3. Don’t just execute the standards,
learn and understand why they exist
● ISO 14971
○ Application of risk management to medical devices
● ISO 13485
○ Quality management systems
● FDA.gov
4. ISO 14971 is the industry standard
Risk Management Strategy
1) Risk Management Planning
2) Risk Analysis
3) Risk Evaluation
4) Risk Control
5) Residual Risk Evaluation
6) Risk Management Report/File
Hazard/FMEA Tables
5. Choose the right risk techniqueDevelopment
Method Purpose
Hazard Analysis Identify hazards and drive design decisions
Application FMEA Identify user failures and prevention
Fault Tree Analysis Top-down approach starting with unintended consequences
Design FMEA Identify potential design failures from sub-component level
Process FMEA Identify potential process failures (i.e. manufacturing)
6. An example in Hazard Analysis
ID Hazard Foreseeable
Sequence of
Events
Hazardous
Situation
Harm S P RI Risk Mitigation Verif. Residual
(S)
Residual
(P)
Residual
(RI)
1 Electro-
magnetic
Energy
ESD causes
pump and
pump alarms
to fail
Failure to
deliver insulin
unknown to
patient with
elevated
blood glucose
level
Minor organ
damage
4 2 UN Information for
Safety: warning
in user manual
Protective
Measures:
notification
when unit is not
grounded
Inherent to
Design: IEC
60601
PR15243
1.5.25
PR15243
1.6.21
PR15243
3.6.5
4 1 ACC
2 Decreased
consciousness
3 3 ACC 3 2 ACC
3 Coma, death 5 2 UN 5 1 ACC
S = Severity Level
P = Probability
RI/RL = Risk Index/Risk Level
Verif = Verification
9. Trace risk control to test case
Hazard Analysis
FMEA
Reference to Product
Requirement or
Test Report
Product
Requirements
Reference to Test Step/Test
Protocol/Test Report
Test Reports
Reference to Test Protocol
Step
Test Protocols
Reference to Product
Requirement
10. FDA guidance on risk management
● FDA QSR 820.30 - Design Controls
● Submissions
● Investigational Devices
● Guidance Documents for specific devices
● Software - SOUP/OTS - IEC 62304
11. Risk management doesn’t stop after R&D
Hazard Analysis
New Hazards
Adjust Risk Levels
New Product
Development
Complaints
CAPAs
Non-Conformance
Reports
Change Orders
Service Records
12. It’s not just about compliance
1. fda.gov
Compliance
Business Risk
Patient Safety
658FDA Warning Letters
in
2014
13. It’s not just about compliance
1. “The Business Case for Medical Device Quality” - McKinsey and Company
Compliance
Business Risk
Patient Safety
14. It’s not just about compliance
1. 2014 FDA.gov
2. Open.FDA.gov
Compliance
Business Risk
Patient Safety
15. It’s not just about compliance
1. 2014 FDA.gov
2. Open.FDA.gov
Compliance
Business Risk
Patient Safety
16. Be proactive, not reactive
“Risk is like fire: If controlled it will help you; if
uncontrolled it will rise up and destroy you.”
Theodore Roosevelt
17. Future of the Medical Device Industry
● Mobile Health
○ AliveCor, Glooko, Smart Monitor
● Personalized Medicine
○ Theranos, 23andMe, Guardant Health
● Quality System and Regulation Maturity
○ Electronic submissions, Single Audit Program
18. How Core Input is working with a changing regulatory
landscape
● Cloud-based
Complaint
Handling
● Lower cost of
maintenance
● Integrated
compliance
Prioritize patient safety and reduce healthcare costs