Contact

What are you looking for?

About SGS

We are SGS – the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for quality and integrity. Our 96,000 employees operate a network of 2,600 offices and laboratories, working together to enable a better, safer and more interconnected world.

Applying Risk Management to Medical Devices

Quality InsightsJune 18, 2020

Peter Linders, chair of ISO/TC 210, stated at the time of the release of ISO 14971:2019, that it was the manufacturer’s responsibility to reduce the risks associated with medical devices. How can a systematic approach help manufacturers reduce risk during production?

The consequences of failure in medical devices can be catastrophic, not only for the patient but also potentially for the operator and other people. In addition, there might be damage to property and the environment. Adopting a systematic approach to risk management can significantly reduce the potential for these negative events.

ISO 14971

Originally released in 1998, ISO 14971 – Medical devices – Application of risk management to medical devices – provides a framework to identify potential hazards and estimate the associated risks. It enables the implementation of risk control measures and creates a mechanism for monitoring their effectiveness.

In December 2019, the International Organization for Standardization (ISO) published the latest version – ISO 14971:2019. This was developed by a joint working group incorporating ISO/TC 210 – Quality management and corresponding general aspects for medical devices – and IEC/TC 62 – Electrical equipment in medical practice – from the International Electrotechnical Commission (IEC).

ISO 14971:2019 updates the 2007 iteration in several ways. It adopts a new chapter structure, clarifies the standard’s technical requirements, updates normative references, and introduces a focus on the benefit-risk ratio. The new version is also wider in its frame of reference, placing a stronger focus on information gained during production and from downstream phases.

The focus on the benefit-risk ratio has required a new medicine-related definition of ‘benefit’. It is defined as, a positive impact or desired outcome on the health of an individual, or a positive impact on patient management or public health (Clause 3).

This is one of many new or redefined terms in ISO 14971. Others include:

  • ‘Reasonably foreseeable misuse’ – use of a product or system in a way not intended by the manufacturer but which can result from readily predictable human behavior
  • ‘State of the art’ – developed stage of technical capability at a given time as regards to products, processes, and services – based on the relevant consolidated findings of science, technology, and experience

There are also updated definitions for: ‘accompanying documentation’, ‘harm’, ‘use error’, ‘manufacturer’, and ‘In Vitro diagnostic medical device’.

To achieve its goals, ISO 14971 has a new six stage process:

  • Risk analysis
  • Risk evaluation
  • Risk control
  • Evaluation of overall residual risk
  • Risk management review
  • Production and post-production

RISK ANALYSIS

Manufacturers need to clearly understand the parameters relating to their product. For example, they must consider:

  • Design, function, and reasonably foreseeable misuse of the medical device
  • Who holds responsibility at each part of the process?
  • What is the scope of the analysis?

Risk analysis should also identify the safety characteristics of the product. The focus on downstream phases means risk analysis should also consider the loss or degradation of the medical device’s clinical performance, as a result of unacceptable use, as well as reasonable foreseeable events, or sequences of events, that can result in hazardous situations.

RISK ESTIMATION

The manufacturer should then estimate, both qualitatively and quantitatively, the probability of occurrence for each potential hazard and hazardous situation. This is achieved by looking at published standards, scientific and technical investigations, field data from similar devices, usability tests, clinical evidence, expert opinion, and the results from investigations and simulations. If no probability of occurrence can be estimated, then possible consequences should be listed.

RISK CONTROL

Once the risks have been identified and the severity estimated, the next stage is the implementation of control to mitigate the risks. This should begin at the design stage, go through production, before looking at use and reasonably foreseeable misuse. Control measures should be instigated for each risk. For example, for the post-production phase, this might include safety instructions or training. The aim is to address each hazard and hazardous situation.

If it is determined that risk reduction is not practicable, then a benefit-risk analysis must be performed on the residual risk. It is imperative that benefits outweigh risk. If this is not the case, then the risk is considered unacceptable and modifications must be enacted.

Control measure may also introduce new risks, and these should also be considered, alongside whether the control is effective at reducing risk. Upon completion of the risk control stage, the manufacturer must confirm that all risks from all hazardous situations have been considered and all risk control activities have been completed.

EVALUATION OF OVERALL RESIDUAL RISK

The manufacturer should now use benefit-risk analysis to determine whether the residual risk is acceptable, based upon the acceptability criteria defined in the risk management plan. If the overall residual risk is considered acceptable, the manufacturer must inform users of the significant residual risks and supply relevant safety information. If the overall residual risk is judged unacceptable, the manufacturer must either implement additional control measures, modify the medical device, or modify its intended use.

RISK MANAGEMENT REVIEW

The manufacturer is then required to review whether:

  • The risk management plan has been implemented appropriately
  • The overall residual risk is acceptable
  • Methods are in place to collect and review information from the production and post-production phases

PRODUCTION AND POST-PRODUCTION

Manufacturers must establish a system to collect relevant data during productions and post-production. This must be reviewed for whether:

  • Previously unrecognized hazards or hazardous situations have been identified
  • Estimated risk arising from a hazardous situation is still acceptable
  • Overall residual risk is still acceptable
  • ‘State of the art’ has changed

ISO 14971:2019 provides a framework against which manufacturers can introduce continuous improvements in their risk management. A core tenet of ISO standards is the importance of management involvement, with responsibilities being assigned at an early stage of the process.

SGS SOLUTIONS

SGS offers a range of solutions to help manufacturers design and manufacture safe and compliant medical devices for markets all over the world. Based on ISO 14971, our training provides manufacturers with a systematic approach to risk management in the medical device sector.

Learn more here.

About SGS

We are SGS – the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for quality and integrity. Our 96,000 employees operate a network of 2,600 offices and laboratories, working together to enable a better, safer and more interconnected world.

News & Insights

  • SGS Headquarters

1 Place des Alpes,

P.O. Box 2152,

1211, Geneva, Switzerland