12 years is a long time. A time in which medical technology has been revolutionized. Time to publish the third edition of the standard for risk management for medical devices, ISO 14971. It was published in December 2019.
The most important requirements at a glance
The ISO 14971:2019 for risk management has
- a new chapter structure: New is chapter 2: Normative references. Some subchapters are structured differently than before.
- new terms: the terms benefit, reasonably foreseeable misuse and state of the art are new
- a revised scope, which now also explicitly mentions software
- fewer annexes: some annexes (C, D, F - H and J) have been moved to ISO/TR 24971 and Annex I has been deleted.
After this short overview, the changes of ISO 14971:2019 compared to DIN EN ISO 14971:2013 and EN ISO 14971:2012 are presented in more detail in the following. Please note that ISO 14971:2019 is not yet harmonized.
Not only does the new edition describe a process, but also specify the terminology and principles of risk management. The process is not only determined as before, but is intended to support manufacturers in their risk management activities. The scope of application also includes software as medical devices and not only medical devices and in-vitro diagnostics as before.
Another new aspect is that the standard now requires hazard situations to be identified (Section 4.1 a)) and that the process applies not only to all life cycle phases but also to the risks of the medical device. The standard still does not specify acceptable risk levels, but the manufacturer must define objective criteria for risk acceptance.
This chapter is new and empty.
Terms and definitions
The third edition of ISO 14971 introduces three new terms: benefit, reasonably foreseeable misuse and state of the art.
The benefit describes a positive influence or desirable outcome that not only affects the health of the patient but can also be applied, for example, to patient management or public health.
The reasonably foreseeable misuse of a medical device has been transformed from a note in the second edition of ISO 14971 into a defined term. This misuse refers to the unintended use of a medical device, i.e. outside its intended purpose and related to reasonably foreseeable actions.
The state of the art is defined as what one would expect: a certain technical capability, related to processes, products and services, which is based on the findings of science, technology and experience. Note 1 to the entry is quite interesting, which clarifies that it does not necessarily refer to the most technically advanced solution, but that the term can be understood as "generally acknowledged state of the art".
Some existing terms have been changed, the accompanying documentation will serve as an example. The accompanying documentation has been expanded to include notes on the decommissioning and disposal of the medical device, as well as the note that auditory, visual or tactile materials and various types of media can also be used as accompanying documentation.
General requirements for a risk management system
In the first subsection Risk Management Process of ISO 14971:2019 a new way of thinking becomes visible. The manufacturer should not only define and document a process, he should also implement it. More often, new formulating can also be found: Away from "it shall..." to "the manufacturer shall..." It seems as if the Commission wants to pass on more responsibility to the manufacturer and reduce the room for interpretation.
New aspects of the the risk management process are the requirements that a) the RM process must also be implemented, that b) in addition to the hazards, the hazard situations must also be identified and c) the RM personnel must have "education, training, skills and experience" and no longer just knowledge and experience.
The chapter structure was slightly changed: The Intended Use is no longer listed together with the safety relevant characteristics, but with the new reasonably foreseeable misuse.
The Intended Use has to meet more requirements that are reminiscent of usability: medical indication, patient population, treated body part or tissue, user profile, usage environment and functional/working principle.
For the first time, the safety relevant characteristics have now received their own chapter and no longer have to remain in the annex. The list of questions has been moved to ISO/TR 24971.
For the following information, it is important to note that ISO 14971:2019 is not yet harmonised. Changes may still occur here.
An acceptable risk does not have to be mitigated. This was also the case in the second edition of ISO 14971. But: Annex ZA of the second edition of DIN EN ISO 14971:2013-04 makes it clear that "[...] all risks, regardless of their extent, must be reduced as far as possible [...]". The new ISO 14971 is still international, so there is not yet a corresponding European Annex ZA, but with the application of the MDR the following applies: "All known and foreseeable risks and undesirable side effects are to be reduced as far as possible [...]" (MDR Annex I, Chapter I, point 8).
So everything will probably remain the same in the EN ISO 14971, which will be harmonised at some point in time.
The risk control measures were extended and thus adapted to the MDR. The inherent safety by design measure was extended to inherent safety by design and manufacture. The information for safety has been expanded to information for safety and, where appropriate, training to users.
The previous risk-benefit analysis is called benefit-risk analysis in the new edition in order to emphasize the focus on the benefit. According to the new definition, the benefit is no longer limited to the medical benefit.
If the benefit-risk analysis shows that the overall risk (or an individual residual risk) predominates, the manufacturer may modify the medical device or its intended use. In this case, what was previously common practice has been legalized.
Assessment of the overall risk
In the new ISO 14971, the method for assessing the overall risk and the acceptance criteria for the overall risk must be specified in the risk management plan. These may differ from the method and acceptance criteria for the individual risks.
Moreover, the manufacturer should no longer only decide which information is important for the accompanying documents, but should now inform the users.
Review of risk management
The review of risk management for medical devices is a familiar task in a new guise. In the third edition of ISO 14791, the chapter is called "Risk management review" and no longer "Risk management report". As before, the documentation is also filed as a risk management report. What is new in terms of content is that it is no longer the risk management process that is reviewed, but the risk management plan. This is generally more specifically adapted to a certain product or project than the higher-level process.
Activities in production and post-production
In this chapter the basic structure has changed. The focus is no longer on the information generated in these phases, but on the activities that collect and evaluate this information and then take appropriate action.
The manufacturer shall collect information in the following 'places': in production; from the user; from service and installation personnel; from the supply chain; publicly available information and information concerning the generally acknowledged state of the art. Another new aspect is that information on similar medical and non-medical products must also be collected.
In the next step, the information collected will be evaluated with regard to its relevance for safety: Has a new danger or hazardous situation arisen? Are the estimated risks still appropriate? Is the overall risk still acceptable? Has the state of the art changed?
If information is safety relevant, the measures are divided into two areas: the medical device and the risk management process. If the medical device is affected, in addition to a review of the risk file and unacceptable risks, it should also be examined whether measures need to be taken for devices on the market. If risk management is affected, the influence of existing risk management activities should be evaluated.
Annexes C, D, F - H and J were moved to ISO/TR 24971 and Annex I was deleted. Annex B (2019) corresponds to Annex B (2012) and Annex C (2019) corresponds to Annex E (2012).
Annex B presents an overview of the equivalents of the second and third edition of ISO 14971 and an overview of risk management.
Annex C is largely identical to Annex E of the second edition. In addition to the new designation "Fundamental risk concepts", there is a new illustration of the relationship between hazard, hazard situation and damage and new hazards.
The new ISO 14971:2019 does not reinvent risk management and risk analysis. The main new requirements are
- Definition of the method and acceptance criteria for the overall risk in the risk management plan
- the activities in production and post-production (changed).
These changes will require adjustments to the risk management process.
A publication of ISO/TR 24971 is planned for May 2020.
Don't miss the opportunity to keep up to date on further developments via the seleon Regulatory Affairs Blog. Your seleon experts are always up to date.
By the way, seleon's regulatory affairs experts are also personally available to you for advice and support. Your advantage is that they are able to provide the best and most realistic assistance with their know-how from practical experience in the development and production of medical devices.
Try it out and get in touch.
Basic knowledge of risk management:
Good risk management brings several advantages for companies, such as reducing quality costs and ensuring product success. So make yourself familiar with the most important points:
Key terms in risk management
In order to describe different occurring risks, the ISO 14971 defines standardised terms which are commonly used in risk management.
- Harm: physical injury or damage to the health of people, or damage to property or the environment
- Hazard: potential source of harm
- Severity: measure of the possible consequences of a hazard
- Hazardous situation: “Circumstances in which people, property, or the environment are exposed to one or more hazard(s)” (ISO 14971)
The risk evaluation shall asses what can be the trigger for a hazard and what sequence of incidents can be triggered by it, then leading to a hazardous situation. Only when a person is exposed to a hazardous situation, harm can occur, for solely a hazardous situation does not cause harm. This results in possible harms, which shall be evaluated according to their severity (i.e. death/irreversible/reversible) and probability of occurrence. The latter applies to the occurrence of the hazardous situation and the occurrence of harm. Depending on the medical device, severity and probability of occurrence are determined individually by the manufacturers. Therefore, risk is a combination of the probability of occurrence of harm and the severity of this harm.
What does product-related risk management imply?
The standard ISO 14971 specifies the implementation of risk management (short: RM) on medical devices. Thus, the manufacturer is responsible to ensure the safety of a medical device, incorporating the state of the art. At the same time, it requires the assessment and evaluation of risks throughout the entire product life cycle, as well as the control with appropriate measures and monitoring the effectiveness of the measures for preventing risks and risk reduction. Foreseeable misuse of the product must also be taken into consideration. In most cases, the risk cannot be eliminated completely. This leaves a so-called residual risk, which is evaluated as well. In doing so, it shall be justified why the residual risk is acceptable and if the use of the products outweighs the risk.
Risk management follows several steps:
- Risk analysis by means of different methods
- Risk evaluation: evaluation of acceptability for each risk
- Risk control: risk control, measures for risk minimisation
- Evaluation of the overall risk: acceptability or non-acceptability of the overall risk
- Post-production phases: continuous risk observation and updating through production and post-production information
For a faultless establishment of the risk management process, suitable and competent personnel within the company and a risk management plan are necessary.
The risk management plan
...includes the following parts:
- Range of tasks and the individual phases
- Responsibilities and authorisation
- Requirements for reviewing the activities
- Criteria for risk acceptability
- Procedures for evaluating the overall residual risk and criteria for accepting the overall residual risk (new in ISO 14971:2019)
- Activities for verification
- Activities for post-market surveillance
The criteria for risk acceptability are essential for every risk management plan. A matrix must illustrate exactly which combination of the probability of harm and the severity of harm is acceptable and which is not.
Methods for risk analysis
There are different ways to perform a risk analysis. The most common are:
- Preliminary hazard analysis
- FMEA (Failure Mode and Effects Analysis)
- FTA (Fault Tree Analysis)
The preliminary hazard analysis is a technique, which is applied in early phases of a project to determine hazards and hazardous situations. User scenarios can be helpful at it, to detect possible hazardous situations during product application. It is important to define the individual components of the product, in order to determine if specific or other accessories are necessary.
The FMEA method (Failure Mode and Effects Analysis) exists in two forms. The process FMEA does react to production faults, whereas the design FMEA looks closely at construction faults. This analysis method considers faults that potentially could occur in a product and which are evaluated according to their degree of impact on patients, users and third parties, the probability of occurrence and, if applicable, the detection. This method helps to avoid faults and should improve the technical reliability of the medical device.
The FTA serves amongst others to identify the causes of an already known fault condition and to analyse the type of failure. In the process, the FTA works “top-down”, i.e. it starts with an incident and searches systematically and in detail for its cause.
The sabotage analyses what can happen when the system is wilfully stopped functioning and how this can harm the patient. For example, when a cable is plugged into a wrong socket.
The Ishikawa/Fishbone is also known as the cause-and-effect diagram. It illustrates all possible causes that lead to a result or influence it significantly. All causes for potentially occurring problems should be identified in this diagram and their dependencies should be depicted.
For each identified hazardous situation or each identified process fault, a decision must be taken as to whether a risk reduction is necessary. In general, the approach should be represented that the use of risk control measures should be endorsed for every hazard or every process fault. The criteria are applied at it, which were determined in the risk management plan. If, for example, a medical device in the case of a fault can lead to the drop of the patient’s blood pressure, the resulting hazardous situation would be an insufficient blood flow and this in turn can result in a (medical) shock. This could be caused by a kink in the pressure line of the device. The risk evaluation here states “not acceptable” and therefore a risk control measure is stringently required. As a basic principle, risks should be reduced as far as possible, regardless of their acceptance. For the evaluation of the risks and further reduction measures it is important to distinguish between the principles of the international ISO 14971:2019 and the European harmonised EN ISO 14971:2012.
With risk control the measures for risk reduction are determined, implemented, verified (Have they been implemented correctly?) and validated (Do they function as intended?). The residual risk then has to be evaluated once again and a risk/benefit analysis must be performed. After all these steps, the completeness of the risk control must be documented, only then the evaluation of the overall risk can be undertaken.
The manufacturer shall collect and review information about the medical device in the production and post-production phases. Meaning, that even if the product is placed on the market, information about its safety/risks shall be collected and evaluated. In addition, it shall be reviewed whether previously unidentified hazards or hazardous situations exist, whether new findings lead to an adjustment of the risk acceptance criteria or whether the risks arising from the hazardous situation are no longer acceptable.
Please note that all details and listings do not claim to be complete, are not guaranteed and are for information purposes only.