The organization is required to define, plan, establish, document, and maintain one or more processes for risk management activities that will cover the entire realization processes of the medical device and refer to all phases of the life-cycle of the medical device. The definition of the ISO 13485 Standard for risk management is: a systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling, and monitoring risks. Successful implementation of the risk management system would obtain for the organization a systematic method for identifying risks, evaluating and controlling them, and, where needed (and defined in advance), eliminating or reducing them. Clause 7.1 initiates the harmonization of two management systems—the integration of the risk management system in the processes of the quality management system. Since risk management relates to the realization processes (among other phases in the life-cycle of the medical device), a reference needs to be included in the quality plan. The issue is regarded as any other realization activity: storage, packaging, or transportation. The quality plan shall indicate how those risk management activities are integrated in the planning of the product realization—risk management plan, risk management file, risk management report, and the integration of their outputs in the work processes.
Reference to the ISO 14971 Standard
The 13485 Standard refers us to the ISO 14971 Standard—Medical devices—Application of risk management to medical devices. This standard presents requirements for manufacturers in the medical device industry for the application of a systematical risk management system to manage the risks associated with the use of medical devices. I support the implementation of those standard requirements and the establishment of a risk management system according to this standard. The sheet here is too short to explain each requirement of the ISO 14971 Standard, but I will review the main principles and their reference to the planning of product realization according to the ISO 13485 Standard.
Risk management process
As mentioned above, the organization is to define, plan, establish, document, and maintain one or more processes for risk management that will cover the entire realization processes of the medical device. A risk management system as required in ISO 14971, though, shall refer to all phases of the lifecycle of the medical device. The goal of the process of risk management is to identify risks that the medical device may pose to the user, identify those medical devices characteristics that generate these risks, determine the relevant safety characteristics for the medical device, and control their implementation during the realization process. The process shall be suitable for the type and category of the medical device and the environments in which it is used. In other words, the methods and techniques for analyzing and evaluating the risks and the criteria that are used for the evaluation shall be appropriate to the medical device and be practical and feasible to the realization processes.
Risk management plan
For each particular medical device, the organization shall maintain a risk management plan. The objective of the plan is to provide a structural program for conducting risk management activities, making sure that no activity will
be forgotten or conducted incorrectly. The reason that each particular medical device needs a designated plan is that each type of medical device has other requirements and activities. In other words, the plan and its content shall be adjusted to the level of risk associated with the medical device. In the book I review the principles of the risk management plan and specify its expected contents.
Risk analysis
As mentioned, risk analysis refers to a systematic use of available information to identify hazards that are generated through the use of the medical device in both normal and fault conditions and to estimate and evaluate these situations. Risk analysis examines different sequences of events relevant to the intended use of the medical device that can produce hazardous situations and harm to the user or the patient. The process of risk analysis is fully reviewed in the book.
Risk evaluation
After concluding the risk analysis, the next step will be risk evaluation— comparing the estimated risks against given risk criteria to determine the acceptability of the risk. The output of the evaluation is the decision whether a risk reduction is required. The criteria may come from applicable standards, data from use of other medical devices, clinical study data, best practices, technical standards, regulatory requirements, or results of accepted scientific research. The organization shall adopt an appropriate method for conducting the evaluation—a method that will provide it with suitable and adequate results specific to a product and its particular intended use.
Risk controls
After completing the risk evaluation and deciding upon the risks that must be addressed, it is time to develop the risk controls—methods, processes, operations, and activities for mitigating, reducing, and controlling the risks. The goal of the risk control measures is to reduce the severity of the harm or reduce the probability of occurrence of the harm to an acceptable level, or both. This is done through development of systems, measures, or activities that prevent hazardous situations from arising. This is why the controls shall be developed with reference to the criteria that were used to evaluate the risks. I am providing a method for developing risk controls in the QMS.
Other issues that are discussed and reviewed in the book:
- Evaluating residual risks
- Risk management review and report
- Risk management file – principles, structure and format
- Production and postproduction information
- Relation between the quality plan and the risk management process
This webpage contains only a fragment of the chapter 7 – Product realization from the book:ISO 13485:2016: A Complete Guide to Quality Management in the Medical Device Industry, Second Edition published by:
Comments are closed.