1 / 98

Risk Management – It’s more than just an FMEA.

Risk Management – It’s more than just an FMEA. 33 rd Annual Meeting - AMDM April 21, 2006 Bill McLain Keystone Regulatory Services, LLC. Today’s Topics. Introduction to ISO 14971:2000 and Risk Management Concepts Overview of ISO 14971:2000

kimama
Download Presentation

Risk Management – It’s more than just an FMEA.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management – It’s more than just an FMEA. 33rd Annual Meeting - AMDM April 21, 2006 Bill McLain Keystone Regulatory Services, LLC AMDM 33rd Annual Meeting

  2. Today’s Topics • Introduction to ISO 14971:2000 and Risk Management Concepts • Overview of ISO 14971:2000 • Integrating Risk Management and the Quality Management System • Including ISO 14971:2000 in Your Internal Audit Process • Upcoming Changes to ISO 14971:2000 • Some Examples of Deliverables AMDM 33rd Annual Meeting

  3. History of ISO 14971:2000 • Risk Analysis • October 1997 - EN 1441 published • October 1998 - ISO 14971-1 published • Risk Management • July 1996 - EN 60601-1-4 published • October 2000 – ISO14971 published • July 2002 - EN ISO 14971 becomes harmonized • July 2003 – ISO 14971/A1 Annex H published • April 2004 – EN 1441 no longer has presumption of conformity • 2006 – ISO 14971:200X revisions AMDM 33rd Annual Meeting

  4. Why Implement Risk Management? – US And European Viewpoints • International Acceptance • US • Consensus standard for use in submissions and QMS. • Europe • For the essential requirements of MDD, AIMD, and IVDD, the device is presumed to conform with requirements for mitigating and reducing risks if the RM process conforms to ISO14971:2000, a harmonized standard. • Other countries recognizing ISO 14971:2000 • Canada • Australia • Japan AMDM 33rd Annual Meeting

  5. Overview of the Risk Management Process AMDM 33rd Annual Meeting

  6. The Basic Process • The System • Management Responsibilities AMDM 33rd Annual Meeting

  7. Some Fundamental Principles • RM is applicable to all stages of the life cycle of the device • Applies a systematic approach to the process. • Use of all medical devices entails some degree of risk. • The process “lives”. It’s not once and done. AMDM 33rd Annual Meeting

  8. Clause 2. Terms and definitions (select) • hazard – potential source of harm • harm – physical injury or damage to the health of people, or damage to the property or the environment. • objective evidence – information which can be proven true, based on facts obtained through observation, measurement, test or other means • risk – combination of the probability of occurrence of harm and the severity of that harm AMDM 33rd Annual Meeting

  9. Clause 2. Terms and definitions (select) • risk control – process through which decisions are reached and protective measures are implemented for reducing risks to, or maintaining risks, within specified levels • risk evaluation – judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context based on the current values of society. • safety – freedom from unacceptable risk • severity – measure of the possible consequences of a hazard. AMDM 33rd Annual Meeting

  10. Management Responsibilities • Define the policy for determining acceptable risk, taking Standards and Regulations into account • Ensure the provision of adequate resources • Ensure the assignment of trained, qualified personnel (must maintain records showing person has appropriate qualifications) • Review results of risk management at defined intervals to ensure suitability and effectiveness AMDM 33rd Annual Meeting

  11. Risk Management Plan • Scope of the plan, describing the device and life cycle phases for which plan is applicable • A verification plan • Allocation of responsibilities • Requirements for reviewing risk management activities • Criteria for risk acceptability AMDM 33rd Annual Meeting

  12. Risk Analysis AMDM 33rd Annual Meeting

  13. Risk Analysis Procedure • Analysis of intended use using Annex A as a basis • Description of the device/accessory analyzed • Identification of person who conducted the risk assessment • Date of the analysis AMDM 33rd Annual Meeting

  14. Risk Analysis Should Also Include: • Description of the intended use AND any reasonably foreseeable misuse • Listing of qualitative and quantitative characteristics that could affect safety • Excellent self-analysis questions can be found in Annex A of the Directive AMDM 33rd Annual Meeting

  15. Risk Analysis - Identifying hazards • You need to compile a list of foreseeable hazards that could lead to a hazardous situation • List must be maintained in risk management file AMDM 33rd Annual Meeting

  16. Risk Analysis – Estimating the risk • After identifying hazard, risk in normal and fault conditions must be estimated • If you can’t estimate risk, possible consequences should be prepared and include in file • Methods of risk estimation and other techniques found in Annexes E and F AMDM 33rd Annual Meeting

  17. Risk Evaluation AMDM 33rd Annual Meeting

  18. Risk Evaluation - Hazards • Must evaluate every hazard and determine whether estimated risk is so low that risk reduction is not required • Standard does not specify acceptable risk levels • Compare to medical devices already in use • Risk can be accepted if benefits outweigh risks AMDM 33rd Annual Meeting

  19. Risk Evaluation – Residual Risk • After evaluating hazards, you need to ask: • Is risk so low that there is no need to consider it? • Is the risk outweighed by the benefit? • Is the overall balance of all risks and benefits acceptable? AMDM 33rd Annual Meeting

  20. From Annex E - Risk concepts applied to medical devices AMDM 33rd Annual Meeting

  21. Risk Evaluation - Types of Failure • There are two types of failure: • Random failure • Systematic failure • Statistical probability can often be assigned to random failures AMDM 33rd Annual Meeting

  22. Risk Control AMDM 33rd Annual Meeting

  23. Risk Control – Analyzing the Options • Need to identify risk control measures that are appropriate for reducing risk to an acceptable level. Must be evaluated in order of priority: • Inherent safety by design • Protective measures in the device or manufacturing process • Information for safety • Must be maintained in risk management file AMDM 33rd Annual Meeting

  24. Risk Control – Implementing Measures • Manufacturer needs to implement risk control measures • Proof of implementation of measures and verification of effectiveness must be kept on file • Residual risk must be evaluated • Gather data and conduct a risk/benefit analysis AMDM 33rd Annual Meeting

  25. Post Production Information AMDM 33rd Annual Meeting

  26. Risk Monitoring – Reporting • Results of the risk management process must be contained in risk management report which needs to contain: • Traceability for each hazard in the risk analysis • The risk evaluation • Implementation and verification of risk control measures • Assessment that residual risk is acceptable AMDM 33rd Annual Meeting

  27. Risk Monitoring – Post Production • Need to maintain a systematic procedure to review information in post-production phase and evaluate: • Previously unrecognized hazards • Whether the estimate risk from a hazard is no longer acceptable • If the original assessment is otherwise invalidated AMDM 33rd Annual Meeting

  28. Overview of The Standard • General Clauses • Clause 1. Scope of Standard • Clause 2. Terms and definitions • Clause 3. General requirements for risk management AMDM 33rd Annual Meeting

  29. Overview of The Standard • Requirements Clauses • Clause 4. Risk Analysis (Steps 1, 2 and 3 of flow chart) • Clause 5. Risk evaluation (Step 4) • Clause 6. Risk control (Steps 5 to 10) • Clause 7. Overall residual risk evaluation (Step 11) • Clause 8. Risk management report (Step 12) • Clause 9. Post-production information (Step 13) AMDM 33rd Annual Meeting

  30. Overview of The Standard • The Annexes • Annex A (informative) Questions that can be used to identify medical device characteristics that could impact on safety • Annex B (informative) Guidance on risk analysis for in vitro diagnostic medical devices • Annex C (informative) Guidance on risk analysis procedure for toxicological hazards • Annex D (informative) Examples of possible hazards and contributing factors associated with medical devices AMDM 33rd Annual Meeting

  31. Overview of The Standard • The Annexes (cont’d) • Annex E (informative) Risk concepts applied to medical devices • Annex F (informative) Information on risk analysis techniques • Annex G (informative) Other standards that contain information related to the elements of risk management described in this International Standard • Bibliography AMDM 33rd Annual Meeting

  32. The RM Process and the Quality Management System AMDM 33rd Annual Meeting

  33. Goal of This Section • Provide insights how ISO 14971 integrates with the modern QMS. • Directly (Clause 7 in ISO 13485:2003) • Indirectly (Remaining Clauses) AMDM 33rd Annual Meeting

  34. Brief ISO 13485:2003 overview • ProcessApproach AMDM 33rd Annual Meeting

  35. Brief ISO 13485:2003 overview • Key Processes • Processes vital to operation of company – Core Process. • Processes supporting Core Process • Processes covered by key standards. • Vary by organization AMDM 33rd Annual Meeting

  36. Brief ISO 13485:2003 overview • Key Processes • Examples • New Product Development • Customer Service • Marketing? • Purchasing • Inspection • Packaging, Sterilization, Final Release • Shipping and Installation • Risk Management AMDM 33rd Annual Meeting

  37. Brief ISO 13485:2003 overview • Requirements for Risk Management In ISO 13485 (Clause 7) • Clause 7.1 • The organization shall establish documented requirements for risk management throughout product realization. Records arising from risk management shall be maintained (see 4.2.4 and Note 3). • NOTE 3 See ISO 14971 for guidance related to risk management. AMDM 33rd Annual Meeting

  38. Brief ISO 13485:2003 overview • Requirements for Risk Management In ISO 13485 (Clause 7) • Clause 7.3.2 Design and development inputs • Inputs relating to product requirements shall be determined and records maintained (see 4.2.4). These inputs shall include • e) output(s) of risk management (see 7.1). AMDM 33rd Annual Meeting

  39. RM and QMS Elements • Management Responsibilities • incorporate RM into organization. • planning including risk planning. • resources and establishing responsibilities and authorities • review of the QMS and the RM system. AMDM 33rd Annual Meeting

  40. RM and QMS Elements • Outsourcing • Many items outside manufacturer’s direct control. (sterilization, tooling, test, design, manufacturing) • RM can be applied to outsourced operations to determine levels of control AMDM 33rd Annual Meeting

  41. RM and QMS Elements • Planning • Both the QMS and the RMS span the entire lifecycle of the medical device. • Several opportunities to integrate RM requirements into the QMS – the daily functioning of the business. AMDM 33rd Annual Meeting

  42. RM and QMS Elements • Design and Development • An area of strong ties to the RM process AMDM 33rd Annual Meeting

  43. RM and QMS Elements • Design and Development Planning • Risk Management planning • Determine risk acceptability criteria by management AMDM 33rd Annual Meeting

  44. RM and QMS Elements • Design and Development Input • Identify hazards and harms • Estimate risks • Evaluate risks • Determine requirements for risk control measures. AMDM 33rd Annual Meeting

  45. RM and QMS Elements • Design and Development Output • Design risk controls • device design • process design AMDM 33rd Annual Meeting

  46. RM and QMS Elements • Design and Development Verification • Determine if individual residual risk is acceptable • Have new safety requirements been identified? • Design and Development Validation • Are overall residual risks acceptable? • Have new safety requirements been identified? AMDM 33rd Annual Meeting

  47. RM and QMS Elements • Traceability • Risk data can be used to determine which components require traceability AMDM 33rd Annual Meeting

  48. RM and QMS Elements • Purchasing Controls and Acceptance Activities • Supplier selection, evaluation and re-evaluation criteria should be tied to risks and hazards associated with purchased products and services. • Acceptance criteria (and specifications) for purchased products and services should be identified risks and risk control measures. AMDM 33rd Annual Meeting

  49. RM and QMS Elements • Production and Process Controls • Another area of strong ties to RM process AMDM 33rd Annual Meeting

  50. RM and QMS Elements • Production and Process Controls • Manufacturing processes source of identified hazards. • equipment, processes, environment, personnel, etc. AMDM 33rd Annual Meeting

More Related