For the CE marking of the medical devices, risk management is an essential requirement as per the EU Medical Device Regulation. According to the new edition of the risk management standard, ISO 14971:2019 the following are six steps in risk management.
• Risk Management Plan: Planned risk management activities with the identification of the risk acceptability. Review the execution of the risk management plan during the design and development validation and before the product release to market.
• Risk Assessment: This contain the two steps – Risk analysis and Risk Evaluation. Risk Analysis includes the identification of use and misuse of the device during the Normal and Abnormal use of the device, identification of risks related to the operating characteristics of the device, identifying the hazards, the reasonably foreseeable sequence of events and hence the hazardous situation and finally the estimation of risk in terms of probability and severity.
• Risk Evaluation: This contains the assessment of the estimated risks using the risk acceptability criteria, and the residual risks are identified.
• Risk Control: Apply the risk control measures on the identified unacceptable risks to reduce the risks As Low As Possible. The first option is to make changes in the design of the medical device, second option to provide the protective measures to reduce the occurrence of a hazardous situation; the third option is to provide the information to the user about the risks in the form of the warnings, contraindications, etc. The verification and validation of the implementation of the risk control measures is also part of this step. Still, the reevaluation results in the residual risks for which the risk-benefit analysis to be performed. If the benefits overweigh the risks considering all the alternative methods too, then those risks will be acceptable.
• Overall Residual Risk Evaluation: Instead of the individual residual risk, the impact of overall residual risk has to be evaluated. After the application of all the control measures, benefit-risk analysis to apply and provide the user with the information.
• Risk Management Review: Review of the risk management activities to verify the implementation of the risk management plan. The risk management report is the output of this stage.
• Production and Post: Production activities- Develop a system to collect and review the relevant production and post-production information, collect that information from the users, similar device information. Review the relevancy of that information to the safety of the device. If any new risk exists, it has to be assessed, or any old risk has to be reassessed. Again, the risk control measures to apply and review the suitability of the risk management process.
How can we estimate the overall residual risk? Is the information on the residual risk passed to the customer will reduce the estimated risk?
1 thought on “ISO 14971:2019 Risk Management Process”
Residual risk is risk remaining after taking control measures. Overall residual risks are estimated by considering each individual residual risks which are further evaluated as per the benefits of the intended use of the medical device for acceptability.
Non-acceptable risks are reduced as much as possible using additional risk control measures.
Possible changes are proposed at design stage or therapeutic options are used to avoid exposure to that risk or reduce the overall risk.
Yes, the information on the residual risk passed to the customer, reduces the estimated risk. This passed information alert the user with information on risks inherent to device use and enable them to make informed decisions on whether to use this medical device in a particular situation or to choose a different medical device, considering condition of the individual patient.