WHITEPAPER: Risk Management EN ISO 14971:2012 Implications .
WHITEPAPER:Risk ManagementEN ISO 14971:2012 –Implications for MedicalDevice ManufacturersWhite paper produced by MaetricsFor more information, please contact global sales 1 610.458.9312 1 877.623.8742With offices around the world 2014Maetrics, All Rights Reservedglobalsales@maetrics.comwww.maetrics.com
IntroductionRisk management is a fundamental step for medical device manufacturers todemonstrate compliance with the EU Directives for medical devices, ensuring thesafety of patients and users. Risk management has been conducted following theprinciples laid out in ISO 14971, yet since the advent of the new version of EN ISO14971:2012 - Medical devices – Application of risk management to medical devices,the additional clarification within the standard has led to a number of misconceptionsand confusion surrounding the implementation of the new standard by medical devicemanufacturers. Some frequently heard comments by manufacturers on the newversions of EN ISO 14971 are:“We must use dFMEA (design failure mode and effect analysis) and pFMEA(production or process FMEA) from now on.”“All identified risks must be eliminated.”“We cannot use Annex C questions as we used to.”“We can no longer use ALARP (as low as reasonably practicable) but must useALAP (as low as possible).”“All risks must be addressed by design changes from now on.”“We will have to go back and rewrite all our risk files.”“We are not allowed to put warnings in the IFU.”As can be seen from the comments, medical device manufacturers have been left insome cases scratching their heads about how exactly they were going to implementthe new standard. Did they need to rewrite all the risk analysis they had conducted sofar or did they just have to apply the new version of the standard to future riskmanagement activities? This white paper will help medical device manufacturesunderstand the changes made to the EN harmonized version of ISO 14971:2012 andprovide guidance on what is expected of medical device manufactures forcompliance with the standard, thereby separating the facts from the misconceptions.BackgroundThe current ISO (internationally recognized) version of the standard is ISO14971:2007, which is recognized by the FDA for managing risks associated withmedical devices. Any standard that carries the EN nomenclature indicates that it hasbeen harmonized to one or all of the European Directives with respect to theEssential Requirements detailed within an annex of the specific EN standard.The EN version of ISO 14971 had undergone a previous harmonization step in 2009with the inclusion of three “Z” annexes that described the relationship between thestandard and the three European Directives for medical devices. Essentially,compliance with the standard meant that all the Essential Requirements of the2
directives relating to risk and/or safety were covered by complying with the EN ISO14971 standard.EN ISO 14971:2012 was published as a result of objections being raised by theCompetent Authority in Sweden and the European Commission regarding theinconsistencies in the previous harmonized standard relating to the wording in thethree “Z” annexes.New standardThe main contents of the new version of the standard have not changed. Theadditional wording has focused around the annexes listed at the front of the standardthat explain the relationship of the standard to the relevant European Directives formedical devices. The risk management process has therefore remained the same, asreflected in the fact that the contents listed in the standard remain the same with thefollowing clauses:Clause 1: ScopeClause 2: Terms and DefinitionsClause 3: General Requirements, Including PlanningClause 4: Risk AnalysisClause 5: Risk EvaluationClause 6: Risk ControlClause 7: Evaluation of Overall Residual Risk AcceptabilityClause 8: Risk Management ReportClause 9: Production and Post-Production InformationTen annexes provide informative guidance with the standard, including the riskassessment process, questions for identifying safety hazards, risk concepts,examples of hazards, a risk management plan, risk management techniques andspecific guidance on in-vitro diagnostic devices, biological hazards andcommunicating residual risk safety information. In essence, the same steps are stilltaken by the manufacturer to conduct a risk assessment for a medical device, asfollows:a) Create a risk management plan (Clause 3.4).b) Identify the device characteristics (Clause 4.2 and Annex C).c) Identify the hazard and estimate risks (Clauses 4.3 and 4.4).d) Evaluate the risks identified (Clause 5).e) Develop appropriate risk control measures (Clause 6).f) Evaluate the overall risk for those identified (Clause 7).g) Prepare a risk management report (Clause 8).h) Maintain the risk file by gathering data in the production and post-productionphases (Clause 9).3
New AnnexesThe main change has been the additional details incorporated into the Annexes ZA,ZB and ZC that demonstrate how the EN ISO 14971:2012 standard helps themanufacturer comply with the three European Directives for medical devices: Medical Devices Directive 93/42/EEC (by Annex ZA)Active Implantable Medical Device Directive 90/385/EEC (by Annex ZB)In Vitro Diagnostic Medical Device Directive 98/79/EC (by Annex ZC)For ease of discussion, this white paper will refer to Annex ZA listed in the standardas the annex that relates to the Medical Devices Directive, and the same concept isused for the remaining directives detailed under Annexes ZB and ZC.The table listed under the ZA Annexes of the standard helps to explain where thestandard can be used and how far it goes in demonstrating compliance with theEssential Requirements detailed in the Medical Devices Directive. Where anydiscrepancies occur, they have also been highlighted. Unfortunately, the wording isbased on an interpretation by an assessor reviewing both the standard and thedirectives. Hence, a literal interpretation has been taken, providing an extrapolatedviewpoint instead of a practical approach of how to overcome the shortfalls, asevident in the discussion in table 1 of the “Z” Annexes as highlighted below.Discussion in Table ZA 1of ISO EN 14971:2012Essential requirementswording (MDD)Solution forManufacturerER 1, ER 5 and ER 7.1 arenot entirely covered byEN ISO 14971, since thestandard does notcover requirements ondesign, manufacture,packaging and doesnot cover performancesand characteristicsrelated thereto.The devices must bedesigned andmanufactured in such away that when usedunder the conditionsand for the purposesintended, they will notcompromise the clinicalcondition or the safetyof patients.Parts of ER 2 and ER 4are not directly coveredsince the standard doesnot providerequirements on designThe solutions adoptedby the manufacturer forthe design andconstruction of thedevice must conform toThe use of the questionslisted in Annex C of thestandard should be thestarting point formanufacturers’ riskanalysis, which is toidentify thecharacteristics of thedevice that may impactsafety as expected bythe standard andNotified Bodies.However, to address theshortfalls listed in Table 1of the ZA Annex, thefollowing should be4
Discussion in Table ZA 1of ISO EN 14971:2012and constructions, nordoes it apply theconcept of ‘safetyprinciples’ as intendedin the MDD.Essential requirementswording (MDD)safety principles The devices must bedesigned,manufactured andpacked in such a waythat their characteristicsand performances Solution forManufacturerconsidered:a) As well as answeringthe Annex Cquestions,incorporate somequestions around thedesign process andhow failures in theIt appears that thedesign process couldcommentary listed inimpact patientthe table has been usedsafety or produceas the exact wording inother harm.the Essentialb) For question C.2.28,Requirements yet haswhich requires a newnot been used in themanufacturingstandard. The intentionprocess to beof Essential requirementexplained, this should#1, however, could bebe improved byto indicate that devicesadding questionsare designed and areabout howmanufactured othermanufacturingthan highlightingprocesses andspecific aspects offailures could lead todesign andpatient or othermanufacture. The sameharm.principle is held forc) A question on“safety principles” andpackaging should bepackaging that are notincluded as there isincluded directly in thenot a specific onewording of thelisted in the Annex Cstandard.questions.d) A separate studycould be performedon design,manufacture andpackaging instead ofadding specificquestions to those5
Discussion in Table ZA 1of ISO EN 14971:2012Essential requirementswording (MDD)Solution forManufacturerlisted in Annex C ofthe standard. Thisapproach could beconducted using, forexample, FailureMode and EffectAnalysis (FMEA).e) If FMEAs areperformed, ensurethat any residual risksfound are transferredto the main risk tableand are evaluated inthe same manner asother risks.All of the clauses of the standard (1 – 9) are required to demonstrate compliance withthe Essential Requirements of the European Directives. However, not all of the partsof the Essential Requirements are covered by the standard as highlighted in the tableand additional documentation is required by the manufacturer to ensure fullcompliance with the essential requirements and hence the directives.6
Content DeviationsThe content deviations expand on the requirements detailed in the table listed in theZ Annexes covering the three medical device directives, and they identify where thenew standard’s definitions or content deviate from the Essential Requirements. Theshortfall of each content deviation will be explained and interpreted with a solutionthat the manufacturer can adopt to ensure compliance to the new standard isachieved.ContentDeviationTitleEN ISO14971:2012ClauseinterpretationInterpretation ofEssentialRequirements1 – Treatment Clause D 8.2of negligibleTherisksmanufacturermay discardnegligible risks.All risks regardlessof their dimensionneed to bereduced as muchas possible andneed to bebalanced,together with allother risks, againstthe benefit of thedevice.2–Discretionarypower ofmanufacturer as to theacceptabilityof risksAll risks have to bereduced as far aspossible and thatall risks combined,regardless of any“acceptability”assessment, needto be balanced,together with allother risks, againstthe benefit of thedevice.Clause 5, 6.1,6.4, 6.5 and 7Manufacturershave thefreedom todecide uponthe threshold forriskacceptability.Only nonacceptable riskshave to beintegrated intothe overall riskbenefit analysis.There is acontradictionSolution for theManufacturera) Instead of using“Insignificant” or“Acceptable” asthe lowestcategory of riskdefined within theplan, use thedefinition of “Low”as insignificant riskas detailed in D.8.5of the standard.b) This “Low” riskcategory is not justto capture risks thatare disregarded,and controlmeasures should stilltry to be applied.c) The plan detailsthat all risks will beinvestigated forfurther reductionand not just theones falling in the“High” or “Low”category.d) The use of “Low”,“Medium” and7
ContentDeviationTitleEN ISO14971:2012ClauseinterpretationInterpretation ofEssentialRequirementsbetween thestandard and theEssentialRequirements asall risks need to bereduced as far aspossible,irrespective if theyare negligible andfall below thethresholddesignated in theplan.3 – Riskreduction “asfar aspossible”versus “aslow asreasonablypracticable”Clause 3.4 andD 8 contain theconcept ofreducing risks aslow asreasonablypracticable. TheALARP conceptcontains anelement ofeconomicconsideration.Eliminate orreduce risk as faras possible,without therebeing room foreconomicconsiderationsThe use of ALARPas a risk categoryto capture riskslying between“High” and “Low”risks is no longeradvisable as theuse of ALARP hasa measure ofeconomicconsideration,which should notbe used as aSolution for theManufacturer“High” riskcategories is to tryand prioritize theorder forcompleting controlmeasures andshould bedocumented assuch within the planto indicate that allrisks will beinvestigated for thepotential of controlmeasures.a) Use the category of“Medium,”“Intermediate” or“Reduced as far aspossible” to moveaway from theconcept of ALARPto eliminate thepossibility of aneconomicconsiderationbeing used as areason not tointroduce a controlmeasure.b) Make sure that allpotential controlmeasures havebeen assessed forthis “Medium”group of risks in the8
ContentDeviationTitleEN ISO14971:2012ClauseinterpretationInterpretation ofEssentialRequirementsSolution for theManufacturerreason not toRisk Managementintroduce anfile to negate theeffective controlpossibility of anmeasure. Forassessor assumingexample, if a smallthat economicrisk reductionconsiderationscould be providedhave been used inbut only at a highthe decisionlevel of cost via aprocess.re-design, then this c) Have there beencould be seen asany solutionsnot beingadopted on similarpracticable anddevices that couldthe controlbe used; if not, thismeasure nothelps to strengthenadopted.the decision thatthere is no suitablesolution availableto reduce the risk.d) By having detailedrecords of thedecision processdocumented, thiswill help to supportthe decision thatthe risks werereduced “as far aspossible.” Anyapparent decisionsbased oneconomicconsiderations canbe easily assessedfor compliancewith the EssentialRequirement by athird party during9
ContentDeviationTitleEN ISO14971:2012ClauseinterpretationInterpretation ofEssentialRequirementsSolution for theManufactureran audit.4 – Discretionas to whethera risk-benefitanalysisneeds totake placeClause 6.5 andD 6.1An overall riskbenefit analysisdoes not needto take place ifthe overallresidual risk isjudgedacceptablewhen using thecriteriaestablished inthe riskmanagementplan. Arisk/benefitanalysis is notrequired by thisinternationalstandard forevery risk.An overall riska) Always conduct abenefit analysisrisk benefit analysismust take place inusing accurateany case,sources of data toregardless of thedraw conclusionsapplication ofon the clinicalcriteria establishedbenefits.in themanagementb) Traditionally, aplan of thespreadsheet hasmanufacturer.been used torecord and scoreIt requiresthe risks; if this is theundesirable sidecase, add an extraeffects tocolumn after theconstitute anresidual risk hasacceptable riskbeen calculated towhen weighedprovideagainst thecommentary onperformancethe individual risksintended.with respect to howthe risk isIn practice, a riskoutweighed by thebenefit analysisbenefit of thehas notdevice.traditionally beencarried out for allindividual risksidentified asdetailed in theEssentialRequirements;only theunacceptable10
ContentDeviationTitleEN ISO14971:2012ClauseinterpretationInterpretation ofEssentialRequirementsSolution for theManufacturerresidual risks areassessed for riskbenefit. This is notconsidered incompliance withthe EssentialRequirements.5 – Discretionas to the riskcontroloptions/measuresClauses 6.2 and6.4 oblige themanufacturer touse one or moreof the followingrisk controloptions in thepriority listed.They indicatethat further riskcontrolmeasures donot need to betaken if, afterapplying one ofthe options, thisrisk is judgedacceptableaccording tothe criteria ofthe riskmanagementplan.Must conform tosafety principles,taking account ofthe generallyacknowledgedstate of the artand to select themost appropriatesolutions byapplyingcumulatively whathas been calledcontrol options orcontrolmechanisms.a) The three-level riskcontrol hierarchy,which is describedin the RiskManagement plan,should also includeinformation to statethat the risk controlsare appliedcumulatively andso multiple controlmeasures may beused for anindividual risk.b) Ensure that in therisk table, wherethere are multiplecontrol measuresfor a risk, they aredescribed as such.For example, adesign feature andalarm are usedtogether to reducethe risk.6 – Deviationas to the firstClause 6.2obliges theEliminate orreduce risks as farc) When reassessingthe risk after controlmeasures have11
ContentDeviationTitlerisk controloptionEN ISO14971:2012Clauseinterpretationmanufacturer touse one or moreof the followingrisk controloptions in thepriority orderlisted: a)inherent safetyby design, b)protectivemeasures, c)information forsafety, withoutdeterminingwhat is meantby this term.Interpretation ofEssentialRequirementsas possible(inherent safedesign andconstruction).There is a conflictbetween thewording of thestandard and theEssentialRequirements;namely, thedifference isbetween theimplication of“inherent safetyby design” and“eliminate andreduce risks as faras possible”(inherent safedesign andconstruction). Inaddition, thecontrol measureslisted undercontent deviationpoint 5 are to beused by priority “inthe followingorder” and areimplied to be usedcumulativelyrather thanindividually.Solution for theManufacturerbeen applied,ensure that thecumulative effectfor numerouscontrol measureshas beenconsidered in thescoring of the risk.d) Always refer to theEssentialRequirementsrather than thestandard forclarification. Forexample, ensurethat the first controlmeasure used takesinto account thewording of EssentialRequirements #2:“safety by designand construction.”12
ContentDeviationTitle7–Informationof the usersinfluencingthe residualriskEN ISO14971:2012ClauseinterpretationClause 2.15, 6.2and 6.4Residual risk isdefined as therisk remainingafterapplication ofrisk controlmeasures. Thisregardsinformation onsafety as acontrol option.Interpretation ofEssentialRequirementsUsers shall beinformed aboutthe residual risks,indicating that theinformation giventhe user does notreduce theresidual risk anyfurther.The view point ofthis contentdeviation is that awarning in eitherthe IFU or on thedevice or otherliterature suppliedto the patient oruser is notconsidered a riskreduction as theEssentialRequirementsstate that the usermust be informedof any residual risk.Solution for theManufacturera) A statement in theRisk ManagementPlan should beincluded toindicate thatwarnings alone willnot be used as acontrol measure,but can be used toinform the user ofany residual riskremaining for thedevice.b) Where a warninghas been used, therisk reductionrecorded in thetable can only befrom other classesof control optionsas describedabove and notfrom theapplication of thewarning.c) In cases where awarning is applieddirectly to thedevice, such as“Do not touch – Thispart is hot,” thenany risk reductionclaimed must beverified usingappropriateusability or userstudies to generate13
ContentDeviationTitleEN ISO14971:2012ClauseinterpretationInterpretation ofEssentialRequirementsSolution for theManufactureraccurate data onrisk reduction.d) If user training isrequired to ensurethat any risks areconveyed to theuser during theintended use of thedevice, then asuitable method ofdetermining theeffectiveness of thetraining is requiredto demonstrate anaccurate value forscoring any riskreduction.DiscussionApplying EN ISO 14971:2012 for new devices should be straightforward byimplementing and following the newest revision of the standard as they conduct theirrisk management activities. However, the existing manufacturer’s risk managementfiles will have been approved by the Notified Body during conformity assessmentprocedures and surveillance audits with a risk management file that complied with anolder version of ISO 14971. So with the advent of EN ISO 14971:2012, what are theimplications for the manufacturer’s existing risk management files with respect toCompetent Authority and Notified Body expectations?If the manufacturer has not taken account of the new annexes of ZA, ZB or ZC intothe existing risk management files, then the manufacture will not be in compliancewith the essential requirements of the directives. In addition, production and postproduction controls (clause 9 of EN ISO 14971:2012) points to the fact that new orrevised standards should be considered when updating or may trigger an update tothe risk management file.
principles laid out in ISO 14971, yet since the advent of the new version of EN ISO 14971:2012 - Medical devices – Application of risk management to medical devices, the additional clarification within the standard has led to a number of misconceptions and confusion surrounding the implementation of the new standard by medical device
ISO 10381-1:2002 da ISO 10381-2:2002 da ISO 10381-3:2001 da ISO 10381-4:2003 da ISO 10381-5:2001 da ISO 10381-6:1993 da ISO 10381-7:2005 ne ISO 10381-8:2006 ne ISO/DIS 18512:2006 ne ISO 5667-13 da ISO 5667-15 da Priprema uzoraka za laboratorijske analize u skladu s normama: HRN ISO 11464:2004 ne ISO 14507:2003 ne ISO/DIS 16720:2005 ne
ISO 10771-1 ISO 16860 ISO 16889 ISO 18413 ISO 23181 ISO 2941 ISO 2942 ISO 2943 ISO 3724 ISO 3968 ISO 4405 ISO 4406 ISO 4407 ISO 16232-7 DIN 51777 PASSION TO PERFORM PASSION TO PERFORM www.mp ltri.com HEADQUARTERS MP Filtri S.p.A. Via 1 Maggio, 3 20060 Pessano con Bornago (MI) Italy 39 02 957
ISO 18400-107, ISO 18400-202, ISO 18400-203 and ISO 18400-206, cancels and replaces the first editions of ISO 10381-1:2002, ISO 10381-4:2003, ISO 10381-5:2005, ISO 10381-6:2009 and ISO 10381-8:2006, which have been structurally and technically revised. The new ISO 18400 series is based on a modular structure and cannot be compared to the ISO 10381
The DIN Standards corresponding to the International Standards referred to in clause 2 and in the bibliog-raphy of the EN are as follows: ISO Standard DIN Standard ISO 225 DIN EN 20225 ISO 724 DIN ISO 724 ISO 898-1 DIN EN ISO 898-1 ISO 3269 DIN EN ISO 3269 ISO 3506-1 DIN EN ISO 3506-1 ISO 4042 DIN
ISO 45001 Established:-ISO 10006 -Quality in project management-ISO 10007 -Configuration management-ISO 15161 -Food safety (ISO 9000 and HACCP)-ISO 19600 -Compliance management systems-ISO 20000 -IT services-ISO 20121 -Sustainable event management-ISO 20400 -Sustainable purchasing-ISO 22000 -Food safety-ISO 22301 -Business continuity management
ISO 8402 was published in 1986, with ISO 9000, ISO 9001, ISO 9002, ISO 9003 and ISO 9004 being published in 1987. Further feedback indicated that there was a need to provide users with application guidance for implementing ISO 9001, ISO 9002 and ISO 9003. It was then agreed to re-number ISO 9000 as ISO 9000-1, and to develop ISO 9000-2 as the .
ISO 37120. PAS 181/ISO 37106. PAS 183 – data sharing & IT. PAS 184. PAS 185. a security-minded approach. ISO/IEC 30145 . reference architecture. ISO/IEC . 30146. ISO 37151. ISO 37153. ISO 37156. Data exchange. ISO 37154. ISO 37157. ISO 37158. Monitor and analyse . data. PAS 182/ ISO/IEC 30182. PD 8101. PAS 212. Hypercat. BIM. PAS 184. Role of .
ISO 14644‐1 FEDERAL STANDARD 209E ISO Class English Metric ISO 1 ISO 2 ISO 31 M1.5 ISO 410 M2.5 ISO 5 100 M3.5 ISO 6 1,000 M4.5 ISO 7 10,000 M5.5 ISO 8 100,000 M6.5 ISO 9N/A N/A Standard 209E classifications are out‐of‐date. This standard was officially retired in 2001. Increasing Cleanliness
