One of the more difficult system development tasks in the context of a new medical device is how to organize and develop the product risk management strategy. When contemplating how to construct a system to manage this task, it’s necessary to consult not only company work flows and processes, but standards adopted by the competent authorities meant to standardize how medical device products are developed and approved.
At the time of this writing, the two standards used in definition and implementation of medical device risk management are ISO 14971:2009 and TIR 24971:2013. Europe has added to the mix by approving an EN ISO version of 14971, which is EN ISO 14971:2012. The EN version is different in several important aspects, and is required if the company is selling into Europe.
The process used by these standards is outlined in the image below:
Additional Goals of a Risk Management system
The risk management system should provide information back to the product designers on how the design features affect users.
The risk management system should provide a system to develop the hazardous situation control plan (including design, product realization, and labeling mitigations).
Field performance should be linked to the risk analysis in order to assure field issues are considered in the analysis, and to provide rapid integration of issues discovered during product use.
Mitigation to hazardous situations should be requirements in order to assure V&V efforts will be used to verify the requirements are implemented, and effective.
Medical device product development work is a highly integrated and regulated process. Implementation of a requirements tracking solution requires attention to a variety of nuanced topics. When presented with the task of tracking the many conceptual relationships in a project of this type, the software solution of choice tends to be a two-dimensional text system such as MS Excel™ or Apple’s Numbers™.
Some of the factors and analysis required to accurately and efficiently evaluate the product risks are listed below.
Foreseeable sequence of events (sometimes defined as a sequence of root causes)
Pre- and post-mitigation occurrence values
Risk priority level
Judgement of risk acceptability
Verification of Implementation
Verification of Effectiveness
Closure and Reporting
Evaluation of product residual risk
Evaluation of risk acceptability
Risk trending codes
Risk analysis trending code traceability
In my next blog I will describe a data model to deal with each element required in the development of the risk management system.