Forum

Notifications
Clear all

Discussion Topic: Risk Management, Risk Analysis

31 Posts
31 Users
0 Likes
3,380 Views
 Josh
(@orleron)
Posts: 95
Trusted Member Admin
Topic starter
 

It is important to understand the process of Risk Management which includes Risk Analysis and how this is a living process that flows throughout the entire medical device development process. For more training on this, I recommend this course on medical device Risk Management.

The hint is in that link. What is the major ISO regulation governing Risk Management and what are its major requirements for a medical device company? There are some key things that each company must set up in order to be considered to have a risk management process.

Spiral Medical Development
www.spiralmeddev.com

 
Posted : 29/10/2016 7:05 am
 sdl3
(@sdl3)
Posts: 12
Active Member
 

The ISO14971 regulation directly involves Risk management. A few of the requirements are to have risks identified and documented, a risk management plan, and risk control. These can be in the form of documents, policies, and procedures that the company must follow to ensure quality product is delivered to the customer and that employees are safe in producing them.

In my company we have many documents that are part of the Quality Management System. They are also reviewed each time a new product or process is implemented for due diligence within the organization. We recently have been moving to update our risk management plans to make them easier to use.

 
Posted : 10/11/2016 3:54 am
(@kc377)
Posts: 8
Active Member
 

The ISO 14971 regulation lays out an entire risk management framework for medical devices. Regardless of what country you are manufacturing your devices in, they all view this ISO guideline as acceptable for risk management processes. There are many topics covered in this document, but overall I believe it is useful for identifying your hazards/ricks, evaluating these risks, and developing monitoring systems for risk controls. It's important for your company to have a risk management framework, so that you are prepared to deal with anything that comes your way. This includes an entire process for risk management, establishing roles and responsibilities so everyone knows what they are in charge of, documentation of plans and establishing risk managing files that are continually changing.

Kaitlin Connell

 
Posted : 14/11/2016 11:33 am
(@jk299)
Posts: 19
Active Member
 

A search revels
"ISO 14971 is an ISO standard for the application of risk management to medical devices.The ISO Technical Committee responsible for the maintenance of this standard is ISO TC 210 working with IEC/SC62A through Joint Working Group one (JWG1). This standard is the culmination of the work starting in ISO/IEC Guide 51"

this is a standard acceptable in countries around the world, this is a system of risk management that builds. and its purpose is to
Establish a process to manage and control the risks associated with your organization’s medical devices. Document your organization’s medical device risk management process.
Apply your risk management process to your organization’s medical devices.
Maintain your risk management process for every medical device throughout its entire life-cycle.

http://www.praxiom.com/iso-14971.htm

ISO Catalogue: Medical devices -- Application of risk management to medical devices
http://www.iso.org/iso/catalogue_detail.htm?csnumber=53940

 
Posted : 14/11/2016 4:47 pm
(@kbs27)
Posts: 10
Active Member
 

Risk management is the process of combining a risk assessment with decisions on how to address that risk, and doing so in ways that consider the technical and social aspects of the risk assessment. Risk management is part of a larger decision process that considers the technical and social aspects of the risk situation. Risk assessments are performed primarily for the purpose of providing information and insight to those who make decisions about how that risk should be managed. Judgment and values enter into risk assessment in the context of what techniques one should use to objectively describe and evaluate risk. Judgment and values enter into risk management in the context of what is the most effective and socially acceptable solution.

 
Posted : 17/11/2016 9:47 am
(@jtl27)
Posts: 15
Active Member
 

As I understand it, dealing with risk is split up into three different categories:

Risk Analysis: Risk analysis is simply a definition of risk. Basically, if we do x, y and z may occur.
Risk Assessment: If y and z do occur, what security do we have in place to make sure y and z are taken care of in an efficient manner.
Risk Management: Risk Management is the execution of in-play risk assessment security in addition to modified actions to resolve current and future threats to the company.

Anything else?

 
Posted : 18/11/2016 11:42 am
(@yiming-cheng)
Posts: 11
Active Member
 

Some key points of ISO 14971:
RISK - combination of the probability of occurrence of harm and the severity of that harm
HAZARD - potential source of harm
HAZARDOUS SITUATION - circumstance in which people, property, or the environment are exposed to one or more hazard(s)
HARM - physical injury or damage to the health of people, or damage to property or the environment
SEVERITY - measure of the possible consequences of a hazard
RISK ANALYSIS - systematic use of available information to identify hazards and to estimate the risk
RISK ESTIMATION - process used to assign values to the probability of occurrence of harm and the severity of that harm
RISK EVALUATION - process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk
RISK ASSESSMENT - overall process comprising a risk analysis and a risk evaluation
RISK CONTROL - process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels
RESIDUAL RISK - risk remaining after risk control measures have been taken

 
Posted : 18/11/2016 1:18 pm
(@merzkrashed)
Posts: 123
Estimable Member
 

A key for each medical device company is: Keeping up with changes to ISO 13485:
" specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements."

Also:

ISO 14971 specifies a process for a manufacturer to identify the hazards associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
Medical device companies must have established risk management processes that comply with ISO 14971.

Some keys for each company to set up a risk management process:
they must come up with list of risks, then apply Risk analysis method:
(for example) FMECA=Failure Mode, Effects and Criticality Analysis, then they must come up with a planned solution to handle each risk, or APQP= Advanced Product Quality Planning and Control

finally they must check the effectiveness for each solution (measurement).

https://www.iso.org/standard/59752.html

 
Posted : 13/11/2017 8:13 am
(@asimbana)
Posts: 61
Trusted Member
 

ISO 14971 regulation is directly co-related to with Risk Management, a system implemented to identify hazards and initiate a preventative action to ensure the medical device meets the regulatory requirements. Risk management revolves between a Risk Analysis procedure and FMECA to ensure the device does not cause potential harm. Within Risk Management it also enforces the company of the said medical device to keep track of all complaints to ensure that it does not initiate a CAPA. Risk Management is worked parallel with design controls and is attached to the DHF, however can be edited and placed with the DMR when it comes to monitoring the device post production.

 
Posted : 13/11/2017 9:50 am
(@amandaally1029)
Posts: 40
Trusted Member
 

Risk Management is required by the ISO 14971, and must be completed by the company. The company will go through the cycle of assessing, evaluating, managing, and then measuring the risks. The company is responsible for taking all aspects of the product into consideration for risk analysis, such as the product itself, the design, and the manufacturing process. For each part of the cycle (assess, evaluate, manage, measure) comes with specific methods on how to develop a solution for each risk listed. For instance, once you come up with a list of risks, you must evaluate them using FMECA, and then manage them either by avoidance, mitigation, acceptance, or transference.

 
Posted : 13/11/2017 10:25 am
 aaq2
(@aaq2)
Posts: 38
Eminent Member
 

Risk management regulation is based on safety, quality and efficacy.
It requires that the company creates a risk management policy that includes planning of risk management, risk analysis, risk evaluation, risk controls, overall residual risk acceptability, risk management report and production and post production information

 
Posted : 15/11/2017 3:06 pm
(@thuytienlecao)
Posts: 72
Trusted Member
 

I agree with other about the ISO 14971 and Yiming Chen about the key terms. I would like to elaborate on the major phases of the risk management process aligning with ISO 14971 standard (Adding on to @jtl27's comment). Major phases: risk analysis, risk evaluation, risk control, residual risk evaluation, risk/benefit analysis, evaluation of overall residual risk acceptability, risk management report, production&post-production.
1. Risk analysis: Define scope --> specify the intended use --> identify hazards and hazardous situations --> estimate risk. Risk=severity x occurrence
2. Risk evaluation: deciding which risks are acceptable/unacceptable
3. Risk control: reduce and mitigate unacceptable risks by considering product design, protective measures, labelings
4. Residual risk evaluation: re-evaluate the resulting risks, re-estimate risks from implemented risk controls.
5. Risk/benefit analysis
6. Evaluation of overall residual risk acceptability: evaluate the entire device in all situations, not just hazardous situation.
7. Risk management report: summarize risk activities.
8. Production and post-production: keep risk management records up to date.

Reference: https://blog.greenlight.guru/iso-14971-medical-device-risk-management

 
Posted : 18/11/2017 7:44 am
(@gaberuiz13)
Posts: 35
Eminent Member
 

The major ISO regulation governing Risk Management for medical device companies is ISO14971. According to the link, the major requirements for a medical device company has to follow is to construct a Failure Mode and Effect Analysis (FMEA) and a Fault-Tree Analysis (FTA). With these documents, the aim is to have the company provide a risk management plan in order to define, evaluate, and control the risks of the medical device in question. With the risk management plan, a company has to define each risk and assess the severity of that risk with the frequency of that risk mapped out. With this, the regulation organizations an the company itself can view the risk of taking a project and if it is viable based on those criteria. In addition to that, it is the company's responsibility to keep this record up to date should any changes or unforeseen risks arise.

 
Posted : 18/11/2017 8:52 am
(@alexandrabuga)
Posts: 149
Estimable Member
 

As many have stated ISO 14971 is the major ISO regulation governing Risk Management.I agree with @thuytienleco that the major phases include: risk analysis, risk evaluation, risk control, residual risk evaluation, risk/benefit analysis, evaluation of overall residual risk acceptability, risk management report, production& post-production. I also found an article that goes into 5 tips in managing Risk Management:

1. Get a copy of the latest version of ISO 14971
2. Establish a Risk Management Policy and Procedure for your Company
3. Keep the severity, probability, and risk levels simple
4. Use risk management as a tool during design & development
5. Use risk management as a tool after design & development

I think #3 is a helpful hint to keep it simple and use 3 - 5 levels for severity and probability. As Dr. Simon mentioned in lecture, its important to use risk management as a tool during the design and development. For example, you should think of the potential hazards and hazardous situations and this assessment should be considered and influence the design inputs and this will also come into play for design outputs, verification/validation. I also think its important to stress the importance that the risk management document should be used/treated as a living document. So even when the development process is completed it should still be used as a tool after design and development. So you can keep a living document of production and post-production occurrences including CAPAs, complaints, etc.

https://blog.greenlight.guru/introduction-to-medical-device-risk-management

 
Posted : 18/11/2017 12:22 pm
 ec52
(@ec52)
Posts: 72
Trusted Member
 

ISO 14971 is the standard well recognized by FDA and other regulatory agencies around the world for Risk Management. Some of the key aspects required to comply with ISO 14971 and therefore to be considered to have a risk management process are:

Establish a risk management plan (RMP): the plan will define upfront the process (during development and post market) how risks of the product will be identified and controlled. For example, the plan will include types of risk analysis tools to be used (e.g. FMECA, FMEA), risk criteria (e.g. severity and probability of occurrence of harm ratings), acceptability of risks, and benefit-risk analysis requirements.

Perform risk assessments: Using the information from the RMP these are the actual risk assessments that take place assessing risks related to design, manufacturing, and/or use of the product. These assessments include identification of hazards and root cause, risk estimation, and risk control measures that reduce risks to an acceptable level based on the company's risk acceptability criteria.

Establish a risk management report: The report documents the risk management process has been followed according to the RMP and will include key aspects such as; summary of the risks identified in the risk assessments, benefit-risk analysis, evaluation of the overall risk acceptability, and documents that mechanisms are in place such as CAPAs, complaints, customer feedback, etc. that feed into risk management process.

 
Posted : 18/11/2017 7:33 pm
Page 1 / 3
Share: