Peter Linders, chair of ISO/TC 210, stated at the time of the release of ISO 14971:2019, that it was the manufacturer’s responsibility to reduce the risks associated with medical devices. How can a systematic approach help manufacturers reduce risk during production?
The consequences of failure in medical devices can be catastrophic, not only for the patient but also potentially for the operator and other people. In addition, there might be damage to property and the environment. Adopting a systematic approach to risk management can significantly reduce the potential for these negative events.
Originally released in 1998, ISO 14971 – Medical devices — Application of risk management to medical devices – provides a framework to identify potential hazards and estimate the associated risks. It enables the implementation of risk control measures and creates a mechanism for monitoring their effectiveness.
In December 2019, the International Organization for Standardization (ISO) published the latest version – ISO 14971:2019. This was developed by a joint working group incorporating ISO/TC 210 – Quality management and corresponding general aspects for medical devices – and IEC/TC 62 – Electrical equipment in medical practice – from the International Electrotechnical Commission (IEC).
ISO 14971:2019 updates the 2007 iteration in several ways. It adopts a new chapter structure, clarifies the standard’s technical requirements, updates normative references, and introduces a focus on the benefit-risk ratio. The new version is also wider in its frame of reference, placing a stronger focus on information gained during production and from downstream phases.
The focus on the benefit-risk ratio has required a new medicine-related definition of ‘benefit’. It is defined as, a positive impact or desired outcome on the health of an individual, or a positive impact on patient management or public health (Clause 3).
This is one of many new or redefined terms in ISO 14971. Others include:
There are also updated definitions for: ‘accompanying documentation’, ‘harm’, ‘use error’, ‘manufacturer’, and ‘In Vitro diagnostic medical device’.
To achieve its goals, ISO 14971 has a new six stage process:
Manufacturers need to clearly understand the parameters relating to their product. For example, they must consider:
Risk analysis should also identify the safety characteristics of the product. The focus on downstream phases means risk analysis should also consider the loss or degradation of the medical device’s clinical performance, as a result of unacceptable use, as well as reasonable foreseeable events, or sequences of events, that can result in hazardous situations.
The manufacturer should then estimate, both qualitatively and quantitatively, the probability of occurrence for each potential hazard and hazardous situation. This is achieved by looking at published standards, scientific and technical investigations, field data from similar devices, usability tests, clinical evidence, expert opinion, and the results from investigations and simulations. If no probability of occurrence can be estimated, then possible consequences should be listed.
Once the risks have been identified and the severity estimated, the next stage is the implementation of control to mitigate the risks. This should begin at the design stage, go through production, before looking at use and reasonably foreseeable misuse. Control measures should be instigated for each risk. For example, for the post-production phase, this might include safety instructions or training. The aim is to address each hazard and hazardous situation.
If it is determined that risk reduction is not practicable, then a benefit-risk analysis must be performed on the residual risk. It is imperative that benefits outweigh risk. If this is not the case, then the risk is considered unacceptable and modifications must be enacted.
Control measure may also introduce new risks, and these should also be considered, alongside whether the control is effective at reducing risk. Upon completion of the risk control stage, the manufacturer must confirm that all risks from all hazardous situations have been considered and all risk control activities have been completed.
The manufacturer should now use benefit-risk analysis to determine whether the residual risk is acceptable, based upon the acceptability criteria defined in the risk management plan. If the overall residual risk is considered acceptable, the manufacturer must inform users of the significant residual risks and supply relevant safety information. If the overall residual risk is judged unacceptable, the manufacturer must either implement additional control measures, modify the medical device, or modify its intended use.
The manufacturer is then required to review whether:
Manufacturers must establish a system to collect relevant data during productions and post-production. This must be reviewed for whether:
ISO 14971:2019 provides a framework against which manufacturers can introduce continuous improvements in their risk management. A core tenet of ISO standards is the importance of management involvement, with responsibilities being assigned at an early stage of the process.
SGS offers a range of solutions to help manufacturers design and manufacture safe and compliant medical devices for markets all over the world. Based on ISO 14971, our training provides manufacturers with a systematic approach to risk management in the medical device sector.
Learn more about ISO 14971 – Medical Devices Risk Management Training.