Medical Devices Group

  • Community
  • Webinars
  • Jobs
  • Events
  • Contact
  • Go Premium
« Back to Previous Page
like 13 comments  share
Rob Packard
Ship & Print Your FDA eCopy
October 2015
Risk Management Files for CE Marking
3 min reading time

Since the EN version of ISO 14971 was released in 2012 I have received lots of requests from clients to help address nonconformities from Notified Body auditors. In the past year the frequency of this nonconformity has increased substantially.

The FDA only requires documentation of risk management in a 510k submission if the product contains software and the risk is at least a “moderate concern.” Even then, the 510k submission only requires submission of a design risk analysis. Therefore, it is not uncommon for a product that is already 510k cleared to receive audit nonconformities related to the risk management documentation during a technical file review by a Notified Body.

The FDA recognizes ISO 14971:2007 as the standard for risk management of medical devices. CE Marking also requires compliance with ISO 14971, but specifically the European national version of the standard (i.e., EN ISO 14971:2012). The most common technical file deficiencies related to risk management during a CE Marking application include the following:

compliance with ISO 14971:2007 instead of EN ISO 14971:2012
reduction of risks as low as reasonably practicable (ALARP) instead of reducing risks as far as possible (AFAP)
reducing risks by notifying users and patients of residual risks in the IFU
only addressing unacceptable risks with risk controls instead of all risks–including negligible risks

Each of these deficiencies is also explained in Annex ZA, ZB and ZC of EN ISO 14971:2012. I also wrote seven blogs in 2014 explaining each of the 7 deviations–including practical recommendations to address each deviation.

Using a Risk Traceability Matrix
Almost every company I work with is using a design FMEA for documenting risk analysis. However, I no longer recommend using a dFMEA for the following reasons:

– risk analysis is organized by failure mode instead of by hazard, which makes it more difficult to review and update in response to complaints and adverse events
– hazards are more difficult to trace to the information disclosed to users in the IFU

Instead I recommend using a risk traceability matrix that is integrated with your design traceability matrix. I have included a copy of this with my procedure. I have used it for several design projects so far and it saves a lot of time in documenting risk analysis and ensuring 100% of the residual risks are addressed in your product IFU.

Procedures & Templates
The first step in responding to correcting deficiencies in your risk management process is to update your procedure. The following basic elements need to be included in the procedure:
– risk management plan
– hazard identification
– risk analysis
– risk control option analysis
– verification of risk control effectiveness
– risk / benefit analysis
-risk management report

Many of the procedures I review focus on the risk analysis process, and the most common tool for risk analysis is a failure modes and effects analysis. This is an excellent tool for process risk analysis, but it is only one of many possible tools and it is not ideally suited for design risk analysis. In addition, your procedure is not adequate as a risk management plan. You need risk management plans that are product-specific or specific to a product family. Your risk management plan must also change and adapt as products progress from the design and development process to post-market surveillance. Finally, many of the procedures only require a risk / benefit analysis to be performed when risks are not acceptable, while the European MDD requires that all CE Marked products include a risk / benefit analysis for each risk identified in the risk analysis and the overall risk of the product or product family.

This weekend I also finished updating my own risk management procedure for compliance with EN ISO 14971:2012. Please click here if your are interested in learning more (http://medicaldeviceacademy.com/risk-management-procedure/).

source: https://www.linkedin.com/groups/2070960/2070960-6061868945462345730

Marked as spam
Posted by Rob Packard
Asked on October 19, 2015 12:00 am
1148 views
  • Follow
  • Unfollow
  • Report spam
like 13 comments  share

Meet your next client here. Join our medical devices group community.

Private answer
Alex Bromberg When you submit 510(k)'s have you ever brought on skilled, Sr. level contractors/consultants to handle the submission?
Marked as spam
like
  • Report spam
Private answer
Karen Boyd, ASQ CQA Excellent and right on point, Robert.
I agree with the limitations of FMEA; particularly as it limits risk sight and often fails to connect all actual and potential risk / hazard "dots".
I've particularly found recognition and incorporation of usability engineering very helpful in the medical device risk management process.
Thanks again for sharing your wealth of knowledge & expertise with the group!
Marked as spam
like
  • Report spam
Private answer
Richard Reilly Thank you for simplifying the important items of the process. We have conducted similar type Risk Assessment for years and I believe based on the updated version we will only have minimal revision to the process as necessary. Last notified body audit revealed no issues with Risk Assessment.
Marked as spam
like
  • Report spam
Private answer
That's true... I am conducting audits for CE marking & these deficiencies could be observed.
Even, there are more deficiencies could be shared like 1) Competency of risk management team 2) Risk acceptability criteria 3) Verification activities 4) Control measures only through information to users 5) Risk benefit analysis for unacceptable risks 6) Overall risk acceptability criteria & risk benefit analysis against unacceptable overall risk 7) Reduction of risk with ALARP 8) Catastrophic severity considered as Acceptable with minimal probability ... and many more....!!!
Marked as spam
like
  • Report spam
Private answer
Alex Bromberg Would love to hear some insight from everyone regarding my question above! If you have a quick minute to respond I would greatly appreciate it. Thanks in advance.
Marked as spam
like
  • Report spam
Private answer
Richard Reilly Alex, we have brought on contractors for 510k submissions, but there is no guarantee when using them that the submission will go through successfully. I would only recommend doing so if there is no experience in the company. Because of increased requirements for our product type, our company used them to handle clinical trials around the country which we being a small company could not handle. All of the in-house studies and risk assessment were conducted by us. The consultants write and sent in the submissions. We did not get clearance on a first one and the second is still pending.

Ensure that any consultants hired fully understand the product they are submitting and be sure to review the entire package before submission.
Marked as spam
like
  • Report spam
Private answer
Alex Bromberg Contractors/Consultants with strong regulatory backgrounds are among the hardest to find through many of the familiar agencies. Finding a company with a proven track-record in this area, and with a large percentage of regulatory contractors being ex-FDA employees, will certainly better the odds. Obviously a submission is never guaranteed to be approved no matter how experienced and knowledgeable those submitting it are, but if you are working with exceptional Sr. level talent you can rest assured that your submission is being given the attention it deserves with the know-how to support it. I'm sure your feelings on this topic, Richard, are shared by many in your position. I urge anyone to contact me for a better look into the level of talent that is available to you.

Having a submission rejected can be devastating and can make a lot of stress for companies and their management. Best to know you did it right the first time. Hope I can help anyone who needs it!
Marked as spam
like
  • Report spam
Private answer
Clarisa Tate Thank you for sharing this information, Robert.
Marked as spam
like
  • Report spam
Private answer
Mitch Finne, P.E. Robert, the message that DFMEA is a weak, if not non-compliant Risk Evaluation tool needs more air time. Since harm severity is almost always variable, its really hard to do good risk evaluation with a DFMEA. DFMEA tends to be best suited as a design analysis tool to help identify the source of hazardous situations when products fail to provide their intended functions. Its those loss of functions (i.e. failure to protect, failure to provide therapy, etc.) that cause the hazards and harms. Summarizing the potential resultant hazards and harms when functions aren't met in a true risk analysis rather than a DFMEA allows much clearer risk evaluation pre and post market.
Marked as spam
like
  • Report spam
Private answer
DFMEA being a facet of the overall Risk Management program, which begins at the patient and ends with hiring and purchasing; is how I have been looking at it. The program itself will encompass more information and identify risks/hazards that would not be covered by any DFMEA. Is this not why we all (should) have a risk program? None the less, good read - a direction we will all be headed - with a little advanced info from Robert.
Marked as spam
like
  • Report spam
Private answer
Ginger Cantor So I have had FDA ask for risk management for products not involving software. It depends on the division and reviewer.

Ginger Cantor, RAC
Centaur Consulting LLC
centaurconsultingllc@gmail.com
715-307-1850
Marked as spam
like
  • Report spam
Private answer
Hello all,
@Robert, thx for details about preparing documentation. But could you please post where we can find free instructions for EN ISO 14971:2012. Most of my experience is connected with FDA regulations yet now I am focused on Europe standards. Or web side where FDA retulations process is compared with Europian. Thx in advance
Marked as spam
like
  • Report spam
Private answer
Marie Suetsugu Elenka,
You might want to join the 'Medical Device Risk Management' group: https://www.linkedin.com/grp/home?gid=1827965
Marked as spam
like
  • Report spam
« Back to Previous Page
Ask a Question
Leave a Comment

We still use LinkedIn to access our site because it’s the only way to “pull in” your LinkedIn photo, name, and hyperlink to your profile page, all vital in building your professional network. When you log in using LinkedIn, you are giving LinkedIn your password, not me. I never see nor store your LinkedIn credentials.

Stay connected with us.

By signing up you are agreeing to our Privacy Policy.

Categories

  • Capital/Investment
    • Business Model
    • Funding
  • Careers
  • Design/Devel
    • Design
    • Development
    • Human Factors
    • Labeling
    • Material Selection
    • R&D
    • Trials and Post-Market
  • Featured
  • Industry
    • Announcements
    • Device Tax
    • Hospital and Health Care
    • Innovation
    • Medtech
  • LinkedIn, etc.
  • Markets
    • Africa
    • Americas
    • Asia
    • Australia
    • Europe
  • Regulating
    • CE Marking
    • EU
    • FDA
    • FDA/EU etc.
    • Notified Bodies
    • Quality
    • Regulatory
  • Selling
    • Distribution
    • Intellectual Property
    • Marketing/Sales
    • Reimbursement
  • Worth bookmarking!
Feature your job here.
logo

Companion to LinkedIn's 350,000 member community

  • Contact
  • Medical Device Marketing
  • In Memoriam
  • Medical Device Conference

The Medical Devices Group   |   Copyright © 2025 Terms, Conditions & Privacy

Medical Devices Group
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.