4 Two Hump Diagram + Typical Stages of Design ProductLaunch510(k)ConceptPhaseFeasibilityPhaseDevelopmentPhasePilotPhaseReleasePhaseDesign TransferDHFBegins
5 When to Start a DHF? After the design plan has been developed Upon approval of the design projectIt’s not uncommon to start a DHF late and to retroactively assemble the file from documents that were already created in team meetings.
7 Each Gate is a Design Review Meeting 5 or 6 Phase Gates7.3.1 – Design Plan Approval7.3.2 – Design Inputs Approval7.3.3 – Design Outputs Approval7.3.5 & / 1st in Humans Study ApprovalPilot Launch ApprovalCommercial Launch ApprovalEach Gate is a Design Review MeetingClause 7.4ISO Clauses Referenced
8 Design Reviews ISO 13485, Clause 7.3.4 Reviews shall… Be systematic and according to design planEvaluate ability of design & development to meet requirementsIdentify problems and propose necessary actionsInclude participants representing various functions of the design team from that stageResults and necessary actions shall be recordedInclude a reviewer not involved in that stage (21 CFR e)
9 Design Planning ISO 13485, Clause 7.3.1 The plan shall… Define stages of design & developmentDefine the review, verification, validation & transfer activities for each stageDefine responsibilities & authoritiesManagement shall manage interfacesDocument planning output and update as neededConceptPhase
11 Input Output Verification Validation Also called a Design Requirements Matrix
12 Risk Management / Design Controls Clause 7.3.2e) of ISO states that Risk management shall be an Input into Design & DevelopmentClause 6.3 of ISO requires verification of effectiveness of risk controlsClause 6.7 of ISO requires verification of completeness of risk controls
13 Risk Management File ISO 14971, Clause 3.5 File for each medical deviceThe risk management file shall provide traceability for each identified hazard to:the risk analysisthe risk evaluationthe implementation and verification of the risk control measuresthe assessment of the acceptability of any residual risk(s)The records and other documents that make up the risk management file can form part of other documents and files required. Should contain at least references to all required documentation.The risk management file can be in any form or type of medium.
15 Risk Management Plan ISO 14971, Clause 3.4 (See Annex F for Example) The plan shall include at least the following:the scope of the planned risk management activities, identifying and describing the medical device and the life-cycle phases for which each element of the plan is applicableassignment of responsibilities and authoritiesrequirements for review of risk management activitiescriteria for risk acceptability, based on the manufacturer's policy for determining acceptable risk, including criteria for accepting risks when the probability of occurrence of harm cannot be estimatedverification activitiesactivities related to collection and review of relevant production and post-production informationFor each risk management plan the manufacturer should choose appropriate risk acceptability criteriaMay implement a matrix indicating which combinations of probability of harm and severity of harm are acceptable or unacceptableThe risk management plan is part of the risk management fileRecord of the changes shall be maintained in the risk management filePlan developed in accordance with the risk management process.Refer to Annex F for guidance on developing a risk management plan.Risk acceptability criteria determined according to manufacturer’s policy (based upon applicable regulations and International Standards, accepted state of the art, and known stakeholder concerns)
16 Hazard Identification ISO 14971, Clause 4.3Documentation on known and foreseeable hazards associated with the medical device in both normal and fault conditionsMaintained in the risk management fileAnnex C, Annex E, Previous Risk Analysis & TPLC Database (
17 Risk Assessment Tools ISO 14971, Annex G Preliminary Hazard Analysis Fault Tree Analysis (FTA)Failure Mode & Effects Analysis (FMEA)Hazard & Operability Study (HAZOP)Hazard Analysis and Critical Control Point (HACCP)
19 Problems with dFMEABottom-up approach doesn’t facilitate complaint investigationsRPN scores encourage prioritization of risk controls that deviates from MDD (EN ISO 14971:2012)No traceability to specific IFU Warnings & Precautions
21 Integration of Risk Activities with Design Phases Risk ControlOption AnalysisHazardIdentificationRisk ControlEffectivenessVerificationRisk ManagementReportRiskAssessmentRiskManagementPlanRisk / BenefitAnalysisRDProductLaunch510(k)ConceptPhaseFeasibilityPhaseDevelopmentPhasePilotPhaseReleasePhasePrior to commercial release of products, the best practice is to combine the risk management plan with the design plan. This diagram is called the “two-hump diagram”. The first hump is referred to as “R” for research. The second hump is referred to as “D” for development. To this basic diagram I have added the phases of the design control process and various risk management activities. Sometimes companies are late in initiating a design history file (DHF), but the risk management plan should be initiated prior development as part of the initial design project plan.Design TransferDHFBegins
22 Starting the Lifecycle Loop Post-Market SurveillanceInitial Risk Analysis Estimates Frequency of Occurrence for HazardsPost-Market Surveillance (PMS) Report Estimates Frequency of HarmClinical Evaluation Report (CER) Assesses the Clinical Risk/Benefit of the New ProductRiskAnalysisClinicalEvaluation
24 Initiating Combined Matrix Perform Hazard IdentificationWork Backward to User NeedsFill in 1st Two ColumnsThese are the first steps of the design process that often lead up to creating a Regulatory Pathway Summary Document & Design / Risk Management Plan
25 Preparation for Approval of Design Inputs Identify Applicable Harmonized StandardsIdentify Performance TestingPredicate Devices 510(k) SummarySpecial Controls Guidance DocumentsSearch ISO StandardsAre their internal specifications?
26 Perform Risk Assessment Identify Possible Risk Control MethodsSeverity of HarmProbability of Occurrence (P1)Preliminary Screening against Design InputsReiterate Risk Controls & Design SpecificationsFinalize Design Specifications (Approve Outputs)
27 V&V Verification of Risk Control Effectiveness Preliminary Estimation of P2 based upon literature (Need to perform literature search…Clinical Evaluation Report)Results of Clinical Evaluation and Risk / Benefit Analysis should determine:if Clinical Study is NeededIf Post-Market Clinical Follow-up Study is Needed
28 Draft IFU Identify Residual Risks WarningsPrecautionsContraindicationsThis is critical for Adverse Events, Investigator Brochures and Litigation of Injuries or Death
29 Draft PMS Plan Post-Market Surveillance (PMS) Plan Needs to collect data for any residual risksShould verify estimated risksShould identify any missing hazardsShould identify incorrect severity of harmShould include justification of no PMCF Study or…PMCF ProtocolPMCF ReportShould include updated Risk Management Plan
30 Risk Management Report This is a Summary Technical Document (STED) that summarizes all the risk management activities and references the document control numbers for the Risk Management DocumentsThis should also include the dates of activities and personnel involvedThe frequency of review and update of the risk management documentation should be included
32 Q & A email@example.com What if your customer requires an FMEA? What does the FDA prefer for risk management documentation?Annex I of the MDD says to reduce risk "As Far As Possible". How do you know you have done that?Who needs training on risk management and design controls?What's the best way to store and maintain a risk management file?
33 Do You Need Help with Design Controls or Risk Management? Rob Packardrob13485