According to the new edition of the ISO 14971 risk management process, the following are six steps in risk management. For the CE marking of the medical devices, risk management is an essential requirement as per the EU Medical Device Regulation.
ISO 14971 Risk Management Process
Planned ISO 14971 activities with the identification of the risk acceptability. Review the execution of the ISO 14971 risk management process during the design and development validation and before the product release to market.
ISO 14971 Risk Assessment:
This contain the two steps – Risk analysis and Risk Evaluation. Risk Analysis includes the identification of use and misuse of the device during the Normal and Abnormal use of the device, identification of risks related to the operating characteristics of the device, identifying the hazards, the reasonably foreseeable sequence of events and hence the hazardous situation and finally the estimation of risk in terms of probability and severity.
ISO 14971 Risk Evaluation
This contains the assessment of the estimated risks using the risk acceptability criteria, and the residual risks are identified.
ISO 14971 Risk Control
Apply the risk control measures on the identified unacceptable risks to reduce the risks As Low As Possible. The first option is to make changes in the design of the medical device, second option to provide the protective measures to reduce the occurrence of a hazardous situation; the third option is to provide the information to the user about the risks in the form of the warnings, contraindications, etc.
The verification and validation of the implementation of the risk control measures is also part of this step. Still, the reevaluation results in the residual risks for which the risk-benefit analysis to be performed. If the benefits overweigh the risks considering all the alternative methods too, then those risks will be acceptable.
Overall Residual ISO 14971 Risk Evaluation:
Instead of the individual residual risk, the impact of overall residual risk has to be evaluated. After the application of all the control measures, benefit-risk analysis to apply and provide the user with the information.
Risk Management Review
Review of the ISO 14971 risk management activities to verify the implementation of the risk management plan. The risk management report is the output of this stage.
Production and Post
Production activities- Develop a system to collect and review the relevant production and post-production information, collect that information from the users, similar device information. Review the relevancy of that information to the safety of the device. If any new risk exists, it has to be assessed, or any old risk has to be reassessed. Again, the risk control measures to apply and review the suitability of the iso 14971 risk management process.
How can we estimate the overall residual risk? Is the information on the residual risk passed to the customer will reduce the estimated risk?
Residual risk is risk remaining after taking control measures. Overall residual risks are estimated by considering each individual residual risks which are further evaluated as per the benefits of the intended use of the medical device for acceptability.
Non-acceptable risks are reduced as much as possible using additional risk control measures.
Possible changes are proposed at design stage or therapeutic options are used to avoid exposure to that risk or reduce the overall risk.
Yes, the information on the residual risk passed to the customer, reduces the estimated risk. This passed information alert the user with information on risks inherent to device use and enable them to make informed decisions on whether to use this medical device in a particular situation or to choose a different medical device, considering condition of the individual patient.