Risk Management and the Impact of EN ISO 14971:2012 Annex Z

Risk Management and the Impact of EN ISO 14971:2012 Annex Z BSI 2014 Medical Device Mini-Roadshow

Ibim Tariah Ph.D Technical Director, Healthcare Solutions

Copyright © 2014 BSI. All rights reserved.

1

Risk Management - Impact of Annex Z • Overview of ISO 14971:2007 • EN ISO 14971:2012 • Harmonized Standard – Differences from ISO Standard and 2009 version • Deviations – Presumption of Conformity

• BSI Audits • FAQs Regarding EN ISO 14971:2012*

* Included in presentation materials but not discussed Copyright © 2014 BSI. All rights reserved.

2

ISO 14971:2007 – Medical Devices – Application of Risk Management to Medical Devices


3

Definitions Combination of the probability of occurrence of harm and the severity of that harm Harm = Physical injury or damage to the health of people, or damage to property, or the environment

Risk =

Severity Low  High No harmDeath / Serious Injury

Occurrence Improbable  Frequent < X%  Y – Z% (Sometimes factor of occurrence of hazard x % of harm / hazard)


4

ISO 14971 – Main body (Clauses 1-3) 1 2 3

Scope Terms and definitions General requirements for risk management 3.1 Risk management process 3.2 Management responsibilities 3.3 Qualification of personnel 3.4 Risk management plan 3.5 Risk management file


5

ISO 14971 – Main body (Clauses 4-9) Clause 4: Risk analysis

Clause 9: Post-production information

Clause 5: Risk evaluation

Clause 8: Risk management report

Clause 6: Risk control

Clause 7: Residual risk evaluation


6

ISO 14971 – Overview of Annexes Annex A Annex B Annex C Annex D Annex E

(informative) Rationale for requirements (informative) Overview of the risk management process for medical devices (informative) Questions that can be used to identify medical device characteristics that could impact on safety (informative) Risk concepts applied to medical devices (informative) Examples of hazards, foreseeable sequences of events and hazardous situations

risk control benefit estimation

qualitative analysis “ALARP”

probability Copyright © 2014 BSI. All rights reserved.

7

ISO 14971 – Overview of Annexes Annex F Annex G Annex H Annex I Annex J

(informative) Risk management plan (informative) Information on risk management techniques (informative) Guidance on risk management for in vitro diagnostic (IVD) medical devices (informative) Guidance on risk analysis process for biological hazards (informative) Information for safety and information about residual risk

PHA

FTA

HACCP

FMEA HAZOP


8

Risk Management – EU Requirements • MDD • AIMDD • IVDD


9

Medical Devices – EU Risk Requirements Risks > Benefits



R

Benefits > Risks



B

R

B

Risks

Benefits


10

The Directives – Where is ‘Risk’? MDD 93/42/EEC “Risk”

ERs: 1 2 6 7.2, 7.4, 7.5, 7.6 8.1, 8.6 9.2, 9.3 11.2, 11.4 12.1, 12.5, 12.6, 12.7 13.5, 13.6

Total

41 Copyright © 2014 BSI. All rights reserved.

AIMDD 90/385/EEC ERs: 1 5 8 9 10 11 15

IVDD 98/79/EC ERs: A–1 2 B – 1.2 2.1, 2.2, 2.5, 2.7 3.2, 3.3, 3.4 5.3 6.2, 6.3, 6.4 7.1 8.6, 8.7

18

24 11

EN ISO 14971:2012 • EU harmonized standard for Risk Management • Allows the presumption of conformity to MDD, AIMD, and IVD • Published July 2012 & harmonized as of 30 August 2012.

http://ec.europa.eu/enterprise/policies/european-standards/harmonised-standards/medicaldevices/index_en.htm Copyright © 2014 BSI. All rights reserved.

12


• The previous version of the European Harmonized Standard • Obsolete as of 30 August 2012

EN ISO 14971:2012

• The current International Standard

EN ISO 14971:2009

ISO 14971:2007

What is the difference? • The current European Harmonized Standard • Changes within Foreword & Annex Zs only • No change to requirements (Normative Text) • i.e. clauses or requirements of the standard are exactly the same

13

Why was EN ISO 14971:2012 created? • A solution to formal objections raised by Swedish Competent Authority & European Commission on the harmonized status of a number of European Standards • Revision of Annex Z’s was made to provide greater clarity on applicability & alignment of ISO 14971 clauses with requirements of AIMDD, MDD & IVDD


14

EN ISO 14971:2012 – Z Annexes Example – Annex ZA (MDD)

• “Explains to which requirements, under which conditions and to what extent presumption of conformity can be claimed.”


15

EN ISO 14971:2009 – Z Annexes (Now Obsolete) • Compliance with all the requirement clauses in this standard will ensure that general aspects of medical devices related to patient risk and safety have been addressed. • For particular medical devices or for particular safety aspects, additional specific requirements may need to be complied with in order to meet the essential requirements.


16

EN ISO 14971:2012 – Content Deviations


17

EN ISO 14971:2012 – Content Deviations Essential Requirements (ERs) Impacted Deviation

MDD

AIMDD

IVDD

1 – Treatment of negligible risks

1, 2, 6, 7.1

1, 5, 9

A.1, A.2, B.1.1

2 – Discretionary power of mfr as to acceptability of risks

1, 2, 6, 7.1

1, 5, 9

A.1, A.2, B.1.1

3 – Risk reduction “as far as possible” vs. “as low as reasonably practicable”

1, 2, 6, 7.1

1, 5, 6, 9

A.1, A.2, B.1.1

4 – Discretion as to whether a riskbenefit analysis needs to take place

1, 6, 7.1

5&9

A.1 & B.1.1

5 – Discretion as to the risk control options / measures

2 & 7.1

-

A.2 & B.1.1

6 – Deviation as to the first risk control option

2 & 7.1

-

A.2 & B.1.1

7 – Information of the users influencing the residual risk

2 & 7.1

-

A.2 & B.1.1


18

Deviation No. 1 ‘...all risks, regardless of their dimension, need to be reduced as much as possible (and need to be balanced, together with all other risks, against the benefit of the device).’

MDD (AIMDD) IVDD

ISO 14971

‘D.8.2 ...the manufacturer may discard negligible risks.’


19

Were all risks considered for mitigation? Failure Mode

System Effect

RPN

Unstable Revision No tool available Implant to determine needed size

Initial Rating PRO

Surgeon implants a stem that is wrongly sized

Local Effect

SEV

Hip Stem

Cause of Failure

8

1

8

It is not sufficient just to determine that the risks are acceptable. It is also necessary to determine whether they have been reduced as far as possible. This can be stated line-by-line or categorically as a whole. Copyright © 2014 BSI. All rights reserved.

Risk Control Measure(s)

Risk Level

X-ray templates provided for each implant size; implants marked with size; clinical history of safety / performance

Acceptable Broadly &Acceptable reduced as far as possible

20

Deviation No. 2 ‘....all risks have to be reduced as far as possible (and that all risks combined, regardless of any "acceptability" assessment, need to be balanced, together with all other risks, against the benefit of the device).’

MDD (AIMDD) IVDD

‘5, 6.4, 6.5 & 7 ...manufacturers have the freedom to decide upon the threshold for risk acceptability.’ ‘D.6.1 …only nonacceptable risks have to be integrated into the overall riskbenefit analysis.’

ISO 14971


21

Are all risks reduced as far as possible? Extent of damage

Unacceptable Management Review Required - ALARP Broadly Acceptable

10 9 8 7 Probability of occurrence

6 5

Some risks cannot be categorically ignored if risk can be reduced further. All risks must be reduced as far as possible.


4 3 2 1 1

2

3

4

5

6

7

8

9

10

22

Deviation No. 3 ‘....risks to be reduced "as far as possible" without there being room for economic considerations.’

MDD AIMD IVD

‘3.4 & D.8 …contains the concept of reducing risks "as low as reasonably practicable.” The ALARP concept contains an element of economic consideration.’

ISO 14971


23

Are all risks reduced as far as possible? Extent of damage 10 9 8 7

There must be another step – ALARP concept should not allow economic factors to hinder mitigation, risks must be reduced as far as possible within stateof-the-art


Probability of occurrence

6 5 4 3 2 1 1

2

3

4

5

6

7

8

9

10

24

Were risks reduced as far as possible? Failure Mode

System Effect


RPN

Unstable Revision No tool available Implant to determine needed size

Initial Rating PRO

Surgeon implants a stem that is wrongly sized

Local Effect

SEV

Hip Stem

Cause of Failure

8

5

40 X-ray templates provided for every-other implant size; implants marked with size

Risk Level

ALARP

It is not reasonable in this example not to provide templates for each size. The economic impact of this should not be considered if this can reduce the risk. To make this determination, the state-of-the-art and available technology should be considered. Copyright © 2014 BSI. All rights reserved.

25

Deviation No. 4 MDD AIMDD (IVDD)

‘....an overall risk-benefit analysis must take place in any case, regardless of the criteria established in the mgmt plan of the mfr . . . (and requires undesirable side effects to "constitute an acceptable risk when weighed against the performance intended“).’ ‘6.5 ...an overall riskbenefit analysis does not need to take place if the overall residual risk is judged acceptable when using the criteria established in the risk mgmt plan. D.6.1 "A risk/benefit analysis is not required by this Int’l Std for every risk.“’

ISO 14971


26

The Directives – Where is ‘Benefit’? MDD 93/42/EEC “Benefit”

ERs: 1 7.4 11.2

AIMDD 90/385/EEC ERs: 10

IVDD 98/79/EC ERs: A–1

Total

3

1

1

“Risk”

41

18

24

MEDDEV 2.7.1 – Guidelines on Clinical Evaluation Report also discusses Risk / Benefit Analysis


27

Risk / benefit analysis done for all risks? Frequent Probable

2 6

Occasional Remote

Conduct Risk v Benefit 4

Consider Risk v Benefit Acceptable

3 3

Improbable


2 There must be a risk benefit analysis for all risks and an overall risk benefit analysis – not just unacceptable risks

28

Documentation of Risk / Benefit Analysis • Risk Management File o Combination of risk assessment / risk management report

• Clinical Evaluation Report (Frequently addressed here)


29

Deviation No. 5 ‘....”to select the most appropriate solutions”.....by applying cumulatively what has been called "control options” or "control mechanisms" in the standard.’

MDD IVDD

‘6.2 ...obliges the mfr to "use one or more of the following risk control options in the priority order listed.’ ‘6.4 …indicates that further risk control measures do not need to be taken if, after applying one of the options, the risk is judged acceptable according to the criteria of the risk mgmt plan.’

ISO 14971


30

All appropriate controls utilized? Failure Mode

System Effect

RPN

Brain Death damage

Initial Rating PRO

Monitor does not indicate high pressure situation

Local Effect

SEV

IntraHigh cranial pressure Pressure undetected Monitor

Cause of Failure

10

4

40

No control measures mentioned about alarms / warnings for high pressure situation. The current mitigation is not considered to be sufficient as preventive measures could mitigate the risk.



Monitor provides continuous digital display of ICP; operates on AC & for up to 3 hrs on battery

Risk Level

ALARP

31

Deviation No. 6 MDD (IVDD)

‘..."eliminate or reduce risks as far as possible (inherently safe design and construction)".’

‘6.2.... obliges the manufacturer to "use one or more of the following risk control options in the priority order listed: (a) inherent safety by design . . .” without determining what is meant by this term.’

ISO 14971


32

Were risks designed out if possible? Failure Mode

Failed repair

Revision

Initial Rating

7

5

35 Warp IFU knit

Risks must be designed out if possible. All risk control options must be applied until risks have been reduced as much as possible and any additional control option(s) do not improve the safety



RPN

System Effect

PRO

Design of Mesh mesh / frays cutting edge and suture pulls out

Local Effect

SEV

Mesh

Cause of Failure

mesh instructs design not to cut prevents mesh and fraying not to after placecut; multiple sutures sizes closer available; than 5 suture mm to pullout edge testing

Risk Level

Acceptable & reduced as far as possible

33

Deviation No. 7 ‘....users shall be informed about the residual risks. This indicates that....the information given to the users does not reduce the (residual) risk any further.’

MDD (IVDD)

‘2.15 & 6.4 …residual risk is defined as the risk remaining after application of risk control measures.’ ‘6.2 …regards "information for safety" to be a control option.’

ISO 14971


34

Residual risks incorrectly reduced? Device

Risk Control

12

IFU warning

RPN

3

PRO

4

Updated Rating SEV

RPN

Death

Initial Rating PRO

Emboli

Effect

SEV

Implant

Failure Mode

4

1

4

A warning does not reduce the probability of occurrence of an emboli. Copyright © 2014 BSI. All rights reserved.

35

Residual risks incorrectly reduced? Device

Failure Mode

Effect

Initial Rating

Instructions on how to use the device properly may mitigate the risk


IFU contains 4 pictures / instructions on how to correctly orient device with marked side down

RPN

12

PRO

RPN

3

Updated Rating SEV

PRO

SEV Mesh with Device Adhesions 4 Barrier implanted Membrane upsidedown

Risk Control

1

4

36

BSI Audits


37

Conformity Assessment Quality System n=70 Americas n=50 EMEA n=40 AsiaPacific

Microbiologist n=20


External Resource n=as needed

Technical Specialist n=80

38

BSI Audit – Key Questions • Are you aware of EN ISO 14971:2012? • How are you ensuring you meet the directive requirements? • Have you reviewed your existing Risk Management files, if needed? • Is there a plan in place to do so?


39

BSI Audit – Key Questions • Have all risks been reduced as far as possible? • Has a risk benefit analysis been conducted for all risks? • Have all risks been designed out if possible? • Have risks been incorrectly reduced by warnings placed on IFUs or provided in training? Copyright © 2014 BSI. All rights reserved.

40

Questions


41

FAQs Regarding EN ISO 14971:2012 1. If our procedures were written to comply with ISO 14971:2007, do we have to change them? The normative part of the standard is identical. Most likely. The Z Annexes (ZA, ZB, and ZC) discuss deviations from the standard relative to the ability to comply with the MDD, AIMD, and IVDD. Therefore, additional steps must usually be taken in order to demonstrate compliance with the Essential Requirements (ERs) within the directives. In many cases, changes will need to be made to address the following (at a minimum): ensuring that • ALL risks are reduced as far as possible; • a risk/benefit analysis was conducted and considers all individual and overall risks; • ALL risks have appropriate controls and the risks have been designed out if possible (MDD & IVDD only); • risks have not been inappropriately reduced by labeling alone (MDD & IVDD only).


43

FAQs Regarding EN ISO 14971:2012 2. Isn’t the point of risk management to focus on the big risks?

It is true that risk management activities have historically focused on identifying and reducing risks that have been unacceptable or were significant. However, the directives do not make distinctions in risk levels and simply refer to reducing ALL risks. Therefore, based on current thinking, in order to comply with the directives, the focus should be on reducing ALL risks.

3. As a manufacturer, how can we not take into account any economic considerations? It is understood that all risks cannot be eliminated and that the manufacturer is bound by the level of current technology and the state-of-the-art. It is also understood that a single device may not be intended for all individuals / applications and could be limited to certain populations. Therefore, the expectation is that if there are means to reduce risks for the intended use by available technologies and the state-of-the-art, that these measures should be taken. As risk management is also an active process that should continue to be evaluated post-production, if new technologies or the state-of-the-art change after the device was released, the question as to whether ALL risks have been reduced as far as possible should continue to be evaluated. Copyright © 2014 BSI. All rights reserved.

44

FAQs Regarding EN ISO 14971:2012 4. Our QMS auditor said our RM procedures were effective and met EN ISO 14971:2012. We don’t understand why the Technical Reviewer gave us a non-conformity for risk management. The primary responsibility for the QMS auditor is to review the manufacturer’s procedures to ensure that they meet ISO 13485 and to sample records to ensure that the procedures have been executed appropriately. On the other hand, the primary responsibility for the Technical Reviewer is to review the output of the QMS system (i.e. Technical Documentation) and ensure that the product conforms to the applicable directive. Therefore, it is possible for the procedures and some of the records to have been updated to ensure compliance with EN ISO 14971:2012 but that the file(s) being reviewed by the Technical Reviewer do not demonstrate compliance with the directive.


45

FAQs Regarding EN ISO 14971:2012 5. Do we have to change all our historical RM files or can we just address new product development and product changes? All files should be reviewed (based on a risk commensurate plan) to ensure that they comply with the directives and updated accordingly. Demonstration of compliance is expected.

6. Does BSI expect a line-by-line risk/benefit analysis? No. The manufacturer is expected to consider all individual risks and the overall risk in a risk / benefit analysis. How that is done is up to the manufacturer. BSI expects that the manufacturer documents (procedurally) how they intend to do this and executes this procedure.


46

FAQs Regarding EN ISO 14971:2012 7. We have used a “no-train, no-sale” policy to reduce the risk of issues. Could this be used to reduce the probability of occurrence? Potentially. Deviation 7 only addresses not using information given to the users (i.e. in the IFU or through training) to reduce risks further. Therefore, if the training program is being used to teach the user proper operation of the device, this would most likely not be considered providing information to address residual risk. However, if this is being used as a forum to convey residual risk about the device, this would not be considered an appropriate way to mitigate risk.


47

FAQs Regarding EN ISO 14971:2012 8. BSI agreed at the last design exam certification review that the RM files were acceptable and met the ERs. The device has not changed. Why is this not still acceptable? Harmonized standards are used as a method to convey state-of-the-art thinking on how compliance with the clauses of the standard confer a presumption of conformity with the associated directive and EFTA regulations. The Z Annexes explain to which requirements, under which conditions, and to what extent presumption of conformity can be claimed. Publishing of EN ISO 14971:2012 changed the state-of-the art view of these conditions. Therefore, while previous submissions may have allowed full presumption of conformity with the directives, this is no longer possible unless additional information is provided to address the deviations.


48

Risk Management and the Impact of EN ISO 14971:2012 Annex Z

Recommend Documents