We will begin the web conference shortly. When you arrive, please type the phone number from which you are calling into the chat field.

Transcription

1 Welcome We will begin the web conference shortly. When you arrive, please type the phone number from which you are calling into the chat field. To login to the audio portion of the web conference, dial on your phone and use the access code provided to you when prompted. If you are calling from Mexico, dial Issue 4: BSI Overview of ISO 14971:2007 Application of Risk Management to Medical Devices Issue 4: BSI Issue 4: 06/20/ BSI Management Systems 1

2 Learning Objectives 3 Understand the importance of top management involvement with ISO 14971:2007 Understand the impact of ISO 14971:2007 implementation on medical device organizations Discuss recent changes in definitions and the impact of new areas of emphasis Consider the life-cycle concept as it impacts medical device design, manufacturing, and postproduction information Risk Management Introduction Issue 4: BSI Issue 4: 06/20/ BSI Management Systems 2

3 Why Perform Risk Analysis? 5 All regulatory agencies require it: the FDA views as improvement the EU, Canada and Japan require risk management Risk analysis allows for matching of regulatory controls to level of risk of the device, i.e. higher classification implies more controls ALL devices must be judged safe by the manufacturer and risk management ensures that manufacturer documents safety before going to market Cost of an Unacceptable Risk 6 Before design $5,000 After design $50,000 After production $500,000 After vigilance $3,000,000 After litigation $20,000,000 More importantly, the cost to the PATIENT! Issue 4: 06/20/ BSI Management Systems 3

4 ISO 14971:2007 Risk Management 7 Increasingly, the importance of a safety review is being recognized as an important risk management tool Failure to identify risks to safety, and the inability to address or control these risks, can result in massive costs, both human and economic Risk management defined in ISO 14971:2007 is a tool to help the manufacturer control the risks to humans ISO 14971:2007 Requirements Top Management Support 8 Demonstrate commitment by: Defining policy for determining acceptable risk Providing adequate resources Ensuring trained/qualified personnel (medical device and risk management techniques) Reviewing results of risk management to ensure continuing suitability and effectiveness Note: See 3.2, ISO 14971:2007 Issue 4: 06/20/ BSI Management Systems 4

5 ISO 14971:2007 Requirements Risk Management Process 9 Risk Analysis Risk Evaluation Risk Control Note: See Figure 1, ISO 14971:2007 Acceptable Residual Risk? Final Report Production and Postproduction information ISO 14971:2007 Requirements Risk Management Plan 10 Risk management plan for each medical device or accessory: The scope of the plan Verification plan Allocation of responsibilities Requirements for the review of risk management activities Criteria for risk acceptability Plan for production and postproduction information gathering Note: See 3.4, ISO 14971:2007 Issue 4: 06/20/ BSI Management Systems 5

6 Product Safety 11 Control measures can reduce the risk to a level which is acceptable to the current values of society If all the residual risks have been reduced to an acceptable level, the product can be considered safe (in other words, there is freedom from unacceptable risk) The manufacturer makes.and documents this decision ISO 14971:2007 Requirements Risk Management File 12 Risk management file includes: Risk management plan Results of all risk management activities Maintained records Traceability for each identified hazard Note: See 3.5, ISO 14971:2007 Issue 4: 06/20/ BSI Management Systems 6

7 Statements of Applicability Issue 4: BSI Applicability of ISO 14971: The standard can be used to develop a process: To identify the hazards associated with medical devices To estimate and evaluate the risks To control these risks To monitor the effectiveness of the control Which can be applied to all stages of the life cycle of a medical device Which can be an integral part of a quality system Issue 4: 06/20/ BSI Management Systems 7

8 Meeting ISO 14971:2007 Requirements The risk management process can be a subset of another process, but must be defined, documented, and maintained The risk management file can be a subset of the design history file (DHF), but must provide traceability to identified hazards Post-market risk management reviews can be an update tab to the DHF or part of the complaint file Use cross-functional teams from existing organization to identify hazards 15 Applicability of ISO 14971: ISO 14971:2007 will: Provide a model for a risk management plan Give guidance for safety and information about residual risk Ensure that the options for risk management tools are understood, including: PHA [preliminary hazard analysis] FTA [Fault tree analysis] FMEA [failure mode effects analysis] HAZOP [hazard and operability studies] HACCP [hazard analysis and critical control point] Issue 4: 06/20/ BSI Management Systems 8

9 Applicability of ISO 14971: The standard does not: Apply to clinical judgments relating to the use of a medical device Specify acceptable risk levels Require that the manufacturer have a formal quality system in place Applicability of ISO 14971: International Standards related to risk management: IEC :2005 ISO TS ISO IEC TS IEC TEC TS IEC ISO IEC ISO IEC ISO IEC IEC/TR EN In 2003, there were about 8 technical or QS standards which had incorporated risk analysis into the process. Issue 4: 06/20/ BSI Management Systems 9

10 Application of ISO 14971:2007 to ISO 13485:2003 Issue 4: BSI ISO 14971:2007 and ISO 13485: The organization shall establish documented requirements for risk management throughout product realization. Records arising from risk management shall be maintained. (ISO 13485:2003, 7.1) Note the concept of life-cycle, e.g. throughout product realization [all phases from initial concept to final decommissioning] Product realization = planning, customer-related processes, design control, purchasing, production, traceability, control of monitoring and measuring equipment Issue 4: 06/20/ BSI Management Systems 10

11 ISO 14971:2007 and ISO 13485: Inputs relating to product requirements shall be determined and record maintained. These inputs shall include output(s) of risk management. (ISO 13485:2003, 7.3.2) There is a Reference to ISO in note 3 under clause 7.1 Consider risk related to installation and servicing Definitions and Terms Issue 4: BSI Issue 4: 06/20/ BSI Management Systems 11

12 ISO 14971:2007 Definitions 23 Medical devices are products intended for: Diagnosis, prevention, monitoring, treatment, or alleviation of disease Diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or handicap Investigation, replacement, or modification of the anatomy or of a physiological process Control of conception ISO is a standard a manufacturer may use to identify hazards associated with medical devices, and to estimate, evaluate, control, and monitor the effectiveness of the process ISO 14971:2007 Keywords 24 Hazardous situation Risk Risk analysis Risk evaluation Risk assessment Risk control Residual risk Risk management Risk Estimation (new) Life Cycle (new) Issue 4: 06/20/ BSI Management Systems 12

13 ISO 14971:2007 Definitions 25 Hazard Hazardous Situation (new area of focus) Risk Risk Analysis Risk Evaluation Risk Assessment Potential source of harm Circumstance in which people, property, or the environment are exposed to one or more hazard(s) Probability of the occurrence of harm and the severity of that harm Systematic use of available information to identify hazards and estimate risk Process of comparing the estimated risk against given risk criteria to determine the acceptability of risk Overall process comprising a risk analysis and a risk evaluation ISO 14971:2007 Definitions 26 Risk Control Residual Risk Risk Management Process in which decisions are made and measures implemented by which risk are reduced to, or maintained within specified levels Risk remaining after protective measures have been taken Systematic application of management policies, procedures, and practices toward analyzing, evaluating, controlling and monitoring risk Issue 4: 06/20/ BSI Management Systems 13

14 ISO 14971:2007 Definitions 27 New Definitions Risk Estimation Life Cycle Risk Management File (modified) Definitions in 14971:2007 are also now in alphabetical order Process used to assign values to the probability of occurrence of harm and the severity of that harm All phases in the life of a medical device, from the initial conception to final decommissioning and disposal Risk Management file must include outputs from the steps of the risk management process. In addition, it shall provide traceability for each identified hazard to the solutions adopted (2.23 and 3.5) The Risk Management Process Issue 4: BSI Issue 4: 06/20/ BSI Management Systems 14

15 ISO 14971:2007 Risk Management Process 29 Risk Analysis Intended use/purpose Hazard identification Risk estimation each hazardous situation Risk Evaluation Risk Assessment Risk Control Option analysis Implementation Residual risk evaluation Risk/benefit analysis Consequential risks Completeness of control Risk Management Evaluation of overall risk acceptability Risk management report Production and post-production Planning is Essential Before Conducting Risk Management 30 Risk Management Process Define Process (3.1) Evidence of of Top Management Commitment Demonstrated (3.2) Process must be established documented, maintained, consider life-cycle, analysis, evaluation, control, production and post-production Risk Management Records Qualification of of personnel (3.3) The Plan (3.4) The File (3.5) Assignment of qualified personnel Define acceptability policy Periodically review the process Measure effectiveness Issue 4: 06/20/ BSI Management Systems 15

16 Risk Management Process (4.1) 31 Start Risk Analysis Identified use/intended purpose Identify characteristics (4.2) Identify known and/or foreseeable hazards (4.3) Estimate risk(s) for for each hazardous situation (4.4) Risk Evaluation Is Is risk reduction necessary? (5) (5) If If no, no, proceed to to If If yes, apply control (6.1) Risk Management Process Control 32 Identify appropriate risk control measure(s), record risk control requirements (6.2) Risk Control Is Is the the risk reducible? If If Yes Implement, record and verify appropriate measures (6.3) If If not not practicable, perform risk/benefit analysis(6.5) Is Is the the residual risk acceptable? (6.4) Issue 4: 06/20/ BSI Management Systems 16

17 Risk Management Process Control 33 Risk/Benefit analysis (6.5) Risk Control Are Are other hazards generated? (6.6) Completeness of of risk control (6.7) Risk Management Process Evaluate, Report, Produce, Monitor 34 Overall residual risk evaluation Is Is overall residual risk acceptable? (clause 7) 7) Complete risk management report (clause 8) 8) If If unacceptable, further data may be be relevant. For For overall residual, decide which to to disclose Begin Production (clause 9) 9) Postproduction information Review post-production information (clause 9) 9) Is Is reassessment of of risk necessary? (clause 9) 9) Issue 4: 06/20/ BSI Management Systems 17

18 Risk Management Application of Risk Management to Medical Devices Issue 4: BSI Risk Analysis ISO 14971:2007, Clauses Issue 4: BSI Issue 4: 06/20/ BSI Management Systems 18

19 Risk Analysis 37 Determine which tools the team will use to fulfill the requirements Describe intended use/intended purpose and any reasonably foreseeable misuse List all qualitative and quantitative characteristics that could affect safety and determine limits Maintain records Check compliance Risk Analysis 38 Annex C Annex G Questions to help identify medical device characteristics that could impact safety Information on Risk Management Techniques Issue 4: 06/20/ BSI Management Systems 19

20 4.3 Risk Analysis Hazard Identification 39 List known or foreseeable hazards in both normal and fault conditions Identify previously recognized hazards Consider and record foreseeable sequences of events that may result in a hazardous situation 4.3 Risk Analysis Hazard identification 40 Table E.1 Table E.2 Annex H.2.4 Examples of hazards Examples of initiating events and circumstances Identification of known and foreseeable hazards Issue 4: 06/20/ BSI Management Systems 20

21 4.3 Risk Analysis Hazard Identification 41 Hazards not previously recognized can be identified by systematic methods: Failure Mode Effect Analysis (FMEA) Failure Mode Effect and Criticality Analysis (FMECA) Fault Tree Analysis (FTA) Hazard and Operability Study (HAZOP) Hazard Analysis and Critical Control Point (HACCP) Maintain records Check compliance Note: See Annex G for information on risk analysis techniques/tools to consider 4.3 Risk Analysis Hazard Identification 42 The importance of choosing tools: Brainstorming can only take the team so far Component level failures, system level failures, impact of sequences of events are sometimes best analyzed with different tools Different tools can be put to best use at different periods on the life-cycle Some tools are better adapted to hardware and some to software Issue 4: 06/20/ BSI Management Systems 21

22 Hazard 43 There is a risk that a patient may come to some harm if they are exposed to a hazard The 2007 version of the standard emphasizes hazardous situation leading to the questions: For the hazards we have identified, what circumstances would lead to exposure to one or more of these hazards? How could the hazard impact the patient, care giver or environment? Risk is a combination of the probability of occurrence and the severity of the harm which would occur, so hazards lead to hazardous situations which lead to risks ISO 14971:2007 Requirements Risk Management Concept 44 Intended Use Hazard Hazardous Situation Risks Note: See Figure 1, ISO 14971:2007 Issue 4: 06/20/ BSI Management Systems 22

23 4.4 Risk Analysis Estimation of the Risk 45 Estimate the risks in both normal and fault conditions Consider sequences of events that can lead to a hazardous situation List possible consequences (severity) for hazards even when the probability of the occurrence of harm cannot be estimated Maintain records Check compliance 4.4 Risk Analysis Estimation of the Risk 46 Examine initiating events or circumstances Consider any mitigating features already designed-in, or proven in the market Issue 4: 06/20/ BSI Management Systems 23

24 4.4 Risk Analysis Estimation of the Risk 47 Information for estimating risks can be obtained from: Published standards Scientific technical data Field data from similar medical devices Usability tests with typical users Clinical evidence Results of relevant investigations Expert opinions External quality assessment schemes 4.4 Risk Analysis Estimation of the Risk 48 Annex D Table E.3 Risk Concepts applied to medical devices. Guidance on hazards, risk estimation, risk acceptability, risk control, risk/benefit analysis (with examples), and overall risk evaluation Relationship between hazards, foreseeable sequences of events, hazardous situations and harm that can occur Issue 4: 06/20/ BSI Management Systems 24

25 4.4 Risk Analysis Estimation of the Risk 49 Effect Catastrophic Critical Serious Minor Negligible Criteria: Severity of Effect Results in patient death Permanent impairment or lifethreatening injury Injury or impairment requiring professional medical intervention Temporary injury or impairment not requiring professional medical intervention Inconvenience or temporary discomfort Ranking S4 S3 S2 S1 S0 4.4 Risk Analysis Estimation of the Risk 50 Probability 1:1 1:10 1:100 1:1,000 1:10,000 Criteria: Probability of Effect Certain to occur Frequently occurs Occasionally occurs Remote chance of occurring Very unlikely to occur Ranking P4 P3 P2 P1 P0 Issue 4: 06/20/ BSI Management Systems 25

26 Risk Analysis-FMEA FMEA is one of the tools for risk analysis Issue 4: BSI FMEA, FTA, HAZOP, PHA and HACCP Informative Annex G in the risk management standard provides excellent guidance on choice of tool options: 52 For this course, we will study and perform FMEA on the design of a medical device, sometimes known as a design FMEA or DFMEA A process FMEA can also be conducted using the same tool Note: BS EN FMEA Procedure Issue 4: 06/20/ BSI Management Systems 26

27 FMEA in Design Control 53 Perform early in design cycle so that removal or mitigation of failure mode is most cost effective FMEA should be an iterative process, particularly when considering other generated hazards FMEA results in a team composed of individuals qualified to recognize consequence and magnitude of hazards FMEA in Design Control 54 Design FMEA: assumes the product will be manufactured to meet the design does not rely on process controls to overcome potential design weaknesses examines technical and physical limits of a manufacturing or assembly and test process if successful, involves representatives from all areas of the organization Issue 4: 06/20/ BSI Management Systems 27

28 FMEA Activities 55 Assign a rating for severity and probability for each hazard Calculate risk Determine the most appropriate corrective/ preventive actions based on the risk acceptability policy Carry out the recommended action Recalculate risk Document any other generated hazards FMEA - Risk 56 A general relation regarding a measure of a potential risk, R, in a FMEA can be expressed as: R = S x P Where S = Severity and P = Probability Issue 4: 06/20/ BSI Management Systems 28

29 What FMEA Can Do 57 Identify failure modes Determine their probability Help prioritize actions to be taken Allow for mitigation of failure modes Provide mitigation status Help increase system/item reliability Complement FTA What FMEA Cannot Do 58 Model interaction of failure modes (each failure mode is considered independent; especially an issue in software/hardware interactions) Predict/assess system/item reliability over the life-cycle Monitor and evaluate reliability improvements and final product reliability Issue 4: 06/20/ BSI Management Systems 29

30 FMEA: Follow-Up Actions 59 FMEAs are living documents FMEAs should always reflect latest design levels Focus should always be on improving safety of medical device before placing it on the market Risk Evaluation ISO 14971:2007, Clause 5 Issue 4: BSI Issue 4: 06/20/ BSI Management Systems 30

31 5 Risk Evaluation 61 For each identified hazard: Q: When is risk reduction NOT required? A: Factors to consider: If risks are identified as acceptable If estimated risk is so low that risk controls are not necessary Criteria defined in the risk management plan and requirements in relevant technical standards Maintain records Check compliance Note: If no further risk control is necessary, proceed to Risk Evaluation 62 Identify hazard Estimate risk Is risk high enough to warrant risk reduction? YES Reduce Risk NO Does benefit outweigh risk after reduction? YES NO ACCEPT DESIGN DENY DESIGN Issue 4: 06/20/ BSI Management Systems 31

32 Risk Control ISO 14971:2007 Clauses Issue 4: BSI 6 Risk Control 64 When risk reduction is indicated, the organization must follow the processes as noted: Option analysis Implementation of risk control measures Residual risk evaluation Risk/benefit analysis Review of other generated hazards Evaluation of completeness of risk control Issue 4: 06/20/ BSI Management Systems 32

33 Risk Control Option Analysis 65 Identify measures to reduce risk to an acceptable level by priority: Inherently safe design Protective measures Information on safety Select risk control measures based on relevant product standards Maintain records Check compliance Risk Control Option Analysis 66 Annex D Annex J Guidance on situations where the probability of harm cannot be estimated Information for safety and residual risk information and disclosure Issue 4: 06/20/ BSI Management Systems 33

34 6.3 Risk Control Implement Measures 67 Implement and verify risk control measures by priority Verify implementation of control measures Verify effectiveness of control measures Maintain records Check compliance 6.4 Risk Control Residual Risk Evaluation 68 Evaluate residual risks using criteria defined in the risk management plan For any residual risk that doesn t meet plan criteria, implement further risk control measures Decide on which information to disclose to explain residual risk in the appropriate accompanying documents supplied by the manufacturer Maintain records Check compliance Issue 4: 06/20/ BSI Management Systems 34

35 6.5 Risk Control Risk/Benefit Analysis 69 Further risk control is not practicable Determine if benefits outweigh the residual risk NO If If benefits DO NOT outweigh risk YES If If benefits DO outweigh risk Risk is UNACCEPTABLE Proceed to Risk Control Risk/Benefit Analysis 70 The manufacturer will decide which residual risks are relevant to explain in accompanying documents Maintain records Check compliance Note: See Annex D.6.1-D6.5 Issue 4: 06/20/ BSI Management Systems 35

36 6.6 Risk Control Other Generated Hazards 71 Review risk control measures to identify if other hazards or hazardous situations are introduced by risk control measures Assess estimated risks for impact on hazards previously identified Maintain records Check compliance 6.7 Risk Control Completeness of Risk Evaluation Ensure that risks from all identified hazards have been evaluated Maintain records Check compliance 72 Traceability is not required in the final report, but it now is required in the risk management file to ensure that all identified hazards have been addressed Issue 4: 06/20/ BSI Management Systems 36

37 Evaluation of Overall Risk Acceptability ISO 14971:2007, Clause 7 Issue 4: BSI 7 Overall Risk Evaluation 74 Determine if the overall residual risk of the device is acceptable after all measures have been implemented and verified If judged unacceptable, determine if additional proof supporting medical benefits supports a conclusion in favor of the product Final conclusion after the study must support benefits outweighing any residual risk or product cannot be taken to market Risk Medical Benefits Issue 4: 06/20/ BSI Management Systems 37

38 7 Overall Risk Evaluation 75 Annex D.7.1-D.7.8 Annex J Guidance on overall residual risk evaluation Guidance on how residual risks can be disclosed Risk Management Report ISO 14971:2007, Clause 8 Issue 4: BSI Issue 4: 06/20/ BSI Management Systems 38

39 8 Risk Management Report 77 Prior to commercial distribution, the report must be reviewed to ensure that: Risk management plan has been appropriately implemented Overall residual risk is acceptable Methods in place for production and surveillance Check compliance Review conducted in accordance with plan and properly authorized in accordance with the plan 8 Risk Management Report 78 The risk management report should address all hazards known or reasonably foreseeable for the particular product types and technologies involved The report must address likelihood and consequences of occurrence of harm and measures taken to reduce the residual risks to acceptable levels Issue 4: 06/20/ BSI Management Systems 39

40 Production and Post- Production Information ISO 14971:2007, Clause 9 Issue 4: BSI 9 Production 80 The manufacturer shall gather and review information during production processes: Consider production, operators, and users Consider installation and maintenance Consider impact of new or revised standards Production considerations were not clearly addressed in the previous version of the standard as it went from the report to post-production information. The requirement now makes it clear that the expectation is that the report and conclusions are fully completed before production begins Issue 4: 06/20/ BSI Management Systems 40

41 9 Post-Production Information 81 Establish, document, and maintain a system to review information gained about the medical device or similar devices in the post-production phase Evaluate the information for possible relevance to safety, especially the following: If previously unrecognized hazards are present If the estimated risk arising from a hazard is no longer acceptable If the original assessment is otherwise invalidated (by post-market data) Evaluate the effectiveness of the risk management process 9 Post-Production Information 82 Post-production information will come from complaints, but should not be limited to complaints For ease of analysis, data should be coded Consider coding by hazards generated, including user error from misuse (whether accidental, or intentional if the information implies misuse on other products) Review data at defined intervals Ensure management is informed of the post-production review (e.g., as an agenda item to management review) Issue 4: 06/20/ BSI Management Systems 41

42 Variables Driving the Cost and Duration of Implementation Issue 4: BSI Implementation: Cost and Time 84 Start with top management support for the process, policy, and training [in tools and in expertise for MD usage] Develop a good risk management plan with defined criteria for acceptability Get management acceptance of the plan and determine when their approval is needed or not needed Involve risk management team in plan so they understand the criteria Issue 4: 06/20/ BSI Management Systems 42

43 Implementation: Cost and Time 85 Invest more time in determining intended use and foreseeable misuses Decide which tools are most appropriate at which stages of the life-cycle Invest a lot more time in listing hazards early on in the program. It is much better to identify 900 hazards and mitigate 100, than to identify 100 hazards and mitigate 50 Implementation: Cost and Time 86 Train personnel on risk management techniques ahead of time Train personnel on intended use of the device as well as intended environment of use and consider hands-on activities Utilize relevant standards Leverage existing systems Issue 4: 06/20/ BSI Management Systems 43

44 Next Steps 87 For further guidance on medical devices go to: or call (USA) (Canada) Questions/Final Thoughts 88 If you have any further questions, comments, or suggestions, please us: Issue 4: 06/20/ BSI Management Systems 44

45 Thank You for Participating! Issue 4: BSI Issue 4: 06/20/ BSI Management Systems 45