The webinar covers:
• Risk assessment in medical device management systems
• Key issues pertaining to ISO 13485
• FMEA model in medical devices management systems
Presenter:
This webinar will be presented by Mohmed EL Mahdy, PECB Certified Trainer who has extensive experience in Lead Auditor ISO 13485.
2. Prelude
This training session is not designed to anticipate all
requirements of ISO 14971 instead it addresses key issues
thereto.
3. Key Terms and Definitions
• harm
physical injury or damage to the health of people, or damage to property or the
environment
• hazard
potential source of harm
• hazardous situation
circumstance in which people, property, or the environment are exposed to one
or more hazard(s)
• life-cycle
all phases in the life of a medical device, from the initial conception to final
decommissioning and disposal
• post-production
part of the life-cycle of the product after the design has been completed and the
medical device has been manufactured
• residual risk
risk remaining after risk control measures have been taken
8. ISO 14971 Process Overview
Risk Analysis
o determining user needs / intended uses
o hazard identification
o risk estimation
Risk Evaluation
o risk acceptability decisions
Risk Control
o option analysis
o implementation
o residual risk evaluation
o overall risk acceptance
Post Production
o post production experience
o review of risk management experience
RiskAssessment
RiskManagement
Risk Analysis
Risk Evaluation
Risk control
• Risk control option analysis
• Implementation of risk control measures
• Residual risk evaluation
• Risk / benefit analysis
• Risk arising from risk control measures
• Completeness of risk control
Risk management report
• Intended use and identification of characteristics related to the safety
of the medical device
• Identification of hazards
• Estimation of the risk for each hazardous situation
Production and post-production information
Evaluation of overall residual risk acceptability
9. High-Level Combinations of
Severity and Probability
Increasing Severity of Harm/Consequence
IncreasingProbabilityof
Occurrence
Low
Risk
Medium
Risk
High Risk
10. • Risk Matrix
• PHA= Preliminary Hazard Analysis
• FTA=Fault Tree Analysis
• FME(C)A=Failure Mode Effects (Criticality) Analysis
• HAZOP=Hazard Operability Analysis
• HACCP=Hazard Analysis and Critical Control Point
Risk assessment methodology
11. FTA=Fault Tree Analysis
•A team-based method used to identify the
causal chain that creates a hazard or a
failure mode (effects are typically ignored)
•FTA represents the sequence and
combination of possible events that may
lead to a failure mode
•Once causes are identified, preventive
action can be taken
Fire Breaks
Out
Ignition
Source
Open
Flame
Spark Exists
Grinder
Spark
Frayed
Electrical
Cord
Welding
Spark
Flammable
Material
Causes of Fire in a Machine Shop
Fire Breaks
Out
Ignition
Source
Open
Flame
Spark Exists
Grinder
Spark
Frayed
Electrical
Cord
Welding
Spark
Flammable
Material
Causes of Fire in a Machine Shop
12. 12
POTENTIAL FAILURE MODE AND EFFECTS ANALYSIS
X-Ray ZM Device FMEA Number
Subsystem Page of
Component ____________________ Responsibility Prepared By
Process FMEA Date (Orig.) (rev.)
Core Team:
_______________________________________________________________________________________________
Device/ Potential Potential S Potential O Current D R Recommended Responsibility Action Results
Function Failure Effect(s) Cause(s) Controls P Action(s) and Target Actions R
Mode of Failure of Failure N Complete Date Taken S O D P
N
Field Defining
Light
Visible Treatment
Field Indication
1) Light
Failure
Treatment
setup time
increases
2 Burn Out
Bulb
4 4 32 -Better light
source
-Redundant
source
-Quick change
light bulb
2
1
1
3
1
1
4
2
4
24
2
4
2)
Alignment
Failure
Wrong Field
Defined
Causing
Repeat x-
rays and
additional
setup time
3 a) light
source
moved
1 4 12
3 b) Mirror
moved
5 4 60
FMEA Model
13. Create SOD Tables
• Severity (S)
• Link to end product functional failure
• Medical Department involvement
• Occurrence (O)
• Use historical data
• Similar processes products
• Detection (D)
• Method validation studies
• Historical data
14. FMEA types
• System FMEA
• Subsystem FMEA
• Component FMEA
• Equipment FMEA
• Automation FMEA
• Design FMEA
• Process FMEA
• Service FMEA
• Improvement FMEA
15. 15
HAZOP
Transfer Material Destination
No Valve closed
Line blocked
Pump broken
Tank empty Valve closed
Hopper full
More Pump fast Larger tank
Inaccurate
gage
Other
than
Liquid
Wrong powder
16. Robert C. Menson, PhD
16
HACCP
Hazard Analysis and Critical Control Point
• Risk Management System
• Biological Hazards
• Chemical Hazards
• Physical Hazards
• Requires
• Prerequisite Quality System Program
• Traditionally GMPs
• A method of identifying and
controlling sources of variation at
critical process steps that could
lead to a hazardous condition
• Similar to a control plan
• Cannot be used effectively
without manual or automated
process control methods,
including statistical process
control
17. 9 I N T O L E R -
8 A B L E
7
6 A R E G -
5 L I O N
4 A
3 B R
2 A P
ProbabilityofOccurrence
1 R
1 2 3 4 5 6 7 8 9
Severity
l Intolerable
Region
l As Low As
Reasonably
Practicable
Region
(ALARP)
l Broadly
Acceptable
Region (BAR)
Risk Concept According to ISO 14971
April 2001 Tony C. Chan
18. ALARP against ALARA
• As-low-as-reasonably-practicable approach
• as-low-as-reasonably-achievable approach
19. Practicability considerations
• It might be thought that any risk associated with a medical device would be
acceptable if the patient’s prognosis were improved. This cannot be used as
a rationale for the acceptance of unnecessary risk. All risks should be
reduced to the lowest level practicable, bearing in mind the state of the art
and the benefits of accepting the risk and the practicability of further
reduction.
• Practicability refers to the ability of a manufacturer to reduce the risk.
Practicability has two components:
• ⎯ technical practicability;
• ⎯ economic practicability.
Annex D.8.4 ISO 14971:2007
22. Classification
Effective implementation of risk assessment
Classification of the medical device is a reflection to the risk level of
the product
Severity
vulnerability
IIaIm;sITransient
Modeofcontact
invasiveness
IIbIIaIm;s
Short to
long term
IIIIIbIIa
Long term
implant
My approach for simplicity purpose only
23. Effective implementation of risk assessment
ER Essential req. MDD 2007/74/EC
1 The devices must be …………………………provided that any risks which may be associated with their intended use constitute
acceptable risks when weighed against the benefits to the patient and are compatible with a high level of protection of
health and safety.
2 – eliminate or reduce risks as far as possible (inherently safe design and construction), – where appropriate take adequate
protection measures including alarms if necessary, in relation to risks that cannot be eliminated, – inform users of the
residual risks due to any shortcomings of the protection measures adopted.
6 Any undesirable side-effect must constitute an acceptable risk when weighed against the performances intended.
7.2 The devices must be designed, manufactured and packed in such a way as to minimize the risk posed by contaminants and
residues to the persons involved in the transport, storage and use of the devices and to the patients, taking account of the
intended purpose of the product. Particular attention must be paid to the tissues exposed and to the duration and
frequency of exposure.
7.4 Various parts in addressing risk of incorporating medicinal substance
7.5 The devices must be designed and manufactured in such a way as to reduce to a minimum the risks posed by substances
leaking from the device.
If the intended use of such devices includes treatment of children or treatment of pregnant or nursing women, the
manufacturer must provide a specific justification for the use of these substances with regard to compliance with the
essential requirements, in particular of this paragraph, within the technical documentation and, within the instructions for
use, information on residual risks for these patient groups and, if applicable, on appropriate precautionary measures.
24. Effective implementation of risk assessment
ER Essential req. MDD 2007/74/EC
7.6 Devices must be designed and manufactured in such a way as to reduce, as much as possible, risks posed by the
unintentional ingress of substances into the device taking into account the device and the nature of the environment in
which it is intended to be used.
8.1 The devices and manufacturing processes must be designed in such a way as to eliminate or reduce as far as possible the
risk of infection to the patient, user and third parties. The design must allow easy handling and, where necessary, minimize
contamination of the device by the patient or vice versa during use.
8.6 Packaging systems for non-sterile devices must keep the product without deterioration at the level of cleanliness stipulated
and, if the devices are to be sterilized prior to use, minimize the risk of microbial contamination; the packaging system must
be suitable taking account of the method of sterilization indicated by the manufacturer
9.2 Devices must be designed and manufactured in such a way as to remove or minimize as far as is possible:
– the risk of injury, in connection with their physical features, including the volume/pressure ratio, dimensional and where
appropriate ergonomic features,
– risks connected with reasonably foreseeable environmental conditions, such as magnetic fields, external electrical
influences, electrostatic discharge, pressure, temperature or variations,
– the risks of reciprocal interference with other devices normally used in the investigations or for the treatment given,
– risks arising where maintenance or calibration are not possible (as with implants), from ageing of materials used or loss of
accuracy of any measuring or control mechanism.
25. Effective implementation of risk assessment
ER Essential req. MDD 2007/74/EC
9.3 Devices must be designed and manufactured in such a way as to reduce, as much as possible, risks posed by the
unintentional ingress of substances into the device taking into account the device and the nature of the environment in
which it is intended to be used. Devices must be designed and manufactured in such a way as to minimize the risks of fire or
explosion during normal use and in single fault condition. Particular attention must be paid to devices whose intended use
includes exposure to flammable substances or to substances which could cause combustion.
11.
2.1
Where devices are designed to emit hazardous levels of radiation necessary for a specific medical purpose the benefit of
which is considered to outweigh the risks inherent in the emission, it must be possible for the user to control the emissions.
Such devices shall be designed and manufactured to ensure reproducibility and tolerance of relevant variable parameters
11.
4.1
The operating instructions for devices emitting radiation must give detailed information as to the nature of the emitted
radiation, means of protecting the patient and the user and on ways of avoiding misuse and of eliminating the risks
inherent in installation
12 Various types of energy source risks
13 method by which user is informed about risk
29. Does ISO 14971 deemed sufficient as a
stand alone harmonized standard to
presume compliance with Medical
device directive?
30. NOHowever; It is harmonized standard……
YesBut; we have to consider issues raised while harmonization
thereto……
31. Harmonization issues
ER ISO 14971
1 ER 1 is not directly covered by EN ISO 14971, since the standard does not provide requirements on design and manufacture.
However, the standard provides a tool to generate the information that is a necessary preliminary step for a manufacturer
to demonstrate that the device is in conformity with ER 1.
2 - The second sentence of ER 2 is partly covered by 6.2. For content deviations, see points 1, 2, 3, 5, 6, 7 below.
- The other parts of ER 2 are not directly covered by EN ISO 14971, since the standard does not provide requirements on
design and construction, nor does it apply the concept of 'safety principles' as intended in the MOD. However, the standard
provides a tool to generate the information that is a necessary preliminary step for a manufacturer to demonstrate that the
device is in conformity with ER 2.
4 ER 4 is not directly covered by EN ISO 14971, since the standard does not apply the concept of 'safety principles' as
intended in the MOD. However, the standard provides a tool to generate the information that is a necessary preliminary
step for a manufacturer to demonstrate that the device is in conformity with ER 4.
5 ER 5 is not directly covered by EN ISO 14971, since the standard does not provide requirements on design, manufacture or
packaging. However, the standard provides a tool to generate the information that is a necessary preliminary step for a
manufacturer to demonstrate that the device is in conformity with ER 5.
6 ER 6 is covered. However, for content deviations, see points 1, 2, 3, 4 below
7.1 ER 7.1 is only partly covered by EN ISO 14971, since the standard does not provide requirements on design and
manufacture and does not cover performances and characteristics related thereto. Furthermore, it does not provide
specific requirements on the items that must be paid particular attention. However, the standard provides a tool to
generate the information that is a necessary preliminary step for a manufacturer to demonstrate that the device is in
conformity with ER 7.1, For content deviations, see points 1 to 7 below.
32. 14971 non adherence to the MDD
The following aspects have been identified where the
standard deviates or might be understood as deviating
from the Essential Requirements:
33. 14971 non adherence to the MDD
1. Treatment of negligible risks:
a) According to standard ISO 14971, the manufacturer may discard
negligible risks
b) However, Sections 1 and 2 of Annex I to Directive 93/42/EEC require that
all risks, regardless of their dimension, need to be reduced as much as
possible and need to be balanced, together with all other risks, against
the benefit of the device.
c) Accordingly, the manufacturer must take all risks into account when
assessing Sections 1 and 2 of Annex I to Directive 93/42/EEC.
34. 14971 non adherence to the MDD
2. Discretionary power of manufacturers as to the acceptability of risks:
a) ISO 14971 seems to imply that manufacturers have the freedom to
decide upon the threshold for risk acceptability/ and that only non-
acceptable risks have to be integrated into the overall risk-benefit
analysis,
b) However, Sections 1 and 2 of Annex I to Directive 93/42/EEC require that
all risks have to be reduced as far as possible and that all risks combined,
regardless of any "acceptability" assessment, need to be balanced,
together with all other risks, against the benefit of the device,
c) Accordingly, the manufacturer may not apply any criteria of risk
acceptability prior to applying Sections 1 and 2 of Annex I to Directive
93/42/EEC,
35. 14971 non adherence to the MDD
3. Risk reduction "as far as possible" versus "as low as reasonably practicable":
a) Annex 0.8 to ISO 14971, referred to in 3.4, contains the concept of reducing
risks "as low as reasonably practicable" (ALARP concept). The ALARP concept
contains an element of economic consideration.
b) However, the first indent of Section 2 of Annex I to Directive 93/42/EEC and
various particular Essential Requirements require risks to be reduced "as far as
possible" without there being room for economic considerations.
c) Accordingly, manufacturers and Notified Bodies may not apply the ALARP
concept with regard to economic considerations.
36. 14971 non adherence to the MDD
4. Discretion as to whether a risk-benefit analysis needs to take place:
a) 6.5 of ISO 14971 says: "If the residual risk is not judged acceptable using the criteria established in the risk
management plan and further risk control is not practicable, the manufacturer may gather and review data and
literature to determine if the medical benefits of the intended use outweigh the residual risk." Clause 7 of ISO
14971 says: "If the overall residual risk is not judged acceptable using the criteria established in the risk
management plan, the manufacturer may gather and review data and literature to determine if the medical benefits
of the intended use outweigh the overall residual risk." Both quotes imply that an overall risk-benefit
analysis does not need to take place if the overall residual risk is judged acceptable when
using the criteria established in the risk management plan. Equally, 0.6.1 says: "A
risk/benefit analysis is not required by this International Standard for every risk.“
b) According to Section 1 of Annex I to Directive 93/42/EEC, an overall risk-benefit
analysis must take place in any case, regardless of the application of criteria established in
the management plan of the manufacturer.
Furthermore, Section 6 of Annex I to Directive 93/42/EEC requires undesirable side
effects to "constitute an acceptable risk when weighed against the performance
intended".
c) Accordingly, the manufacturer must undertake the risk-benefit analysis for the
individual risk and the overall risk-benefit analysis (weighing all risks combined against
the benefit) in all cases.
37. 14971 non adherence to the MDD
5. Discretion as to the risk control options/measures:
a)6.2 of ISO 14971 obliges the manufacturer to "use one or more of the following risk
control options in the priority order listed:
i) inherent safety by design;
ii) protective measures in the medical device itself or in the manufacturing process;
iii) information for safety" and leaves a discretion as to the application of these three
options: shall the second or third control option still be used when the first was used? 6.4
indicates that further risk control measures do not need to be taken if, after applying one
of the control options, the risk is judged acceptable according to the criteria of the risk
management plan.
b) However, the second sentence of Section 2 of Annex I to Directive 93/42/EEC requests
"to conform to safety principles, taking account of the generally acknowledged state of
the art" and "to select the most appropriate solutions" by applying cumulatively what has
been called "control options" or "control mechanisms" in the standard.
c) Accordingly, the manufacturer must apply all the "control options" and may not stop
his endeavors if the first or the second control option has reduced the risk to an
"acceptable level" (unless the additional control option(s) do(es) not improve the safety).
38. 14971 non adherence to the MDD
6. Deviation as to the first risk control option:
a) 6.2 of ISO 14971 obliges the manufacturer to "use one or more of the following
risk control options in the priority order listed:
“inherent safety by design ... " without determining what is meant by this term.
a) However, the first indent of the second sentence of Section 2 of Annex I to
Directive 93/42/EEC requires to eliminate or reduce risks as far as possible
(inherently safe design and construction)".
b) Accordingly, as the Directive is more precise than the standard, manufacturers
must apply the former and cannot rely purely on the application of the
standard.
39. 14971 non adherence to the MDD
7. Information of the users influencing the residual risk:
a) The residual risk is in 2.15 and in 6.4 of ISO 14971 defined as the risk remaining
after application of the risk control measures. 6.2 of ISO 14971 regards
"information for safety" to be a control option.
b) However, the last indent of Section 2 of Annex I to Directive 93/42/EEC says that
users shall be informed about the residual risks. This indicates that, according to
Annex I to Directive 93/42/EEC and contrary to the concept of the standard, the
information given to the users does not reduce the (residual) risk any further.
c) Accordingly, manufacturers shall not attribute any additional risk reduction to
the information given to the users.
40. Last but not least
Risk assessment in the new version of ISO 13485:201X
What about risk assessment and the new version of ISO 13485?
41. New 13485:201? And risk assessment
• The publication of the next version of ISO 13485 is postponed to 2016. Welcome
ISO 13485:2016!
• During the last meeting of the Technical Committee Working Group held in July,
the published draft version of ISO 13485 was submitted to the vote of the
Working Group members. The draft was not approved.
• ISO TC 210 is the Technical Committee of the ISO organization
• Risk assessment will appear in section 6.1 mimicry ISO 9001:2015
42. Risk assessment expectation in ISO 13485:2016
http://medicaldevices.bsigroup.com/en-GB/our-services/ISO-13485-Revision/