Archive for Risk Management

Checking adverse event history for your device and competitors

Article explains checking adverse event data for medical devices as part of design and development, risk management and post-market surveillance.

TPLC Database Checking adverse event history for your device and competitors

When should you be checking adverse event history?

There are three times when you should be checking adverse event history:

  1. when you are planning a new or improved medical device and you want to know how current devices on the market malfunction (design and development planning),
  2. when you are identifying hazards associated with a medical device as part of your risk management process, and
  3. when you are gathering post-market surveillance data about your device and competitor devices.

Where should you be checking adverse event history?

Most countries have some kind of database for gathering adverse event data for medical devices, but most of these databases are not open to the public. The most common question I am asked is, “How do you access the Eudamed database?” for reporting of adverse events in Europe. Unfortunately, you can’t access Eudamed. The Eudamed database is only available to competent authorities at this time. The primary publicly accessible database for adverse event reporting is the US FDA MAUDE database. The MAUDE database is also integrated with other FDA databases for 510k submissions and recalls. This combined database is called the Total Product Life Cycle database.

Are there other public databases for checking adverse event history?

Yes. The Therapeutic Good Administration (TGA) in Australia makes adverse event data publicly available. The TGA also has a national registry for implanted orthopedic devices that publishes an annual report. There are other countries that also have public registries.

When will checking adverse event data for Europe be possible?

The Eudamed database for Europe was created in 1999 by the German organization DIMDI. In 2000 the responsibility for the database was taken over by the European Commission. The latest update is that manufacturers will be responsible for updating the Eudamed database in the future as part of the new European Regulations. This requirement will be implemented during the next years. The database will also become accessible to the public.

When you collect post-market surveillance data, which data should you collect?

Searching for post-market surveillance data should be performed on a frequency that is risk-based. If you have a brand new device, a high risk device or a device that is implanted; post-market surveillance data should be reviewed frequently–either monthly or quarterly. In fact, the new European guidance document for clinical evaluation reports (MEDDEV 2.7/1 rev 4) requires that clinical evaluation reports be updated at least annually for these devices. It is also important that you collect post-market surveillance data for both your device and competitor products. Therefore, you should be reviewing all the publicly available adverse event databases. You should also be reviewing your own complaint data, and you should be searching for journal articles that may include adverse event data–possibly associated with a clinical study.

Available Resources

If you want to learn more about post-market surveillance data collection, please visit our webinar page. There is also a procedure for Post-Market Surveillance (SYS-019).

Posted in: Risk Management

Leave a Comment (0) →

Risk Management Traceability for CE Marking Technical Files

This article explains how to use risk management traceability for CE Marking in order to cross-reference hazards, risks and risk controls throughout your technical file. This approach will more efficiently integrate risk management tools into your Design History File (DHF), post-market surveillance documentation and clinical evaluation reports (CERs).

The table below provides a simple template for nomenclature of risk management elements that you need to cross-reference and provides risk management traceability for throughout your technical documentation.

Screenshot 2015 11 05 at 7.29.21 AM Risk Management Traceability for CE Marking Technical Files

The table does not include a cross-reference code for verification and validation reports, because there could and typically are multiple risk controls that are validated and verified for each risk and many times they are applied across multiple product lines. Therefore, it is more efficient to simply reference the controlled document number for the verification report that is applicable to that risk control.

Basic Concept of Risk Management Traceability

The concept of risk traceability is more than being able to identify the verification and validation study that was performed in order to verify effectiveness of risk controls in your FMEA, because it is in the same row of your table. Best practice is to number your hazards, risks and risk controls so that you can cross-reference more easily throughout all your technical documentation [i.e., design requirements matrix, risk management file, clinical evaluation report, post-market surveillance plan / reports and post-market clinical follow-up (PMCF) report].

Design Requirements Traceability Matrix (DRTM)

The design requirements traceability matrix (DRTM) is a combination of two documents that have been used for the past two decades by medical device manufacturers: 1) the design requirements matrix or IOVV (i.e., inputs, outputs, verification and validation), and 2) the risk traceability matrix. The second document is less commonly used, but an example of one is provided in the Figure 3 of the GHTF risk management guidance document SG3 N15R8.

The risk management summary table that is presented in Figure 3 of the guidance also provides cross-references to specific tests, and each test has an identification number for traceability. This approach is also used frequently in risk control plans–an excellent tool for production process controls and planning product realization prior to process validation.

Risk Management Traceability to Post-Market Surveillance

I recommend that companies create a post-market surveillance plan for devices or device families during the design transfer process. This is NOT the post-market surveillance procedure. Your procedure should indicate the process you use for post-market surveillance, but your plan should be process specific and identify specific risks that you intend to gather post-production data for. The post-market surveillance plan should provide traceability back to each risk in your risk management file (e.g., R1, R2, R3). You should include a post-market clinical follow-up (PMCF) protocol and and report that also cross-reference to these risks and associated risk controls–or provide a justification for not conducting a PMCF study. In the 2016, the new European Medical Device Regulations (EMDR) will require that both the protocol and the report be included in your post-market surveillance plan as a required section (see Annex II of the proposed regulations) of the technical file or design dossier. Finally, I recommend that you revise and update your risk management plan for post-production data collection at the time of design transfer. When you make this revision, I recommend moving the risk management plan from the design plan to your post-market surveillance plan as an integral part of the plan (i.e., one of the primary sections of the plan).

Risk Management Traceability for Your Clinical Evaluation Report (CER) 

In your clinical evaluation report (CER), if you simply said that “the clinical data reviewed addresses all of the residual risks identified in the risk management summary report” you are not being specific enough. Your clinical evaluation report (CER) should explain how the clinical study data you reviewed addresses each of the risks that you identified in your risk analysis. Personally I like to have subsections in the discussion section of the clinical evaluation report (CER) for each of the risks identified in the risk management file. I also do this when I write my post-market surveillance plan. When I do this I include a cross-reference to the applicable hazard in my design requirements matrix, risk analysis and hazard identification summary report (e.g., “HZ1”, “HZ1” and “HZ3”).

Risk Management Traceability to Warnings & Precautions

ISO 14971:2007 indicates that disclosing residual risks to users of your device is a risk control. In Annex ZA, deviation 7 of EN ISO 14971:2012 it indicates that you cannot claim to reduce the risks of your product by disclosing this residual risks–even though these are considered risk controls. You should still validate the effectiveness of the instructions for use, technique guide and training through simulated use studies prior to product release. However, you cannot claim a quantitative risk reduction in your risk analysis as per deviation 7. Of course there can be a reduction in overall risks when you train users, but you can’t claim it and the prevalence of “use errors” demonstrates the limited effectiveness of IFUs and training.

Additional Risk Management References

I have published 14 previous blogs specifically on the topic of risk management over the past couple of years. Please click here if you are looking for more information related to risk management. You can expect many more blogs on this topic during the next six months because I will be presenting four presentations in Brussels at an international medical device conference scheduled for June 13-17, 2016.

Procedures & Templates for Risk Management

If you are looking for a procedure (SOP) and associated form for risk management please click here.

Posted in: Risk Management

Leave a Comment (2) →

Risk Management File Compliance for 510k and CE Marking

This article compares risk management file FDA requirements for CE Marking and 510k submission requirements.

Risk Management File Risk Management File Compliance for 510k and CE Marking

The FDA only requires documentation of risk management in a 510k submission if the product contains software and the risk is at least a “moderate concern.” Even then, the 510k submission only requires submission of a design risk analysis. Knee implants do not require submission of a risk analysis, even though manufacturers are required to perform risk analysis in accordance with ISO 14971, because knee implants do not contain software. Therefore, it is not uncommon for a product that is already 510k cleared to receive audit nonconformities related to the risk management documentation during a technical file review by a Notified Body.

The FDA recognizes ISO 14971:2007 as the standard for risk management of medical devices. CE Marking also requires compliance with ISO 14971, but specifically the European national version of the standard (i.e., EN ISO 14971:2012). The most common technical file deficiencies related to risk management during a CE Marking application include the following:

  1. compliance with ISO 14971:2007 instead of EN ISO 14971:2012
  2. reduction of risks as low as reasonably practicable (ALARP) instead of reducing risks as far as possible (AFAP)
  3. reducing risks by notifying users and patients of residual risks in the IFU
  4. only addressing unacceptable risks with risk controls instead of all risks–including negligible risks

Each of these deficiencies is also explained in Annex ZA, ZB and ZC of EN ISO 14971:2012.

7 Deviations

Notified Body auditors are supposed to be reviewing your risk management process and sampling your risk management files to verify that you conform with the requirements for risk management as defined in EN ISO 14971:2012 and in the applicable European directive. Most manufacturers with CE Certificates have updated their procedures for compliance with the European National version, but the updates are not always complete or done correctly. Therefore, auditors need to be systematic in their review for compliance. I recommend creating a three column table in your audit notes for each of the 7 deviations. The first column would state the requirement from the applicable annex of EN ISO 14971:2012. The second column is used to document where in the risk management procedure each of the seven requirements is addressed. If you can’t find it quickly during your review–as the person you are auditing to find it for you. The third column is used to document which risk management file you sampled and where in the risk management file the auditor was able to find compliance with one of the deviations. If the auditor can’t find an example of compliance in the procedure or the risk management file, then there is a minor nonconformity that needs to be corrected and recurrence needs to be prevented.

Note: Remember that auditing is about verifying compliance–not scouring 100% of the records for nonconformity.

Procedure Review

The first step in responding to correcting deficiencies in your risk management process is to update your procedure. The following basic elements need to be included in the procedure:

  • risk management plan
  • hazard identification
  • risk analysis
  • risk control option analysis
  • verification of risk control effectiveness
  • risk / benefit analysis
  • risk management report

Many of the procedures I review focus on the risk analysis process, and the most common tool for risk analysis is a failure modes and effects analysis. This is an excellent tool for process risk analysis, but it is only one of many possible tools and it is not ideally suited for design risk analysis. In addition, your procedure is not adequate as a risk management plan. You need risk management plans that are product-specific or specific to a product family. Your risk management plan must also change and adapt as products progress from the design and development process to post-market surveillance. Finally, many of the procedures only require a risk / benefit analysis to be performed when risks are not acceptable, while the European MDD requires that all CE Marked products include a risk / benefit analysis for each risk identified in the risk analysis and the overall risk of the product or product family.

Risk Management Plans

Risk management is required throughout product realization, but the activities are quite different during the pre-market and post-market phases. Therefore, I recommend including a risk management plan as part of the design and development plan to address pre-market needs for risk management. Once a product development project reaches the design transfer phase, then a post-market risk management plan needs to be written. I incorporate this plan into the post-market surveillance plan for the product or product family. This approach ensures that the the risk analysis will be linked directly with post-market surveillance after the product is released.

Hazard Identification

Many companies do create a specific document that identifies all the hazards associated with a product. This is an important step that should occur early in the design and development process before design inputs are finalized. During the development process these hazards may need to be updated as materials and production processes are developed. Some companies may choose to identify hazards at a different time or in a different way, but the proposed European Medical Device Regulations (EMDR) requires that the hazards are identified as one of the essential requirements. The ISO 14971:2007 standard suggests that design teams should identify as many hazards as possible, estimate the risks and then implement risk controls for any risks that are unacceptable. The EN ISO 14971:2012 standard requires that risk controls be implemented for hazards–regardless of acceptability. For this reason, I recommend companies restrict their identification of hazards to the most likely product malfunctions and hazards of high severity. This list should include any hazards already identified in the FDA’s MAUDE database.

Risk / Benefit Analysis & Risk Traceability Matrix

In order to perform a risk / benefit analysis you have to know the likelihood of potential hazards resulting in harm and the clinical benefits of a product. Unfortunately, reduced cost cannot be used to justify the acceptability of a device. Risk / benefit analysis must be performed for each risk and the overall residual risks. Therefore, it is important to identify clinical benefits that outweigh each of the risks. I recommend using a risk traceability matrix in order to document each risk / benefit analysis. This can be a separate risk management document or it can be incorporated into a design requirements matrix. It is also important to identify any warnings, precautions or contraindications that should be documented in information provided to patients and users when risks cannot be completely eliminated. This may be the last column of your risk traceability matrix.

Risk Management Report

The risk management report should be a summary technical document (i.e., STED). The STED should reference the procedure that was used and indicate all the risk management activities that were performed specific to the product or product family defined in the scope of the risk management report. The dates of activities, changes made and cross-references to any controlled documents should be included in the risk management report. I recommend maintaining the risk management report as a controlled document and revising the document to reference additional risk management activities when they occur. The bulk of details should be contained in the referenced risk management documents within the report.

Procedures & Templates

If you are looking for a procedure (SOP) for risk management please click here.

Posted in: Risk Management

Leave a Comment (2) →

Using Instructions for Use and Labeling as Risk Controls in ISO 14971

Residual Risks Using Instructions for Use and Labeling as Risk Controls in ISO 14971This article reviews the requirements for Instructions for Use and labeling as risk controls in the risk management standard for medical devices: ISO 14971. Specifically, the impact of the seventh deviation identified in the European national version of the ISO 14971 Standard ( is reviewed. 

Labeling, instructions and warnings are required for medical devices. Unfortunately, information provided by manufacturers is not effective at preventing hazardous situations and foreseeable misuse–especially if the user throws the paper leaflet in the garbage 10 seconds after the box is opened. Since information provided to the user and patients is not effective in preventing harm, the European Commission indicated that this information shall not be attributed to risk reduction. 

The European Commission is not suggesting that your company should stop providing directions or warning users of residual risks. The intent of this deviation is to identify incorrect risk estimation procedures. For example, if you are using Failure Mode And Effects Analysis (FMEA), (see Annex G.4 of the risk management standard) to estimate risk for a new product, you should not be listing labeling and IFUs as a primary risk control. Clause 6.2 of the ISO 14971 Standard correctly identifies “information for safety” provided by the manufacturer as risk controls, but the effectiveness of these risk controls is so poor that you should not estimate that risks are reduced by implementation of labeling and IFUs.

In Clause 2.15 of the ISO 14971 Standard, residual risk is defined as “risk remaining after risk control measures have been taken.” However, I prefer the following following definition which incorporates the concept of clinical evidence, design validation and post-market surveillance:

“Residual risks are risks that remain: 1) after implementation of risk controls, 2) when products are used for new indications for use, 3) when products are used for wider user and patient populations, 4) when products are misused, and 5) when products are used for periods of time longer than the duration of pre-market clinical studies.”

The second essential requirement (ER2) states that users shall be informed of residual risks, but the conclusion that “information about residual risks cannot be a risk control” is incorrect. The most important wording in the deviation is ¨the information given to the users does not reduce the (residual) risk any further.¨ Failure to reduce risks any further is due to the lack of effectiveness of risk controls. Validation of risk control effectiveness should be performed during design validation, but validation will be limited to a small group of users and patients.

Risk Management Report & Post-Market Surveillance Plan

In your risk management report, risk control options analysis should be summarized. Instead of evaluating risk acceptability prior to implementing risk controls, risk controls should be implemented and any residual risks should be identified. A risk/benefit analysis must be performed for each residual risk and the overall residual risks. If the conclusion is that the benefits of the device outweigh the residual risks, then the device can be commercially released.

At the time of the final design review and commercial release a Post-Market Surveillance (PMS) plan should be developed that includes an updated risk management plan. The updated risk management plan should specifically address how to estimate residual risks and verify the effectiveness of information provided to users and patients. Verification of risk control effectiveness should be part of the design verification and validation activities, but verification of effectiveness should also be part of on-going PMS.

In order to facilitate future updates of your risk management report, you may want to organize risk controls into the following categories (in this order):

  1. Design elements (highly effective)
  2. Materials of construction (highly effective)
  3. Methods of manufacture (highly/moderately effective)
  4. Protective measures & alarms (moderately effective)
  5. Information provided to users & patients (least effective)

Each of the above risk controls will need to be addressed by your PMS plan.

This is the 7th and final blog in our Risk Management series. A Risk Management whitepaper will be released in January.

Posted in: Risk Management

Leave a Comment (1) →

Risk Control Options for Medical Devices: Deviation #6

%name Risk Control Options for Medical Devices: Deviation #6This blog discusses risk control options for medical devices; the 6th deviation identified in the European National version of the Risk Management Standard.

Design is not the same as design and construction. This is the interpretation of the European Commission. The sixth of the seven deviations identified in the European National (EN) version of the Risk Management Standard (i.e., EN ISO 14971:2012;, states that “inherent safety by design” is not precise enough. Section 2 of the Essential Requirements (i.e., Annex I of the MDD) states that the first risk control option must be selection of design and construction that eliminates or reduces risk as far as possible, while the international (ISO) risk management standard (i.e., ISO 14971:2007) only states that inherent safety by design is required.

The difference between the requirements of the ISO and the EN standard are not just semantics. If you read part II of the Essential Requirements (ERs; i.e., ER 7-13), there are many examples of how the construction of devices should be considered. The following are three examples:

  • ER 7.5 – leaking from the device
  • ER 8.2 – tissues of animal origin
  • ER 9.2 -aging of materials

Therefore, in order to comply the the intent of the Directive, you must consider far more than just the design of the device.  Construction is interpreted as both the risks associated with the materials to fabricate a device and the methods of manufacture. In the proposed EU regulations, the European Commission seeks to clarify the requirements for implementation of risk controls, but the draft legislation still seems vague.

Implementing Risk Control Options for Medical Devices

The following wording for implementation of risk control options in the new proposed second Essential Requirement is below:

“The manufacturer shall apply the following principles in the priority order listed:

a. identify known or foreseeable hazards and estimate the associated risks arising from the intended use and foreseeable misuse;

b. eliminate risks as far as possible through inherently safe design and manufacture

c. reduce as far as possible the remaining risks by taking adequate protection measures, including alarms; and

d. provide training to users and/or inform users of any residual risks.”

In this proposed wording, the word “construction” was replaced by the word “manufacture.” However, in other parts of the new proposed Essential Requirements ( the materials of fabrication are specifically addressed, as well. For example:

  • ER 7.1d) was added as a new requirement…”d) the choice of materials used, reflecting, where appropriate, matters such as hardness, wear and fatigue strength.”
  • ER 7.6 was added as a new requirement to address risks associated with the size and properties of particles—especially nanomaterials.

The new proposed Essential Requirements also include numerous examples of how the manufacturing processes must ensure proper safety. Essential Requirement 10 specifically references new Commission Regulation (EU) No 722/2012 (–specific to devices manufactured using animal tissues or cells of animal origin.

Even though the proposed regulations are more detailed with regard to application of risk management, they do not specify if it is required to implement risk control options for both materials and methods of manufacture simultaneously, or if the manufacturer may choose between the two. The phrase “taking account of the generally acknowledged state of the art” is used in the second Essential Requirement, but “state of the art” is a moving target, and the European Commission may find existing Standards to be deficient.

For reducing the risk of infection, the Commission does not require that companies implement aseptic processing, antimicrobial materials and terminal sterilization. One of the three is sufficient. This is why we have ISO Standards for sterilization validation, and we define “sterile” as a sterility assurance level of 10-6.

If the Commission maintained the language of the ISO 14971:2007 Standard, “as low as reasonably practicable,” then manufacturers could select risk control options based upon acceptability of risk. However, the EN version of the risk management standard creates significant challenges for implementation, and we are forced to evaluate the risk control measures we implement against those used by other manufacturers during the process of risk option analysis.

A 7th and final blog regarding the seven deviations will be released later this month.

Posted in: Risk Management

Leave a Comment (0) →

ISO 14971 Deviation #5-Risk Control for CE Marking Medical Devices

The author reviews ISO 14971 Deviation #5, which is specific to selecting risk control options and protective measures for CE Marking medical devices.

%name ISO 14971 Deviation #5 Risk Control for CE Marking Medical DevicesIf your company is CE Marking medical devices, you are required to satisfy the Essential Requirements for Safety and Performance as defined in the three European Directives (i.e., – the MDD,; the AIMD,; and the IVDD, Throughout these Essential Requirements, there is a requirement to reduce risks “as far aspossible” (AFAP) by implementing risk controls. At one time, the expectation was for companies to implement the state of the art with regard to risk controls, and “state of the art” was interpreted as the latest version of the harmonized ISO Standards. However, lawyers dominating the European Commission appear to disagree with the status quo.

Therefore, in 2012, the European National (EN) version of the Medical Device Risk Management Standard was revised ( There is no change to the content of Clauses 1 through 9. Instead, the European Commission identified seven content deviations between the 14971 Standard and the EU Directives. These deviations are identified and explained in Annexes ZA, ZB, and ZC. This blog is the fifth installment of Medical Device Academy’s seven-part blog series on this topic. The goal of the series is to identify solutions for meeting the Essential Requirements by suggesting changes to the current best practices of implementing a risk management process for medical device design.

Discretion as to the Risk Control Options/Measuresiso14971 deviation 5 ISO 14971 Deviation #5 Risk Control for CE Marking Medical Devices

Essential Requirement 1 and 2 require that risk control options are implemented for all risks prior to determining acceptability of residual risks. Essential requirement 2 also requires manufacturers to implement all risk control options—unless the risk controls do not further reduce risk.

Clause 6.2 of the 14971 Standard suggests that you only need to use “one or more” of the risk control options, and Clause 6.4 indicates that further risk control measures are not needed if the risk is acceptable. There is a clear contradiction between the intent of the Standard and the Directives.

If risk acceptability has no impact upon whether you will implement risk controls, there is really no need for performing a preliminary risk evaluation. Therefore, I have three recommendations for changes to your current risk management process:

  1. Ignore Clause 5 of the 2007/2009 version of ISO 14971
  2. Eliminate the second step of risk assessment from your flow chart for risk management (see Figure 1 from the 14971 Standard)
  3. Define risk management policies upon clinical benefits, rather than absolute risks

Instead of performing a preliminary risk evaluation (Clause 6.5), risk/benefit analysis should be moved to Clause 7, where the evaluation of overall residual risk acceptability is required. By making this change, risk controls will be implemented, regardless of risk acceptability, and acceptability of risks will be dependent upon the risk/benefit analysis alone.

Impact of this Deviation

Implementing changes to your risk management process to address this deviation has great potential to impact the design of devices—not just the risk management documentation. Design teams will no longer be able to stop the design process with an initial design that has an “acceptable risk.” Instead, design teams will be forced to implement additional risk controls and protective measures for device designs that already have a low risk of harm for certain failure modes.

The requirement to implement additional risk controls will increase the cost of devices that may have been relatively safe without the risks controls. For example, if a device is not intended to be implanted, but it is a potential foreseeable misuse, then your company may have used the instructions for use to communicate the residual risk associated with misuse of the device. However, now your company will have to implement design controls (e.g., –selection of materials suitable for implantation) to eliminate the risks associated with misuse, and protective measures (e.g., – radio-opaque thread) to help retrieve product that was implanted in an “off-label” usage.

For anyone interested in risk management training, please contact Rob Packard directly by email:

Posted in: Risk Management

Leave a Comment (0) →

ISO 14971 Deviation #4: Risk/Benefit Analysis

%name ISO 14971 Deviation #4: Risk/Benefit AnalysisThe author reviews ISO 14971 Deviation #4, which is specific to the requirement for risk/benefit analysis.

This blog is the fourth installment in our seven-part series, which  reviews each of the content deviations between the three device directives for Europe and international risk management standard (ISO 14971:2007). The deviations were identified in the new European National version of the Standard released in 2012. There was no change to the content of Clauses 1 through 9 in ISO 14971, but the there were seven deviations from the directives identified by the European Commission.

Discretion as to Whether a Risk/Benefit Analysis Needs to Take Place

The fourth deviation is specific to the requirement for risk/benefit analysis. Clauses 6.5 and 7 of the 14971 Standard both imply that a risk/benefit analysis is only required if risks exceed a threshold of acceptability, and Annex D.6.1 indicates that “A risk/benefit analysis is not required by this International Standard for every risk.” However, essential requirement 1 and 2 require that you perform a risk/benefit analysis for each risk and overall residual risk. Essential requirement 6a also requires a risk/benefit analysis as part of the conclusion in your Clinical Evaluation Report (

Your company may have created a risk management procedure, which includes a matrix for severity and probability. The matrix is probably color-coded to identify red cells as unacceptable risks which require a risk/benefit analysis, yellow cells that are ALARP and green cells that are acceptable. Based upon the guidance provided in ISO 14971, your company probably identified that a risk/benefit analysis is only required for a risk which falls in the red zone of the matrix where the risk is “unacceptable.”

Deviation 4 ISO 14971 Deviation #4: Risk/Benefit Analysis

Unfortunately, this approach is not compliant with the European Directives, because the Directives require that a risk/benefit analysis be performed for each risk and all residual risks—not just the risks you identify as unacceptable. The fourth deviation between the ISO 14971 Standard and the Essential Requirements of the European Directives is relatively simple to address with a change to your risk management process. To comply with EN ISO 14971:2012, the “red zone” should not be labeled as risk/benefit analysis, because even risks in the “green zone” require risk/benefit analysis.

Impact of this Deviation

In a previous blog (, we determined that all risks must be reduced by the implementation of risk controls. In this blog, we established that after implementation of risk controls, all residual risks must be subject to a risk/benefit analysis. Your company will need to eliminate the use of a risk evaluation matrix like the one shown above. Instead of relying on a risk management policy for evaluating the acceptability of risk, your company should be performing a risk/benefit analysis to determine the acceptability of risks.

The best way to integrate risk/benefit analysis for evaluation of acceptability of all risks is to integrate this with the clinical evaluation process. In addition to using clinical literature, clinical study data and post-market surveillance as inputs for your clinical evaluation, your company should also be using residual risks as inputs to the evaluation. The clinical evaluation should be used to assess the significance of these residual risks, and verify that there are not any risks identified in the clinical evaluation that were not considered in the risk analysis.

In order to document that your company has performed a risk/benefit analysis for each residual risk, you will need to reference the risk management report in the clinical evaluation and vice-versa. Both documents will need to provide traceability to each risk identified in the risk analysis, and conclusions of risk acceptability will need to be based upon the conclusions of the clinical evaluation.

Once the product is launched, you will need to update the clinical evaluation with adverse events and other post-market surveillance information. As part of updating clinical evaluations, you will need to determine the acceptability of the risk when weighed against the clinical benefits. These conclusions will then need to be updated in the risk management report—including any new or revised risks.

If you are interested in risk management training, please send your request to:

Please Join us on Social Medialinkedin 1 ISO 14971 Deviation #4: Risk/Benefit Analysisgoogleplus ISO 14971 Deviation #4: Risk/Benefit Analysistwitter ISO 14971 Deviation #4: Risk/Benefit Analysis

Posted in: Risk Management

Leave a Comment (0) →

7 Deviations within EN ISO 14971:2012: Deviation #3-Risk Reduction

%name 7 Deviations within EN ISO 14971:2012: Deviation #3 Risk ReductionThis third blog in a seven-part series reviews deviation #3-risk reduction within the EN ISO 14971:2012 Standard.

In 2012, the European National (EN) version of the Medical Device Risk Management Standard was revised, but there was no change to the content of Clauses 1 through 9. Instead, the European Commission identified seven content deviations between the 14971 Standard and the requirements of three device directives for Europe. This seven-part blog series reviews each of these changes individually, and recommends changes to be made to your current risk management policies and procedure.

Risk reduction “As Far As Possible” (AFAP) vs. “As Low As Reasonably Practicable” (ALARP)

The third deviation is specific to the reduction of risk. Risk cannot always be eliminated by design solutions. This is why medical devices use protective measures (i.e., – alarms) and inform users of residual risks (i.e., – warnings and contraindications in an Instructions For Use (IFU). However, Essential Requirement 2 requires that risks be reduced “as far as possible.” Therefore, it is not acceptable to only reduce risks with cost-effective solutions. The “ALARP” concept has a legal interpretation which implies financial considerations. However, the European Directives will not allow financial considerations to override the Essential Requirements for safety and performance of medical devices. If risk controls are not implemented, the justification for this must be on another basis other than financial.

There are two acceptable reasons for not implementing certain risk controls. First, the risk control will not actually reduce additional risk. For example, if your device already has one alarm to identify a battery failure, a second alarm for the same failure will not actually reduce further risk. In fact, the redundant alarms are often distracting, and too many alarms will result in users ignoring them.

The second acceptable reason for not implementing a risk control is that there is a more effective risk control that cannot be simultaneously implemented. For example, there are multiple ways to anchor orthopedic implants to a bone. However, there is only enough real estate to have one fixation element at each location. If a femoral knee implant is already being anchored to the femur with metal posts and bone cement, you cannot also use bone screws at the same location on the femur to anchor the implants in place.

Example of Deviation #3-Risk Reduction

Annex D.8 in ISO 14971, recommends the ALARP concept in Clause 3.4 of the 14971 Standard. Therefore, the risk management standard is contradicting the MDD. This contradiction is the primary reason why medical device companies should discontinue the use of phthalates and latex for most medical devices. Even though these materials are inexpensive solutions to many engineering challenges presented by medical devices, these materials present risks that can be avoided by using more expensive materials that are not hazardous, and do not pose allergic reactions to a large percentage of the population. The use of safer materials is considered “state-of-the-art,” and these materials should be implemented if the residual risks, after implementation of the risk control (i.e., – use of a safer material) is not equal to, or greater than, the risk of the cheaper material.

Recommended Changes

Your company may have created a risk management procedure which includes a matrix for severity and probability. The matrix is probably color-coded to identify red cells as unacceptable risks, yellow cells that are ALARP and green cells that are acceptable. To comply with EN ISO 14971:2012, the “yellow zone” should not be labeled as ALARP. A short-term solution is to simply re-label these as high, medium and low risks. Unfortunately, renaming the categories of risk high, medium and low will not provide guidance as to whether the residual risk reduced “as far as possible.” chart dev 3 7 Deviations within EN ISO 14971:2012: Deviation #3 Risk Reduction

Resolution to this Deviation

As companies become aware of this deviation between the 14971 Standard and the Essential Requirements of the device directives, teams that are working on risk analysis, and people that are performing a gap analysis of their procedures will need to stop using a matrix like the example above. Instead of claiming that the residual risks are ALARP, your company will need to demonstrate that risks are reduced AFAP, by showing objective evidence that all possible risk control options were considered and implemented. Your procedure or work instruction for performing a risk control option analysis may currently state that you will apply your risk management policy to determine if additional risk controls need to be applied, or if the residual risks are ALARP.

This procedure or work instruction needs to be revised to specify that all risk control options will be implemented, unless the risk controls would not reduce risks further, or the risk controls are incompatible with other risk controls. Risk control options should never be ruled out due to cost.

Posted in: Risk Management

Leave a Comment (1) →

7 Deviations within EN ISO 14971:2012: Risk Evaluation Process

This 7 part blog series continues with the author reviewing deviation #2 of the EN ISO 14971: 2012 Standard, which is specific to the risk evaluation process. 
%name 7 Deviations within EN ISO 14971:2012: Risk Evaluation Process

In 2012, the European National (EN) version of the Medical Device Risk Management Standard was revised, but there was no change to the content of Clauses 1 through 9. Instead, the European Commission identified seven content deviations between the 14971 Standard and the requirements of three device directives for Europe. This seven-part blog series reviews each of these changes individually.

Discretionary Power of Manufacturers as to the Acceptability of Risks: The Risk Evaluation Process

The second deviation is specific to the risk evaluation process. The ISO 14971 Standard indicates in Annex D4 that the acceptability of risk is not specified by the Standard and must be determined by the manufacturer. In Clause 3.2 of the 14971 Standard, it states that, “Top management  shall: define and document the policy for determining criteria for risk acceptability.” This risk management policy is intended to indicate a threshold for risk acceptability. In Clause 5 of the 14971 Standard, the manufacturer is instructed to evaluate whether risks are acceptable using the risk management criteria defined in the risk management policy.

Essential requirements 1 and 2 require that risks be reduced as far as possible, and that all risks shall be included in a risk/benefit analysis—not just the risks above a certain threshold. Therefore, the requirement to establish a risk policy for the acceptability of risk directly contradicts the MDD.

Since the 2nd edition of the 14971 Standard was first issued (i.e., -2007), clients have been asking me how to establish acceptability criteria. For new devices, I recommend benchmarking the risks of the new device against existing devices. In other words, if the new device presents equal or lower risks than existing devices, then the risks of the new device are acceptable. For existing devices, I recommend performing a risk/benefit analysis, evaluating adverse events observed with the device against the benefits of using the device. Unfortunately, most companies choose arbitrary thresholds for acceptability of risk. Instead of relying upon benchmarking or risk/benefit analysis, companies will establish a policy that all risks must be below a quantitative value. For example, if the range of possible risks scores are from 1 to 1,000, all risks of 100 or less may be acceptable.

What is Acceptable?

In order to comply with the EN ISO 14971:2012 version of the risk management standard, you will need to implement risk controls for all risks, regardless of acceptability. However, you will also need to perform a risk/benefit analysis. The risk/benefit analysis should consider not only the benefits to patients and the risks of using the device, but the analysis should also consider relative benefits of using other devices.

The clinical evaluation report and the risk management report for the device should be based upon clinical evidence of the device for the intended use—including adverse events. For new devices that are evaluated based upon literature review of equivalent devices, Notified Bodies expect a Post-Market Clinical Follow-up (PMCF) study to be conducted in order to verify that the actual risk/benefit of the device is consistent with the conclusions of the clinical evaluation. In order to perform this analysis, a clinical expert is necessary to properly evaluate the risk/benefit ratio of the device, and to create a protocol for a PMCF study.

MEDDEV 2.12/2 rev 2, Post Market Clinical Follow-up Studies, indicates that the PMCF study protocol should indicate the study endpoints and the statistical considerations. In order to do this, your company will need to establish quantitative criteria for acceptability of the identified risks. Therefore, the existing 14971 Standard needs to be modified to clarify that risk acceptability criteria should be based upon clinical data, and evaluation of risks should be conducted at a later point in the risk management process (e.g., – as part of the overall risk/benefit analysis).

Impact of this Deviation

As your company becomes aware of the second deviation between the 14971 Standard and the Essential Requirements of the device directives, your risk management team will need to change the risk management process to clarify when risk acceptability should be evaluated, and the risk management policy should specify how acceptability should be determined.

The risk management process at your company will need to specify that implementation of risk controls is required for all risks—regardless of acceptability. You should also consider eliminating the evaluation of risk prior to implementation of risk controls. Instead, your company should base acceptability of risk solely upon the clinical risk/benefit analysis, and should involve the manufacturer’s medical officer in making this determination.

Finally, your risk management process should specify the need for PMCF studies in order to verify that actual clinical data supports the conclusion that the risk/benefit ratio is acceptable over the lifetime of the device.

Posted in: Risk Management

Leave a Comment (2) →

Benefits of Incorporating Risk Management into Procedure Documents

By Guest Blogger, Brigid Glass
8971385878 db2fe2e49a q Benefits of Incorporating Risk Management into Procedure DocumentsThe author discusses benefits of incorporating risk management into procedure documents. An example procedure for Record Control is included.

When I was first introduced to FMEA many years ago, I loved it. I loved the systematic approach, and  particularly appreciated using a Process FMEA to explain to those involved with a production process why certain controls had been put in place. I enthusiastically taught FMEA to our engineers. At the time, our bubbly, buoyant, outcomes-focused Training Manager said to me, “You Quality people have such a negative outlook. You’re always looking for what can go wrong!”  Well yes, but it’s our role to prevent things from going wrong!  I’d found a tool to help me with that.

Next, there was EN 1441, a risk analysis standard that never satisfied, and always felt incomplete. ISO 14971 followed, covering the entire lifecycle of a product, with closed feedback loops.  So now, risks in product and process design were well covered, but ISO 13485 section 7.1 asks us to “establish documented requirements for risk management throughout product realization.”  Many of us would acknowledge that we could do better, even though we pass audits.  And what about the rest of the quality management system?  I know that when we document a procedure, we already apply risk management principles in our heads, but we usually don’t apply them systematically, or write down the results.

The Idea

Recently, Rob Packard and I started work on a project that requires us to generate a full set of documentation for a QMS, compliant with both U.S. and EU requirements, including ISO 13485 and ISO 14971. We each had our own ideas on how best to write a procedure, but this project provided us an opportunity to get some synergy going. Rob wanted to address risk management in each procedure. “Yes!” I said, thinking that here was a chance to fill that gap. But then it was my job to develop the template for the procedures and work out how to accomplish this…

My first results looked very complicated, so I took the KISS (Keep It Simple, Stupid) approach: one column for the hazards and consequences, and one for the risk control measures.

What I didn’t include:

  • I started with more complex hazard documentation (hazard ID, impact, trigger event, etc), but felt the benefits in the context of a procedure document were not balanced by the extra complexity and work required for analysis and training. It would be a hard sell to users within an organisation who were not used to the risk management approach.
  • I decided not to assess risks and controls quantitatively for the same reasons as in the bullet point above.
  • Initially, I included references to implementation, but this would be difficult to maintain as other documents changed.
  • I thought about verification of implementation of risk controls, then decided to leave that verification to reviewers.

Below is an example from a procedure for Record Control where records are completed on paper, then scanned as a pdf. My list won’t be the same as your list, but it is illustrative.

brigid chart 1 Benefits of Incorporating Risk Management into Procedure Documents

Standards and regulations are essentially a set of risk controls, so they are the first starting point when identifying hazards. The list should include direct risks to product, risks to the integrity of the QMS and regulatory risks. For those of us who have been in this industry for awhile, experience, past mistakes, questions fielded in external audits and observations of other systems will yield further hazards and appropriate controls. Audits provide the opportunity to update and refine the list and test the control measures.

Benefits of Incorporating Risk Management into Procedure Documents

  • Impresses your ISO 13485 auditor!
  • When first writing procedure documents, starting the writing process by reviewing the external requirements, and systematically writing the risk section, sharpens the mind as to what must be included in the procedure. This is the same approach as in design controls, where we include risk mitigators that apply to product design in the design inputs. This is part of planning in the PDCA cycle.
  • Supports future decision-making, in the same way that the risk file for a product is considered when a design is changed. The risk control section of a procedure provides the criteria against which any improvement or change can be assessed. Will it enhance the risk controls, or might it introduce a new hazard?
  • Serves as the basis for training on the procedure. Making visible the link between potential hazards and procedural controls much more convincing than saying, “Do this because the procedure says so,” or, “It’s in the procedure because the regs say so.”

This is part 1 in a series of blogs that leads up to our Roadmap to Iso 13485 Certification Courses


Posted in: Risk Management

Leave a Comment (0) →
Page 1 of 2 12

Get every new post on this blog delivered to your Inbox.

Join other followers:

Simple Share Buttons
Simple Share Buttons