Risk Management and the Impact of EN ISO 14971:2012 Annex Z BSI 2014 Medical Device Mini-Roadshow
Ibim Tariah Ph.D Technical Director, Healthcare Solutions
Copyright © 2014 BSI. All rights reserved.
1
Risk Management - Impact of Annex Z • Overview of ISO 14971:2007 • EN ISO 14971:2012 • Harmonized Standard – Differences from ISO Standard and 2009 version • Deviations – Presumption of Conformity
• BSI Audits • FAQs Regarding EN ISO 14971:2012*
* Included in presentation materials but not discussed Copyright © 2014 BSI. All rights reserved.
2
ISO 14971:2007 – Medical Devices – Application of Risk Management to Medical Devices
Copyright © 2014 BSI. All rights reserved.
3
Definitions Combination of the probability of occurrence of harm and the severity of that harm Harm = Physical injury or damage to the health of people, or damage to property, or the environment
Risk =
Severity Low High No harmDeath / Serious Injury
Occurrence Improbable Frequent < X% Y – Z% (Sometimes factor of occurrence of hazard x % of harm / hazard)
Copyright © 2014 BSI. All rights reserved.
4
ISO 14971 – Main body (Clauses 1-3) 1 2 3
Scope Terms and definitions General requirements for risk management 3.1 Risk management process 3.2 Management responsibilities 3.3 Qualification of personnel 3.4 Risk management plan 3.5 Risk management file
Copyright © 2014 BSI. All rights reserved.
5
ISO 14971 – Main body (Clauses 4-9) Clause 4: Risk analysis
Clause 9: Post-production information
Clause 5: Risk evaluation
Clause 8: Risk management report
Clause 6: Risk control
Clause 7: Residual risk evaluation
Copyright © 2014 BSI. All rights reserved.
6
ISO 14971 – Overview of Annexes Annex A Annex B Annex C Annex D Annex E
(informative) Rationale for requirements (informative) Overview of the risk management process for medical devices (informative) Questions that can be used to identify medical device characteristics that could impact on safety (informative) Risk concepts applied to medical devices (informative) Examples of hazards, foreseeable sequences of events and hazardous situations
risk control benefit estimation
qualitative analysis “ALARP”
probability Copyright © 2014 BSI. All rights reserved.
7
ISO 14971 – Overview of Annexes Annex F Annex G Annex H Annex I Annex J
(informative) Risk management plan (informative) Information on risk management techniques (informative) Guidance on risk management for in vitro diagnostic (IVD) medical devices (informative) Guidance on risk analysis process for biological hazards (informative) Information for safety and information about residual risk
PHA
FTA
HACCP
FMEA HAZOP
Copyright © 2014 BSI. All rights reserved.
8
Risk Management – EU Requirements • MDD • AIMDD • IVDD
Copyright © 2014 BSI. All rights reserved.
9
Medical Devices – EU Risk Requirements Risks > Benefits
R
Benefits > Risks
B
R
B
Risks
Benefits
Copyright © 2014 BSI. All rights reserved.
10
The Directives – Where is ‘Risk’? MDD 93/42/EEC “Risk”
ERs: 1 2 6 7.2, 7.4, 7.5, 7.6 8.1, 8.6 9.2, 9.3 11.2, 11.4 12.1, 12.5, 12.6, 12.7 13.5, 13.6
Total
41 Copyright © 2014 BSI. All rights reserved.
AIMDD 90/385/EEC ERs: 1 5 8 9 10 11 15
IVDD 98/79/EC ERs: A–1 2 B – 1.2 2.1, 2.2, 2.5, 2.7 3.2, 3.3, 3.4 5.3 6.2, 6.3, 6.4 7.1 8.6, 8.7
18
24 11
EN ISO 14971:2012 • EU harmonized standard for Risk Management • Allows the presumption of conformity to MDD, AIMD, and IVD • Published July 2012 & harmonized as of 30 August 2012.
http://ec.europa.eu/enterprise/policies/european-standards/harmonised-standards/medicaldevices/index_en.htm Copyright © 2014 BSI. All rights reserved.
12
Copyright © 2014 BSI. All rights reserved.
• The previous version of the European Harmonized Standard • Obsolete as of 30 August 2012
EN ISO 14971:2012
• The current International Standard
EN ISO 14971:2009
ISO 14971:2007
What is the difference? • The current European Harmonized Standard • Changes within Foreword & Annex Zs only • No change to requirements (Normative Text) • i.e. clauses or requirements of the standard are exactly the same
13
Why was EN ISO 14971:2012 created? • A solution to formal objections raised by Swedish Competent Authority & European Commission on the harmonized status of a number of European Standards • Revision of Annex Z’s was made to provide greater clarity on applicability & alignment of ISO 14971 clauses with requirements of AIMDD, MDD & IVDD
Copyright © 2014 BSI. All rights reserved.
14
EN ISO 14971:2012 – Z Annexes Example – Annex ZA (MDD)
• “Explains to which requirements, under which conditions and to what extent presumption of conformity can be claimed.”
Copyright © 2014 BSI. All rights reserved.
15
EN ISO 14971:2009 – Z Annexes (Now Obsolete) • Compliance with all the requirement clauses in this standard will ensure that general aspects of medical devices related to patient risk and safety have been addressed. • For particular medical devices or for particular safety aspects, additional specific requirements may need to be complied with in order to meet the essential requirements.
Copyright © 2014 BSI. All rights reserved.
16
EN ISO 14971:2012 – Content Deviations
Copyright © 2014 BSI. All rights reserved.
17
EN ISO 14971:2012 – Content Deviations Essential Requirements (ERs) Impacted Deviation
MDD
AIMDD
IVDD
1 – Treatment of negligible risks
1, 2, 6, 7.1
1, 5, 9
A.1, A.2, B.1.1
2 – Discretionary power of mfr as to acceptability of risks
1, 2, 6, 7.1
1, 5, 9
A.1, A.2, B.1.1
3 – Risk reduction “as far as possible” vs. “as low as reasonably practicable”
1, 2, 6, 7.1
1, 5, 6, 9
A.1, A.2, B.1.1
4 – Discretion as to whether a riskbenefit analysis needs to take place
1, 6, 7.1
5&9
A.1 & B.1.1
5 – Discretion as to the risk control options / measures
2 & 7.1
-
A.2 & B.1.1
6 – Deviation as to the first risk control option
2 & 7.1
-
A.2 & B.1.1
7 – Information of the users influencing the residual risk
2 & 7.1
-
A.2 & B.1.1
Copyright © 2014 BSI. All rights reserved.
18
Deviation No. 1 ‘...all risks, regardless of their dimension, need to be reduced as much as possible (and need to be balanced, together with all other risks, against the benefit of the device).’
MDD (AIMDD) IVDD
ISO 14971
‘D.8.2 ...the manufacturer may discard negligible risks.’
Copyright © 2014 BSI. All rights reserved.
19
Were all risks considered for mitigation? Failure Mode
System Effect
RPN
Unstable Revision No tool available Implant to determine needed size
Initial Rating PRO
Surgeon implants a stem that is wrongly sized
Local Effect
SEV
Hip Stem
Cause of Failure
8
1
8
It is not sufficient just to determine that the risks are acceptable. It is also necessary to determine whether they have been reduced as far as possible. This can be stated line-by-line or categorically as a whole. Copyright © 2014 BSI. All rights reserved.
Risk Control Measure(s)
Risk Level
X-ray templates provided for each implant size; implants marked with size; clinical history of safety / performance
Acceptable Broadly &Acceptable reduced as far as possible
20
Deviation No. 2 ‘....all risks have to be reduced as far as possible (and that all risks combined, regardless of any "acceptability" assessment, need to be balanced, together with all other risks, against the benefit of the device).’
MDD (AIMDD) IVDD
‘5, 6.4, 6.5 & 7 ...manufacturers have the freedom to decide upon the threshold for risk acceptability.’ ‘D.6.1 …only nonacceptable risks have to be integrated into the overall riskbenefit analysis.’
ISO 14971
Copyright © 2014 BSI. All rights reserved.
21
Are all risks reduced as far as possible? Extent of damage
Unacceptable Management Review Required - ALARP Broadly Acceptable
10 9 8 7 Probability of occurrence
6 5
Some risks cannot be categorically ignored if risk can be reduced further. All risks must be reduced as far as possible.
Copyright © 2014 BSI. All rights reserved.
4 3 2 1 1
2
3
4
5
6
7
8
9
10
22
Deviation No. 3 ‘....risks to be reduced "as far as possible" without there being room for economic considerations.’
MDD AIMD IVD
‘3.4 & D.8 …contains the concept of reducing risks "as low as reasonably practicable.” The ALARP concept contains an element of economic consideration.’
ISO 14971
Copyright © 2014 BSI. All rights reserved.
23
Are all risks reduced as far as possible? Extent of damage 10 9 8 7
There must be another step – ALARP concept should not allow economic factors to hinder mitigation, risks must be reduced as far as possible within stateof-the-art
Copyright © 2014 BSI. All rights reserved.
Probability of occurrence
6 5 4 3 2 1 1
2
3
4
5
6
7
8
9
10
24
Were risks reduced as far as possible? Failure Mode
System Effect
Risk Control Measure(s)
RPN
Unstable Revision No tool available Implant to determine needed size
Initial Rating PRO
Surgeon implants a stem that is wrongly sized
Local Effect
SEV
Hip Stem
Cause of Failure
8
5
40 X-ray templates provided for every-other implant size; implants marked with size
Risk Level
ALARP
It is not reasonable in this example not to provide templates for each size. The economic impact of this should not be considered if this can reduce the risk. To make this determination, the state-of-the-art and available technology should be considered. Copyright © 2014 BSI. All rights reserved.
25
Deviation No. 4 MDD AIMDD (IVDD)
‘....an overall risk-benefit analysis must take place in any case, regardless of the criteria established in the mgmt plan of the mfr . . . (and requires undesirable side effects to "constitute an acceptable risk when weighed against the performance intended“).’ ‘6.5 ...an overall riskbenefit analysis does not need to take place if the overall residual risk is judged acceptable when using the criteria established in the risk mgmt plan. D.6.1 "A risk/benefit analysis is not required by this Int’l Std for every risk.“’
ISO 14971
Copyright © 2014 BSI. All rights reserved.
26
The Directives – Where is ‘Benefit’? MDD 93/42/EEC “Benefit”
ERs: 1 7.4 11.2
AIMDD 90/385/EEC ERs: 10
IVDD 98/79/EC ERs: A–1
Total
3
1
1
“Risk”
41
18
24
MEDDEV 2.7.1 – Guidelines on Clinical Evaluation Report also discusses Risk / Benefit Analysis
Copyright © 2014 BSI. All rights reserved.
27
Risk / benefit analysis done for all risks? Frequent Probable
2 6
Occasional Remote
Conduct Risk v Benefit 4
Consider Risk v Benefit Acceptable
3 3
Improbable
Copyright © 2014 BSI. All rights reserved.
2 There must be a risk benefit analysis for all risks and an overall risk benefit analysis – not just unacceptable risks
28
Documentation of Risk / Benefit Analysis • Risk Management File o Combination of risk assessment / risk management report
• Clinical Evaluation Report (Frequently addressed here)
Copyright © 2014 BSI. All rights reserved.
29
Deviation No. 5 ‘....”to select the most appropriate solutions”.....by applying cumulatively what has been called "control options” or "control mechanisms" in the standard.’
MDD IVDD
‘6.2 ...obliges the mfr to "use one or more of the following risk control options in the priority order listed.’ ‘6.4 …indicates that further risk control measures do not need to be taken if, after applying one of the options, the risk is judged acceptable according to the criteria of the risk mgmt plan.’
ISO 14971
Copyright © 2014 BSI. All rights reserved.
30
All appropriate controls utilized? Failure Mode
System Effect
RPN
Brain Death damage
Initial Rating PRO
Monitor does not indicate high pressure situation
Local Effect
SEV
IntraHigh cranial pressure Pressure undetected Monitor
Cause of Failure
10
4
40
No control measures mentioned about alarms / warnings for high pressure situation. The current mitigation is not considered to be sufficient as preventive measures could mitigate the risk.
Copyright © 2014 BSI. All rights reserved.
Risk Control Measure(s)
Monitor provides continuous digital display of ICP; operates on AC & for up to 3 hrs on battery
Risk Level
ALARP
31
Deviation No. 6 MDD (IVDD)
‘..."eliminate or reduce risks as far as possible (inherently safe design and construction)".’
‘6.2.... obliges the manufacturer to "use one or more of the following risk control options in the priority order listed: (a) inherent safety by design . . .” without determining what is meant by this term.’
ISO 14971
Copyright © 2014 BSI. All rights reserved.
32
Were risks designed out if possible? Failure Mode
Failed repair
Revision
Initial Rating
7
5
35 Warp IFU knit
Risks must be designed out if possible. All risk control options must be applied until risks have been reduced as much as possible and any additional control option(s) do not improve the safety
Copyright © 2014 BSI. All rights reserved.
Risk Control Measure(s)
RPN
System Effect
PRO
Design of Mesh mesh / frays cutting edge and suture pulls out
Local Effect
SEV
Mesh
Cause of Failure
mesh instructs design not to cut prevents mesh and fraying not to after placecut; multiple sutures sizes closer available; than 5 suture mm to pullout edge testing
Risk Level
Acceptable & reduced as far as possible
33
Deviation No. 7 ‘....users shall be informed about the residual risks. This indicates that....the information given to the users does not reduce the (residual) risk any further.’
MDD (IVDD)
‘2.15 & 6.4 …residual risk is defined as the risk remaining after application of risk control measures.’ ‘6.2 …regards "information for safety" to be a control option.’
ISO 14971
Copyright © 2014 BSI. All rights reserved.
34
Residual risks incorrectly reduced? Device
Risk Control
12
IFU warning
RPN
3
PRO
4
Updated Rating SEV
RPN
Death
Initial Rating PRO
Emboli
Effect
SEV
Implant
Failure Mode
4
1
4
A warning does not reduce the probability of occurrence of an emboli. Copyright © 2014 BSI. All rights reserved.
35
Residual risks incorrectly reduced? Device
Failure Mode
Effect
Initial Rating
Instructions on how to use the device properly may mitigate the risk
Copyright © 2014 BSI. All rights reserved.
IFU contains 4 pictures / instructions on how to correctly orient device with marked side down
RPN
12
PRO
RPN
3
Updated Rating SEV
PRO
SEV Mesh with Device Adhesions 4 Barrier implanted Membrane upsidedown
Risk Control
1
4
36
BSI Audits
Copyright © 2014 BSI. All rights reserved.
37
Conformity Assessment Quality System n=70 Americas n=50 EMEA n=40 AsiaPacific
Microbiologist n=20
Copyright © 2014 BSI. All rights reserved.
External Resource n=as needed
Technical Specialist n=80
38
BSI Audit – Key Questions • Are you aware of EN ISO 14971:2012? • How are you ensuring you meet the directive requirements? • Have you reviewed your existing Risk Management files, if needed? • Is there a plan in place to do so?
Copyright © 2014 BSI. All rights reserved.
39
BSI Audit – Key Questions • Have all risks been reduced as far as possible? • Has a risk benefit analysis been conducted for all risks? • Have all risks been designed out if possible? • Have risks been incorrectly reduced by warnings placed on IFUs or provided in training? Copyright © 2014 BSI. All rights reserved.
40
Questions
Copyright © 2014 BSI. All rights reserved.
41
FAQs Regarding EN ISO 14971:2012 1. If our procedures were written to comply with ISO 14971:2007, do we have to change them? The normative part of the standard is identical. Most likely. The Z Annexes (ZA, ZB, and ZC) discuss deviations from the standard relative to the ability to comply with the MDD, AIMD, and IVDD. Therefore, additional steps must usually be taken in order to demonstrate compliance with the Essential Requirements (ERs) within the directives. In many cases, changes will need to be made to address the following (at a minimum): ensuring that • ALL risks are reduced as far as possible; • a risk/benefit analysis was conducted and considers all individual and overall risks; • ALL risks have appropriate controls and the risks have been designed out if possible (MDD & IVDD only); • risks have not been inappropriately reduced by labeling alone (MDD & IVDD only).
Copyright © 2014 BSI. All rights reserved.
43
FAQs Regarding EN ISO 14971:2012 2. Isn’t the point of risk management to focus on the big risks?
It is true that risk management activities have historically focused on identifying and reducing risks that have been unacceptable or were significant. However, the directives do not make distinctions in risk levels and simply refer to reducing ALL risks. Therefore, based on current thinking, in order to comply with the directives, the focus should be on reducing ALL risks.
3. As a manufacturer, how can we not take into account any economic considerations? It is understood that all risks cannot be eliminated and that the manufacturer is bound by the level of current technology and the state-of-the-art. It is also understood that a single device may not be intended for all individuals / applications and could be limited to certain populations. Therefore, the expectation is that if there are means to reduce risks for the intended use by available technologies and the state-of-the-art, that these measures should be taken. As risk management is also an active process that should continue to be evaluated post-production, if new technologies or the state-of-the-art change after the device was released, the question as to whether ALL risks have been reduced as far as possible should continue to be evaluated. Copyright © 2014 BSI. All rights reserved.
44
FAQs Regarding EN ISO 14971:2012 4. Our QMS auditor said our RM procedures were effective and met EN ISO 14971:2012. We don’t understand why the Technical Reviewer gave us a non-conformity for risk management. The primary responsibility for the QMS auditor is to review the manufacturer’s procedures to ensure that they meet ISO 13485 and to sample records to ensure that the procedures have been executed appropriately. On the other hand, the primary responsibility for the Technical Reviewer is to review the output of the QMS system (i.e. Technical Documentation) and ensure that the product conforms to the applicable directive. Therefore, it is possible for the procedures and some of the records to have been updated to ensure compliance with EN ISO 14971:2012 but that the file(s) being reviewed by the Technical Reviewer do not demonstrate compliance with the directive.
Copyright © 2014 BSI. All rights reserved.
45
FAQs Regarding EN ISO 14971:2012 5. Do we have to change all our historical RM files or can we just address new product development and product changes? All files should be reviewed (based on a risk commensurate plan) to ensure that they comply with the directives and updated accordingly. Demonstration of compliance is expected.
6. Does BSI expect a line-by-line risk/benefit analysis? No. The manufacturer is expected to consider all individual risks and the overall risk in a risk / benefit analysis. How that is done is up to the manufacturer. BSI expects that the manufacturer documents (procedurally) how they intend to do this and executes this procedure.
Copyright © 2014 BSI. All rights reserved.
46
FAQs Regarding EN ISO 14971:2012 7. We have used a “no-train, no-sale” policy to reduce the risk of issues. Could this be used to reduce the probability of occurrence? Potentially. Deviation 7 only addresses not using information given to the users (i.e. in the IFU or through training) to reduce risks further. Therefore, if the training program is being used to teach the user proper operation of the device, this would most likely not be considered providing information to address residual risk. However, if this is being used as a forum to convey residual risk about the device, this would not be considered an appropriate way to mitigate risk.
Copyright © 2014 BSI. All rights reserved.
47
FAQs Regarding EN ISO 14971:2012 8. BSI agreed at the last design exam certification review that the RM files were acceptable and met the ERs. The device has not changed. Why is this not still acceptable? Harmonized standards are used as a method to convey state-of-the-art thinking on how compliance with the clauses of the standard confer a presumption of conformity with the associated directive and EFTA regulations. The Z Annexes explain to which requirements, under which conditions, and to what extent presumption of conformity can be claimed. Publishing of EN ISO 14971:2012 changed the state-of-the art view of these conditions. Therefore, while previous submissions may have allowed full presumption of conformity with the directives, this is no longer possible unless additional information is provided to address the deviations.
Copyright © 2014 BSI. All rights reserved.
48