During the process of harmonisation of ISO 14971: 2007 as an EN standard, it became apparent that the standard did not comply with all the requirements of the Medical Devices Directives (MDDs), namely 90/385/EEC, 93/42/EEC and 98/79/EC. Seven discrepancies were identified; these discrepancies are described in EN 14971: 2012 as “Content Deviations”. This newsletter deals with Content Deviation No. 5: Risk Control Options.
Content Deviation #5: Risk Control Options
ISO 14971: 2007 requires the manufacturer to “use one or more of the following risk control options in the priority order listed:
(a) inherent safety by design;
(b) protective measures in the medical device itself or in the manufacturing process;
(c) information for safety”
but does not require that all three options be used; instead ISO 14971: 2007 implies that once the risk has been reduced As Low As Reasonably Practicable then further risk control measures need not be taken.
In contrast, Annex I of the Medical Device Directive 93/42/EEC requires the manufacturer “to select the most appropriate solutions” by applying cumulatively what has been called “control options” in ISO 14971. The MDDs do not regard these control mechanisms as options or alternatives but as three separate control mechanisms that must be applied in consort to reduce the associated risk as far as possible.
It must also be remembered (as outlined in our previous newsletters) that the manufacturer must not stop reducing a risk when it has reached an acceptable level, but that the risk must be reduced as low as possible irrespective of the risk magnitude. When complying with the Medical Devices Directives the only justifications for not implementing a control are that either the control in question will not reduce the risk any further or that it may give rise to a new risk which is less desirable than the risk which it is intended to control.
It can therefore be concluded that risk acceptability has no impact upon whether or not risk controls are necessary. Traditional FMEA-based methods of risk analysis have included an evaluation of the risk – both before and after the implementation of risk controls measures. Under ISO 14971: 2012 and the MDDs there is no need to perform a risk evaluation prior to the implementation of risk control measures. However, manufacturers may still want to show in the FMEA the effect of risk control measures on the RPN in order to support their claim that the risk has been reduced as far as possible. Therefore it may be a good idea to leave the before and after RPN calculations in the FMEA document but to omit any reference to the acceptability or otherwise of the risk in question prior to the application of control measures. Many risk management procedures that are based on the 2007 version of the standard contain a flowchart describing the risk management process; the preliminary risk evaluation step should be removed from the flowchart in addition to removing it from the risk management procedures and the FMEA, templates and records.
The impact of Content Deviation # 5 is to require the manufacturer to implement multiple control measure whereas in the past, one control measure may have been considered sufficient. For example; a manufacturer of a device which incorporates a heating element may have previously considered that the design of the device was sufficient to minimise the possibility of the device overheating and therefore the risk to the patient had been reduced to an acceptable level. Such a manufacturer is required under the MDD to explore means of protecting the patient from overheating in the (unlikely) event that it occurs and to consider including a warning in the IFU detailing the risk of possible device overheating, and the precautions to be taken. In many cases the manufacturer will already have done both of the above, but a review of a company’s risk analysis documents such as FMEAs will almost inevitably reveal risks for which the application of all three types of control measures has not been considered. Additionally, the manufacturer must explore if there are any further design controls necessary to reduce the risk as far as possible (and not just to an acceptable level).
The outcome of actions taken to deal with Content Deviation # 5 will mean additional design controls, increased protective measures and alarms, and longer, more detailed IFUs. However, additional measures must only be taken if they will actually reduce risk and will not give rise to additional or alternative risks that are equally or more undesirable.
In order to comply with Content Deviation # 5, manufacturers must do the following;
- Revise risk management procedures to require that all three types of risk control are utilised. Remove the risk management process step of risk evaluation prior to the application of risk control measures.
- Review and update risk management documentation to ensure that all three types of risk control measures have been applied and that risks have been reduced as far as possible.
- Review the information given to the user and in particular the IFU to ensure that all information that is necessary for reducing risk as far as possible, has been given to the user in a manner that is easily understood and can be easily acted upon.
In this newsletter we looked at the implications of Content Deviation # 5 and the requirement of the MDDs to implement all three types of control measures; design controls, protection measures and the giving of information to the user.
Abbreviations used in this newsletter:
FMEA: Failure Modes and Effects Analysis
IFU: Instructions for Use
MDD: Medical Devices Directive
RPN: Risk Priority Number