Risk management is a continuous iterative process throughout the entire lifecycle of a device, requiring regular, systematic updating. It is a fundamental part of a medical device’s technical documentation and conformity with the General Safety and Performance Requirements (GSPR) of both the MDR and IVDR.
The manufacturers should apply a harmonized standard for the Medical Device Risk Management – ISO 14971(2019) and its amendment A11:2021. If your Quality System is still following the previous risk standard version – ISO 14971(2012), our experts can help you to bridge the gap for compliance with ISO 14971(2019).
We advise you to review ISO/TR 24971:2020. This technical report helps you understand how to apply ISO 14971.
ISO/TR 24971:2020 provides guidance that medical device manufacturers can use to help them comply with the risk management requirements outlined in EU MDR. However, while ISO/TR 24971:2020 can be a helpful resource for meeting certain EU MDR requirements, compliance with ISO standards does not automatically ensure compliance with EU regulations. Manufacturers must still adhere to all applicable EU MDR requirements and regulations to market their medical devices legally in the EU.
Manufacturers shall establish, document, implement, and maintain a system for risk management as described in Section 3 of Annex I of MDR.
In carrying out risk activities manufacturers shall:
(a) establish and document a risk management plan for each device;
(b) identify and analyse the known and foreseeable hazards associated with each device;
(c) estimate and evaluate the risks associated with, and occurring during, the intended use and during reasonably foreseeable misuse;
(d) eliminate or control the risks;
(e) evaluate the impact of information from the production phase and, in particular, from the PMS system, on hazards and the frequency of occurrence thereof, on estimates of their associated risks, as well as on the overall risk, benefit-risk ratio, and risk acceptability; and
(f) based on evaluating the impact of the information referred to in point (e), if necessary amend control measures in line with the requirements of Section 4.
Risk management and clinical data should feed into the PMS plan.
Frequently Asked Questions
Question: Is Design information included in the Risk Management?
Answer: The risk documentation shall include a design risk assessment that documents the risk assessment for the device’s design aspects. The design risk assessment may address whether any design changes add new hazards or reduce the likelihood of occurrence of existing hazards, regardless of whether the risk assessment has changed.
Question: The manufacturer wrote: We always advise users of what the device is indicated for and do not advise using the device outside of that indication for off-label use. Is it enough to sign an agreement with the product distributors that states, among other things, that if they use it off-label and an event occurs, we, as a manufacturer, are not liable?
Answer: If you know that the product will be used off-label, then your responsibility would be to change related intended use, labeling, or IFU. In other words, if a new intended use is created by professional users and you know about it, you must provide adequate labeling. In addition, such off-labels may fall under “reasonably foreseeable misuse” and should be covered through risk management. You could also review Team-NB-PositionPaper on Off-Label Use (2022). If such new off-label use is considered, you would also need to address it in your PMCF plan.
Question: Since accessories are also referred to as devices (MDR Article 1:4), we plan to perform a “risk evaluation” for each accessory in our product. Is our approach correct?
Answer: We understand your logic; however, if you follow it to its full potential, you will have to do GSPR, PMS, PMCF, clinical evaluation, etc., for each accessory of the product, which was not, in our opinion, the legislator’s intention. Each accessory contributes to the overall risk of the product and may include specific risks related to the accessory. Still, we would reserve the term “risk evaluation” for the final product only. I think that your approach may apply to a greater extent to the products contained in the “Procedure pack” (MDR 2(10) or “System” (MDR 2(11)). Similarly, for devices incorporating a medicinal product (Rule 14), you need to justify (risk, clinical benefit, etc.) the addition of medicinal substance(s).
Question: What is considered a reasonably foreseeable misuse?
Answer: A reasonably foreseeable misuse (intentional or unintentional) is the use of a product or system in a way not intended by the manufacturer but which can result from readily predictable human behavior. note that readily predictable human behavior includes the behavior of all types of users, e.g. lay and professional users (ISO 14971:2019 (3.15).
Question: Is the “Servicing” activity defined in ISO 13485?
Answer: Yes, quality responsibilities are defined in 7.5.4 Servicing activities. The company shall document servicing procedures, reference materials, and reference measurements, as necessary, for performing servicing activities and verifying that product requirements are met.
The organization shall analyze records of servicing activities carried out by the organization or its supplier:
a) to determine if the information is to be handled as a complaint;
b) as appropriate, for input to the improvement process.
Records of servicing activities carried out by the organization or its supplier shall be maintained.
A Risk Management File will consist of at least Risk Management Plan & Report and Identification and Analysis
BioReg experts can assist you with risk activities and documentation.
CONTACT US
In order to inquire about our services or ask for immediate regulatory advice for your product, contact us.