Brian Matthews Not sure what you mean by comply with Annex ZA. This is an indication of how the standard meets the relevant essential requirements of the Medical Device Directive.
Since the requirement in the EU is to comply with the national transpositions of the Medical Device Directive, you should already be meeting those requirements.

Gabriel Adusei, MSc, PhD Thanks Brian. Your comments also reflect mine. I once had a Notified Body's Auditor asking my client similar question and he would take any explanation. I am inclined to believe that many Notify Body Auditors require standardized training.

Dr. Patrick Druggan The Z annexes of the harmonised standards define what elements of the essential requirements that you do comply with. My experience is that most people are unaware that these Annexes have specific direction to the elements you comply with in the MDD. For instance ISO 1135 Annex ZB states that you comply with clauses 8.3 and 8.4 of the MDD - I read ISO 11135 and 11137 a couple of weeks back and they more or less say the same thing about the essential requirements. You need to take the Z annexes and their statements about what you comply with and correct your essential requirements. That is my interpretation

Hi Robert, start by creating a checklist against the essential requirements of the directive and this should help to identify any shortfall.

Dr. Joy Frestedt Biggest changes in this ZA annex: no more ALARP, do not use labeling to mitigate risk. Ouch! Reduce risk as low as possible... ALAP (I.e., until risk reduction no longer impacts risk: benefit ratio) AND remove references to labeling and training so risk reduction is focused on "designing out risk"

Dr. Patrick Druggan The ZA annex covers elements 1 to 6 and 7.1 of the essential requirements of 93/42/EEC. It may be that you are still using the concept of ALARP and that is what you need to change in your procedures.

Dr. Joy Frestedt summed up the update very well with one minor Correction. It doesn't say you cannot use labeling at all, rather labeling cannot be your only risk mitigation and you have to consider: by design and by process before labeling and training.

Patricia Medina agree with no more alarm. also many legacy products may not have labeling that meets current standards.

David Amor most notified bodies, including DEKRA and TUV, are indeed reviewing for Annex Z compliance. We have some free resources for you take a look at: medgineering.com/risk. Good luck!

David Amor Shaku and Joy- the actual intent of the informative Annex Z (and thus the directives) as described in NBOG/ NBRG/ Team-NB Consensus White Paper on Annex Z, is that disclosure of residual risk is not an adequate risk control, but information for safety as defined in Annex J, is. This is a common point of misinterpretation of the Annex Z content deviation. You are correct in that information for safety should be de-prioritized when compared to risk control through design and protective/ safety measures.

David Amor Brian and Gabriel- yes the Annex Zs are informative annexes only; however, they resolve the discrepancies between MDD/ AIMD/ IVDD and the normative text of 14971, which is why it is a harmonized standard. Thus, complying with just the normative text of 14971 in actuality cannot be inferred as representing compliance to the directives. Also, I'd like to clarify something that often gets misquoted/ misrepresented re: "labeling as a risk control." As described by NBOG/ NBRG/ TEAM-NB Consensus White Paper on EN ISO 14971:2012, there are two types of "labeling" categories: disclosure of residual risk - which is not considered a risk control - and information for safety as described in Annex J - which can represent a risk control, albeit one that should be used sparsely and as a last resort, as Shaku and Joy indicated. A significant fraction of our business over the last 4 years has been helping companies remediate their risk management processes per 2012 so I can share that

David Amor Robert- check out how we advise clients to do so by visiting us at medgineering.com/risk

Roland Gerard Roland Gerard: You will find the right interpretation of this new risk management process in the draft EU MD Regulation which at present clearly explains the intend of the Commission:
risk control measures adopted by the manufacturer for the design and manufacture of the devices shall conform to safety principles, taking account of the generally acknowledged state of the art. To reduce risks, the manufacturer shall manage the risks so that the residual risk associated with each hazard as well as the overall residual risk is judged acceptable. In selecting the most appropriate solutions, the manufacturer shall apply the following principles in the priority order listed:
(b) eliminate or reduce risks as far as possible through safe design and manufacture;
(c) where appropriate, take adequate protection measures, including alarms if
necessary, in relation to risks that cannot be eliminated;

The Consensus paper David mentions also tries to clarify the ALARP vs ALAP issue. It's recommendation is that the manufacturer decides, but must document, the end point criteria of risk reduction in their risk policy. The thinking behind this being where does one stop in the risk reduction exercise? You therefore need to review your risk policy wrt risk reduction.

Roland Gerard Roland Gerard: the key in this interpretation in the following words:
"the following principles in the priority order listed"

Hello, I am one of the autors of the NB-MED consensus paper and I agree with most of the comments. Risk reduction needs to be done in the order explained (by design, by protection, by information - information on how to reduce the risk) up to the point where no further reduction is possible. The manufacturer needs to explain in its risk management process the criteria for stopping the risk reduction. if the risk is still not acceptable according to the criteria explained, information on the residual risk needs to be disclosed (no value for further risk reduction). in any case, a risk benefit analysis needs to be done considering all risks that have not been reduced to an acceptable level.

The consensus paper in question is available here: http://www.team-nb.org//wp-content/uploads/2015/05/documents2014/NBRG_WG+RM_Interim_NBmed_Consensus_Version_140812_1_1.pdf

Although some NBs may expect manufacturers to apply this paper in practice, the document was only a consensus among NBs and industry. Neither the European Commission nor the Member State designating authorities ever formally endorsed it. For this reason, it's not technically accurate to refer to the document as an "NBOG" or even an "NB-MED" document. It's an NBRG document that the NBs within NB-MED were able to support.

In practice, this document is the best we have while transitioning to the new EU Regulation (MDR). Unlike the Directive, the MDR defines the term "as far as possible" in a way which (hopefully) will avoid a repeat of these challenges with the 14971 content deviations.

Marcelo Antunes ISO 14971, for several reasons, does not deal with legacy devices. In the last meeting of ISO TC 210 JWG 1, Brazil suggested the inclusion of requirements for legacy software and in principle it was accepted that a clarification is needed. Where it will be put depends on the decision to revise the standard or to revise IEC TR 24971. We will have a final decision on the October ISO TC 210 meeting in Frankfurt.

Ady Banin as David Amor suggested, I'm joining the recommendation to read the Consensus Paper for the Interpretation and Application of Annexes Z in EN ISO 14971: 2012 that can be found here:

http://www.team-nb.org//wp-content/uploads/2015/05/documents2014/NBRG_WG+RM_Interim_NBmed_Consensus_Version_140812_1_1.pdf

though not officially released since it was issued in 2014 (it's still an INTERIM consensus paper...), it still serves as a good guideline to understand how to comply with the Z annexes.

Mina Adel

dears iam starting to update procedure of risk management for iso 14971:2019 and i note that annex Z is not present any more will it add to the TR 24971??
could u clarify if it deleted and we can use labeling instruction as control ???