guidance on the application of iso 14971.pdf

© ISO 2012 – All rights reserved

Document type: Technical Report Document subtype: Document stage: (30) Committee Document language: E G:\Committee Documents\iso210\TC 210\TC 210 register docs\210n426 CDTR for comment 24971.doc STD Version 2.1c2

ISO TC 210 N 426 Date: 2012-05-02

ISO/CD 24971

ISO TC 210/SC /WG JWG 1

Secretariat: ANSI

Guidance on the application of ISO 14971

Warning

This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an International Standard.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation.

ISO/CD 24971

ii © ISO 2012 – All rights reserved

Copyright notice

This ISO document is a working draft or committee draft and is copyright-protected by ISO. While the reproduction of working drafts or committee drafts in any form for use by participants in the ISO standards development process is permitted without prior permission from ISO, neither this document nor any extract from it may be reproduced, stored or transmitted in any form for any other purpose without prior written permission from ISO.

Requests for permission to reproduce this document for the purpose of selling it should be addressed as shown below or to ISO's member body in the country of the requester:

[Indicate the full address, telephone number, fax number, telex number, and electronic mail address, as appropriate, of the Copyright Manger of the ISO member body responsible for the secretariat of the TC or SC within the framework of which the working document has been prepared.]

Reproduction for sales purposes may be subject to royalty payments or a licensing agreement.

Violators may be prosecuted.

ISO/CD 24971

© ISO 2012 – All rights reserved iii

Contents Page

Foreword .........................................................................................................................................................iv

Introduction......................................................................................................................................................v

1 Scope...................................................................................................................................................1

2 The role of international product safety and process standards ....................................................1 2.1 Introduction.........................................................................................................................................1 2.2 Use of international product safety standards in risk management...............................................2 2.3 Process standards and ISO 14971.....................................................................................................3

3 Developing the policy for determining the criteria for risk acceptability .......................................5

4 Production and post-production feedback loop...............................................................................6 4.1 Introduction.........................................................................................................................................6 4.2 Observation and transmission...........................................................................................................6 4.3 Assessment.........................................................................................................................................7 4.4 Action...................................................................................................................................................8

5 Differentiation of information for safety and disclosure of residual risk........................................9 5.1 Difference between “information for safety” and “disclosure of residual risk” ............................9 5.2 Information for safety .......................................................................................................................10 5.3 Disclosure of residual risk ...............................................................................................................10 5.4 Examples of information for safety and residual risks ..................................................................10 6 Evaluation of overall residual risk ...................................................................................................11 6.1 Overview............................................................................................................................................11 6.2 Inputs and other considerations for overall residual risk evaluation ...........................................11 Annex A (informative) Use of international product safety standards in the application of

ISO 14971...........................................................................................................................................13

Annex B (informative) Examples of the use of an international product safety standard in the application of ISO 14971...................................................................................................................14

ISO/CD 24971

iv © ISO 2012 – All rights reserved

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.

In exceptional circumstances, when a technical committee has collected data of a different kind from that which is normally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are considered to be no longer valid or useful.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO/TR 24971 was prepared by a joint workign group of Technical Committee ISO/TC 210, Quality management and corresponding general aspects for medical devices, and IEC Subcommittee SC 62A, Common aspects of electrical equipment used in medical practice.

ISO/CD 24971

© ISO 2012 – All rights reserved v

Introduction

This Technical Report provides guidance to assist in the development, implementation and maintenance of risk management for medical devices that aim to meet the requirements of ISO 14971. It provides guidance for specific aspects of ISO 14971 for a wide variety of medical devices. Such medical devices include active, non-active, implantable, and non-implantable medical devices and in vitro diagnostic medical devices.

This Technical Report is not intended to be an overall guidance document on the implementation of ISO 14971 for organizations. It supplements the guidance contained in the informative annexes of ISO 14971 related to the following areas.

– Guidance on formulation of a risk management policy

– The role of international product safety standards and process standards in risk management

– Guidance on how the production and post-production feedback loop can work

– Guidance on the differentiation of information for safety as a risk control measure and disclosure of residual risk

– An expansion of the discussion of overall residual risk

This Technical Report provides some approaches that an organization can use to implement and maintain some aspects of risk management which conforms to ISO 14971. Alternative approaches can be used if these also satisfy the requirements of ISO 14971.

When judging the applicability of the guidance in tis Technical Report, one should consider the nature of the medical device(s) to which it will apply, the risks associated with the use of these medical devices, and the applicable regulatory requirements.

This Technical Report should not be used as an interpretation of the requirements of ISO 14971.

COMMITTEE DRAFT ISO/CD 24971

© ISO 2012 – All rights reserved 1

Guidance on the application of ISO 14971 1

1 Scope 2

Experience indicates that manufacturers have difficulty with practical implementation of some clauses of the 3 risk management standard ISO 14971:2007. This Technical Report provides guidance in addressing specific 4 areas of this International Standard when implementing risk management. 5

This guidance is intended to assist manufacturers and other users of the standard: 6

– understanding the use and application of standards when performing risk management; 7

– establishing a policy for determining risk acceptability criteria; 8

– incorporating production and post-production information into risk management; 9

– differentiating between "Information for safety" and "disclosure of residual risk"; and 10

– evaluating overall residual risk. 11

2 The role of international product safety and process standards 12

2.1 Introduction 13

Standards play a significant role in risk management as described by ISO 14971. Manufacturers need to 14 establish a policy for determining risk acceptability criteria. That policy can be based, at least in part, upon 15 international standards, the generally accepted state of the art and known stakeholder concerns (see 16 subclause 3.2 of ISO 14971:2007). In principle, international standards are developed using a type of risk 17 management that can include identifying hazards and hazardous situations, estimating risks, evaluating risks, 18 and specifying risk control measures. More information on a process for developing medical device standards 19 using a type of risk management can be found in ISO/IEC Guide 63. Standards dealing with the safety of a 20 specific type of medical device, such as product-related ISO and IEC standards, have been developed by 21 experts in the field and represent the generally accepted state of the art (see Annex D.4 in ISO 14971:2007). 22

Standards have a specific application in risk management. The manufacturer first needs to consider the 23 medical device being designed, its intended use and the hazards/hazardous situations related to it. The 24 manufacturer can then identify standard(s) that contain requirements that control the risks related to those 25 hazards/hazardous situations. 26

For medical devices that satisfy the requirements and compliance criteria of such standards, the residual risks 27 related to those hazards/hazardous situations can be considered acceptable unless there is objective 28 evidence to the contrary. The requirements of international standards, such as engineering or analytical 29 processes, specific output limits, warning labels, or design specifications, can be considered risk control 30 measures established by the standards writers that are intended to address the risks of specific hazardous 31 situations that have been identified and evaluated as needing risk control. 32

In many cases, the standards writers have taken on and completed elements of risk management and 33 provided manufacturers with answers in the form of design requirements and test methods for establishing 34 conformity. When performing risk management activities, manufacturers can take advantage of the work of 35

ISO/CD 24971

2 © ISO 2012 – All rights reserved

the standards writers and need not repeat the analyses leading to the requirements of the standard. 36 International standards, therefore, provide valuable information on risk acceptability that has been validated 37 during a worldwide evaluation process, including multiple rounds of review, comment, and voting. 38

2.2 Use of international product safety standards in risk management 39

An international product safety standard can establish requirements that are relevant to a medical device’s 40 specific design and intended use/purpose. Where such an international product safety standard establishs 41 requirements that represents acceptable risk for specific hazardous situations (e.g. safety limits, risk control 42 measures), the manufacturer can apply these requirements in the following way when evaluating risk under 43 ISO 14971. 44

a) Where an international product safety standard specifies technical requirements addressing particular 45 hazards or hazardous situations, together with specific acceptance criteria, compliance with those 46 requirements is presumed to establish that the residual risks have been reduced to acceptable levels 47 unless there is objective evidence to the contrary. For example, in IEC 60601-1, leakage current is 48 recognized as a hazardous situation that must be controlled to achieve an acceptable level of risk. 49 IEC 60601-1 provides leakage current limits that are considered to result in an acceptable level of risk 50 when measured under the conditions stated in subclause 8.7 of IEC 60601-1:2005. For this example, 51 further risk management would not be necessary. 52

The steps which need to be taken in this case are: 53

1) Implement subclauses 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and 54 identify hazards and hazardous situations associated with the device as completely as possible. 55

2) Identify those hazards and hazardous situations that are exactly covered by the international product 56 safety standard. 57

3) For those identified hazards and hazardous situations covered by the international product safety 58 standard, do not estimate (subclause 4.4 of ISO 14971:2007) or evaluate (Clause 5 of 59 ISO 14971:2007) the risks so identified but rather rely on the risk controls contained in the 60 international standard and the associated specified testing as evidence that the risks from these 61 hazardous situations is acceptable. 62

4) Verification of the risk controls for these hazardous situations is obtained from the design documents 63 and the tests and test results demonstrating that the device meets the acceptance criteria of the 64 international product safety standard. 65

5) If the acceptance criteria are met, the associated residual risk is considered acceptable. There is no 66 need to evaluate the residual risk (subclause 6.4 of ISO 14971:2007). 67

b) Where an international product safety standard specifies requirements addressing particular hazards or 68 hazardous situations, but does not provide specific acceptance criteria, the residual risk should be 69 estimated and evaluated using the criteria for risk acceptability recorded in the risk management plan. 70


1) Establish test acceptance criteria according to the criteria for risk acceptability and document in the 72 risk management plan. 73

2) Implement subclauses 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and 74 identify hazards and hazardous situations associated with their device as completely as possible. 75

3) Identify those hazards and hazardous situations that are exactly covered by the international product 76 safety standard. 77

4) For those identified hazards and hazardous situations covered by the international product safety 78 standard, do not estimate (subclause 4.4 of ISO 14971:2007) or evaluate (Clause 5 of 79

ISO/CD 24971


ISO 14971:2007) the risks so identified but rather rely on the risk controls contained in the 80 international standard and the associated specified testing as evidence that the risks from these 81 hazardous situations is acceptable. 82

5) Verification of the risk controls for these hazardous situations is outlined in the design documents 83 with reference to the associated tests and test results and the specified requirements. 84

6) Estimate and evaluate residual risk based on risk acceptability criteria (subclause 6.4 of 85 ISO 14971:2007). 86

c) Where an international product safety standard identifies particular hazards or hazardous situations that 87 have to be investigated without providing specific technical requirements. 88


1) the manufacturer should determine whether such hazards or hazardous situations exist for the 90 particular medical device (see subclause 4.3 of ISO 14971:2007), and 91

2) where such hazards or hazardous situations exist for the particular medical device, the manufacturer 92 is required to estimate and evaluate the risks and (if necessary) control these risks by applying risk 93 management (see Subclause 4.4, Clauses 5 and 6 of ISO 14971:2007). 94

d) For hazards or hazardous situations that are identified for the particular medical device but are not 95 specifically addressed in any standard, the manufacturer needs to address those hazards or hazardous 96 situations in the risk management process. The manufacturer is required to estimate and evaluate the 97 risks and (if necessary) control these risks by applying risk management (see Subclause 4.4, Clauses 5 98 and 6 of ISO 14971:2007). 99

Refer to Annex A for a flowchart to outline the use of international product standards. Annex B also includes 100 individual flowchart examples as supporting information for this section. 101

2.3 Process standards and ISO 14971 102

Process standards can often be used in conjunction with ISO 14971. This happens primarily in two ways: 103

– The process standard requires application of ISO 14971 as part implementation of the process standard, 104 e.g. IEC 62304 on software life cycle processes; or 105

– The international process standard is intended to be used in risk management, e.g., IEC 62366 on 106 usability engineering and the ISO 10993 (series) on biological evaluation. 107

In either case, proper use of the international process standard requires attention to the interfaces between 108 that standard and ISO 14971 in order to achieve acceptable levels of risk for the medical device. The two 109 standards should work together such that inputs, outputs and their timing are optimized. In the following, three 110 examples are given to demonstrate this ideal situation. 111

a) IEC 63204, Medical device software - Software life cycle processes 112

The relationship between IEC 62304 and ISO 14971 is well-described in the introduction to IEC 62304: 113

As a basic foundation it is assumed that MEDICAL DEVICE SOFTWARE is developed and maintained 114 within a quality management system (see 4.1of IEC 62304:2006) and a RISK MANAGEMENT process 115 (see 4.2 of IEC 62304:2006). The RISK MANAGEMENT PROCESS is already very well addressed by the 116 International Standard ISO 14971. Therefore IEC 62304 makes use of this advantage simply by a 117 normative reference to ISO 14971. Some minor additional RISK MANAGEMENT requirements are 118 needed for software, especially in the area of identification of contributing software factors related to 119 HAZARDS. These requirements are summarized and captured in Clause 7 as the software RISK 120 MANAGEMENT PROCESS. 121

ISO/CD 24971


Whether software is a contributing factor to a HAZARD is determined during the HAZARD identification 122 ACTIVITY of the RISK MANAGEMENT PROCESS. HAZARDS that could be indirectly caused by software (for 123 example, by providing misleading information that could cause inappropriate treatment to be 124 administered) need to be considered when determining whether software is a contributing factor. The 125 decision to use software to control RISK is made during the RISK CONTROL ACTIVITY of the RISK 126 MANAGEMENT PROCESS. The software RISK MANAGEMENT PROCESS required in this standard has to be 127 embedded in the device RISK MANAGEMENT PROCESS according to ISO 14971. 128

IEC 62304 makes ISO 14971 a normative reference and specifically requires: 129

– Software development planning (subclause 5.1 of IEC 62304:2006) that is consistent with the risk 130 management plan required by ISO 14971; and 131

– A software risk management process (Clause 7 of IEC 62304:2006) based upon ISO 14971. 132

b) IEC 62366, Medical devices - Application of usability engineering to medical devices 133

The flow diagram in Figure A.1 of IEC 62366 demonstrates the relationship and interconnection of the 134 two parallel and interconnecting processes. In addition to making a normative reference to ISO 14971, 135 IEC 62366 identifies three specific clauses where the usability engineering process can supplement and 136 interact with risk management as described in ISO 14971: 137

– Subclause 5.3.1 of IEC 62366 requires: “An identification of characteristics related to SAFETY (part of 138 a RISK ANALYSIS) that focuses on USABILITY shall be performed according to ISO 14971:2007, 4.2.” 139

– Subclause 5.3.2 of IEC 62366 requires: “The MANUFACTURER shall identify known or foreseeable 140 HAZARDS (part of a RISK ANALYSIS) related to USABILITY according to ISO 14971:2007, 4.3." 141

– Subclause 5.9 on Usability Validation makes several references to activities that would be 142 undertaken as part of risk management. 143

c) ISO 10993 (series), Biological evaluation of medical devices 144

Biological evaluation is the application of ISO 14971 process to ISO 10993-1 for determination of overall 145 residual risk acceptability. The introduction to ISO 10993-1 states that ISO 10993-1 is intended to be a 146 guidance document for the biological evaluation of medical devices within risk management, as part of 147 the overall evaluation and development of each device. 148

Annex B of ISO 10993-1 applies ISO 14971 to provide guidance on the risk management approach for 149 identification of biological hazards associated with medical devices, estimation and evaluation of the risks, 150 control of the risks, and monitoring the effectiveness of the risk control measures. 151

This approach combines the review and evaluation of existing data from all sources, with the selection 152 and application of additional tests (where necessary), thus enabling a full evaluation to be made of the 153 biological responses to each medical device, relevant to its safety in use. 154

ISO 10993-1:2009 aligns itself explicitly within risk management as described in ISO 14971. 155

The biological evaluation should be conducted in a manner similar to that used for other product risks, 156 and should include: 157

– Risk analysis (What are the hazards?) 158

– Risk evaluation (Are they acceptable?) 159

– Risk control (How will they be controlled?) 160

– Evaluation of overall residual risk acceptability (Does benefit outweigh risk?) 161

ISO/CD 24971


Following the logic of ISO 14971, if the overall residual risk evaluation concludes from existing data that 162 the identified risks are acceptable, no further testing is needed. Otherwise, appropriate measures should 163 be taken to further evaluate or mitigate the risks. 164

The output of this evaluation is a Biological Evaluation Report. 165

Application: 166

– Hazards identified in ISO 10993-1 include: 167

• Acute toxicity 168

• Irritation (skin, eye, mucosal surfaces) 169

• Allergy 170

• Genotoxicity 171

• Carcinogenicity 172

– Do the proposed materials present such hazards? 173

• Methods that can be used to determine if a material can result in these conditions include: 174

– Literature 175

– Testing 176

– Field experience 177

– Are the exposure levels acceptable? 178

According to ISO 10993-1, expert assessors should determine if the available information is sufficient to 179 meet the purpose of the evaluation of biological safety and if so, document how the conclusion on safety 180 was reached. This conclusion is documented in the Biological Evaluation Report which becomes an 181 element of the risk management report. 182

3 Developing the policy for determining the criteria for risk acceptability 183

According to subclause 3.2 of ISO 14971:2007, top management is required to define and document the 184 policy for determining criteria for risk acceptability. This policy is intended to ensure that criteria: 185

a) are based upon applicable national or regional regulations; 186

b) are based upon relevant International Standards; 187

c) take into account available information such as the generally accepted state of the art and known 188 stakeholder concerns. 189

NOTE Other relevant information can also be included. 190

The policy should provide a rationale and guidelines for establishing and maintaining the risk acceptability 191 criteria, which are essential for risk evaluation. 192

The policy could cover the entire range of a manufacturer's medical devices or it can take different forms 193 depending on whether the medical devices are similar to each other, or whether the differences between 194 groups of products are significant. 195

When developing or maintaining the policy the following should be taken into consideration. 196

– The applicable regulations that have to be complied with in the regions where the product is to be 197 marketed. 198

ISO/CD 24971


– The relevant International Standards covering relevant intended use that may help identifying principles 199 for setting the acceptability criteria. 200

– Information on the state of the art can be obtained from review of the literature and other information on 201 similar medical devices the manufacturer has marketed, as well as those from competing companies. 202 Such a review can also demonstrate the appropriateness or inappropriateness of previously used risk 203 acceptability criteria, and this may impact future development of the policy. 204

– The concerns of the main stakeholders. Some potential sources of information on the patient and clinician 205 perspective include news media, social media, patient forums, as well as input from internal departments 206 with expert knowledge of stakeholder concerns like the clinical department. 207

The review of the suitability of the risk management process at planned intervals, as required by subclause 208 3.2 of ISO 14971:2007, can lead to changes in the policy or the related risk acceptability criteria. Such 209 changes can lead to reviewing the appropriateness of previous risk acceptability decisions. 210

4 Production and post-production feedback loop 211

4.1 Introduction 212

Typically the initial risk assessment is based on experience with similar medical devices or applications on the 213 market, or on assumptions when new medical devices are released to the market. Information received after 214 market entry is valuable for confirming or correcting previous assumptions, estimates, or omissions made 215 during the risk analysis and risk control phases. Clause 9 of ISO 14971 requires that a feedback loop is 216 established in the manufacturer’s organization to collect and evaluate such information for potential relevance 217 to medical device safety. The nature of such information can be positive or negative in regard of medical 218 device safety. The feed-back loop should consist of the following steps: 219

– Observation and transmission 220

– Assessment 221

– Action 222

For the feedback loop to be effective, it is necessary for the responsibility for maintaining the risk management 223 file to be defined. 224

4.2 Observation and transmission 225

An observation provides information on or experience with a medical device that should be compared against 226 the current risk management file. The observation can come from a number of different sources each of which 227 can have a bearing on the safety of the medical device. For example: 228

– Information from manufacturing or R&D staff within or contracted to the manufacturer. 229

– Information from installation, servicing and/or training personnel within or contracted to the manufacturer. 230

– Information from the use of the medical device. 231

– Information on experience with competitor's medical devices through incident reports (for example, from 232 databases provided by local regulatory agencies to collect and generate an overview of device 233 experience). 234

– Clinical information (e.g. post-market clinical trials on the manufacturer’s own medical devices or other 235 published clinical literature on competitor's and similar medical devices). 236

– Information on new or amended standards and regulations. 237

ISO/CD 24971


For information to be relevant to a manufacturer’s medical device it need not be directly related to their own or 238 a competitor’s product. Information relating to similar medical devices with similar intended use or similar 239 principles of operation can yield useful post-market information on the relevance of the risks of the 240 manufacturer’s medical device. 241

When designing a means of acquiring or detecting post-market information, manufacturers should be careful 242 not to induce bias into the process. The means of acquiring or asking for feedback should be neutral in 243 regards to achieving negative or positive feedback. Furthermore, feedback should include events that have 244 occurred as well as events that could have occurred. 245

For any post-market information to be useful it has to be transmitted to the persons or department within the 246 organization that have the responsibility and authority to compare against the current risk management file 247 and enact change where necessary. 248

The means of transmission of this information will depend on the source of the information. Some information 249 will be pulled (initiated by the manufacturer) and some information will be pushed (initiated by sources like the 250 customer, authorities, or patient), in either case the organization should ensure that efficient communication 251 channels are planned and established to allow for timely and accurate receipt of information. The rate at which 252 the manufacturer pulls information from the various sources (including users) depends on the maturity of the 253 medical device and technology, the specific market and in response to advisory notices. 254

Various departments within the manufacturer’s organization can receive and handle different kinds of 255 information, for example: 256

– customer complaints or adverse event reports. 257

– service and installation reports. 258

– new or revised regulations, standards or guidance. 259

– production non-conformance reports. 260

It is of paramount importance that all relevant information from these groups is reviewed and distributed to that 261 part of the manufacturer's organization with the responsibility and authority for the risk assessment (see 4.3). 262

Where the probability of events (for example component failures) is a relevant factor contributing to the 263 evaluation of risk, statistical trending of such events should be considered. 264

4.3 Assessment 265

The risk assessment based on new observations should be subject to the same level of controls and reviews 266 as were applicable to the initial risk assessment. This would include any subsequent identification of risk 267 control measures, if required. Such controls should include review and approval by individuals in the same 268 functions or departments as those who signed off originally. Any new safety-related observations are to be 269 assessed using the same risk acceptability criteria used in the most recent risk assessment of the medical 270 device. 271

New observations related to safety should be contrasted and compared against the established risk 272 management file to test the validity of any assumptions made: 273

a) Is the intended use still valid? – Has there been any off-label use or other occurrences of misuse which 274 were not foreseen in the original risk management process? 275

b) Is there evidence of new hazards or hazardous situations not originally identified in the hazard 276 identification process? 277

c) Are the severity and probability estimations for a particular risk still valid? 278

d) Is there any evidence that the risk acceptability criteria should be adjusted? 279

ISO/CD 24971


e) Is the effectiveness of risk control measures proven adequate? 280

f) Does the risk/benefit analysis accurately represent the actual market experience? 281

If data suggest correction or adjustment of the current risk management file, the residual risks need to be 282 evaluated based on the new data. In addition, the overall residual risk of the device should be reviewed. 283

4.4 Action 284

In a case where the residual risk based on new data is judged unacceptable, risk control is required in two 285 areas: 286

a) The medical devices currently installed and used in the market need to be corrected. 287

b) The medical devices manufactured from that point in time or related processes need to be corrected. 288

For medical devices currently on the market, risk control can be different from that in current production, as 289 timing and realization of corrections of already marketed medical devices can contribute to this specific 290 hazardous situation of a correction. For example, immediate information (i.e. a customer letter) can be 291 provided to users, before further risk control measures are developed and validated. Where modifications or 292 replacement of medical devices is necessary, the speed of such ‘field corrective actions’ contributes to risk 293 reduction. 294

NOTE This immediate information is known as an Advisory Notice in ISO 13485 and as a Field Safety Notice in the 295 European MEDDEV 2.12.1. 296

In assessing post-production information, manufacturers should be alert for signals that might indicate there 297 are systemic problems with the risk management process. 298

ISO/CD 24971


299

Figure 1 – Production and Post-Production feedback Loop 300

5 Differentiation of information for safety and disclosure of residual risk 301

5.1 Difference between “information for safety” and “disclosure of residual risk” 302

The difference between “information for safety” and “disclosure of residual risks” is explained in Annex J of 303 ISO 14971:2007. However, experience of manufacturers has shown that there is confusion between these two 304 concepts. This guidance document tries to clarify these differences. 305

Information for safety is considered to be a risk control measure. It is instructive, and ISO 14971 requires it to 306 be verified for effectiveness. It can be provided in the form of warnings or (pre)cautions. 307

ISO/CD 24971


Residual risk is defined in ISO 14971:2007 as risk remaining after risk control measures have been taken. 308 Risk control measures include information for safety. 309

ISO 14971 requires that all information for safety be traceable in the risk management file. The decision of the 310 manufacturer regarding disclosure of residual risk can be recorded in the risk management file. 311

5.2 Information for safety 312

The information for safety is regarded as a risk control measure (subclause 6.2 c) of ISO 14971:2007), when it 313 is not feasible to make the device inherently safe by design or to apply other risk control measures. 314 Considerations on the feasibility can take into account the state of the art applied in similar medical devices on 315 the market, compliance with international standards, and acceptance of the residual risks by stakeholders. 316 The text for information for safety can be prescribed by local regulations. The verification of the effectiveness 317 of the information for safety can be performed by the usability engineering process (IEC 62366). 318

Information for safety needs to be instructive and should give the user a clear indication of what actions to 319 take or to avoid, in order to avoid a hazardous situation or harm from occuring. This is usually provided in the 320 form of warnings, (pre)cautions or disclaimers (see Annex J.2 of ISO 14971:2007). 321

5.3 Disclosure of residual risk 322

Disclosure of residual risk is descriptive and can provide background on the risks involved in using the 323 medical device. The aim is to disclose in the accompanying documents information necessary to the user, and 324 potentially the patient, in order to enable an informed decision which weighs the residual risks against the 325 benefits of the use of the device. (see Annex J.3 of ISO 14971:2007). 326

5.4 Examples of information for safety and residual risks 327

Information for safety can be given in the form of a warning label attached to medical devices. Some 328 examples are given here. 329

– Warning: do not step on surface. 330

– Warning: do not remove cover, risk of electric shock. 331

– Warning: use with caution. Serum samples containing more than 60 mg/dl hemoglobin will interfere with 332 the test principle, thereby limiting the diagnostic result. 333

The manufacture should consider means and media to disclose the residual risks and the overall residual risk. 334 This information can be significant in the process of clinical decision making. Within the framework of the 335 intended use, the operator or the user can decide in which clinical settings the medical device can be used to 336 achieve a certain benefit for the patient. The disclosure of the residual risks can also be useful for the operator 337 (user) or the hospital organization to prepare the patient for possible side effects or hazards that can occur 338 during or after the use of the medical device. Note that operator, user and patient can be the same person, for 339 example for medical devices used in the home healthcare environment. 340

Some examples are given here to illustrate the residual risks associated with using the medical device and 341 such side effects. 342

– Linear accelerators can be used to treat tumours. The residual risks of radiation therapy for tumours can 343 include erythema or epilation. 344

– When patients undergo magnetic resonance imaging (MRI), they sometimes experience anxiety due to: 345 being in an enclosed space, hearing the loud noise generated by the equipment, and needing to remain 346 still during imaging. 347

Additional examples of residual risk can be found in D.6.5 of ISO 14971. 348

ISO/CD 24971


6 Evaluation of overall residual risk 349

6.1 Overview 350

After the assessment of every identified separate hazardous situation, the manufacturer must then consider 351 the combined impact of the individual residual risks, and make a decision whether the overall residual risk 352 meets or exceeds the risk acceptability criteria stated in the risk management plan. This step is particularly 353 important for complex medical systems and for medical devices with a large number of individual risks. The 354 evaluation may be used for making a case that the product is safe. 355

Clause 7 of ISO 14971 requires that the overall residual risk be evaluated against the criteria stated in the risk 356 management plan. The challenge is that it can often be a difficult task to numerically add all individual residual 357 risks to determine the overall residual risk. This difficulty arises for the following reasons. 358

Even in the later stages of medical device development, confidence in the probability estimates can vary 359 considerably. Some probabilities are known precisely either from history with similar medical devices or from 360 testing. Other probabilities are only estimates and might be known very imprecisely or not at all, such as the 361 probability of a software failure. Also it is usually not possible to combine the severities of individual harms 362 within the broad categories usually used in risk analysis. 363

ISO 14971 does not specify that risk acceptability criteria for individual risks need to be the same as criteria 364 for overall risk acceptabilityThe criteria used to evaluate individual risks are usually based on the probability of 365 occurrence of particular types of harm. On the other hand, manufacturers can seek different methods for 366 evaluating overall residual risk that are consistent with the methods described in ISO 14971 and are based on 367 the policy for risk acceptability. 368

The manufacturer should seek different methods for evaluating overall residual risk that are consistent with 369 the methods described in ISO 14971, or establish a separate set of overall residual risk acceptability criteria 370 based on the policy for risk acceptability, or most likely do both. 371

Annexes D.4 and D.7 of ISO 14971:2007 list some possible general techniques or methods together with 372 considerations affecting their selection. Setting criteria based on the policy for risk acceptability is covered by 373 ISO14971 in general and guidance is found in Section 3 of this document. Both the criteria and the methods 374 associated with them should be stated in the risk management plan. This guidance is intended to help in 375 establishing such criteria and methods. 376

6.2 Inputs and other considerations for overall residual risk evaluation 377

First, all risk control measures should have been implemented and verified before the overall residual risk can 378 be evaluated. This means that all identified hazardous situations have been evaluated and that all risks have 379 been reduced to an acceptable level or have been accepted based upon a risk/benefit analysis. Some 380 examples of information and activities are presented below. These can be used as input to overall residual 381 risk evaluation and considerations that should be made in the determination of whether the overall residual 382 risk is acceptable. 383

a) The manufacturer can compare the medical device under review to similar marketed devices (see Annex 384 D.7.7 of ISO 14971:2007). In order for the manufacturer to make well considered conclusions about the 385 overall risk and benefits, up to date information on intended use and associated adverse events should 386 be reviewed, as well as information from the scientific literature, including information about clinical 387 experience. The key question is whether the medical device under review offers the same or better safety 388 as a medical device that can be considered to have an acceptable overall residual risk. 389

b) The manufacturer can also use experts outside of the manufacturer’s organization to provide expert 390 opinion on overall risks and benefits (see Annex D.7.8 of ISO 14971:2007). These experts can come from 391 a variety of disciplines, including those with clinical experience and those who market similar devices. 392 They can help the manufacturer take into account stakeholder concerns. Attention is drawn to the 393 requirements for training and experience described in Sub clauses 3.2 and 3.3, 3.4 b) and c), and Annex 394 A.2.3.3 of ISO 14971:2007. 395

ISO/CD 24971


c) Even though all individual risks should have been identified and accepted, some risks may need to be 396 analysed further as part of the overall residual risk evaluation. 397

One example could be that there are many risks that are close to being not acceptable. Hence, the 398 overall risk acceptability could be suspect and a further investigation can be appropriate for the medical 399 device and the associated risk management file. Another example can be that there are risks that are 400 interdependent with respect to either their causes or the risk controls applied. It should be noted that the 401 efficiency of related risk control measures can prove less effective in combination than individually. This 402 can also be true of risk control measures that are designed to counter multiple risks simultaneously. A 403 Fault Tree or Event Tree Analysis can be a useful tool to demonstrate such connections between the 404 risks and risk control measures used. 405

d) Other considerations for overall residual risk evaluation: 406

1) The results of usability evaluation or clinical experience during design validation testing can provide 407 useful information. One example is the failure to complete a task during usability testing. Another 408 example is information about side effects. 409

2) Visual representations of the residual risks can be useful. Each individual risk can be shown in a risk 410 chart such as those in D.3 and D.4 of ISO 14971:2007, giving a graphic view of the distribution of the 411 risks. If many of the risks are in the higher severity regions of the chart, or clusters of risks are 412 borderline, then even if each individual risk is acceptable, the distribution of the risks may be indicative 413 that the overall residual risk is not acceptable. 414

3) During overall residual risk evaluation, any individual risk/benefit analyses should be taken into 415 account. 416

4) When there have been trade-offs between risks in the risk analysis, this might be indicative that the 417 overall residual risk should be analysed more carefully. These are instances where one type risk 418 might have been allowed to increase somewhat in order that another risk was reduced. For example, 419 when the risk to one person (the user) is allowed to increase so that the risk to another (the patient) 420 can be reduced. This is called risk parallax. The evaluation may take the form of going through 421 related major risks, describing why the trade off balance is practical and why the combined risk level 422 of the risks in the trade off decision is acceptable. 423

The results of the overall residual risk evaluation form part of the risk management file. It can be beneficial to 424 document the rationale for the acceptance of the overall residual risk. 425

ISO/CD 24971


Annex A 426

(informative) 427

428

Use of international product safety standards in the application of 429

ISO 14971 430

Figure A.1 provides a flowchart that outlines the use of international product standards in the context of 431 ISO 14971. 432

Identify Hazards/Hazardous Situations (H/HS)

(4.3 of ISO 14971:2007)

Are the H/HSaddressed in international Product

Safety Standard(s)?

Apply full risk management (RM)

process according toISO 14971 for those

H/HS

How is itaddressed? Choose between

2 a), 2 b) or 2 c).

2 a): International Product Safety

Standard specifies requirements and provides specific

acceptance criteria?

Dorequirement(s) fully match the design including intended

use?

No need to estimate (4.4) or evaluate risk (5)

Identify risk control measure (6.2 - related to

the requirement of the standard) and implement

Verify implementation and effectiveness (6.3) by

performing test according to the standard

If the test passes, related residual

risk is considered acceptable (6.4)

Use of the requirements in

the standard CANNOT provide

presumption of risk acceptability

Apply full RM process according to ISO 14971 for

those H/HS

2 b): International Product Safety

Standard specifies requirements but does

not provide specific acceptance criteria?

Establish test acceptance criteria and document in

the risk management plan

2 c): International Product Safety

Standard identifiesH/HS but does not

provide requirements?


those H/HS

Yes

No

No

Yes

Dorequirement(s) fully match the design including intended

use?

Use of the requirements of

the standard CANNOT give presumption of

risk acceptability

No

Yes


those H/HS

No need to estimate (4.4) or evaluate risk (5)

Verify implementation and effectiveness (6.3) by

performing test according to the standard

If the test passes, related residual

risk is considered acceptable (6.4)

433 Figure A.1 — Flow of the use of international product safety standards 434

ISO/CD 24971


Annex B 435

(informative) 436

437

Examples of the use of an international product safety standard in the 438

application of ISO 14971 439

Figure B.1 is an example of the use of an international product safety standard that specifies requirements 440 and provides specific acceptance criteria. 441

442

Figure B.1 — Use of an international product safety standard that specified requirements and provides 443 specific acceptance criteria 444

ISO/CD 24971


Figure B 2 is an example of the use of an international product safety standard that specifies requirements but 445 does not provide specific acceptance criteria. 446

447

Figure B 2 — Use of an international product safety standard that specifies requirements but does not 448 provide specific acceptance criteria 449

ISO/CD 24971


Figure B 3 is an example of an international product safety standard that identifies a hazard or hazardous 450 situation but does not specify requirements/ 451

Hazardous situation identified - medical device applies a new kind of therapeutic acoustic pressure to patient (no

particular/specific standard applicable)

Yes: therapeutic acoustic pressure is an identified hazard, however there is no specific requirement(s)

Yes: IEC 60601-1:2005, Subclause 12.4.6

2 c)

Apply full RM process and verify compliance in the risk management file

Identify Hazards/Hazardous Situations(H/HS)

(4.3 of ISO 14971:2007)

Are the H/HSaddressed in International Product

Safety Standard(s)?

How is itaddressed? Choose between

2 a), 2 b) or 2 c)

2 c): International Product Safety Standard identifies H/HZ but does not provide

requirements?

Apply full RM process according to 14971 for those

H / HS

Yes

452

Figure B 3 — Example of an international product safety standard that identifies a hazard or 453 hazardous situation but does not specify requirements 454

455

456

457

guidance on the application of iso 14971.pdf

Documents

iso document

application of iso

iso international standard

1c2 iso tc

working document

document stage

iso member body responsible

committee document language