Risk Assessment Medical Device

icholas Abbondante, Chief EMC Engineer, Intertek Group plc03.10.
16
In 2014, the International Electrotechnical Commission (IEC) published a revision of the
electromagnetic compatibility (EMC) requirements for medical devices under a fourth
edition of IEC 60601-1-2. The revisions included a number of changes, including robust
risk analysis requirements. Under these provisions, manufacturers must submit test
plans and risk analysis documents specifically focused on EMC for a new product, prior
to testing. In short, the revised standard requires a thorough evaluation of EMC risk for
new medical devices, and relies on documentation of that risk as a part of the approval
process.
The effective date for the new standard for U.S. Food and Drug Administration (FDA)
approvals is April 1, 2017, yet the agency issued a letter in 2014 recommending that
devices undergo the risk management processes and EMC testing to the fourth edition
standard as soon as possible. Even with more than a year until the FDA deadline is in
place, however, many manufacturers may find it necessary to begin the process of EMC
assessment and risk management now.
Why the Focus on EMC?
As smart, connected devices continue to take the world by storm, the medical device
industry seeks to integrate the latest technology into its equipment. In turn, it also
makes sense that the industry is looking to new standards as it seeks to mitigate risk
and ensure compliance with EMC requirements. The revised standard looks to help
mitigate risks in a constantly growing arena.
The problems that EMC could create in medical devices can range from a mild
nuisance, such as an alarm going off unnecessarily, to potentially drastic effects due to
device malfunction. Some examples could include:
 Issues during surgery, such as surgical table actuation, or changes in

electrocardiogram (ECG) or blood pressure readings;
 Unexpected defibrillator activation
 Changing infusion rate on a pump
 Ventilator stoppage;
 Incorrect temperature, blood pressure or ECG readings;
 Reprogramming of a pacemaker or similar device; and
 Incorrect, or even useless information.
Because the range of potential issues is so wide, regulators are looking to

manufacturers to help manage risks by identifying reasonable foreseeable
electromagnetic disturbances, the risks associated with those disturbances and how to
reduce or eliminate risks. All of this is first considered during the risk management
process and documented in a risk management file (RMF).
Requirements for the Risk Management File

There are four major concepts to consider in the risk management process and,
ultimately, the RMF.
1. The risk management process must comply with ISO 14971. This means that a
standard operating procedure/work instruction/method that complies with the
standard must be in place. The RMF will be reviewed against the requirements of
this standard and all procedures must be in place.
2. The RMF should clearly illustrate the process used to identify risks, as well as
verify that the final document meets both the manufacturer’s needs and the
minimum requirements under ISO 14971. The risk procedure outlines all of the
necessary steps for creating an RMF. This might include requirements for a risk
plan, hazard analysis, verification and validation procedures, or information
collection during and after production. Where the procedure indicates that a step
should be taken or a document generated, the manufacturer must show that
those steps were followed and the risk file has been generated.
3. Information related to risk management must be included in the file, as required
by the ISO standard. Throughout the 60601-1 standard, pieces of information or
statements are required to be documented in the RMF. Manufacturers will need
to prove that the required pieces of information exist or the necessary statements
are made. These must all be documented within the RMF. Fulfilling such
requirements could be as easy as making a statement about expected service
life, or as complicated as a structural mechanical analysis of a support system.
4. Specific hazards must be evaluated through analysis and risk management
procedure. The IEC 60601-1 standard lists specific hazards to be evaluated with
statements such as “The hazard of XYZ shall be evaluated using the risk
management process,” or “ABC shall not cause unacceptable risk as confirmed
by inspection of the risk management file.” Because these hazards have been
specifically identified by the IEC, the manufacturer must illustrate that the
hazard/risk has been evaluated using the risk management process as required
by ISO 14971. This should include identifying the hazard, determining the
acceptability of the hazard creating harm, assigning risk controls for
unacceptable hazards, and verifying and validating risk controls. The requirement
to address EMC hazards has been explicitly outlined in the new IEC 60601-1-2
fourth edition, where it indicates that risks resulting from reasonably foreseeable
electromagnetic disturbances shall be taken into account in the risk management
process.
The RMF must also note the intended environment for the device, either:
 Professional healthcare environment: Where equipment or a system will be used

by healthcare professionals and is not intended for sale to the general public;
 Home healthcare: A product used in the dwelling place where a patient lives or
other place where patients are present (excluding professional healthcare
facilities where operators with medical training are continually available), such as
domiciles, vehicles, hotels, restaurants, commercial environment, schools, and
churches; and
 A special environment: An environment different from those specified above, or
that require emissions limits, immunity test levels or test methods different from
professional healthcare and home healthcare environments. Examples might
include military areas, heavy industrial areas or a medical treatment areas with
high-powered equipment.
Next, the RMF must identify the required testing and test levels for the product. This
includes specific, detailed immunity pass/fail criteria for basic safety and essential
performance related to EMC; determining how the product will be monitored to
demonstrate compliance with the pass/fail criteria; specification of degradations that are
acceptable because they don’t result in unacceptable risk; and justification for any
special increased or reduced test levels. The RMF must also determine the modes,
settings and configurations for testing which are likely to result in unacceptable risk and
identify product risk frequencies. In addition, it should identify whether the device would
be exposed to electro-surgical generators (ESG) and, thus, whether ESG testing
applies.
Test levels should be adjusted in the RMF file if the manufacturer knows from
experience, published data or representative measurements that the intended use
environment has unique characteristics that would alter EM disturbance levels. If any
determinations or adjustments are made, the following must be documented in the test
plan and the RMF: justification for any special environments identified or adjustments
made; the adjusted reasonably foreseeable maximum EM disturbance level; and the
resulting final immunity test levels and details on the methods and data sources used to
identify those immunity levels. Additionally, if the manufacturer is justifying a lower
immunity test level in the RMF, they must also include documentation explaining why
the reduced test levels are representative of the intended environment, and how it can
be reasonably expected that any mitigations that might justify reduced test levels will
continue to be effective over the expected service life in all locations where the
equipment or system is expected to be used.
Additional requirements for the RMF include considerations for emissions testing and
immunity testing, which should be documented in the test plan and report. Notes about
product configuration for testing are also required and should be consistent with
intended use. Product configuration information should also include all cables, tubing,
containers, circuits, and special hardware or software that will be needed when the
product is used as intended. It is important to be aware that determinations made in the
RMF regarding the applicability of testing, product essential performance, intended
environment and restrictions, and any potential loss of function the user might
experience due to degradations of operation that occur during testing must eventually
be documented in the information to the user, and can have a significant impact on
marketing of the product.
RMF Checklist
It order to fulfill the RMF requirements, several documents of varying degrees of
complexity will be required. This checklist highlights the requirements needed in an
RMF which addresses EMC.
 Identification of intended environment and applicable standards;

 Specific details of immunity pass/fail criteria;
 Determination of how the product will be monitored to demonstrate compliance
with the immunity pass/fail criteria;
 Acceptable degradations for immunity pass/fail criteria;
 Configurations for testing most likely to result in unacceptable risk;
 Modes and settings most likely to result in unacceptable risk;
 Justification for and special increased or decreased test levels
 Identification of product risk frequencies;
 If applicable, confirmation of ESG exposure and application of ESG testing;
 Evaluation of non-medical equipment used in the system, including whether it
could affect basic safety or essential performance and whether it should be
tested to IEC 60601-1-2 or other applicable standards;
 List of radio services the device could potentially be exposed to, with output
power, frequency of operation, modulation type and expected separation
distance;
 AC/DC power supply specifications;
 Indication of expected service life.
Guidelines
With the addition of the RMF requirements for EMC safety, medical device
manufacturers could easily feel a little overwhelmed with the new requirements.
However, with the FDA pressing for the standard to be adopted sooner than required,
it’s a good idea to begin including the EMC risk management process and file for new
devices. Hence, some tips to help make the process go smoothly:
 Don’t get bogged down in questions about RMF format. There is no one set
format to an RMF, so instead of focusing on an elaborate presentation of the
required information, just keep it simple. A basic approach is the best one to
take.
 Remember the particular standards that may apply to your product. This may
modify the basic performance criteria and test requirements. Along these lines,
familiarize yourself with the language of 60601-1-2, so that you can identify
particular requirements as they relate to your device.
 Review the RMF to ensure that it includes all of the required items and any
supplemental information. You also need to make sure that the RMF addresses
all reasonable risks associated with EMC.
 Check to make sure the risk evaluations makes sense and there are no obvious
hazards missing in the RMF documents. Also, check to ensure the hazard
weighting is reasonable for the device at hand.
 Use a measured approach when evaluating and weighting hazards. Ultimately,
the manufacturer is responsible for the risk analysis and RMF, so employ due
diligence in your analysis and documentation.
It’s an exciting time in the world of technology, and the medical device community need
not miss out on integrating smart, connected products into the industry. Yet given the
risks the EMC can present, it is up to medical device manufacturers to take the proper
steps to ensure a device can function properly in its intended setting and succeed in
accomplishing its intended purpose. Fulfilling the risk analysis and RMF requirements of
IEC 60601-1-2 fourth edition as early and thoroughly as possible could mean all the
difference to getting a smart, useful, in-demand product to market quickly and safely.
Nicholas Abbondante is chief EMC engineer at Intertek. In his 13 years with the
company, he has been involved in testing a wide range of radio and electronic
equipment to EMC requirements for regulatory domains around the world, specializing
in transmitters. Nick is a member of the TCB Council and participates in the ANSI
C63.10 and ANSI C63.26 radio standards writing committees. He has a bachelor’s
degree in physics from the Worcester Polytechnic Institute.
ISO14971 Medical Device Risk Management Course - E-Learning
1. SEMOEGY LEARNING For Medical Technology Education, Knowledge & Information Resource
MEDICAL DEVICE RISK MANAGEMENT Execution Level Dr. Nealda Yusof Copyright © Semoegy Advisers
& Ventures APPLIED ISO 14971
2. Copyright © Semoegy Advisers & Ventures Copyright © Semoegy Advisers & Ventures 2 WELCOME
TO SEMOEGY LEARNING
3. Copyright © Semoegy Advisers & Ventures 3ISO 14971 Risk Management – Execution Level medical
technology Education Knowledge Information Resource i
4. Copyright © Semoegy Advisers & Ventures 4ISO 14971 Risk Management – Execution Level
5. Copyright © Semoegy Advisers & Ventures Overview of the ISO 14971 >> The Principles ISO 14971
Risk Management – Execution Level RISK MANAGEMENT & MEDICAL DEVICES 5 WHY IT IS CRUCIAL
Risk Management – Execution Level IMPORTANCE TO MEDICAL DEVICES 6 2 3 QUALITY EFFICACY 1
SAFETY THE 3 PILLARS OF MEDICAL DEVICES GUIDING PRINCIPLES • Regulatory requirements • Market
approval RISK REDUCTION • Hazards • Defects • Malfunction/Failure • Side effects MAXIMIZE BENEFITS
• Clinical performance • Therapeutic purpose
Risk Management – Execution Level THE TWO FACTORS OF RISK 7 The probability of occurrence of harm
Severity of the harm The frequency or likelihood harm will occur The extent of its impact or
consequences
8. KEY DEFINITIONS Harm Hazard Hazardous Situation Severity Safety 8 Overview of the ISO 14971 >>
The Principles ISO 14971 Risk Management – Execution Level Physical injury or damage to the health of
people, or damage to property or the environment. Potential source of harm. Circumstance in which
people, property, or the environment are exposed to one or more hazard(s). Measure of the possible
consequences or impact of a hazard. Severity is one component of risk. Freedom from unacceptable risk
Copyright © Semoegy Advisers & Ventures
9. RISK VS. SAFETY  Minimizing risk levels will correspondingly increase safety levels.  An activity is
considered safe if its risks are considered acceptable. Copyright © Semoegy Advisers & Ventures 9
Overview of the ISO 14971 >> The Principles ISO 14971 Risk Management – Execution Level 1. Safety 1.
Risk
Risk Management – Execution Level APPLICATION OF RISK MANAGEMENT 10 Design & Development
Tool Post-market monitoring Communication tool As a design input Product lifecycle management
Governance & compliance
Risk Management – Execution Level A DESIGN REQUIREMENT 11 User requirements Intended use Safety
requirements Technical requirements Process specifications Design details Risk reduction Integration
into the design process
12. WHEN TO APPLY RISK MANAGEMENT As early as possible in the design phase Build in safety features
into the design specifications Implement good project management Prevent design churn or re- working
12 Overview of the ISO 14971 >> The Principles ISO 14971 Risk Management – Execution LevelCopyright
© Semoegy Advisers & Ventures
13. A REGULATORY REQUIREMENT Manufacturers must demonstrate that all activities involved in the
design, testing, production and distribution of a medical device are aimed at minimizing risks and
ensuring product safety. 13 Overview of the ISO 14971 >> The Principles ISO 14971 Risk Management –
Execution LevelCopyright © Semoegy Advisers & Ventures
14. INTERNATIONAL REQUIREMENT Jurisdiction/Standard Regulatory requirement European Union

medical device directive 93/42/EEC Annex I – “eliminate or reduce risks as far as possible”. ISO13485 –
QMS for Medical Devices Clauses 7.1 – Product realization and in 7.3.2 – Design and development
inputs. US Food and Drug Administration Quality System Regulation, section 820.30(g) requires risk
analysis as part of design validation. US Food and Drug Administration Risk management requirement
mentioned in the guidance for design control and process validation. Copyright © Semoegy Advisers &
Ventures 14 Overview of the ISO 14971 >> The Principles ISO 14971 Risk Management – Execution Level
15. RISK MANAGEMENT & ISO 13485 Clause in ISO 13485 Risk management requirement Clause 7.1 –
Product realisation The organization shall establish documented requirements for risk management
throughout product realization. Records arising from risk management shall be maintained Clause 7.3.2
– Design and development inputs Output of risk management is a design and development input.
Copyright © Semoegy Advisers & Ventures 15 Overview of the ISO 14971 >> The Principles ISO 14971
Risk Management – Execution Level
16. Copyright © Semoegy Advisers & Ventures A KEY REQUIREMENT OF ISO 13485 16 Risk management
is a key requirement in many activities and requirements associated with quality management systems
for medical device organizations.
17. Copyright © Semoegy Advisers & Ventures Overview of the ISO14971 >> The Principles >> ISO 14971
Overview ISO 14971 Risk Management – Execution Level PRODUCT LIFE-CYCLE RISK MANAGEMENT
(§A.2.1) 17 INITIAL CONCEPTION PRODUCTION DISTRIBUTION DECOMMISSIONING Applies to all stages
of the life-cycle of a medical device Risk management does not end with the transfer of a design to
production. Applies to product or process changes through the product life-cycle
18. RISK/BENEFIT PRINCIPLE PRINCIPLES 18 Overview of the ISO14971 >> The Principles >> Risk/Benefit
Principle Copyright © Semoegy Advisers & Ventures ISO 14971 Risk Management – Execution Level
19. RISK/BENEFIT PRINCIPLE – §6.5 Analyse the suitability of a medical device to be marketed A complex
exercise Perceptions of risk vs. benefits depends on the context 19 Overview of the ISO14971 >> The
Principles >> Risk/Benefit Principle ISO 14971 Risk Management – Execution LevelCopyright © Semoegy
Advisers & Ventures
20. Copyright © Semoegy Advisers & Ventures Overview of the ISO14971 >> The Principles >>
Risk/Benefit Principle ISO 14971 Risk Management – Execution Level PERCEIVED RISKS VS ANTICIPATED
BENEFITS 20 PRINCIPLES OF BUSINESS EXCELLENCE Clinical Judgement Patient/End-user Perception
AvailableInformation MarketExperience Risk vs. Benefit
Semoegy Learning Division No. 1 Irving Place, #05-13G The Commerze@Irving Singapore 369546
SINGAPORE E-mail: global.training@semoegy.com Website: www.semoegy .com SEMOEGY LEARNING
Education | Knowledge | Information Resource For Medical Technology Register for this class here:
bit.ly/ISO14971
22. Copyright © Semoegy Advisers & Ventures Overview of the ISO14971 >> The Principles >>
Risk/Benefit Principle ISO 14971 Risk Management – Execution Level RISK/BENEFIT PRINCIPLE 22 One of
the CENTRAL features of Risk Management SOURCES OF RISK • Technology (state of the art) • Design •
Intended use • Function & performance RISK vs. BENEFIT Method of determining the acceptability of
risks by ensuring that the anticipated benefits outweigh or are balanced against the risks.
23. CONSTRUCTING A PLAN RISK MANAGEMENT PLAN 23 Overview of the ISO14971 >> Risk
Management Plan >> Constructing a Plan ISO 14971 Risk Management – Execution Level Copyright ©
Semoegy Advisers & Ventures
24. Copyright © Semoegy Advisers & Ventures Overview of the ISO14971 >> Risk Management Plan >>
Constructing a Plan IMPORTANCE OF PLANNING 24 DECISION DECISION Envision the steps and outcome
Facilitate decision-making Clarify the framework and methods Efficient resource utilization Defining the
budget Certainty of direction for the team Management reporting Promotes communication ISO 14971
Risk Management – Execution Level RISK MANAGEMENT TOP-LEVEL ROADMAP
Constructing a Plan ISO 14971 Risk Management – Execution Level PURPOSE OF A PLAN 25 Organized
Approach 1 Essential for good risk management Visibility 2 Inclusion of essential elements
Communication Tool 3 As an information reference for the team
26. Copyright © Semoegy Advisers & Ventures WHAT TO INCLUDE IN A RISK MANAGEMENT PLAN Scope
of activities Baseline & Outcomes Responsibilities & Authorities Tasks & Tools Schedules Risk
acceptability criteria Verification activities Methods for collecting data 26 Overview of the ISO14971 >>
Risk Management Plan >> Constructing a Plan ISO 14971 Risk Management – Execution Level
Constructing a Plan ISO 14971 Risk Management – Execution Level TIMELINE OVERVIEW &
EXPECTATIONS 27 Jan 01 Hazard Identification 02 Risk Analysis 03 Risk Evaluation 04 Risk Control 05
Verification & Monitoring Feb Mar Apr May Jun Jul Aug Sep Frequency Severity FMEA Risk/Benefit
Analysis 4 months
Constructing a Plan ISO 14971 Risk Management – Execution Level GANTT CHART 28 Activities 1 2 3 4 5
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Hazard Identification Risk
Analysis Risk Estimation Risk Evaluation Risk Control Verification & Monitoring MilestoneA MilestoneB
Responsible person Start/Stop dates Budget Resources
29. STEPS & ACTION PLAN – DEFINITIONS Risk analysis Risk estimation Risk evaluation Risk control 29
Overview of the ISO14971 >> Risk Management Plan >> Constructing a Plan ISO 14971 Risk Management
– Execution Level Systematic use of available information to identify hazards and to estimate the risk.
Process used to assign values to the probability of occurrence of harm and the severity of that harm.
Process of comparing the estimated risk against given risk criteria to determine the acceptability of the
risk. Process in which decisions are made and measures implemented by which risks are reduced to, or
maintained within, specified levels. Copyright © Semoegy Advisers & Ventures
Constructing a Plan ISO 14971 Risk Management – Execution Level STEPS & ACTION PLAN – FROM
HAZARD TO CONTROL [FIG. E.1] 30 Hazard Hazardous situation Harm Severity of the harm Probability of
occurrence of harm Risk Sequence of events Exposure(P1) (P2) P1xP2 Start Outcome
Constructing a Plan >> Risk Analysis ISO 14971 Risk Management – Execution Level STEPS & ACTION
PLAN – RISK ANALYSIS 31 • Intended use, state-of-the art & performance • Standards, regulations &
literature search • Information of similarly marketed devices • Adverse incident reports • Design fault •
Misuse • Malfunction/Failure • Known & foreseeable hazards • Various use situations • Looking into the
future • Initiating events & circumstances Normal & fault conditions • Risk analysis tools • Brainstorm
with engineers • User experience studies • Conduct simulated testing Fact Finding Categorise Type
Characterize • Detect • Measure • Quantify Qualitative & Quantitative Preliminary Hazard Analysis
(PHA)
32. Copyright © Semoegy Advisers & Ventures STANDARDS • ISO 60601 – EMC • IEC 62304 – Software
lifecycle • ISO 8637 – Cardiovascular implants and extracorporeal systems • ISO 11073 – Point-of-care
medical devices • ISO 10993 – Biological evaluation of medical devices • ASTM E 1837 – Disinfection
efficacy for reusable medical devices • ISO 1283 - Haemodialysers • International Standards
Organisation (ISO) • American Society for Testing and Materials (ASTM) • Association of Analytical
Communities (AOAC) • Association for the Advancement of Medical Instrumentation (AAMI) •
International Electrotechnical Commission (IEC) • Organisation for Economic Cooperation and
Development (OECD) • British Standard European Norm (BS EN) • Pharmacopeias 32 Overview of the
ISO14971 >> Risk Management Plan >> Constructing a Plan >> Risk Analysis ISO 14971 Risk Management
– Execution Level
33. Copyright © Semoegy Advisers & Ventures QUESTIONS TO ASSESS DEVICE-RELATED HAZARDS –
ANNEX C • Intended use • Implanted • Patient or user contact • Materials & components • Transfer of
energy • Delivery of substances • Biological Materials • Re-use & processing • Sterilization controls •
Modification of patient environment • Measurements • Alarm • Data storage • Dependencies •
Interpretation • Use with other devices • Environmental influences • Consumables & accessories •
Maintenance & calibration • Software • Shelf-life & Life-time • Delayed or long-term use • Mechanical
forces • Decommissioning & disposal • Training & qualification • Information for safe use •
Manufacturing process • Person with special needs 33 Overview of the ISO14971 >> Risk Management
Plan >> Constructing a Plan >> Risk Analysis ISO 14971 Risk Management – Execution Level
34. Copyright © Semoegy Advisers & Ventures STEPS & ACTION PLAN – RISK ESTIMATION Possible
consequences/severity Probability of harm 34 Overview of the ISO14971 >> Risk Management Plan >>
Constructing a Plan >> Risk Estimation ISO 14971 Risk Management – Execution Level • Quantitative •
Qualitative • No estimation
35. FACT-BASED RISK ESTIMATION 35 Overview of the ISO14971 >> Risk Management Plan >>
Constructing a Plan >> Risk Estimation ISO 14971 Risk Management – Execution Level • Published
standards • Scientific technical data • Field data from similar medical devices already in use • Published
reported incidents • Usability tests employing typical users • Clinical evidence • Results of appropriate
investigations • Expert opinion • External quality assessment schemes. Copyright © Semoegy Advisers &
Ventures
36. STEPS & ACTION PLAN – RISK EVALUATION Process of comparing the estimated risk against a given
risk criteria to determine the acceptability of the risk Copyright © Semoegy Advisers & Ventures 36
Overview of the ISO14971 >> Risk Management Plan >> Constructing a Plan >> Risk Evaluation ISO
14971 Risk Management – Execution Level Risk acceptability criteria Estimatedrisks Determining
Acceptable Risks • Applicable standards specifying requirements • comparing levels of risk evident from
medical devices already in use • Evaluate clinical data, especially for new technology • Any information
regarding the state-of-the-art technology
37. RISK CONTROL OPTIONS Copyright © Semoegy Advisers & Ventures 37 Overview of the ISO14971 >>
Risk Management Plan >> Constructing a Plan >> Risk Control ISO 14971 Risk Management – Execution
Level Inherent safety by design Protective measures Information for safety Design change or
improvement in the device 1 2 3 Failure prevention features in the device or production process Actions
or practices by patient or end-user to prevent harm Orderofpriority
38. EXAMPLES OF RISK CONTROL MEASURES – FIGURE D.6 Product/process Devices Hazard Inherent
safety by design Protective measure Information for safety Single use medical device Catheter Biohazard
cross- contamination Locking or destructive mechanism Single-use indication Adverse event warning
Active implant Pacemaker Electric fields Material shields Attenuation filters Common hazards warning
IVD medical device Blood analyser Incorrect results due to sample handling Pre-mixed single-step
sample processing Implementation of controls Deviation from assigned values Software Patient data
management Erroneous data High integrity coding File backup/extracti on On-screen warnings Steam
sterilization Biopsy device/forceps High temperature material degradation Use thermo- resistant
material Pressure and temperature recording & alarms Packaging & loading instructions 38 Overview of
the ISO14971 >> Risk Management Plan >> Constructing a Plan >> Risk Control ISO 14971 Risk
Management – Execution LevelCopyright © Semoegy Advisers & Ventures
39. VERIFICATION OF RISK REDUCTION 39 Overview of the ISO14971 >> Risk Management Plan >>
Constructing a Plan >> Verification ISO 14971 Risk Management – Execution Level Confirmation, through
the provision of objective evidence, that specified requirements have been fulfilled. Verification
Copyright © Semoegy Advisers & Ventures
bit.ly/ISO14971
Constructing a Plan >> Verification ISO 14971 Risk Management – Execution Level EXAMPLES OF RISK
CONTROL VERIFICATION 41 Risk minimized/eliminated Data Biocompatibility tests Sterilization
validation Packaging validation Data supporting the effectiveness of risk control measures Material
toxicity Bacterial contamination Packaging leakage Compliance with IEC 60601 EMCElectrical hazards
Constructing a Plan >> Verification ISO 14971 Risk Management – Execution Level RELATIONSHIP OF
RISK EVALUATION, RISK CONTROL & VERIFICATION 42 Risk evaluation Acceptable risk level? Risk control
Verification Acceptable risk level? Risk evaluation Risk/Benefit analysis RELEASE Yes Yes No No Or Risk <
benefits? Yes UNACCEPTABLE No
43. FAILURE MODE & EFFECTS ANALYSIS RISK ASSESSMENT TOOLS 43 Overview of the ISO14971 >> Risk
Assessment Tools >> FMEA ISO 14971 Risk Management – Execution Level Copyright © Semoegy
Advisers & Ventures
44. Copyright © Semoegy Advisers & Ventures Overview of the ISO14971 >> Risk Assessment Tools >>
FMEA ISO 14971 Risk Management – Execution Level FAILURE MODE & EFFECTS ANALYSIS 44 1 2 3
Study of consequences The effect each individual component has on product safety and quality.
Preventing defects Early at the development stage when changes are relatively easier and inexpensive
to make. Enhancing safety Minimising the probability of occurrence of product failures. Increasing
performance Due to a more robust process that eliminates or reduces corrective actions and late change
crises. Systematic method Identifying and preventing product and process problems before they occur
FMEA ISO 14971 Risk Management – Execution Level FMEA VS ISO 14971 RISK MANAGEMENT 45 FMEA
ISO 14971 Focus on harm Normal and abnormal circumstances Medical devices Difference between
FMEA & ISO 14971 Focus on defects Failure situations Automotive/Generic “as far as reasonably
possible”Based on RPN Risk/benefit analysisContinuous improvement
FMEA ISO 14971 Risk Management – Execution Level ADDITIONAL RISK PARAMETER IN FMEA 46 The
probability of occurrence of harm The frequency or likelihood harm will occur Severity of harm The
extent of its impact or consequences Probability of detection of harm The probability of detecting the
harm before it occurs. • Occurrence (O) • Severity (S) • Detection (D) 3 Risk Parameters:
FMEA ISO 14971 Risk Management – Execution Level RISK PRIORITY NUMBER – RISK RANKING 47 Scale 1
to 10Scale 1 to 10 Risk Priority Number (RPN) Range 1 to 100
FMEA ISO 14971 Risk Management – Execution Level RISK PRIORITY NUMBER – RISK RANKING 48 Scale 1
to 10Scale 1 to 10 Risk Priority Number (RPN) Range 1 to 100
FMEA ISO 14971 Risk Management – Execution Level MERGING FMEA WITH ISO 14971 49 Risk
management planning Hazards Hazardous situation Harm Risk evaluation Risk control Residual risk
Production & post- production information Component/ process Failure mode Local/system effect Risk
priority number Risk control Residual RPNFMEA Source: Gantus • Intended use • Technology • Design •
Function • Misuse • Information • Clinical practice • Initiating circumstances • Behaviour • Level of
training • Environment • Shelf-life • Lack of information Risk analysis & estimation Risk management
according to ISO 14971 • Injury • Damage • Adverse events • Short-term & long-term • Related to the
patient • And other users Comparison with • Standards • Marketed devices • Clinical data • Similar
technology • Risk acceptability Verification • Testing • Statistical analysis • Validation • Risk acceptability
• Risk/benefit analysis • Overall residual riskISO 14971
50. Copyright © Semoegy Advisers & Ventures 50 Overview of the ISO14971 >> Risk Assessment Tools
>> FMEA ISO 14971 Risk Management – Execution Level C.2.1 What is the intended use and how is the
medical device to be used? Coronary stent Non-Invasive coronary angioplasty • Wrong/inaccurate
placement • Peripheral injuries • Unable to navigate tortuous pathway • Surgical complications •
Fracture X-ray fluoroscopy Medical Dye Technology • Allergic reactions • Breathing problems • Bleeding
• Artery blockage • Blood clots • Heart attack • Infection • Restenosis Hazard Hazard • Bleeding • Artery
blockage • Blood clots • Infection • Restenosis Intended UseMaintain arterial patency Performance
Hazard Function Radiation exposure Dye reaction Hazard Hazard
51. HAZARD IDENTIFICATION No Identified Hazard Hazardous situation Hazard Type Circumstance Harm
1 Allergic reaction Prolonged contact Known Abnormal Clinical complications 2 Bleeding Poor
design/placement Foreseeable Abnormal Blood loss 3 Artery blockage Poor design/placement
Foreseeable Abnormal Heart attack 4 Infection Inadequate product & procedural sterility Foreseeable
Abnormal Death 5 Restenosis Injury/poor design or placement Known Normal High blood
pressure/heart attack 6 Material toxicity Inappropriate material Foreseeable Abnormal Clinical
complications 7 Foreign body reaction Inappropriate material/Immune system Known Normal Clinical
complications 8 Degradation residue Inappropriate material Foreseeable Normal Clinical complications
51 Overview of the ISO14971 >> Risk Assessment Tools >> FMEA ISO 14971 Risk Management –
Execution LevelCopyright © Semoegy Advisers & Ventures
FMEA ISO 14971 Risk Management – Execution Level WHAT IS RISK RANKING? 52 Assigning values to
risk factors Qualitative or semi- quantitative values Categorise risks from highest to lowest values
Prioritise the elimination of high risks
FMEA ISO 14971 Risk Management – Execution Level HOW TO PERFORM RANKING – RANKING CRITERIA
53 ISO 14971 – Table D.2, D.3, D.4, Annex D Common Terms Possible SEVERITY description Catastrophic
Results in patient death Critical Results in permanent impairment or life-threatening injury Serious
Results in injury or impairment requiring professional medical intervention Minor Results in temporary
injury or impairment not requiring professional medical intervention Negligible Inconvenience or
temporary discomfort Common Terms Possible PROBABILITY description (Semi-Quantitative) Frequent ≥
10-3 Probable ≥ 10-4 and < 10-3 Occasional ≥ 10-5 and < 10-4 Remote ≥ 10-6 and < 10-5 Improbable <
10-6 Common Terms Possible PROBABILITY description (Qualitative) High Like to happen, often,
frequent Medium Can happen but not frequently Low Unlikely to happen, rare, remote
FMEA ISO 14971 Risk Management – Execution Level PROBABILITY RANKING CRITERIA 54 Common
Terms Possible description Rank Frequent ≥ 500 per thousand (≥ 5 in 10) 10 200 per thousand (≥ 2 in 10)
9 100 per thousand (≥ 1 in 10) 8 High 50 per thousand (≥ 1 in 20) 7 10 per thousand (≥ 1 in 100) 6
Occasional 2 per thousand (≥ 1 in 500) 5 0.5 per thousand (≥ 1 in 2,000) 4 0.1 per thousand (≥ 1 in
10,000) 3 Improbable 0.01 per thousand (≥ 1 in 100,000) 2 ≤ 0.001 per thousand (≥ 1 in 1,000,000) 1
FMEA ISO 14971 Risk Management – Execution Level SEVERITY RANKING CRITERIA 55 Common Terms
Possible description Rank Catastrophic Results in patient death 10 Results in permanent impairment or
life-threatening injury 9 Critical Results in temporary injury or impairment requiring professional medical
intervention 8 Non-compliance with regulatory requirements 7 Serious Results in temporary injury or
impairment not requiring professional medical intervention 6 Product recall issued 5 Minor Discomfort
resulting from physiological response 4 Treatment incompatibility with no adverse response 3 Negligible
Inconvenience or temporary discomfort 2 Device incompatible with some consumable models 1
56. RISK ESTIMATION – RANKING PROBABILITIES Hazardous situation Hazard Type Circumstance Harm
Probability of Occurrence Severity Prolonged contact Known Abnormal Clinical complications 10 10 Poor
design/placement Foreseeable Abnormal Blood loss 4 9 Poor design/placement Foreseeable Abnormal
Heart attack 1 9 Inappropriate material Foreseeable Abnormal Clinical complications 3 2 Injury/poor
design or placement Known Normal High blood pressure/heart attack 5 4 Inadequate product &
procedural sterility Foreseeable Abnormal Death 2 10 Inappropriate handling Foreseeable Normal
Clinical complications 8 4 Foreign body response Foreseeable Normal Clinical complications 1 6 56
Overview of the ISO14971 >> Risk Assessment Tools >> FMEA ISO 14971 Risk Management – Execution
LevelCopyright © Semoegy Advisers & Ventures
57. Copyright © Semoegy Advisers & Ventures 0 1 2 3 4 5 6 7 8 9 10 11 0 1 2 3 4 5 6 7 8 9 10 11

Overview of the ISO14971 >> Risk Assessment Tools >> FMEA ISO 14971 Risk Management – Execution
Level RISK CHART - EVALUATION 57 Probability Levels Severity Levels
FMEA ISO 14971 Risk Management – Execution Level DETERMINING RISK ACCEPTABILITY [N X M]
MATRIX 58 Severity [N columns] Probability [M rows] 1 2 3 4 5 6 7 8 9 10 1 ACC ACC ACC ACC ACC ACC
ACC ACC BOR BOR 2 ACC ACC ACC ACC ACC ACC ACC BOR BOR NACC 3 ACC ACC ACC ACC ACC ACC BOR
BOR NACC NACC 4 ACC ACC ACC ACC ACC BOR BOR NACC NACC NACC 5 ACC ACC ACC ACC BOR BOR
NACC NACC NACC NACC 6 ACC ACC ACC BOR BOR NACC NACC NACC NACC NACC 7 ACC ACC BOR BOR
NACC NACC NACC NACC NACC NACC 8 ACC BOR BOR NACC NACC NACC NACC NACC NACC NACC 9 BOR
BOR NACC NACC NACC NACC NACC NACC NACC NACC 10 BOR NACC NACC NACC NACC NACC NACC
NACC NACC NACC
59. RISK ESTIMATION – RANKING PROBABILITIES Hazard Type Circumstance Harm Probability of
Occurrence Severity Acceptable Known Abnormal Clinical complications 10 10 NACC Foreseeable
Abnormal Blood loss 4 9 NACC Foreseeable Abnormal Heart attack 1 9 BOR Foreseeable Abnormal
Clinical complications 3 2 ACC Known Normal High blood pressure/heart attack 5 4 ACC Foreseeable
Abnormal Death 2 10 NACC Foreseeable Normal Clinical complications 8 4 NACC Foreseeable Normal
Clinical complications 1 6 ACC 59 Overview of the ISO14971 >> Risk Assessment Tools >> FMEA ISO
14971 Risk Management – Execution LevelCopyright © Semoegy Advisers & Ventures
60. ITERATIVE RISK MANAGEMENT Highly individual to the medical device Full integration into the
quality management system 60 Overview of the ISO14971 >> The Principles >> ISO 14971 Overview ISO
14971 Risk Management – Execution Level Risk evaluation Risk control Residual risk acceptability Risk
management report Production & post- productio n Risk analysis Copyright © Semoegy Advisers &
Ventures
61. Copyright © Semoegy Advisers & Ventures 61 Risk Assessment Tools >> FMEA Annex B Figure B.1 –
Overview of risk management activities as applied to medical devices ISO 14971 Risk Management –
Execution Level
bit.ly/ISO14971

Risk Assessment Medical Device

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Assessment Medical Device

Uploaded by

Copyright:

Available Formats

icholas Abbondante, Chief EMC Engineer, Intertek Group plc03.10.

 Issues during surgery, such as surgical table actuation, or changes in

Because the range of potential issues is so wide, regulators are looking to

Requirements for the Risk Management File

 Professional healthcare environment: Where equipment or a system will be used

 Identification of intended environment and applicable standards;

ISO14971 Medical Device Risk Management Course - E-Learning

14. INTERNATIONAL REQUIREMENT Jurisdiction/Standard Regulatory requirement European Union

57. Copyright © Semoegy Advisers & Ventures 0 1 2 3 4 5 6 7 8 9 10 11 0 1 2 3 4 5 6 7 8 9 10 11

You might also like