Medical Devices Group

  • Community
  • Webinars
  • Jobs
  • Events
  • Contact
  • Go Premium
« Back to Previous Page
like 20 comments  share
Joe Hage
🔥 Find me at MedicalDevicesGroup.net 🔥
June 2016
ISO 147971 Update with Annex ZA
< 1 min reading time

Hi
I am curretly updating our internal SOP’s after a notified body audit found that we did not comply with the latest version of the ISO 14971 2012 Std. Specifically, I am interested in how others have updated SOP’s to comply with Annex ZA and how this can be rolled out on jegacy products.

Robert

source: https://www.linkedin.com/groups/78665/78665-6149604584080896000

Marked as spam
Posted by Joe Hage
Asked on June 17, 2016 12:00 am
2180 views
  • Follow
  • Unfollow
  • Report spam
like 20 comments  share

Meet your next client here. Join our medical devices group community.

Private answer
Brian Matthews Not sure what you mean by comply with Annex ZA. This is an indication of how the standard meets the relevant essential requirements of the Medical Device Directive.
Since the requirement in the EU is to comply with the national transpositions of the Medical Device Directive, you should already be meeting those requirements.
Marked as spam
like
  • Report spam
Private answer
Gabriel Adusei, MSc, PhD Thanks Brian. Your comments also reflect mine. I once had a Notified Body's Auditor asking my client similar question and he would take any explanation. I am inclined to believe that many Notify Body Auditors require standardized training.
Marked as spam
like
  • Report spam
Private answer
Dr. Patrick Druggan The Z annexes of the harmonised standards define what elements of the essential requirements that you do comply with. My experience is that most people are unaware that these Annexes have specific direction to the elements you comply with in the MDD. For instance ISO 1135 Annex ZB states that you comply with clauses 8.3 and 8.4 of the MDD - I read ISO 11135 and 11137 a couple of weeks back and they more or less say the same thing about the essential requirements. You need to take the Z annexes and their statements about what you comply with and correct your essential requirements. That is my interpretation
Marked as spam
1 like
  • Report spam
Private answer
Hi Robert, start by creating a checklist against the essential requirements of the directive and this should help to identify any shortfall.
Marked as spam
like
  • Report spam
Private answer
Dr. Joy Frestedt Biggest changes in this ZA annex: no more ALARP, do not use labeling to mitigate risk. Ouch! Reduce risk as low as possible... ALAP (I.e., until risk reduction no longer impacts risk: benefit ratio) AND remove references to labeling and training so risk reduction is focused on "designing out risk"
Marked as spam
1 like
  • Report spam
Private answer
Dr. Patrick Druggan The ZA annex covers elements 1 to 6 and 7.1 of the essential requirements of 93/42/EEC. It may be that you are still using the concept of ALARP and that is what you need to change in your procedures.
Marked as spam
like
  • Report spam
Private answer
Dr. Joy Frestedt summed up the update very well with one minor Correction. It doesn't say you cannot use labeling at all, rather labeling cannot be your only risk mitigation and you have to consider: by design and by process before labeling and training.
Marked as spam
like
  • Report spam
Private answer
Patricia Medina agree with no more alarm. also many legacy products may not have labeling that meets current standards.
Marked as spam
like
  • Report spam
Private answer
David Amor most notified bodies, including DEKRA and TUV, are indeed reviewing for Annex Z compliance. We have some free resources for you take a look at: medgineering.com/risk. Good luck!
Marked as spam
like
  • Report spam
Private answer
David Amor Shaku and Joy- the actual intent of the informative Annex Z (and thus the directives) as described in NBOG/ NBRG/ Team-NB Consensus White Paper on Annex Z, is that disclosure of residual risk is not an adequate risk control, but information for safety as defined in Annex J, is. This is a common point of misinterpretation of the Annex Z content deviation. You are correct in that information for safety should be de-prioritized when compared to risk control through design and protective/ safety measures.
Marked as spam
like
  • Report spam
Private answer
David Amor Brian and Gabriel- yes the Annex Zs are informative annexes only; however, they resolve the discrepancies between MDD/ AIMD/ IVDD and the normative text of 14971, which is why it is a harmonized standard. Thus, complying with just the normative text of 14971 in actuality cannot be inferred as representing compliance to the directives. Also, I'd like to clarify something that often gets misquoted/ misrepresented re: "labeling as a risk control." As described by NBOG/ NBRG/ TEAM-NB Consensus White Paper on EN ISO 14971:2012, there are two types of "labeling" categories: disclosure of residual risk - which is not considered a risk control - and information for safety as described in Annex J - which can represent a risk control, albeit one that should be used sparsely and as a last resort, as Shaku and Joy indicated. A significant fraction of our business over the last 4 years has been helping companies remediate their risk management processes per 2012 so I can share that
Marked as spam
1 like
  • Report spam
Private answer
David Amor Robert- check out how we advise clients to do so by visiting us at medgineering.com/risk
Marked as spam
like
  • Report spam
Private answer
Roland Gerard Roland Gerard: You will find the right interpretation of this new risk management process in the draft EU MD Regulation which at present clearly explains the intend of the Commission:
risk control measures adopted by the manufacturer for the design and manufacture of the devices shall conform to safety principles, taking account of the generally acknowledged state of the art. To reduce risks, the manufacturer shall manage the risks so that the residual risk associated with each hazard as well as the overall residual risk is judged acceptable. In selecting the most appropriate solutions, the manufacturer shall apply the following principles in the priority order listed:
(b) eliminate or reduce risks as far as possible through safe design and manufacture;
(c) where appropriate, take adequate protection measures, including alarms if
necessary, in relation to risks that cannot be eliminated;
Marked as spam
like
  • Report spam
Private answer
The Consensus paper David mentions also tries to clarify the ALARP vs ALAP issue. It's recommendation is that the manufacturer decides, but must document, the end point criteria of risk reduction in their risk policy. The thinking behind this being where does one stop in the risk reduction exercise? You therefore need to review your risk policy wrt risk reduction.
Marked as spam
like
  • Report spam
Private answer
Roland Gerard Roland Gerard: the key in this interpretation in the following words:
"the following principles in the priority order listed"
Marked as spam
like
  • Report spam
Private answer
Hello, I am one of the autors of the NB-MED consensus paper and I agree with most of the comments. Risk reduction needs to be done in the order explained (by design, by protection, by information - information on how to reduce the risk) up to the point where no further reduction is possible. The manufacturer needs to explain in its risk management process the criteria for stopping the risk reduction. if the risk is still not acceptable according to the criteria explained, information on the residual risk needs to be disclosed (no value for further risk reduction). in any case, a risk benefit analysis needs to be done considering all risks that have not been reduced to an acceptable level.
Marked as spam
like
  • Report spam
Private answer
The consensus paper in question is available here: http://www.team-nb.org//wp-content/uploads/2015/05/documents2014/NBRG_WG+RM_Interim_NBmed_Consensus_Version_140812_1_1.pdf

Although some NBs may expect manufacturers to apply this paper in practice, the document was only a consensus among NBs and industry. Neither the European Commission nor the Member State designating authorities ever formally endorsed it. For this reason, it's not technically accurate to refer to the document as an "NBOG" or even an "NB-MED" document. It's an NBRG document that the NBs within NB-MED were able to support.

In practice, this document is the best we have while transitioning to the new EU Regulation (MDR). Unlike the Directive, the MDR defines the term "as far as possible" in a way which (hopefully) will avoid a repeat of these challenges with the 14971 content deviations.
Marked as spam
like
  • Report spam
Private answer
Marcelo Antunes ISO 14971, for several reasons, does not deal with legacy devices. In the last meeting of ISO TC 210 JWG 1, Brazil suggested the inclusion of requirements for legacy software and in principle it was accepted that a clarification is needed. Where it will be put depends on the decision to revise the standard or to revise IEC TR 24971. We will have a final decision on the October ISO TC 210 meeting in Frankfurt.
Marked as spam
like
  • Report spam
Private answer
Ady Banin as David Amor suggested, I'm joining the recommendation to read the Consensus Paper for the Interpretation and Application of Annexes Z in EN ISO 14971: 2012 that can be found here:

http://www.team-nb.org//wp-content/uploads/2015/05/documents2014/NBRG_WG+RM_Interim_NBmed_Consensus_Version_140812_1_1.pdf

though not officially released since it was issued in 2014 (it's still an INTERIM consensus paper...), it still serves as a good guideline to understand how to comply with the Z annexes.
Marked as spam
like
  • Report spam
Private answer
Mina Adel

dears iam starting to update procedure of risk management for iso 14971:2019 and i note that annex Z is not present any more will it add to the TR 24971??
could u clarify if it deleted and we can use labeling instruction as control ???

Marked as spam
like
  • Report spam
« Back to Previous Page
Ask a Question
Leave a Comment

We still use LinkedIn to access our site because it’s the only way to “pull in” your LinkedIn photo, name, and hyperlink to your profile page, all vital in building your professional network. When you log in using LinkedIn, you are giving LinkedIn your password, not me. I never see nor store your LinkedIn credentials.

Stay connected with us.

By signing up you are agreeing to our Privacy Policy.

Categories

  • Capital/Investment
    • Business Model
    • Funding
  • Careers
  • Design/Devel
    • Design
    • Development
    • Human Factors
    • Labeling
    • Material Selection
    • R&D
    • Trials and Post-Market
  • Featured
  • Industry
    • Announcements
    • Device Tax
    • Hospital and Health Care
    • Innovation
    • Medtech
  • LinkedIn, etc.
  • Markets
    • Africa
    • Americas
    • Asia
    • Australia
    • Europe
  • Regulating
    • CE Marking
    • EU
    • FDA
    • FDA/EU etc.
    • Notified Bodies
    • Quality
    • Regulatory
  • Selling
    • Distribution
    • Intellectual Property
    • Marketing/Sales
    • Reimbursement
  • Worth bookmarking!
Feature your job here.
logo

Companion to LinkedIn's 350,000 member community

  • Contact
  • Medical Device Marketing
  • In Memoriam
  • Medical Device Conference

The Medical Devices Group   |   Copyright © 2025 Terms, Conditions & Privacy

Medical Devices Group
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.