1. Implementing a Risk Management Process Compliant with ISO 14971:2007 & How to Address the Seven Deviations Identified in EN ISO 14971:2012
Before I start I want to call your attention to fact that there are two different standards referenced on this slide. The first is the International version of the risk management standard. This is the current version recognized by the US FDA and Health Canada. The second is the European National version identified by the acronym “EN” just before “ISO” in the title. When you see “EN” in the title of a Standard, that indicates that it is a European National Standard, while Standards that only include “ISO” in the title are international Standards. EN ISO 14971:2012 is the current version for European CE Marking.
In July of 2012, when the European National version of ISO was released, I was working for a medical device company and I was asked by the Director of Quality if we should purchase the new version of the Standard. In response to his question, I wrote a blog explaining why you shouldn’t waste your money on a copy of the new Standard. My rationale was that the only changes were to Annex ZA, ZB and ZC. None of the actual Standard changed.
The changes to the Annex ZA, ZB, and ZC identified 7 deviations in 2009 version of ISO from the three European Directives (i.e. – MDD, AIMD and IVDD). If your company was already CE marked, then your risk management process should already comply with the MDD and the new version of the Standard is unneeded. However, there were so many people that insisted I was wrong, that the company went out and bought the Standard and I wrote a new blog telling people what was in the new version in more detail. Then in the fall of 2012, most of the European Standards issuers decided to post the three Annexes on the internet for FREE so that nobody would have to purchase a new version when the content of the actual Standard had not changed. Therefore, if you don’t already have a copy of the 2012 version. Don’t waste your money. Send me an and I’ll send you the link for the FREE PDF with Annex ZA, ZB, and ZC.

2. “Show me where it’s required”
Clause 7.1 in ISO states:
“The organization shall establish documented requirements for risk management throughout product realization. Records arising from risk management shall be maintained .”
The phrase “show me where it’s required” is a favorite way for Quality Managers to push back on auditors when the auditor insists that there are requirements when in fact it ‘s just the personal preference of the auditor. So if an auditor insists that you need a procedure for “Risk Management”, the auditor is wrong. ISO indicates that you must have documented requirements but there is no requirement for “establishing a procedure.” In ISO 14971, Clause 3.2, there is a requirement to “define and document the policy for determining criteria for risk acceptability,” but the note at the end of that section indicates “The documents can be incorporated within the documents produced by the manufacturer’s quality management system and these documents can be referenced in the risk management file.” One of the best practices I have seen is to have a table in the Quality Manual that outlines how risk management principles are applied to each step of the product realization process from design to post-market surveillance. Another best practice I have seen is to have a separate section in every procedure that indicates how risk management principles are applied to that procedure. Some of these include: purchasing, supplier management, CAPA, post-market surveillance, calibration, service, installation, and design controls.

3. 14971 Plus - http://bit.ly/ShopCSA
For those of you that are implementing ISO for the first time, or if you are going to audit the risk management process for the first time, I highly recommend purchasing “14971 Plus” from the Canadian Standards Association. It is the only guidance document that I know of for the implementation of ISO I provided a link and a screen capture for anyone that is interested in purchasing it.

4. 14971 Plus = Standard + Gap + Bonus Tools
“14971 Plus” does not include the Annexes in the back of ISO 14971, but it does include the complete copy of each clause from the ISO 14971:2007. In addition, it includes a small text box beneath each clause explaining the changes that were made between ISO 14971:2000 and ISO 14971:2007. The beginning of the guidance document also includes an implementation plan with a sample Gantt Chart.

5. Bonus Tools in Plus
The most valuable parts of “14971 Plus” are the bonus tools in each section. Anyone that is going to be auditing the risk management process will find the questions extremely valuable. The ability to cut-and-paste these questions out of the PDF version and put them into an internal audit checklist a huge timesaver that more than justifies the $139 expense for the electronic version. You may also want to purchase the hardcopy version. It comes with a spiral binding that makes it easy to flip through during an audit or when you are writing risk management documents.

6. Top 5 Risk Management Mistakes
Not reading the Annexes
Using Annex C, Questions 1-34 as your only form of Hazard Identification
Using only some of the tools in Annex G
Too much energy spent during design upon identifying P1 vs. P2 (see Figure E1, Annex E)
Not updating risk management documentation.
One of the most valuable resources for Risk management, other than “14971 Plus” is the Annexes. For example, Annex F provides a outline for a Risk Management Plan. Annex G gives you a list of tools for Risk Analysis, such as “Hazard Analysis and Critical Control Point (HACPP)” which is used heavily in the food industry. Annex H is a great resource for IVD products on how to apply risk management. Annex I focuses on biological hazards such as biocompatibility, and Annex J talks about disclosure of residual risks as information to users, service personnel, installers and patients. Another typical mistake I have seen is specific to the risk management procedure. Often the procedure will indicate that hazard identification consisted of answering the 34 questions in Annex C of ISO However, this is meant to be just a starting point. In Annex E, table E1 also provides examples of hazards. Table E2 provides examples of initiating events and circumstances. The third mistake on my list is the failing to use all of the risk management tools available to you. For example, some companies only use the Failure Modes & Effects Analysis (FMEA). This is a “bottom-up” approach where you start with the failure mode and work toward the effect of each failure. The FDA likes this tool and most people are familiar with this tool, but it’s just one tool. When you have an adverse event or device malfunction, its much better to use a tool like the fault tree analysis—a “top down” approach. The fault tree analysis is also better suited for estimating risks quantitatively when you have complex failure modes with multiple causes—especially for electrically powered devices and IVD products. The fourth mistake listed requires that you understand the definition of risk. Risk is the product of the severity of harm and the probability of occurrence of harm. However, most people don’t read this definition carefully, and they think of risk as the probability of occurrence of a hazard. The problem with this definition is that it encourages companies that are in the design process to spend unnecessary effort on estimating the probability of occurrence of harm. This is difficult to estimate without clinical data or clinical history for a similar product. If you are in the design phase, it’s ok to use the probability of occurrence of the hazard because this will over-estimate the risk—not underestimate it. The biggest mistake companies make is the failure to update their risk management documentation. This is why I have created a model I call the “Lifecycle Loop.”

7. Hazard vs. Harm
Clause 2.3 – Hazard is a “potential source of harm” [ISO/IEC Guide 51:1999, definition 3.5]
Clause 2.2 – Harm is a “physical injury or damage to the health of people, or damage to property or the environment”
[ISO/IEC Guide 51:1999, definition 3.3]
The concepts of hazards and harms are important for everyone to understand when they are discussing risk management, and frequently we use these terms interchangeably when we shouldn’t. I have provided the definitions from the ISO Standard, but the best way to remember the difference is with an example. An example of a hazard is a ladder with a broken rung. An example of a harm is what happens to you when the rung breaks, you fall 10 feet, and you hit the ground.

8. Definition of Risk
Clause 2.16 – Risk is the “combination of the probability of occurrence of harm and the severity of that harm.”
The definition of risk is also provided from the ISO Standard. An example of risk, building upon our previous examples, requires identification of multiple potential causes for the harm. If harm is caused by hitting the ground, severity depends upon the height from which we fall and how we land, while the probability of occurrence depends upon our weight and the condition of the ladder. If there are three broken rungs at the top of a 12-foot, wooden ladder, there is a tool box and a paint bucket under your ladder, and you weigh 300 pounds, the risk of breaking your ankle is very high.

9. When are risks reviewed?
Sales
Shipping
Finance
Marketing
Engineering
Risk
Management
Manufacturing
RISK
Adverse Events (Injury & Death)
Defects in Manufacturing Trend Data
Material Changes
Labeling Changes
Changes to Instructions
Changes in the Intended Use
Process Changes
Customer Complaints
Supplier Changes
Supplier Process Changes
Design Changes
Service Trend Data
Corrective Actions & Preventive Actions (CAPA)
In this slide, I have provided a list of bullets identifying when risks should be reviewed. You might notice that 8 of the 13 bullets have the word “change” in them. Therefore, you should have risk management as part of your change control process for procedures and design. A lot of companies forget to review the adverse affects of rework. This is another place to integrate risk. Purchasing and supplier qualification are logical places to integrate risk. The CAPA process should integrate risk. Basically everything you do should have risk management as an integral part of it, and the responsibility for risk is not limited to engineering or QA. That’s why risk management is shown as a keystone in the arch I have drawn on this slide.

10. Risk Management is a Process
4 – Risk Analysis
Risk
Assessment
5 – Risk Evaluation
6 – Risk Control
Risk
Management
7 – Residual Risk
Acceptability
This diagram identifies the various steps of the risk management process, and each number represents the corresponding clause in the ISO Standard. In the first edition of the Standard, issued in 2000, the focus was on risk assessment. However, in 2007 the second edition of the Standard was issued and the title was changed to Risk Management. The biggest emphasis throughout the second edition of the Standard is the focus on gathering post-production information, which is the last clause in the Standard, and reviewing that information for its potential impact upon your risk analysis and risk controls.
8 – Risk Management
Report
9 – Production &
Post-production Info

11. Overview of BS EN ISO 14971:2007 Begins on Page 5 and ends on Page 14
Key elements I look for when I’m auditing:
Is there an Annual review of effectiveness required?
Is the Risk Management File defined in the procedure?
Does the procedure discuss risk controls and option analysis?
Is the risk of risk controls mentioned?
Is there a requirement for the overall acceptability of residual risks and a risk / benefit analysis?
Does the procedure include collection of post-production information?
Most people are intimidated by this Standard due to its shear weight, but the actual content of the standard is only 10 pages long. Your procedure for Risk Management needs to include the elements in Clauses 3-9, but most of content you need is found in Clause 3. I have also provided some of the things I look for when I’m reviewing a risk management procedure during an audit. In the BSI EN ISO 14971:2007 version, Clause 1 is scope, Clause 2 is definitions, and the real content of the Standard begins on page 5 with Clause 3—”General Requirements for Risk Management”. Clause 3 is 4 pages, but it includes the risk management process flow chart in Figure 1. Clause 4, “Risk Analysis”, is two pages long. Clause 5, “Risk Evaluation”, is at the bottom of page 10 and consists of only 4 sentences and 2 notes. Based upon deviation #5, which I will cover later, you might want to ignore this clause completely and eliminate the second step of risk assessment from your flow chart for risk management. Clause 6, “Risk Control”, is two pages long and I recommend reading those two pages carefully. Clause 7, “Evaluation of overall residual risk acceptability”, is another short section that consists of 7 sentences and 2 notes. Clause 8, “Risk Management Report”, is another short section. Clause 8 defines the minimum requirements for a Risk Management Report, but I personally recommend writing a Risk Management Report that serves as a “Summary Technical Document” or STED. Then you can use this document in your regulatory submission as a stand-alone document. Finally, Clause 9 is “Production and post-production information”. This is less than a page long and ends on page 14.

12. Mitigation vs. Control
In the 2007 version of ISO 14971, the term “mitigation” was removed.
Mitigation implies elimination of risks, while control implies reducing and monitoring risks.
In addition to the focus on gathering post-production information in the second edition, the 2007 version of ISO also no longer includes the term mitigation. Instead mitigation was replaced by the concept of risk controls in Clause 6. The term “mitigation” implied that risks could be completely eliminated, while the term “risk control” implies the more realistic concept of reducing and monitoring risks.

13. Concept of Product Lifecycle
Clause 2.7 – Lifecycle is “all phases in the life of a medical device, from the initial conception to final decommissioning and disposal”
Design
Pilot
Phase
Commercial Release
Market Growth
Sustaining
Obsolesce
Pre-Production
Post-Production
In the past, the subject of risk was limited in scope to the design phase. Eventually the medical device industry adopted the concepts of process risk analysis from other industries, such as automotive (i.e., pFMEA). This is primarily done in the pilot phase of the product lifecycle. In anticipation of commercial release medical device companies were asked to prepare documentation of risks for regulatory submissions. With the introduction of the “product lifecycle” concept, now the discussion of risk is expanded to activities after the regulatory submission (i.e., post-production). Now companies are expected to maintain “living” documents which evolve with the product over time. It is also possible to apply risk management to any part of this lifecycle. Therefore, even contract manufacturers and contract service companies can implement a risk management process based upon ISO To do this they need to indentify the limitations in the scope of their procedure.

14. Risk Management / Design Controls
Clause 7.3.2e) of ISO states that Risk management shall be an Input into Design & Development
Clause 6.3 of ISO requires verification of effectiveness of risk controls
Clause 6.7 of ISO requires verification of completeness of risk controls
The ISO Standard requires that risk management shall be an input into the design and development process. Most companies perform the risk analysis late in the development process so they are not sure how to use risk management as an input. However, if you review the previous two slides carefully you should be able to make the following connections:
Hazards are Design Inputs
Risk Controls are Design Specifications
Verification of Risk Control Effectiveness is Design Verification & Design Validation
A Design Review includes verification that all the Design Inputs (i.e. – Hazards) have been addressed by the Design outputs (i.e. – risk controls).
The Final Design Review involves review of the Clinical Evaluation Report, the Risk Management Report, and all the Design Verification and Validation Data (i.e. – risk control verification documents). The conclusion of the team must be that the overall residual risks are acceptable and the product may be launched.
The design team should also agree to produce a Post-Market Surveillance Plan that includes monitoring of residual risks.

15. Design Risk Management Tasks
Hazard
Identification
Risk Control
Option Analysis
Risk
Assessment
Risk
Management
Plan
Risk Control
Effectiveness Verification
Product
Launch
510(k)
Concept
Phase
Feasibility
Phase
Development
Phase
Pilot
Phase
Release
Phase
Prior to commercial release of products, the best practice is to combine the risk management plan with the design plan. This diagram is called the “two-hump diagram”. The first hump is referred to as “R” for research. The second hump is referred to as “D” for development. To this basic diagram I have added the phases of the design control process and various risk management activities. Sometimes companies are late in initiating a design history file (DHF), but the risk management plan should be initiated prior development as part of the initial design project plan.
Design Transfer
DHF
Begins

16. Design Risk Management Tasks
(continued)
Risk Management
Report
Risk / Benefit
Analysis
Product
Launch
510(k)
Concept
Phase
Feasibility
Phase
Development
Phase
Pilot
Phase
Release
Phase
The last two risk management activities your design team would perform are the risk/benefit analysis and writing a risk management report. Many times the risk management report is all that is provided to regulators and other documents in the risk management file will be available as supporting documents. In fact, best practice is to have all of these documents be “controlled documents” and to update the revision of each document during the post-production phases of the product lifecycle. Then in the risk management report, you can have a summary table of all the risk management file documents and you can demonstrate that your company has a “living” document by showing the revision history of the risk management report. This revision history would include changes to the post-market surveillance plan.
Design Transfer
DHF
Begins

17. 2009 Corrections Annex ZA/ZB/ZC Flow Diagram Correction
In 2009 BSI released a European National version of ISO that caused a lot of confusion. The reason for the confusion was that nobody was really sure whether they needed the new version, because they didn’t know what changed. In fact, one client hired me to train 40 people at two different facilities. They had already been trained on ISO 14971:2007, but they wanted the 2009 update. Therefore I started my training by explaining the two corrections that were made in 2009.
The first change was to split Annex ZA in the back of the Standard into three Annexes (ZA, ZB, and ZC). Historically ZA is the Annex that explains how an international Standard is harmonized with the European Directives. In 2009, ZA was split into three new Annexes. These three new Annexes were moved to the front of the Standard. Each Annex corresponded to one of the three directives (i.e. – the MDD, the AIMD, and IVDD). However, the wording of these three Annexes was nearly identical and it was really a premature change that wasn’t worthy of a new revision.
The other change was a correction to the flow diagram in figure 1 where the arrow was moved from evaluation of overall residual risk acceptability to where it belongs next to production and post-production information.

18. MDD Requirements Annex I, Essential Requirement (ER) 1:
“… any risks which may be associated with their intended use constitute acceptable risks when weighed against the benefits to the patient…”
“This shall include…reducing, as far as possible, the risk of use error due to the ergonomic features of the device and the environment in which the device is intended to be used (design for patient safety)…”
Risk appears 25 times in the European Medical Device Directive, but your focus should be on the Essential Requirements in Annex I. ER1 is where the requirements for a risk / benefit analysis and for reducing the risk of use errors are found. For CE Marking in Europe, these requirements supersede the ISO Standard.

19. Deviation #6 in 2012 EN Version
Deviation as to the first risk control option
Clause 6.2 of ISO requires the manufacturer to “use one or more of the following risk control options in the priority order listed: (a) inherent safety by design...”
ER 2 of the MDD requires the manufacturer to “eliminate or reduce risks as far as possible (inherently safe design and construction)"
The difference between these two phrases may seem to be semantics, but the European Commission feels that it is necessary to clarify this. My suspicion is that there are some companies that have attempted to interpret the phrase “inherent safety by design” as something different than “inherently safe design and construction. The proposed regulations complicate matters further by changing the wording to “design and manufacture”. The intent is that design, materials of construction, and methods of construction shall all be considered higher priority with regard to risk control options than protective measures such as alarms.

20. MDD Requirements Annex I, Essential Requirement (ER) 2:
“In selecting the most appropriate solutions, the manufacturer must apply the following principles in the following order:
eliminate or reduce risks as far as possible (inherently safe design and construction),
where appropriate take adequate protection measures including alarms if necessary, in relation to risks that cannot be eliminated,
inform users of the residual risks due to any shortcomings of the protection measures adopted.”
In ER2, the required priorities for applying risk management principles are outlined. There are slight differences between the wording of the requirements in ER2 and the ISO Standard. Therefore, the European Council mandated that these deviations shall be identified in Annex ZA for the European National (i.e., EN ISO 14971:2012) version of the Standard.

21. Proposed Regulations Annex I, Essential Requirement (ER) 2:
“To reduce risks, the manufacturer shall manage the risks so that the residual risk associated with each hazard as well as the overall residual risk is judged acceptable. The manufacturer shall apply the following principles in the priority order listed:
identify known or foreseeable hazards and estimate the associated risks arising from the intended use and foreseeable misuse;
eliminate risks as far as possible through inherently safe design and manufacture;
reduce as far as possible the remaining risks by taking adequate protection measures, including alarms; and
provide training to users and/or inform users of any residual risks.”
This slide is a cut-and-paste from the proposed European Medical Device Regulations that were released on September 26th of In an effort to ensure that differences between the ISO and the EN Standard are clearly identified, the European Council revised ER2 in the Propose Regulations that are expected to be approved in June of Now instead of three bullets, hazard identification was added as a step that should precede the adoption of risk controls in design. You might notice that the only place where risk evaluation is implied is for the risk / benefit analysis which you perform after implementing risk controls.

22. Management Responsibilities
Clause 3.2
Commitment by top management to risk management process
Adequate Resources
Qualified personnel for risk management
Policy for determining criteria for risk acceptability
Criteria based upon applicable regulations and International Standards
Accounts for accepted state of the art and stakeholder concerns
Review the suitability of the risk management process to ensure continuing effectiveness
May be part of the quality management system review

23. Risk Management Plan Clause 3.4
The plan shall include at least the following:
the scope of the planned risk management activities, identifying and describing the medical device and the life-cycle phases for which each element of the plan is applicable
assignment of responsibilities and authorities
requirements for review of risk management activities
criteria for risk acceptability, based on the manufacturer's policy for determining acceptable risk, including criteria for accepting risks when the probability of occurrence of harm cannot be estimated
verification activities
activities related to collection and review of relevant production and post-production information
For each risk management plan the manufacturer should choose appropriate risk acceptability criteria
May implement a matrix indicating which combinations of probability of harm and severity of harm are acceptable or unacceptable
The risk management plan is part of the risk management file
Record of the changes shall be maintained in the risk management file
Plan developed in accordance with the risk management process.
Refer to Annex F for guidance on developing a risk management plan.
Risk acceptability criteria determined according to manufacturer’s policy (based upon applicable regulations and International Standards, accepted state of the art, and known stakeholder concerns)

24. Risk Management File Clause 3.5 File for each medical device
The risk management file shall provide traceability for each identified hazard to:
the risk analysis
the risk evaluation
the implementation and verification of the risk control measures
the assessment of the acceptability of any residual risk(s)
The records and other documents that make up the risk management file can form part of other documents and files required. Should contain at least references to all required documentation.
The risk management file can be in any form or type of medium.

25. Hazard Identification
Clause 4.3
Documentation on known and foreseeable hazards associated with the medical device in both normal and fault conditions
Maintained in the risk management file

26. Deviations #1 in 2012 EN Version
Treatment of Negligible Risks
In Annex D 8.2, the ISO Standard indicates that negligible risks may be disregarded. However, ER1 and 2 specifically require that all risks must be considered. Manufacturers need to remember that in the context of the MDD, risks are specific to hazards that may result in harm. Therefore, any business risks that may impact customer satisfaction are not included in this requirement unless there is a patient safety risk. My recommendation is to identify severity based upon harm with a scale of 0 to 5. 0 = potential hazard will not result in harm, and 1-5 range from delay in treatment, non-reportable injury, injury requiring treatment, permanent injury, and death. 3-5 should also be identified as reportable adverse events.
Must implement risk controls for all risks.

27. Risk Estimation Clause 4.4
Reasonably foreseeable events that can result in a hazardous situation shall be considered and the resulting hazardous situation(s) shall be recorded
Hazardous situations can arise from slips, lapses and mistakes
For each identified hazardous situation, the associated risk(s) shall be estimated using available information or data.
Where the probability of the occurrence of harm cannot be estimated, the possible consequences shall be listed for use in risk evaluation and risk control
Any system used for qualitative or quantitative categorization of probability of occurrence of harm or severity of harm shall be recorded in the risk management file
Risk estimation can be quantitative or qualitative
Information or data for estimating risks can be obtained, for example, from:
published standards
scientific technical data
field data from similar medical devices already in use, including published reported incidents
usability tests employing typical users
clinical evidence
results of appropriate investigations
expert opinion
external quality assessment schemes
To identify hazardous situations not previously recognized, systematic methods covering the specific situation
can be used (see Annex G). Examples of hazardous situations are provided in H and E.4.
Risk estimation incorporates an .analysis of the probability of occurrence and the consequences. Depending on the application, only certain elements of the risk estimation process might need to be considered. For example, in some instances it will not be necessary to go beyond an initial hazard and consequence analysis. See also 0.3.
Methods of risk estimation, including those resulting from systematic faults, are described in Annex D. Annex H gives information useful for estimating risks for in vitro diagnostic medical devices.

28. P1 & P2 from Annex E

29. Deviation #4 in 2012 EN Version
Discretion as to whether a risk-benefit analysis needs to take place
Clause 6.5 and 7 both imply that risk / benefit analysis is only required if risks exceed a threshold of acceptability, and Annex D.6.1 indicates that “A risk/benefit analysis is not required by this International Standard for every risk.” However, ER 1 & 2 require that you perform a risk / benefit analysis for each risk and the overall residual risk. In other words, the “red zone” should not be labeled as risk / benefit analysis because all risks (even the “green zone”) require risk / benefit analysis.

30. Risk Evaluation
Clause 5
Risks are Acceptable?
(see Clause 3.2)

31. Deviation #5 in 2012 EN Version
Discretion as to the risk control options/measures
Risk Controls options shall be
implemented regardless of severity
or probability of occurrence
ER 1 & 2 require that risk control options are implemented for all risks prior to determining acceptability of the residual risks. Therefore, there is really no need for performing a preliminary risk evaluation for acceptability. In addition, Clause 6.2 suggests that you only need to use “one or more” of the risk control options, and Clause 6.4 indicates that further risk control measures are not needed if the risk is acceptable. However, ER 2 requires the manufacturer to implement all risk control options—unless the risk controls do not further reduce risk. There is a clear contradiction between the intent of the Standard and the Directive here. Therefore, my advice is to eliminate the second step of risk assessment from your flow chart for risk management and ignore Clause 5 of the Standard completely. You should also replace 6.2 and 6.4 with the wording used in the Directive instead.

32. Risk Control Option Analysis
Clause 6.2
The manufacturer shall identify risk control measures that are appropriate for reducing the risks to an acceptable level
Risk control measures can reduce the severity of the harm or reduce the probability of occurrence of the harm, or both
The manufacturer shall use one or more of the following risk control options in the priority order listed:
inherent safety by design
protective measures in the medical device itself or in the manufacturing process
information for safety
The risk control measures selected shall be recorded in the risk management file
If, during risk control option analysis, the manufacturer determines that required risk reduction is not practicable, the manufacturer shall conduct a Risk/Benefit Analysis of the residual risk (see Clause 6.5)
If implementing option b) or c), manufacturers can follow a process where reasonably practicable risk control measures are considered and the option providing the appropriate reduction in risk is chosen before determining whether the risk is acceptable.
Many standards address inherent safety, protective measures, and information for safety for medical devices. In addition, many other medical device standards have integrated elements of the risk management process (e.g. electromagnetic compatibility, usability, biocompatibility). Relevant standards should be applied as part of the risk control option analysis.
For risks for which the probability of occurrence of harm cannot be estimated, see
Guidance on information for safety is provided in Annex J.

33. Implementing Risk Controls
Clause 6.3
The manufacturer shall implement the risk control measure(s) selected (see Clause 6.2)
Implementation of each risk control measure shall be verified
Verification shall be recorded in the risk management file
The effectiveness of the risk control measure(s) shall be verified and the results shall be recorded in the risk management file
Verification of effectiveness can include validation activities

34. Deviation #3 in 2012 EN Version
Risk reduction “as far as possible” (ALAP) vs. “as low as reasonably practicable” (ALARP)
Annex D.8 in ISO 14971, referred to in Clause 3.4, contains the concept of reducing risks “as low as reasonably practicable” (ALARP concept). However, the first indent of ER 2 requires that risks be reduced “as far as possible” (ALAP). The 2012 version explains that manufacturers and Notified Bodies may not apply the ALARP concept with regard to economic considerations.

35. Residual Risk Evaluation
Clause 6.4
Residual Risk
Clinical Evidence
Pre-Market Phase
PMS & PMCF Studies Quantify Residual Risks

36. Risk/Benefit Analysis & Evaluation of Overall Acceptability of Risk
Clause 6.5
If the residual risk is not acceptable using the criteria established in the risk management plan and further risk control is not practicable, the manufacturer may gather and review data and literature to determine if the medical benefits of the intended use outweigh the residual risk
If the medical benefits do not outweigh the residual risk, then the risk remains unacceptable
If the medical benefits outweigh the residual risk, then proceed to Clause 6.6
The manufacturer shall decide which information for safety is necessary to disclose the residual risk
Results shall be recorded in the risk management file
Clause 7
After all risk control measures have been implemented and verified, the manufacturer shall decide if the overall residual risk posed by the medical device is acceptable using the criteria defined in the risk management plan
If the overall residual risk is not judged acceptable, perform a Risk/Benefit Analysis (see Clause 6.5 above)
Results of the overall residual risk evaluation shall be recorded in the risk management file
For guidance on overall residual risk evaluation, see D.7.
Guidance on how residual risk(s) can be disclosed is provided in Annex J.

37. Deviation #2 in 2012 EN Version
Discretionary power of manufacturers as to the acceptability of risks
All Risks shall be included in a risk / benefit analysis—not just the risks above a certain threshold.
The ISO Standard indicates in Annex D4 that the acceptability of risk is not specified by the Standard and must be determined by the manufacturer. The Standard also indicates that the manufacturer should establish a risk management policy indicating a threshold for risk acceptability. ER 1 & 2 require that risks be reduced as far as possible and all risks combined are subject to risk / benefit analysis regardless of acceptability. Therefore, the requirement to establish a risk policy for the acceptability of risk directly contradicts the MDD. Instead the acceptability shall be based solely upon the clinical risk / benefit analysis and should involve the manufacturer’s medical officer. The proper place to document this conclusion is in the CER and RMR, and both documents should cross-reference to one another.

38. Risks arising from Risk Control Measures
Clause 6.6
The effects of the risk control measures shall be reviewed with regard to:
the introduction of new hazards or hazardous situations
whether the estimated risks for previously identified hazardous situations are affected by the introduction of the risk control measures
Any new or increased risks shall be managed
Results of this review shall be recorded in the risk management file

39. Deviation #7 in 2012 EN Version
Information of the users influencing the residual risk
No risk reduction shall be attributed to information provided to the user
For those of you that use an FMEA for risk analysis, if you have IFUs and Labeling listed as a risk control you need to change that.
In Clause 2.15 and 6.4 of the ISO Standard, residual risk is defined as the risk remaining after implementation of risk controls. However, in Clause 6.2 it defines information provided to the user as a risk control. This is contradictory to ER 2 where users shall be informed of residual risks. Therefore, information about residual risks cannot be a risk control that is attributed to further reduction of risk. Therefore, your risk controls identified in risk analysis documentation should not include IFUs and labeling. Training provided to users also cannot be considered a risk control, because it’s just another form of information provided to users.

40. Completeness of Risk Control
Clause 6.7
The manufacturer shall ensure that the risk(s) from all identified hazardous situations have been considered
The results of this activity shall be recorded in the risk management file

41. Risk Management Report
Clause 8
Prior to release for commercial distribution of the medical device, the manufacturer shall carry out a review of the risk management process. This review shall at least ensure that:
the risk management plan has been appropriately implemented
the overall residual risk is acceptable
appropriate methods are in place to obtain relevant production and post-production information
The results of this review shall be included in the risk management file
The responsibility for review should be assigned in the risk management plan to persons having the appropriate authority

42. Production & Post-Production Information Post-Market Surveillance
Clause 9
Production & Post-Production Information
Post-Market Surveillance
Post-Market Surveillance (PMS) Report Identifies Areas Requiring Changes
Instructions for Use (IFU) Needs to Reflect Information Found in Risk Management Report (RMR) & Clinical Evaluation Report (CER)
Risk
Analysis
Clinical
Evaluation
Best practice is to update the Risk Management Plan and combine it with the Post-Market Surveillance Plan once a product is commercially released. This PMS Plan should be specific to each product family—not generic. The PMS Plan should include the PMCF Protocol or a justification of why PMCF is not required (see Annex X, 1.1.c). The frequency for generating a PMS Report, updating the CER and the RMR should reflect the risk of the device and the amount of clinical history for the device. Other factors could include if the device is a Class 3 device in the US with Annual PMS Reporting Requirements to the US FDA.
The Lifecycle Loop

43. Other Requirements
Residual Risks May Require a Post-Market Clinical Follow-up (PMCF) Study as required by Annex X, 1.1c of the MDD (MEDDEV 2.12/2 rev 2)
Clinical Evaluations shall conclude that “any risks associated with the use of the device are acceptable when weighed against the benefits to the patient.”
(MEDDEV rev 3)
In addition to EN ISO 14971:2012, and the European Directives, the MEDDEV guidance documents were written by the Competent Authorities in Europe. This is the equivalent of the FDA in each member state throughout Europe. Therefore, many of the Notified Bodies (especially Notified Bodies in the UK) treat the MEDDEVs like regulations. This slide identifies the two MEDDEVs that include risk management requirements.
The clinical evaluation is expected to address the significance of any risks that remain after design risk control strategies have been employed by the manufacturer. The conclusion should be that the cumulative residual risks are acceptable when weighed against clinical benefit to the patient. This risk / benefit analysis should be included in both the CER and the RMR.
In addition, all residual risks should be monitored as part of the post-market surveillance plan. This is important to ensure the conclusions of the clinical evaluation remain valid as the patient population becomes more diverse, the user population becomes more diverse, as the duration of device use exceeds the time frame for pre-market evaluation, and as new indications for use are evaluated by users in as part of on-going clinical research.

44. Q & A

45. Do you need help with your Risk Management Process?
rob13485
Rob Packard