This article defines the requirements for design and risk management planning that were used to create our new design plan template.
Why combine Design and Risk Management Plans into a Design Plan Template?
There are two primary reasons for combining your risk management plan with your design plan. The first reason is to reduce the number of documents you must maintain and control. The second reason is that there are different requirements for risk management during the design process and after the commercial release of a new product. Therefore, you will need one risk management during the design phase, and a second risk management plan after your product is released. You can achieve this by incorporating your risk management plan with your design plan and your post-market surveillance plan. Therefore, you only need to maintain two documents instead of four.
Six requirements for your design plan?
There are no specific design planning requirements in the European MDR, but the requirements for design planning are specified in ISO 13485:2016, Clause 7.3.2. In the previous version of ISO 13485, the requirement for a design procedure and a design plan were combined into one clause (i.e., Clause 7.3.1). Now, these two requirements have been split into independent clauses. The requirement to manage the interfaces between various groups involved in the design project was removed from the requirements for design planning in the new version of the standard, but three additional requirements were added. The following sub-clauses did not change (although numbering changed):
- 7.3.2a) document the design and development stages
- 7.3.2c) document verification, validation and transfer activities required at each stage
- 7.3.2d) document responsibilities and authorities
The first new requirement in your design plan template
The first new requirement is in Clause 7.3.2b). You are required to document the design reviews required at each stage. This does not mean that a review is required at every stage, but your plan should specify at which stages you will conduct a review. At a minimum, a final design review is required for the commercial release of the device. My recommendation is to have a review at every stage for every project. If your design inputs have not changed from the previous version of the device, then the stage leading up to the approval of design inputs will be very short, and that design review meeting can be 30 minutes or less. If you make changes to your design control procedure in the middle of a project, I recommend that you maintain compliance with the existing procedure until the next design review. The design review gives you an excellent opportunity to document changes to the design procedure, design plan, and any other adjustments to the documentation that may require the completion of a new version of a form.
The second new requirement in your design plan template
The second new requirement is in Clause 7.3.2e). You are required to document methods of traceability between design inputs and outputs–including your risk controls. This is a requirement that most companies do poorly. In theory, you can use a spreadsheet to list all the design inputs, and the adjacent column can list the corresponding design outputs. Many companies use an input / output / verification / validation (IOVV) diagram. You can also add the user’s needs to this diagram. The challenge with the method of documentation is that it is labor-intensive to make updates. You must update the references to inputs every time a standard is updated. The outputs must be updated every time a drawing or specification is changed. Every time you update a verification or validation testing report, the diagram must be updated too.
The third new requirement in your design plan template
The third new requirement is in Clause 7.3.2f). You are required to document the resources needed at each stage–including the necessary competence of personnel. In general, companies experiencing difficulties in documenting competency for personnel, but this requires that you document competency for each person on a design project for each stage. My recommendation is to keep it simple. Tables are usually the simplest way to document this type of information. For example, you can use a three-column table: 1) role, 2) responsibility, 3) competency requirements. In general, I recommend that anyone on your design team has training in design controls and risk management. However, training and competency are not equivalent. To demonstrate competency, you must have prior experience documented in that area.
What is required in a Risk Management Plan?
EN ISO 14971:2019 requires a risk management plan in Clause 4.4. In addition, there are requirements in Regulation (EU) 2017/745. Specifically, in Essential Requirement 3:
- (a) establish and document a risk management plan for each device;
- (b) identify and analyze the known and foreseeable hazards associated with each device;
- (c) estimate and evaluate the risks associated with, and occurring during, the intended use and during reasonably foreseeable misuse;
- (d) eliminate or control the risks referred to in point (c) in accordance with the requirements of Section 4;
- (e) evaluate the impact of information from the production phase and, in particular, from the post-market surveillance system, on hazards and the frequency of occurrence thereof, on estimates of their associated risks, as well as on the overall risk, benefit-risk ratio, and risk acceptability; and
- (f) based on the evaluation of the impact of the information referred to in point (e), if necessary, amend control measures in line with the requirements of Section 4.
In our previous blog on changes to the risk management process, we identified nine activities that should be included in your risk management plan:
- Hazard identification
- Risk estimation
- Risk evaluation
- Risk control option analysis
- Risk control verification of effectiveness
- Benefit/Risk analysis
- Evaluation of overall residual risk
- Risk management review
- Production and post-production activities
How to purchase our new Design Plan Template
Medical Device Academy’s new design plan template is an associated form sold with the purchase of either of the following procedures: 1) Design Control Procedure (SYS-008), 2) Risk Management Procedure (SYS-010). You can also learn more about design control requirements by registering for our updated design controls training webinar.
Other Blogs About Design Controls
Medical Device Academy wrote the following blogs on the topic of design controls:
- Implementing Design Controls – 10 Steps
- Auditing Design Controls – 7 Step Process
- How to Write Design Controls Procedures
- Product Launch Design Planning for a 510(k) Submission in 300 Days or Less
- DHF Template – Format and Content of Design History File
Other Webinars About Design Controls
The following webinars are available on the topic of design controls:
Pingback: Before 510k clearance, what quality system requirements are needed? Medical Device Academy