According to ISO 14971, each manufacturer of a medical device must document the risk management process and be able to provide the specifications for such a process to the relevant authorities upon a request. This standard doesn’t provide a clear structure of the process and, thus, manufacturers experience problems in figuring out what to do. For that reason, here in this post is presented and expounded a structure of a risk management process, used in the BXM method.
The risk management process, presented in this post, consists of the following 7 steps:
- Risk management file
The creation of a risk management file (RMF) is one of the earliest actions in the risk management process. This file is a repository of the risk management artefacts. Its purpose is to enable easy and quick access to the risk management artefacts, and it can take any form (e.g. paper form, electronic form and in folders) on condition that it supports its purpose. ISO 14971 doesn’t prescribe a list of items that must be included in the RMF, but the following could be taken as an example:
- Risk management plan
- Top-down analyses such as Fault Tree Analysis (FTA)
- Preliminary hazard analysis
- FMEAs (e.g. design/ software/ process/ use-misuse FMEA)
- Risk assessment and control table (RACT)
- Risk management reports
- Benefit-risk analysis
- Harms assessment list and clinical hazards list
- Verification of the implementation and effectiveness of risk controls.
The risk management file should always have a keeper responsible for its upkeep and maintenance. The role of the keeper should not be neglected as risk management is a process that continues for as long as the medical device is in the market. This consequently means that the artefacts should be periodically updated and filed correctly in the RMF.
- Risk management plan (RMP)
The risk management plan must be created at the beginning of the risk management process and could include the following elements:
- Purpose and scope (e.g. the phases of the product development process)
- Overview of the medical device system: It includes a description of the system and its functions, elements, indications, intended use, user and use environment. Note: any peripheral devices that are not part of the system should not be included in the analysis.
- Risk management strategy: This is the strategy that should ensure that your system is as safe as possible.
- List of planned risk management activities (e.g. FTA, FMEA, PHA and Benefit-risk analysis)
- Special tools used (e.g. FTA or customised software)
- People responsible for the risk management activities and their authorities
- Requirements for reviewing the risk management activities
- Risk acceptance criteria: The criteria should be based upon applicable national/ international standards or regulations and should take into account the state-of-the-art and any known stakeholders concerns.
- Verification activities and deliverables
- Effect of the risk management on other aspects of the product development process (e.g. sample size determination and production acceptance criteria)
- Ways of capturing the production and postproduction data and its inclusion back into the risk management process.
Referring to ISO 14971, not all of the above-listed elements must be included in the risk management plan. The minimum requirements for the RMP are, as follows: purpose and scope; system overview, list of responsible people, review requirements, risk acceptance criteria, verification activities and deliverables, and ways of production and postproduction data capturing and its inclusion in the process.
- Performance of a preliminary hazard analysis (PHA)
The preliminary hazard analysis is a technique used early in the product development process, after the preparation of RMF and RMP. Its purpose is to help manufacturers identify any hazards, hazardous situations and events that could cause harm when the complete design of the medical device is still unfinished, and only a few elements of it are known.
PHA can provide advisory to the management not to proceed with the development of a particular product if it is anticipated that the result of the benefit-risk analysis will be negative, i.e. the risks of the yet undeveloped device will outweigh the benefits. When the PHA is done, the project transitions to the design and development phase.
Read more about preliminary hazard analysis.
- Hazard identification
After the PHA is done, the design and development phase starts throughout which the Failure Modes and Effects Analysis (FMEA) is performed and iterated. The FMEA entails the identification of the causes of the hazards and the hazards’ likelihood of occurrence. This together with the FTA constitutes the hazards identification phase. In addition, the security risk assessment file is assessed for potential security risks with a safety impact.
During this phase of the risk management process, the manufacturers are expected to identify all hazards posed by their complete versions of medical devices. Usually, significant sources of hazards are the interoperability of interfacing parts (e.g. mechanical, electrical and informational) and the interfaces of the device with the outside world. Another, and frequently disregarded, source of hazards is the packaging of the medical device. The packaging should protect the device during transportation and storage, and also ensure the user protection from it.
To identify the hazards, manufacturers must have knowledge of all the hazards associated with the use of their products, and a useful technique that could allow them to claim completeness is the use of a standardised clinical hazard list (CHL). The CHL represents an up-to-date list of all the known and foreseeable hazards that could potentially arise from the usage of the medical device. Missing labelling, software and bleeding cannot be considered as hazards and included in the CHL. This tool should not be used for identification of causes, hazardous situations or harms. So, for example, to identify any harms that could result from the use of the product, manufacturers can use the harm assessment list (HAL). Both CHL and HAL can also be used during the preliminary hazard analysis (PHA).
This phase relates to the creation of a table called Risk Assessment and Control Table (RACT) where all the hazards and their causes, and corresponding hazardous situations and harms are brought together. The RACT is considered as the heart of the BMX risk management process, and it may also be called risk table, risk analysis chart, risk matrix, etc. The purpose of this table is to:
- estimate the risks for each hazard, hazardous situation, as well as overall for the whole system in five different severity classes
- apply appropriate risk controls to reduce the estimated risks as far as possible.
- Risk control and evaluation
The risk control and evaluation phase relates to investigating whether it is possible to further reduce the residual risks for each hazard or hazardous situation. If the investigation determines that it is indeed possible, additional risk controls can be put in place. Afterwards, the overall residual risk for the entire system is evaluated with considerations of all the hazards potentially posed by the system.
Once the overall residual risk of the medical device is known, manufacturers need to perform a benefit-risk analysis to determine whether the potential benefits outweigh the potential risks. If the result is positive, i.e. the benefits do outweigh the risks, the RACT has to be updated with the additional implemented risk controls and a hazard analysis report (HAR) to be produced. However, if the outcome is negative, and no justification can be provided for the release of the product, the same cannot be placed on the market.
- Preparation of hazard analysis report and risk management report
As said above the hazard analysis report is produced right after the RACT is updated. It is produced as an input to the risk management report (RMR). The HAR is a larger by size and very detailed document in comparison to RMR. The RMR is a smaller document which primary purpose is to provide the regulatory reviewer with a good understanding of the risk management work and give the reviewer assurance that the medical device is safe enough for being put on the market. Because of this, the RMR is included in the regulatory submission.
If the medical device receives the approval of the regulatory reviewer for commercial release, and it is placed on the market, the risk management process continues for as long as the product is on the market.
The above-described risk management process is applicable to:
- New and novel medical devices
- New indications for an existing device
- Discovered mislabeled or nonconformity products
- Changes in released devices or parts of them
- Any changes in the realisation process of a released device
- Corrective and Preventive Actions (CAPA) events with potential risk to patient safety.
Elahi, B. (2018). “Safety risk management for medical devices”. Academic Press