall compliance, risk management can be utilized as a strategy to prioritize ever-increasing workloads.

You might wish to look into ICH Q9 if you are searching for resources to aid in the risk analysis process. Despite being aimed toward pharmaceutical companies, it provides useful tools like fault tree analysis to aid in the actual risk analysis process. For a fully integrated risk management process, it also provides recommendations for integrating risk management into your quality system.