In this blog, we recap the “Understanding Integrated Risk Management for Medical Device” webinar.
Companies involved in developing medical devices understand the importance of risk management, but their approaches can vary significantly in terms of the time it takes to manage risk, the ability to connect risks to specific requirements and tests, and the capacity to pull together relevant documentation for an audit. To meet these challenges, medical device developers need a comprehensive approach to risk management.
In this presentation, industry and solution experts will explore how teams can integrate risk-based thinking into their product development lifecycle.
Attendees will learn more about:
- Risk management in the medical device industry
- Guidance and best practices to follow
- How to manage risk analysis
- The importance of risk traceability throughout project activities
Below is an abbreviated transcript and a recording of our webinar.
Understanding Integrated Risk Management for Medical Device
Mercedes Massana: So today we’re going to talk about risk management. First, we’ll start with the basics, the things we need to know to understand risk management, then we’ll talk about the elements of a risk management process, about some risk management tools that we can use, and then we’ll end with risk management and incorporating that into your traceability matrix.
So let’s start with the basics. So what is risk management? It’s the systematic application of management policies, procedures and practices to the task of analyzing, evaluating, controlling and monitoring risk. And in this case, we’re talking about product risk, not so much project risk, right? So all medical devices carry some level of risk, no matter how simple they are. There’s always some level of risk for the medical device, and we need to consider who can be hurt by the medical device. Who does this risk apply to? And that can be obviously the patient, but it can also be the operators or clinicians, right? The nurses. It could be bystanders, it could be service personnel working on the device. It could be even other equipment if we interfere with other medical equipment, and it could even be the environment.
Related: Requirements Debt: A Medical Product Program Risk
Mercedes Massana: It is the responsibility of the manufacturer to determine how much risk they’re willing to accept, or the market is willing to accept for the intended use of the device. So the regulatory agencies don’t tell you what is acceptable from a risk perspective, but it’s up to the manufacturer to determine that.
So why do we practice risk management? Well, first of all, it’s so that we can produce safe products and release only safe products, right? So we want to prevent safety-related problems in the field. Having to recall product is very bad for companies, right? There have been companies that have gone out of business because of safety issues in the field. Having a good, well-documented risk management file can substantiate due diligence if somebody tries to sue you, so you have the documents that can help support that you did the right things.
It can also encourage a defect-prevention mindset. So when you start practicing risk management early on in development, you start designing with defect prevention in mind. You want to prevent defects that can cause harm and risk. It helps you identify potential safety issues early while you can still influence the design, right? And then, from a regulatory perspective, documents from your risk management files are always needed for submissions, and in audits, most likely these documents would be presented in audits.
And then it also allows risk-based decisions to be made throughout the product life cycle. So we think of risk management just as the product and things we need in order to get regulatory approval or to have in an audit, but really, having a robust risk management file can help us make decisions and verification, validation in manufacturing, even for our suppliers and what controls we ask them to implement. So having a robust risk management file can really help us in every facet of product development.
Related: 3 Ways Requirements and Risk Management Continue After Market Launch
Mercedes Massana: So compliance is a big part of risk management. ISO 14971 is the application of risk management to medical devices. It is an FDA-recognized standard. It’s actually even called out in a couple of guidance documents from FDA, and it is referenced by a number of IEC standards. So we need to be compliant with ISO 14971 in order to get through FDA, and in order to achieve the CE mark. ISO 13485 mentions risk management 15 times, and it says that we must consider risk in supplier controls, for verification, for validation, in testing and traceability, for CAPA, even for training of personnel.
So this tells you how important risk management is to having a medical device, developing a medical device, and maintaining a safe device in the field. So risk management should be practiced first as a system-level activity, so we should start risk management from the top down. That means that very early in development, when we start our design efforts, we analyze the risk that the system can perform, just by knowing the intended use. We don’t even need to have a design. Then we attempt to mitigate those hazards and we drive risk controls through requirements that then get implemented in our design, so only the system can actually cause a hazard. The system might have many components, but unless I have all of the system put together, I can’t cause a hazard.
To watch the full webinar, visit: Understanding Integrated Risk Management for Medical Device