Вы находитесь на странице: 1из 22

© ISO 2012 – All rights reserved

ISO TC 210 N 426

Date:

2012-05-02

ISO/CD 24971

ISO TC 210/SC /WG JWG 1

Secretariat:

ANSI

Guidance on the application of ISO 14971

Warning

This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an International Standard.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation.

Document type:

Document subtype:

Document stage:

Document language:

Technical Report

(30) Committee

E

G:\Committee Documents\iso210\TC 210\TC 210 register docs\210n426 CDTR for comment 24971.doc STD Version 2.1c2

ISO/CD 24971

Copyright notice

This ISO document is a working draft or committee draft and is copyright-protected by ISO. While the reproduction of working drafts or committee drafts in any form for use by participants in the ISO standards development process is permitted without prior permission from ISO, neither this document nor any extract from it may be reproduced, stored or transmitted in any form for any other purpose without prior written permission from ISO.

Requests for permission to reproduce this document for the purpose of selling it should be addressed as shown below or to ISO's member body in the country of the requester:

[Indicate the full address, telephone number, fax number, telex number, and electronic mail address, as appropriate, of the Copyright Manger of the ISO member body responsible for the secretariat of the TC or SC within the framework of which the working document has been prepared.]

Reproduction for sales purposes may be subject to royalty payments or a licensing agreement.

Violators may be prosecuted.

ISO/CD 24971

Contents

Page

Foreword

iv

Introduction

v

1

Scope

1

2

The role of international product safety and process standards

1

2.1

Introduction

1

2.2

Use of international product safety standards in risk management

2

2.3

Process standards and ISO 14971

3

3

Developing the policy for determining the criteria for risk acceptability

5

4

Production and post-production feedback loop

6

4.1

Introduction

6

4.2

Observation and transmission

6

4.3

Assessment

7

4.4

Action

8

5

Differentiation of information for safety and disclosure of residual risk

9

5.1

Difference between “information for safety” and “disclosure of residual risk”

9

5.2

Information for safety

10

5.3

Disclosure of residual risk

10

5.4

Examples of information for safety and residual risks

10

6

Evaluation of overall residual risk

11

6.1

Overview

11

6.2

Inputs and other considerations for overall residual risk evaluation

11

Annex A (informative) Use of international product safety standards in the application of ISO 14971

13

Annex B (informative) Examples of the use of an international product safety standard in the application of ISO 14971

14

ISO/CD 24971

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.

In exceptional circumstances, when a technical committee has collected data of a different kind from that which is normally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are considered to be no longer valid or useful.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO/TR 24971 was prepared by a joint workign group of Technical Committee ISO/TC 210, Quality management and corresponding general aspects for medical devices, and IEC Subcommittee SC 62A, Common aspects of electrical equipment used in medical practice.

ISO/CD 24971

Introduction

This Technical Report provides guidance to assist in the development, implementation and maintenance of risk management for medical devices that aim to meet the requirements of ISO 14971. It provides guidance for specific aspects of ISO 14971 for a wide variety of medical devices. Such medical devices include active, non-active, implantable, and non-implantable medical devices and in vitro diagnostic medical devices.

This Technical Report is not intended to be an overall guidance document on the implementation of ISO 14971 for organizations. It supplements the guidance contained in the informative annexes of ISO 14971 related to the following areas.

Guidance on formulation of a risk management policy

The role of international product safety standards and process standards in risk management

Guidance on how the production and post-production feedback loop can work

Guidance on the differentiation of information for safety as a risk control measure and disclosure of residual risk

An expansion of the discussion of overall residual risk

This Technical Report provides some approaches that an organization can use to implement and maintain some aspects of risk management which conforms to ISO 14971. Alternative approaches can be used if these also satisfy the requirements of ISO 14971.

When judging the applicability of the guidance in tis Technical Report, one should consider the nature of the medical device(s) to which it will apply, the risks associated with the use of these medical devices, and the applicable regulatory requirements.

This Technical Report should not be used as an interpretation of the requirements of ISO 14971.

COMMITTEE DRAFT

ISO/CD 24971

1

Guidance on the application of ISO 14971

2

1

Scope

3

Experience indicates that manufacturers have difficulty with practical implementation of some clauses of the

4

risk management standard ISO 14971:2007. This Technical Report provides guidance in addressing specific

5

areas of this International Standard when implementing risk management.

6

This guidance is intended to assist manufacturers and other users of the standard:

7

understanding the use and application of standards when performing risk management;

8

establishing a policy for determining risk acceptability criteria;

9

incorporating production and post-production information into risk management;

10

differentiating between "Information for safety" and "disclosure of residual risk"; and

11

evaluating overall residual risk.

12

2

The role of international product safety and process standards

13

2.1

Introduction

14

Standards play a significant role in risk management as described by ISO 14971. Manufacturers need to

15

establish a policy for determining risk acceptability criteria. That policy can be based, at least in part, upon

16

international standards, the generally accepted state of the art and known stakeholder concerns (see

17

subclause 3.2 of ISO 14971:2007). In principle, international standards are developed using a type of risk

18

management that can include identifying hazards and hazardous situations, estimating risks, evaluating risks,

19

and specifying risk control measures. More information on a process for developing medical device standards

20

using a type of risk management can be found in ISO/IEC Guide 63. Standards dealing with the safety of a

21

specific type of medical device, such as product-related ISO and IEC standards, have been developed by

22

experts in the field and represent the generally accepted state of the art (see Annex D.4 in ISO 14971:2007).

23

Standards have a specific application in risk management. The manufacturer first needs to consider the

24

medical device being designed, its intended use and the hazards/hazardous situations related to it. The

25

manufacturer can then identify standard(s) that contain requirements that control the risks related to those

26

hazards/hazardous situations.

27

For medical devices that satisfy the requirements and compliance criteria of such standards, the residual risks

28

related to those hazards/hazardous situations can be considered acceptable unless there is objective

29

evidence to the contrary. The requirements of international standards, such as engineering or analytical

30

processes, specific output limits, warning labels, or design specifications, can be considered risk control

31

measures established by the standards writers that are intended to address the risks of specific hazardous

32

situations that have been identified and evaluated as needing risk control.

33

In many cases, the standards writers have taken on and completed elements of risk management and

34

provided manufacturers with answers in the form of design requirements and test methods for establishing

35

conformity. When performing risk management activities, manufacturers can take advantage of the work of

ISO/CD 24971

36 the standards writers and need not repeat the analyses leading to the requirements of the standard.

37 International standards, therefore, provide valuable information on risk acceptability that has been validated

38 during a worldwide evaluation process, including multiple rounds of review, comment, and voting.

39 2.2

Use of international product safety standards in risk management

40 An international product safety standard can establish requirements that are relevant to a medical device’s

41 specific design and intended use/purpose. Where such an international product safety standard establishs

42 requirements that represents acceptable risk for specific hazardous situations (e.g. safety limits, risk control

43 measures), the manufacturer can apply these requirements in the following way when evaluating risk under

44 ISO 14971.

45 a) Where an international product safety standard specifies technical requirements addressing particular

46 hazards or hazardous situations, together with specific acceptance criteria, compliance with those

47 requirements is presumed to establish that the residual risks have been reduced to acceptable levels

48 unless there is objective evidence to the contrary. For example, in IEC 60601-1, leakage current is

49 recognized as a hazardous situation that must be controlled to achieve an acceptable level of risk.

50 IEC 60601-1 provides leakage current limits that are considered to result in an acceptable level of risk

51 when measured under the conditions stated in subclause 8.7 of IEC 60601-1:2005. For this example,

52 further risk management would not be necessary.

53 The steps which need to be taken in this case are:

54 Implement subclauses 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and

55 identify hazards and hazardous situations associated with the device as completely as possible.

1)

56 Identify those hazards and hazardous situations that are exactly covered by the international product

57 safety standard.

2)

58 For those identified hazards and hazardous situations covered by the international product safety

59 standard, do not estimate (subclause 4.4 of ISO 14971:2007) or evaluate (Clause 5 of

60 ISO 14971:2007) the risks so identified but rather rely on the risk controls contained in the

61 international standard and the associated specified testing as evidence that the risks from these

62 hazardous situations is acceptable.

3)

63 Verification of the risk controls for these hazardous situations is obtained from the design documents

64 and the tests and test results demonstrating that the device meets the acceptance criteria of the

65 international product safety standard.

4)

5)

66 If the acceptance criteria are met, the associated residual risk is considered acceptable. There is no

67 need to evaluate the residual risk (subclause 6.4 of ISO 14971:2007).

Where an international product safety standard specifies requirements addressing particular hazards or

69 hazardous situations, but does not provide specific acceptance criteria, the residual risk should be

70 estimated and evaluated using the criteria for risk acceptability recorded in the risk management plan.

68 b)

71 The steps which need to be taken in this case are:

72 Establish test acceptance criteria according to the criteria for risk acceptability and document in the

73 risk management plan.

1)

74 Implement subclauses 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and

75 identify hazards and hazardous situations associated with their device as completely as possible.

2)

76 Identify those hazards and hazardous situations that are exactly covered by the international product

77 safety standard.

3)

78 For those identified hazards and hazardous situations covered by the international product safety

79 standard, do not estimate (subclause 4.4 of ISO 14971:2007) or evaluate (Clause 5 of

4)

ISO/CD 24971

80

ISO 14971:2007) the risks so identified but rather rely on the risk controls contained in the

81

international standard and the associated specified testing as evidence that the risks from these

82

hazardous situations is acceptable.

 

83

5)

Verification of the risk controls for these hazardous situations is outlined in the design documents

84

with reference to the associated tests and test results and the specified requirements.

 

85

6)

Estimate

and

evaluate

residual

risk

based

on

risk

acceptability

criteria

(subclause

6.4

of

86

ISO 14971:2007).

 

87

c)

Where an international product safety standard identifies particular hazards or hazardous situations that

88

have to be investigated without providing specific technical requirements.

 

89

The steps which need to be taken in this case are:

 

90

1)

the manufacturer should determine whether such hazards or hazardous situations exist for the

91

particular medical device (see subclause 4.3 of ISO 14971:2007), and

 

92

2)

where such hazards or hazardous situations exist for the particular medical device, the manufacturer

93

is required to estimate and evaluate the risks and (if necessary) control these risks by applying risk

94

management (see Subclause 4.4, Clauses 5 and 6 of ISO 14971:2007).

 

95

d) For hazards or hazardous situations that are identified for the particular medical device but are not

96

specifically addressed in any standard, the manufacturer needs to address those hazards or hazardous

97

situations in the risk management process. The manufacturer is required to estimate and evaluate the

98

risks and (if necessary) control these risks by applying risk management (see Subclause 4.4, Clauses 5

99

and 6 of ISO 14971:2007).

 

100

Refer to Annex A for a flowchart to outline the use of international product standards. Annex B also includes

101

individual flowchart examples as supporting information for this section.

 

102

2.3

Process standards and ISO 14971

 

103

Process standards can often be used in conjunction with ISO 14971. This happens primarily in two ways:

 

104

The process standard requires application of ISO 14971 as part implementation of the process standard,

105

e.g. IEC 62304 on software life cycle processes; or

 

106

The international process standard is intended to be used in risk management, e.g., IEC 62366 on

107

usability engineering and the ISO 10993 (series) on biological evaluation.

 

108

In either case, proper use of the international process standard requires attention to the interfaces between

109

that standard and ISO 14971 in order to achieve acceptable levels of risk for the medical device. The two

110

standards should work together such that inputs, outputs and their timing are optimized. In the following, three

111

examples are given to demonstrate this ideal situation.

 

112

a)

IEC 63204, Medical device software - Software life cycle processes

 

113

The relationship between IEC 62304 and ISO 14971 is well-described in the introduction to IEC 62304:

 

114

As a basic foundation it is assumed that MEDICAL DEVICE SOFTWARE is developed and maintained

115

within a quality management system (see 4.1of IEC 62304:2006) and a RISK MANAGEMENT process

116

(see 4.2 of IEC 62304:2006). The RISK MANAGEMENT PROCESS is already very well addressed by the

117

International Standard ISO 14971. Therefore IEC 62304 makes use of this advantage simply by a

118

normative reference to ISO 14971. Some minor additional RISK MANAGEMENT requirements are

119

needed for software, especially in the area of identification of contributing software factors related to

120

HAZARDS. These requirements are summarized and captured in Clause 7 as the software RISK

121

MANAGEMENT PROCESS.

 

ISO/CD 24971

122 Whether software is a contributing factor to a HAZARD is determined during the HAZARD identification

123 ACTIVITY of the RISK MANAGEMENT PROCESS. HAZARDS that could be indirectly caused by software (for

124 example, by providing misleading information that could cause inappropriate treatment to be

125 administered) need to be considered when determining whether software is a contributing factor. The

126 decision to use software to control RISK is made during the RISK CONTROL ACTIVITY of the RISK

127 MANAGEMENT PROCESS. The software RISK MANAGEMENT PROCESS required in this standard has to be

128 embedded in the device RISK MANAGEMENT PROCESS according to ISO 14971.

129 IEC 62304 makes ISO 14971 a normative reference and specifically requires:

130 Software development planning (subclause 5.1 of IEC 62304:2006) that is consistent with the risk

131 management plan required by ISO 14971; and

132 A software risk management process (Clause 7 of IEC 62304:2006) based upon ISO 14971.

133 IEC 62366, Medical devices - Application of usability engineering to medical devices

b)

134 The flow diagram in Figure A.1 of IEC 62366 demonstrates the relationship and interconnection of the

135 two parallel and interconnecting processes. In addition to making a normative reference to ISO 14971,

136 IEC 62366 identifies three specific clauses where the usability engineering process can supplement and

137 interact with risk management as described in ISO 14971:

138 Subclause 5.3.1 of IEC 62366 requires: “An identification of characteristics related to SAFETY (part of

139 a RISK ANALYSIS) that focuses on USABILITY shall be performed according to ISO 14971:2007, 4.2.”

140 Subclause 5.3.2 of IEC 62366 requires: “The MANUFACTURER shall identify known or foreseeable

141 HAZARDS (part of a RISK ANALYSIS) related to USABILITY according to ISO 14971:2007, 4.3."

142 Subclause 5.9 on Usability Validation makes several references to activities that would be

143 undertaken as part of risk management.

144 ISO 10993 (series), Biological evaluation of medical devices

c)

145 Biological evaluation is the application of ISO 14971 process to ISO 10993-1 for determination of overall

146 residual risk acceptability. The introduction to ISO 10993-1 states that ISO 10993-1 is intended to be a

147 guidance document for the biological evaluation of medical devices within risk management, as part of

148 the overall evaluation and development of each device.

149 Annex B of ISO 10993-1 applies ISO 14971 to provide guidance on the risk management approach for

150 identification of biological hazards associated with medical devices, estimation and evaluation of the risks,

151 control of the risks, and monitoring the effectiveness of the risk control measures.

152 This approach combines the review and evaluation of existing data from all sources, with the selection

153 and application of additional tests (where necessary), thus enabling a full evaluation to be made of the

154 biological responses to each medical device, relevant to its safety in use.

155 ISO 10993-1:2009 aligns itself explicitly within risk management as described in ISO 14971.

156 The biological evaluation should be conducted in a manner similar to that used for other product risks,

157 and should include:

158 Risk analysis (What are the hazards?)

159 Risk evaluation (Are they acceptable?)

160 Risk control (How will they be controlled?)

161 Evaluation of overall residual risk acceptability (Does benefit outweigh risk?)

ISO/CD 24971

162 Following the logic of ISO 14971, if the overall residual risk evaluation concludes from existing data that

163 the identified risks are acceptable, no further testing is needed. Otherwise, appropriate measures should

164 be taken to further evaluate or mitigate the risks.

165 The output of this evaluation is a Biological Evaluation Report.

166 Application:

167 Hazards identified in ISO 10993-1 include:

168 Acute toxicity

169 Irritation (skin, eye, mucosal surfaces)

170 Allergy

171 Genotoxicity

172 Carcinogenicity

173 Do the proposed materials present such hazards?

174

175

176

177

Methods that can be used to determine if a material can result in these conditions include:

Literature

Testing

Field experience

178 Are the exposure levels acceptable?

179 According to ISO 10993-1, expert assessors should determine if the available information is sufficient to

180 meet the purpose of the evaluation of biological safety and if so, document how the conclusion on safety

181 was reached. This conclusion is documented in the Biological Evaluation Report which becomes an

182 element of the risk management report.

183 3

Developing the policy for determining the criteria for risk acceptability

184 According to subclause 3.2 of ISO 14971:2007, top management is required to define and document the

185 policy for determining criteria for risk acceptability. This policy is intended to ensure that criteria:

a)

186 are based upon applicable national or regional regulations;

187 are based upon relevant International Standards;

b)

188 take into account available information such as the generally accepted state of the art and known

189 stakeholder concerns.

c)

190 NOTE

Other relevant information can also be included.

191 The policy should provide a rationale and guidelines for establishing and maintaining the risk acceptability

192 criteria, which are essential for risk evaluation.

193 The policy could cover the entire range of a manufacturer's medical devices or it can take different forms

194 depending on whether the medical devices are similar to each other, or whether the differences between

195 groups of products are significant.

196 When developing or maintaining the policy the following should be taken into consideration.

197

The applicable regulations that have to be complied with in the regions where the product is to be

198 marketed.

ISO/CD 24971

199 The relevant International Standards covering relevant intended use that may help identifying principles

200 for setting the acceptability criteria.

201 Information on the state of the art can be obtained from review of the literature and other information on

202 similar medical devices the manufacturer has marketed, as well as those from competing companies.

203 Such a review can also demonstrate the appropriateness or inappropriateness of previously used risk

204 acceptability criteria, and this may impact future development of the policy.

205 The concerns of the main stakeholders. Some potential sources of information on the patient and clinician

206 perspective include news media, social media, patient forums, as well as input from internal departments

207 with expert knowledge of stakeholder concerns like the clinical department.

208 The review of the suitability of the risk management process at planned intervals, as required by subclause

209 3.2 of ISO 14971:2007, can lead to changes in the policy or the related risk acceptability criteria. Such

210 changes can lead to reviewing the appropriateness of previous risk acceptability decisions.

211 4

212 4.1

Production and post-production feedback loop

Introduction

213 Typically the initial risk assessment is based on experience with similar medical devices or applications on the

214 market, or on assumptions when new medical devices are released to the market. Information received after

215 market entry is valuable for confirming or correcting previous assumptions, estimates, or omissions made

216 during the risk analysis and risk control phases. Clause 9 of ISO 14971 requires that a feedback loop is

217 established in the manufacturer’s organization to collect and evaluate such information for potential relevance

218 to medical device safety. The nature of such information can be positive or negative in regard of medical

219 device safety. The feed-back loop should consist of the following steps:

220

221

222

Observation and transmission

Assessment

Action

223 For the feedback loop to be effective, it is necessary for the responsibility for maintaining the risk management

224 file to be defined.

225 4.2

Observation and transmission

226 An observation provides information on or experience with a medical device that should be compared against

227 the current risk management file. The observation can come from a number of different sources each of which

228 can have a bearing on the safety of the medical device. For example:

229 Information from manufacturing or R&D staff within or contracted to the manufacturer.

230 Information from installation, servicing and/or training personnel within or contracted to the manufacturer.

231 Information from the use of the medical device.

232 Information on experience with competitor's medical devices through incident reports (for example, from

233 databases provided by local regulatory agencies to collect and generate an overview of device

234 experience).

235 Clinical information (e.g. post-market clinical trials on the manufacturer’s own medical devices or other

236 published clinical literature on competitor's and similar medical devices).

237 Information on new or amended standards and regulations.

ISO/CD 24971

238 For information to be relevant to a manufacturer’s medical device it need not be directly related to their own or

239 a competitor’s product. Information relating to similar medical devices with similar intended use or similar

240 principles of operation can yield useful post-market information on the relevance of the risks of the

241 manufacturer’s medical device.

242 When designing a means of acquiring or detecting post-market information, manufacturers should be careful

243 not to induce bias into the process. The means of acquiring or asking for feedback should be neutral in

244 regards to achieving negative or positive feedback. Furthermore, feedback should include events that have

245 occurred as well as events that could have occurred.

246 For any post-market information to be useful it has to be transmitted to the persons or department within the

247 organization that have the responsibility and authority to compare against the current risk management file

248 and enact change where necessary.

249 The means of transmission of this information will depend on the source of the information. Some information

250 will be pulled (initiated by the manufacturer) and some information will be pushed (initiated by sources like the

251 customer, authorities, or patient), in either case the organization should ensure that efficient communication

252 channels are planned and established to allow for timely and accurate receipt of information. The rate at which

253 the manufacturer pulls information from the various sources (including users) depends on the maturity of the

254 medical device and technology, the specific market and in response to advisory notices.

255 Various departments within the manufacturer’s organization can receive and handle different kinds of

256 information, for example:

257 customer complaints or adverse event reports.

258 service and installation reports.

259 new or revised regulations, standards or guidance.

260 production non-conformance reports.

261 It is of paramount importance that all relevant information from these groups is reviewed and distributed to that

262 part of the manufacturer's organization with the responsibility and authority for the risk assessment (see 4.3).

263 Where the probability of events (for example component failures) is a relevant factor contributing to the

264 evaluation of risk, statistical trending of such events should be considered.

265 4.3

Assessment

266 The risk assessment based on new observations should be subject to the same level of controls and reviews

267 as were applicable to the initial risk assessment. This would include any subsequent identification of risk

268 control measures, if required. Such controls should include review and approval by individuals in the same

269 functions or departments as those who signed off originally. Any new safety-related observations are to be

270 assessed using the same risk acceptability criteria used in the most recent risk assessment of the medical

271 device.

272 New observations related to safety should be contrasted and compared against the established risk

273 management file to test the validity of any assumptions made:

274 Is the intended use still valid? – Has there been any off-label use or other occurrences of misuse which

275 were not foreseen in the original risk management process?

a)

276 Is there evidence of new hazards or hazardous situations not originally identified in the hazard

277 identification process?

b)

c)

278 Are the severity and probability estimations for a particular risk still valid?

d)

279 Is there any evidence that the risk acceptability criteria should be adjusted?

ISO/CD 24971

e)

280 Is the effectiveness of risk control measures proven adequate?

281 Does the risk/benefit analysis accurately represent the actual market experience?

f)

282 If data suggest correction or adjustment of the current risk management file, the residual risks need to be

283 evaluated based on the new data. In addition, the overall residual risk of the device should be reviewed.

284 4.4

Action

285 In a case where the residual risk based on new data is judged unacceptable, risk control is required in two

286 areas:

a)

287 The medical devices currently installed and used in the market need to be corrected.

b)

288 The medical devices manufactured from that point in time or related processes need to be corrected.

289 For medical devices currently on the market, risk control can be different from that in current production, as

290 timing and realization of corrections of already marketed medical devices can contribute to this specific

291 hazardous situation of a correction. For example, immediate information (i.e. a customer letter) can be

292 provided to users, before further risk control measures are developed and validated. Where modifications or

293 replacement of medical devices is necessary, the speed of such ‘field corrective actions’ contributes to risk

294 reduction.

295 NOTE This immediate information is known as an Advisory Notice in ISO 13485 and as a Field Safety Notice in the

296 European MEDDEV 2.12.1.

297 In assessing post-production information, manufacturers should be alert for signals that might indicate there

298 are systemic problems with the risk management process.

ISO/CD 24971

299 300 Figure 1 – Production and Post-Production feedback Loop 301 5 Differentiation of information
299
300
Figure 1 – Production and Post-Production feedback Loop
301
5
Differentiation of information for safety and disclosure of residual risk
302
5.1
Difference between “information for safety” and “disclosure of residual risk”
303
The difference between “information for safety” and “disclosure of residual risks” is explained in Annex J of
304
ISO 14971:2007. However, experience of manufacturers has shown that there is confusion between these two
305
concepts. This guidance document tries to clarify these differences.
306
Information for safety is considered to be a risk control measure. It is instructive, and ISO 14971 requires it to
307
be verified for effectiveness. It can be provided in the form of warnings or (pre)cautions.

ISO/CD 24971

308 Residual risk is defined in ISO 14971:2007 as risk remaining after risk control measures have been taken.

309 Risk control measures include information for safety.

310 ISO 14971 requires that all information for safety be traceable in the risk management file. The decision of the

311 manufacturer regarding disclosure of residual risk can be recorded in the risk management file.

312 5.2

Information for safety

313 The information for safety is regarded as a risk control measure (subclause 6.2 c) of ISO 14971:2007), when it

314 is not feasible to make the device inherently safe by design or to apply other risk control measures.

315 Considerations on the feasibility can take into account the state of the art applied in similar medical devices on

316 the market, compliance with international standards, and acceptance of the residual risks by stakeholders.

317 The text for information for safety can be prescribed by local regulations. The verification of the effectiveness

318 of the information for safety can be performed by the usability engineering process (IEC 62366).

319 Information for safety needs to be instructive and should give the user a clear indication of what actions to

320 take or to avoid, in order to avoid a hazardous situation or harm from occuring. This is usually provided in the

321 form of warnings, (pre)cautions or disclaimers (see Annex J.2 of ISO 14971:2007).

322 5.3

Disclosure of residual risk

323 Disclosure of residual risk is descriptive and can provide background on the risks involved in using the

324 medical device. The aim is to disclose in the accompanying documents information necessary to the user, and

325 potentially the patient, in order to enable an informed decision which weighs the residual risks against the

326 benefits of the use of the device. (see Annex J.3 of ISO 14971:2007).

327 5.4

Examples of information for safety and residual risks

328 Information for safety can be given in the form of a warning label attached to medical devices. Some

329 examples are given here.

330 Warning: do not step on surface.

331 Warning: do not remove cover, risk of electric shock.

332 Warning: use with caution. Serum samples containing more than 60 mg/dl hemoglobin will interfere with

333 the test principle, thereby limiting the diagnostic result.

334 The manufacture should consider means and media to disclose the residual risks and the overall residual risk.

335 This information can be significant in the process of clinical decision making. Within the framework of the

336 intended use, the operator or the user can decide in which clinical settings the medical device can be used to

337 achieve a certain benefit for the patient. The disclosure of the residual risks can also be useful for the operator

338 (user) or the hospital organization to prepare the patient for possible side effects or hazards that can occur

339 during or after the use of the medical device. Note that operator, user and patient can be the same person, for

340 example for medical devices used in the home healthcare environment.

341 Some examples are given here to illustrate the residual risks associated with using the medical device and

342 such side effects.

343 Linear accelerators can be used to treat tumours. The residual risks of radiation therapy for tumours can

344 include erythema or epilation.

345 When patients undergo magnetic resonance imaging (MRI), they sometimes experience anxiety due to:

346 being in an enclosed space, hearing the loud noise generated by the equipment, and needing to remain

347 still during imaging.

348 Additional examples of residual risk can be found in D.6.5 of ISO 14971.

349 6

350 6.1

Evaluation of overall residual risk

Overview

ISO/CD 24971

351 After the assessment of every identified separate hazardous situation, the manufacturer must then consider

352 the combined impact of the individual residual risks, and make a decision whether the overall residual risk

353 meets or exceeds the risk acceptability criteria stated in the risk management plan. This step is particularly

354 important for complex medical systems and for medical devices with a large number of individual risks. The

355 evaluation may be used for making a case that the product is safe.

356 Clause 7 of ISO 14971 requires that the overall residual risk be evaluated against the criteria stated in the risk

357 management plan. The challenge is that it can often be a difficult task to numerically add all individual residual

358 risks to determine the overall residual risk. This difficulty arises for the following reasons.

359 Even in the later stages of medical device development, confidence in the probability estimates can vary

360 considerably. Some probabilities are known precisely either from history with similar medical devices or from

361 testing. Other probabilities are only estimates and might be known very imprecisely or not at all, such as the

362 probability of a software failure. Also it is usually not possible to combine the severities of individual harms

363 within the broad categories usually used in risk analysis.

364 ISO 14971 does not specify that risk acceptability criteria for individual risks need to be the same as criteria

365 for overall risk acceptabilityThe criteria used to evaluate individual risks are usually based on the probability of

366 occurrence of particular types of harm. On the other hand, manufacturers can seek different methods for

367 evaluating overall residual risk that are consistent with the methods described in ISO 14971 and are based on

368 the policy for risk acceptability.

369 The manufacturer should seek different methods for evaluating overall residual risk that are consistent with

370 the methods described in ISO 14971, or establish a separate set of overall residual risk acceptability criteria

371 based on the policy for risk acceptability, or most likely do both.

372 Annexes D.4 and D.7 of ISO 14971:2007 list some possible general techniques or methods together with

373 considerations affecting their selection. Setting criteria based on the policy for risk acceptability is covered by

374 ISO14971 in general and guidance is found in Section 3 of this document. Both the criteria and the methods

375 associated with them should be stated in the risk management plan. This guidance is intended to help in

376 establishing such criteria and methods.

377 6.2

Inputs and other considerations for overall residual risk evaluation

378 First, all risk control measures should have been implemented and verified before the overall residual risk can

379 be evaluated. This means that all identified hazardous situations have been evaluated and that all risks have

380 been reduced to an acceptable level or have been accepted based upon a risk/benefit analysis. Some

381 examples of information and activities are presented below. These can be used as input to overall residual

382 risk evaluation and considerations that should be made in the determination of whether the overall residual

383 risk is acceptable.

The manufacturer can compare the medical device under review to similar marketed devices (see Annex

385 D.7.7 of ISO 14971:2007). In order for the manufacturer to make well considered conclusions about the

386 overall risk and benefits, up to date information on intended use and associated adverse events should

384 a)

387 be reviewed, as well as information from the scientific literature, including information about clinical

388 experience. The key question is whether the medical device under review offers the same or better safety

389 as a medical device that can be considered to have an acceptable overall residual risk.

390 b) The manufacturer can also use experts outside of the manufacturer’s organization to provide expert

391 opinion on overall risks and benefits (see Annex D.7.8 of ISO 14971:2007). These experts can come from

392 a variety of disciplines, including those with clinical experience and those who market similar devices.

393 They can help the manufacturer take into account stakeholder concerns. Attention is drawn to the

394 requirements for training and experience described in Sub clauses 3.2 and 3.3, 3.4 b) and c), and Annex

395 A.2.3.3 of ISO 14971:2007.

ISO/CD 24971

396 Even though all individual risks should have been identified and accepted, some risks may need to be

397 analysed further as part of the overall residual risk evaluation.

c)

398 One example could be that there are many risks that are close to being not acceptable. Hence, the

399 overall risk acceptability could be suspect and a further investigation can be appropriate for the medical

400 device and the associated risk management file. Another example can be that there are risks that are

401 interdependent with respect to either their causes or the risk controls applied. It should be noted that the

402 efficiency of related risk control measures can prove less effective in combination than individually. This

403 can also be true of risk control measures that are designed to counter multiple risks simultaneously. A

404 Fault Tree or Event Tree Analysis can be a useful tool to demonstrate such connections between the

405 risks and risk control measures used.

406 Other considerations for overall residual risk evaluation:

d)

407 The results of usability evaluation or clinical experience during design validation testing can provide

408 useful information. One example is the failure to complete a task during usability testing. Another

409 example is information about side effects.

1)

2)

410 Visual representations of the residual risks can be useful. Each individual risk can be shown in a risk

411 chart such as those in D.3 and D.4 of ISO 14971:2007, giving a graphic view of the distribution of the

412 risks. If many of the risks are in the higher severity regions of the chart, or clusters of risks are

413 borderline, then even if each individual risk is acceptable, the distribution of the risks may be indicative

414 that the overall residual risk is not acceptable.

415 During overall residual risk evaluation, any individual risk/benefit analyses should be taken into

416 account.

3)

417 When there have been trade-offs between risks in the risk analysis, this might be indicative that the

418 overall residual risk should be analysed more carefully. These are instances where one type risk

419 might have been allowed to increase somewhat in order that another risk was reduced. For example,

420 when the risk to one person (the user) is allowed to increase so that the risk to another (the patient)

421 can be reduced. This is called risk parallax. The evaluation may take the form of going through

422 related major risks, describing why the trade off balance is practical and why the combined risk level

423 of the risks in the trade off decision is acceptable.

4)

424 The results of the overall residual risk evaluation form part of the risk management file. It can be beneficial to

425 document the rationale for the acceptance of the overall residual risk.

426

427

428

429

430

Annex A

(informative)

ISO/CD 24971

Use of international product safety standards in the application of ISO 14971

431 Figure A.1 provides a flowchart that outlines the use of international product standards in the context of

432 ISO 14971.

433

434

Identify Hazards/Hazardous Situations (H/HS) (4.3 of ISO 14971:2007)

Identify Hazards/Hazardous Situations (H/HS) (4.3 of ISO 14971:2007)

Identify Hazards/Hazardous Situations (H/HS) (4.3 of ISO 14971:2007)
Identify Hazards/Hazardous Situations (H/HS) (4.3 of ISO 14971:2007)
Are the H/HS addressed in international Product Safety Standard(s)? No Apply full risk management (RM)
Are the H/HS
addressed in international Product
Safety Standard(s)?
No
Apply full risk
management (RM)
process according to
ISO 14971 for those
H/HS
Yes
How is it addressed? Choose between 2 a), 2 b) or 2 c).
How is it
addressed? Choose between
2 a), 2 b) or 2 c).
How is it addressed? Choose between 2 a), 2 b) or 2 c). 2 b): International
How is it addressed? Choose between 2 a), 2 b) or 2 c). 2 b): International
How is it addressed? Choose between 2 a), 2 b) or 2 c). 2 b): International
How is it addressed? Choose between 2 a), 2 b) or 2 c). 2 b): International
How is it addressed? Choose between 2 a), 2 b) or 2 c). 2 b): International
How is it addressed? Choose between 2 a), 2 b) or 2 c). 2 b): International
2 b): International Product Safety Standard specifies requirements but does not provide specific acceptance criteria?
2 b): International
Product Safety
Standard specifies
requirements but does
not provide specific
acceptance criteria?
Do
requirement(s) fully
match the design
including intended
use?
No
Use of the
requirements of
the standard
CANNOT give
presumption of
risk acceptability
Yes
Establish test acceptance
criteria and document in
the risk management plan
Apply full RM
process according
to ISO 14971 for
those H/HS
No need to estimate (4.4)
or evaluate risk (5)
Verify implementation and
effectiveness (6.3) by
performing test according
to the standard
If the test passes,
related residual
risk is considered
acceptable (6.4)
2 a): International Product Safety Standard specifies requirements and provides specific acceptance criteria? Do
2 a): International
Product Safety
Standard specifies
requirements and
provides specific
acceptance criteria?
Do
requirement(s) fully
match the design
including intended
use?
No
Use of the
requirements in
the standard
CANNOT provide
presumption of
risk acceptability
Yes
No need to estimate (4.4)
or evaluate risk (5)
Apply full RM
process according
to ISO 14971 for
those H/HS
Identify risk control
measure (6.2 - related to
the requirement of the
standard) and implement
Verify implementation and
effectiveness (6.3) by
performing test according
to the standard
If the test passes,
related residual
risk is considered
acceptable (6.4)
2 c): International Product Safety Standard identifies H/HS but does not provide requirements?
2 c): International
Product Safety
Standard identifies
H/HS but does not
provide
requirements?
Apply full RM process according to ISO 14971 for those H/HS
Apply full RM
process according
to ISO 14971 for
those H/HS

Figure A.1 — Flow of the use of international product safety standards

435

436

437

438

439

ISO/CD 24971

Annex B

(informative)

Examples of the use of an international product safety standard in the application of ISO 14971

440 Figure B.1 is an example of the use of an international product safety standard that specifies requirements

441 and provides specific acceptance criteria.

442

443

444

441 and provides specific acceptance criteria. 442 443 444 Figure B.1 — Use of an international
441 and provides specific acceptance criteria. 442 443 444 Figure B.1 — Use of an international
441 and provides specific acceptance criteria. 442 443 444 Figure B.1 — Use of an international
441 and provides specific acceptance criteria. 442 443 444 Figure B.1 — Use of an international

Figure B.1 — Use of an international product safety standard that specified requirements and provides specific acceptance criteria

14

standard that specified requirements and provides specific acceptance criteria 14 © ISO 2012 – All rights

© ISO 2012 – All rights reserved

ISO/CD 24971

445 Figure B 2 is an example of the use of an international product safety
445
Figure B 2 is an example of the use of an international product safety standard that specifies requirements but
446
does not provide specific acceptance criteria.
447
448
449
Figure B 2 — Use of an international product safety standard that specifies requirements but does not
provide specific acceptance criteria

450

451

452

453

454

455

456

457

ISO/CD 24971

Figure B 3 is an example of an international product safety standard that identifies a hazard or hazardous

situation but does not specify requirements/

Identify Hazards/Hazardous Situations (H/HS) (4.3 of ISO 14971:2007)

Identify Hazards/Hazardous Situations (H/HS) (4.3 of ISO 14971:2007)

Identify Hazards/Hazardous Situations (H/HS) (4.3 of ISO 14971:2007)
Identify Hazards/Hazardous Situations (H/HS) (4.3 of ISO 14971:2007)
Are the H/HS addressed in International Product Safety Standard(s)? Yes
Are the H/HS
addressed in International Product
Safety Standard(s)?
Yes
How is it addressed? Choose between 2 a), 2 b) or 2 c) 2 c):
How is it
addressed? Choose between
2 a), 2 b) or 2 c)
2 c): International Product
Safety Standard identifies
H/HZ but does not provide
requirements?
Apply full RM
process according
to 14971 for those
H / HS
Hazardous situation identified - medical device applies a new kind of therapeutic acoustic pressure to

Hazardous situation identified - medical device applies a new kind of therapeutic acoustic pressure to patient (no particular/specific standard applicable)

medical device applies a new kind of therapeutic acoustic pressure to patient (no particular/specific standard applicable)
medical device applies a new kind of therapeutic acoustic pressure to patient (no particular/specific standard applicable)
to patient (no particular/specific standard applicable) Yes: IEC 60601-1:2005, Subclause 12.4.6 2 c) Yes:
Yes: IEC 60601-1:2005, Subclause 12.4.6

Yes: IEC 60601-1:2005, Subclause 12.4.6

Yes: IEC 60601-1:2005, Subclause 12.4.6
Yes: IEC 60601-1:2005, Subclause 12.4.6
standard applicable) Yes: IEC 60601-1:2005, Subclause 12.4.6 2 c) Yes: therapeutic acoustic pressure is an identified

2 c)

2 c)
2 c)
2 c)
applicable) Yes: IEC 60601-1:2005, Subclause 12.4.6 2 c) Yes: therapeutic acoustic pressure is an identified hazard,
Yes: therapeutic acoustic pressure is an identified hazard, however there is no specific requirement(s)

Yes: therapeutic acoustic pressure is an identified hazard, however there is no specific requirement(s)

Yes: therapeutic acoustic pressure is an identified hazard, however there is no specific requirement(s)
Yes: therapeutic acoustic pressure is an identified hazard, however there is no specific requirement(s)
hazard, however there is no specific requirement(s) Apply full RM process and verify compliance in the

Apply full RM process and verify compliance in the risk management file

Figure B 3 — Example of an international product safety standard that identifies a hazard or

hazardous situation but does not specify requirements

Оценить