Medical Device Risk Management

ISO 14971
Dan OLeary
President
Ombu Enterprises, LLC
Dan@[Link]
[Link]

OMBU
ENTERPRISES, LLC
Risk Management - ISO 14971

Ombu Enterprises, LLC

Speaker Biography

Dan OLeary
Dan OLeary is President of Ombu Enterprises, LLC, an education,
training, and consulting company focusing on Operational Excellence
using analytical skills and a systems approach to operations
management.
Dan has more than 30 years experience in quality, operations, and
program management in regulated industries including aviation,
defense, medical devices, and clinical labs.
He holds a Masters Degree in Mathematics; is an ASQ certified
Biomedical Auditor, Quality Auditor, Quality Engineer, Reliability
Engineer, and Six Sigma Black Belt; and is certified by APICS in
Resource Management.

Ombu Enterprises, LLC

Ombu works with small manufacturing companies, offering training and
execution in Operational Excellence. Focusing on the analytic skills and
systems approach of operations management, Ombu helps companies
achieve efficient, effective process and regulatory compliance.

Risk Management - ISO 14971

Ombu Enterprises, LLC

Outline
Status of ISO 14971:2007
Links to regulatory requirements (QSR & ISO 13485)
Overview of ISO 14971:2007
Q&A session
Summary and Conclusions
Questions
Risk Management - ISO 14971

Ombu Enterprises, LLC

Our Class

Our approach is casual

Write your name on a table tent

Turn off your cell phones during the class

Ask lots of questions

Bring examples from your experience

Participate

Have fun!

Risk Management - ISO 14971

Ombu Enterprises, LLC

Participant Introduction
Your Name
Your company
Your job title
Something about the Risk and Hazard Assessment for
Medical Devices issues you face in your company
Something about Risk and Hazard Assessment for
Medical Devices that you want to know
Risk Management - ISO 14971

Ombu Enterprises, LLC

Dan OLearys Biography

Dan has more than 30 years experience in quality,
operations, and program management in regulated
industries including aviation, defense, medical devices,
and clinical labs.
Dan earned a Masters Degree in Mathematics
Dan is an ASQ certified Biomedical Auditor, Quality
Engineer, Reliability Engineer, and Six Sigma Black
Belt. He is certified by APICS in Resource
Management.
Risk Management - ISO 14971

Ombu Enterprises, LLC

The Current Status of

ISO 14971:2007

Risk Management - ISO 14971

Ombu Enterprises, LLC

ISO 14971:2007 Development

ISO 14971:2007 is the second edition
It replaces the year 2000 edition (ISO 14971:2000)
It also replaces amendment 1 to the 2000 edition
(ISO 14971:2000/Amd 1:2003)

The second edition was published on March 1,

2007
ISO 14971 is managed by ISO TC 210 Quality
management and corresponding general
aspects for medical devices
Risk Management - ISO 14971

Ombu Enterprises, LLC

FDA Recognition Status

The FDA recognized the current version on Sep. 12,
2007.
Their recognition extends to the whole standard
A declaration of conformity means that
(1) a process appropriate for medical devices and their
accessories, including in vitro diagnostic devices, has been used
to identify hazards and hazardous situations, estimate and
evaluate the risks, control those risks including overall residual
risk, and monitor the effectiveness of the controls, and
(2) criteria based upon applicable national or regional
regulations, relevant international Standards, information such
as the generally accepted state of the art, and known
stakeholder concerns was used to determine risk acceptability.
Risk Management - ISO 14971

Ombu Enterprises, LLC

EN ISO 14971 Status

EN ISO 14971:2009
The current version is EN ISO 14971:2009
Medical devices - Application of risk
management to medical devices (ISO
14971:2007, Corrected version 2007-10-01)
Conformity to EN ISO 14971:2007 expired on
March 21, 2010

Risk Management - ISO 14971

Ombu Enterprises, LLC

10

EN ISO 14971 Versions

Many EN standards start with an ISO version
Various standards bodies may adopt them, add
information, and renumber them.
ISO 14971:2007

EN ISO 14971:2007

EN ISO 14971:2009

CEN doesnt sell standards; purchase them through national standards

bodies. As a result, the standards are renumbered (again).
I.S. EN ISO 14971:2009
BSI EN ISO 14971:2009
DIN EN ISO 14971:2009
Risk Management - ISO 14971

Ombu Enterprises, LLC

11

Links to Regulatory
Requirements
(QSR & ISO 13485)

Risk Management - ISO 14971

Ombu Enterprises, LLC

12

QSR Requirements for Risk

Analysis
The FDA requires risk assessment as part of
design validation. (820.30(g))
Design validation means establishing by
objective evidence that device specifications
conform with user needs and intended use(s).
(820.3(z)(2))
Since medical devices need to both safe and
effective, risk management, starting in the
design phase, is a natural approach.
Risk Management - ISO 14971

Ombu Enterprises, LLC

13

ISO 13485:2003 & Risk

Management
Clause 7.1 requires, . . . risk management
throughout product realization.
In addition, Records arising from risk management
shall be maintained
The standard recommends ISO 14971 for guidance
related to risk management.

Clause 7.3.2 says that design and development

inputs include risk management outputs.
Risk Management - ISO 14971

Ombu Enterprises, LLC

14

An Overview of
ISO 14971:2007

Risk Management - ISO 14971

Ombu Enterprises, LLC

15

The Risk Management Flow

Risk
Risk Analysis
Analysis
Clause
Clause 44

Risk
Risk Evaluation
Evaluation
Clause
Clause 55

Risk
Risk Control
Control
Clause
Clause 66

Residual
Residual Risk
Risk
Evaluation
Evaluation
Clause
Clause 77

Risk
Risk
Management
Management
Report
Report
Clause
Clause 88

Production
Production &
&
Post-production
Post-production
Information
Information
Clause
Clause 99

Risk assessment

Risk management

Adapted from ISO 14971:2007 Figure 1

Risk Management - ISO 14971

Ombu Enterprises, LLC

16

Risk Management Plan

Risk management activities need an overall
plan
The risk management plan has standard
elements:

Scope (including the life-cycle)

Responsibilities and authority
Review requirements for risk management
Risk acceptability criteria
Risk verification
Production activity data collection and review
Post-production activity data collection and review

Risk Management - ISO 14971

Ombu Enterprises, LLC

17

Risk Management File

The documents and quality
records are maintained in the
Risk Management File.
Think of this as a filing cabinet
containing information about
the risk management program
In practice, it is usually a variety of
documents, often in different
formats (text files, spreadsheets,
etc.)

You must be able to readily

retrieve documents and
records of the Risk
Management File.
Risk Management - ISO 14971

Ombu Enterprises, LLC

18

Risk Analysis (Clause 4)

Document both the intended use and
foreseeable misuse of the device
Identify known and foreseeable hazards
associated with the device
Estimate the risk for each hazardous
situation
Hazard + Sequence of events Hazardous Situation
Severity Probability Risk
Risk Management - ISO 14971

Ombu Enterprises, LLC

19

Risk Evaluation (Clause 5)

The Risk Management Plan defines risk evaluation
criteria for each hazardous situation
Evaluate each hazardous situation, individually, against
the criteria in the Risk Management Plan

If risk reduction is required,

follow clauses 6.2 to 6.6

If risk reduction is not

required, go to clause 6.7

Example
A Risk Management Plan defines five risk levels, 1 to 5, and shows how to
calculate them using severity and probability.
Any risk of level 4 or 5 must be reduced to level 1, 2, or 3.
Risk Management - ISO 14971

Ombu Enterprises, LLC

20

Risk Control (Clause 6)

Hazardous
Hazardous
Situation
Situation
Identified
Identified

Risk
Risk Estimated
Estimated

Risk
reduction
required?

Yes

Option
Option
Analysis
Analysis
(6.2)
(6.2)

Implementation
Implementation
(6.3)
(6.3)

Residual
Residual
Risk
Risk
(6.4)
(6.4)

Risk
Risk
Benefit
Benefit
(6.5)
(6.5)

New
New
Risks
Risks
(6.6)
(6.6)

No
Completeness
Completeness
Check
Check
(6.7)
(6.7)

Overall
Overall
Risk
Risk
(7)
(7)

Risk Management - ISO 14971

Ombu Enterprises, LLC

21

Residual Risk Evaluation

(Clause 7)
The Risk Management Plan defines risk
evaluation criteria for overall risk
After the risk control measures are
implemented and validated, review the
overall risk
If the overall risk is unacceptable,
determine if the medical benefits outweigh
the overall residual risk
Risk Management - ISO 14971

Ombu Enterprises, LLC

22

Risk Management Report

(Clause 8)
Prior to release of the device, you need to review the risk
management process.
The review ensures:
The Risk Management Plan is implemented
Overall residual risk is acceptable
Measures are in place to obtain production and post-production
information

The reviews results become the Risk Management

Report, and is included in the risk management file

Risk Management - ISO 14971

Ombu Enterprises, LLC

23

Production & Post-production

Information (Clause 9)
Collect information about your device in the
production phase.
Review acceptance data
Look closely at validated processes and their controls

In the post-production phase review:

Installation and servicing reports

Customer complaints
New or revised standards
Public information, including similar medical devices

Risk Management - ISO 14971

Ombu Enterprises, LLC

24

An Example to Keep in Mind

The Neonatal Heel Stick

Risk Management - ISO 14971

Ombu Enterprises, LLC

25

The example helps illustrate the

concepts
Neonates (babies under 1 month of age) are
routinely tested for metabolic diseases.
A nurse draws a sample of blood from the
babys heel, places it on filter paper, and allows
it to dry.
The dried blood spot is sent to a laboratory for
testing.
Risk Management - ISO 14971

Ombu Enterprises, LLC

26

The Heel Stick

The nurse uses a lancet to draw the blood in a
process called a heel stick.
In this application, the chemical pack is a medical
device in the US.
To make the heel stick easier,
the nurse warms the babys heel,
often using a chemical pack.
The technology is a familiar
heat generating chemical pack,
activated by squeezing or mixing.
Risk Management - ISO 14971

Ombu Enterprises, LLC

27

Product Description

Early in 2009, the FDA published a note describing problems with

the heel warmer.

The Infant Heel Warmer:

Is an instant chemical heat pack. It increases capillary circulation in an
infants heel to facilitate blood collection by heel stick.
[It is a] nonsterile, single-use, disposable device contain[ing] a nontoxic
material.
Device activation results in an exothermic reaction with a maximum
temperature of around 104F (40C) within the first few minutes before it
gradually diminishes.

In the US it is
A Class I device
For infant use, it requires a 510(k)

Risk Management - ISO 14971

Ombu Enterprises, LLC

28

Potential Product Problems

Based on Medical Device Reports (MDRs), the FDA
cited four cases.
Case 1:An infant suffered second to third-degree burns to the
heel requiring treatment.
Case 2:Twins with hyperbilirubinemia were being prepared for a
heel-stick procedure. The heel warmer ruptured, its contents
covered the infants, and they suffered first and second-degree
burns.
Case 3:An infant received a second degree burn when the
device was reused and reheated contrary to labeling
instructions.
Case 4:When the nurse activated the infant heel warmer, it burst
open and splashed her in her eyes. The infant wasnt hurt, but
the nurse required emergency eye wash and ophthalmic
antibiotics.
Risk Management - ISO 14971

Ombu Enterprises, LLC

29

Definitions
Clause 2

Risk Management - ISO 14971

Ombu Enterprises, LLC

30

The Components of Risk

Hazards, set off by a sequence of events, create Harm.
Severity & Probability combine to measure Risk.
Hazard
Hazard

Hazardous
Hazardous
Situation
Situation

Harm
Harm

Severity
Severity of
of
the
the Harm
Harm
Risk
Risk

Sequence
Sequence
of
of Events
Events

Probability
Probability of
of
Occurrence
Occurrence
of
of the
the Harm
Harm

Adapted from ISO 14971:2007, Annex E

Risk Management - ISO 14971

Ombu Enterprises, LLC

31

Definitions Hazard
Hazard - potential source of harm
Discussion
The manufacturer identifies device hazards. The standard creates a potential
22 classification for hazards they could be known or foreseeable; they
could arise in normal or fault condition.
Example
The FDA advice identifies 3 hazards:
Excessive heat
Rupture
Improper reuse

Known

Foreseeable

Normal
Condition
Fault
Condition

Risk Management - ISO 14971

Ombu Enterprises, LLC

32

Definitions Hazardous Situation

Hazardous situation circumstance in which people, property, or the
environment are exposed to one or more hazard(s)
Discussion
A hazard is potential, and doesnt arise until set off by a sequence of events.
It then becomes a hazardous situation allowing exposure to the hazard. A
hazardous situation can occur in normal operation or in a fault condition.
Example
Postulated sequences allowing a hazardous situation:
Excessive heat
Chemical mix is incorrect
Use of a blanket, contrary to manufacturers instructions
Rupture
Incorrect seal strength
Improper reuse
Reuse of a single use device, contrary to manufacturers instructions
Risk Management - ISO 14971

Ombu Enterprises, LLC

33

Definitions Harm
Harm physical injury or damage to the health of people, or damage to
property or the environment
Discussion
Harm is the actual injury or damage that occurs from a hazardous situation.
Harm arises from a hazardous situation.
Example
Excessive heat
Thermal burn of the skin
Rupture
Thermal burn of the skin
Chemical burn of the skin, eyes, etc.
Improper reuse
See excessive heat
See rupture

Risk Management - ISO 14971

Ombu Enterprises, LLC

34

Definitions Severity
Severity measure of the possible consequences of a hazard
Discussion
When harm occurs, it can have different levels of seriousness. Severity is the
measure of seriousness of the harm.
Example
Thermal Burn
First degree
Second degree
Third degree
Chemical Burn
Skin
Eyes

Risk Management - ISO 14971

Example
These instance must be
converted to the manufacturers
description of severity. This is
often a qualitative approach.

Ombu Enterprises, LLC

35

Definitions Probability of Occurrence

Probability of occurrence the likelihood that the harm occurs with the stated
severity
Discussion
Some harms are less likely to occur than others. In addition, harms with
different severity usually have different likelihood of happening.
Example
Thermal burn resulting from incorrect chemical mix Very Low
Thermal burn resulting from use of a blanket Low
Thermal burn resulting from a burst package Very Low
Chemical burn resulting from a burst package Very Low

Risk Management - ISO 14971

Ombu Enterprises, LLC

36

Definitions Risk
Risk combination of the probability of occurrence of harm and the severity of
that harm
Discussion
Risk combines two factors, usually in a qualitative approach. Risk increases
with the severity of the harm. It also increases with the probability of
occurrence of the harm. Risk is often expressed as a specialized
multiplication table.
Example
Burst package results in 3rd
degree (thermal) burn of a nurse.
Severity: Significant
Probability: Low
Risk: Medium

Risk Management - ISO 14971

Severity of Harm

Probability
of
Occurrence

Negligible

Moderate

Significant

High

Medium

Medium

High

Medium

Low

Medium

Medium

Low

Low

Low

Medium

Ombu Enterprises, LLC

37

Developing the Risk

Management Plan
Clause 3.4
Annex F

Risk Management - ISO 14971

Ombu Enterprises, LLC

38

Role of the Risk Management Plan

The Risk Management Plan provides the
overarching approach to the managing risk.
It can take a variety of forms
Stand alone document
Integrated into QMS documents
Refer to other documents

The structure and detail should relate to the

medical device risk.
Risk Management - ISO 14971

Ombu Enterprises, LLC

39

Scope of the Plan

Design
Design &
&
Development
Development

The scope needs to

identify
the medical device (or
family)
and the life cycle

Process
Process
Validation
Validation

Risk
Assessment
& control

Production
Production
Life Cycle of the
Heel Warmer
Example

Pick,
Pick, Pack
Pack &
&
Ship
Ship

Production
information

Warehouse
Warehouse

The risk management

activities are mapped
to the life cycle

Activate
Activate
Apply
Apply to
to
Neonate
Neonate

Post - production
information

Dispose
Dispose
Risk Management - ISO 14971

Ombu Enterprises, LLC

40

Assign Responsibility and Authority

Risk Mgmt. Plan

Assign roles and their responsibilities

Examples include:

Reviewer
Approval authority
Expert
Verification specialist

Follow the roles and responsibilities in the design project to avoid

confusion

The RASI Matrix is a useful tool for tasks

Responsible
Support

Risk Management - ISO 14971

Authority
Inform
Ombu Enterprises, LLC

41

Criteria for Risk Acceptability

Risk Mgmt. Plan

The Risk Management Plan needs two

sets of criteria
One arises from the risk assigned to each
hazardous situation
The other arises from the overall risk

Risk Management - ISO 14971

Ombu Enterprises, LLC

42

Concept of Risk

Risk Mgmt. Plan

Increasing Probability

The concept of risk starts with continuous Probability and Severity dividing the
Risk area into regions.

Unacceptable

As low as
reasonably
practicable

Acceptable
Increasing Severity

Risk Management - ISO 14971

Ombu Enterprises, LLC

43

But more often becomes a table

Risk Mgmt. Plan
...
Severity Levels

Probability Levels

Term

Description

Term

Description

Catastrophic

Results in death

Frequent

Happens often

Critical

Results in permanent impairment to

life-threatening injury
Results in injury or impairment
requiring medical intervention
Results in injury or impairment not
requiring medical intervention
Inconvenience or temporary
discomfort

Probable

Likely to happen

Occasional

Can happen, but not likely

Remote

Unlikely to happen

Improbable

Highly unlikely to happen

Serious
Minor
Negligible

Risk Management - ISO 14971

Ombu Enterprises, LLC

44

. . . that represents risk

Risk Mgmt. Plan

Severity Levels

Probability
Levels

Negligible

Minor

Serious

Critical

Catastrophic

Frequent

R2

R2

R3

R3

R3

Probable

R2

R2

R2

R2

R3

Occasional

R2

R2

R2

R2

R3

Remote

R1

R1

R2

R2

R3

Improbable

R1

R1

R2

R2

R3

R1 Acceptable risk
R2 As Low As Reasonably Practicable
R3 Unacceptable

Risk Management - ISO 14971

Each company must develop its own

risk analysis system.
The risk matrix may differ by product.
For example, a risk matrix for a heel
warmer may not be adequate for an
automatic defibrillator.
Ombu Enterprises, LLC

45

Overall Residual Risk Evaluation

Risk Mgmt. Plan

If each risk is low, then the residual risks should be low.

When residual risk remains, it should be evaluated by
specialists with knowledge of the device.
If the residual risk is too high, it may be offset by the
medical benefit.
X-rays cause damage to tissue, but the diagnostic benefit
outweighs the risk.

Risk Management - ISO 14971

Ombu Enterprises, LLC

46

Verification Activities
Risk Mgmt. Plan

The standard says there are two distinct

verification activities
Ensure the risk control measures are implemented in
the final design.
Ensure the implemented risk control measures
actually reduce the risk.

The Risk Management Plan explains how to

conduct these verifications.
Risk Management - ISO 14971

Ombu Enterprises, LLC

47

Production Activity
Data Collection and Review
Risk Mgmt. Plan

The Plan describes how

you will collect and review
data from production
activities
Some production activities,
if performed incorrectly
could increase risk
Identify them and monitor
process results
Pay particular attention to
processes that must be
validated
Risk Management - ISO 14971

Our example
The chemical mix
determines the
temperature of the heal
warmer. Monitor mix
parameters.
One would expect
destructive testing for seal
strength and temperature
profile. Monitor the results
of these tests.

Ombu Enterprises, LLC

48

Post-production Activity
Data Collection And Review
Risk Mgmt. Plan

The plan describes how you will collect and review post-production
activity

Include the following areas in data collection:

Customer complaints
Installation reports
Servicing reports
FDAs Adverse Event reports
Professional literature

For each item collected, review the hazard, hazardous situation,

and risk
The new information may lead you to update the previous analysis and
conclusion

Risk Management - ISO 14971

Ombu Enterprises, LLC

49

Performing Risk Analysis

Clause 4

Risk Management - ISO 14971

Ombu Enterprises, LLC

50

Risk Analysis Methodology

This is a systematic approach to determine risk
List every hazard (know or foreseeable)
List the associated hazardous situations
List the chain of events that creates each hazardous
situation
Identify the potential harm(s)
Estimate the severity and probability
Calculate the risk, using the Risk Management Plan

Risk Management - ISO 14971

Ombu Enterprises, LLC

51

This approach lends itself to a

spreadsheet
Hazardous
Situation

Potential
Harms

Severity Probability

Risk

* Operator error setting up

sealing machine
* Weak seal
* Nurse agressively mixes
Pouch bursts the pouch

Pouch spills
hot contents

Second degree
thermal burn

Serious Occasional

R2

* Nurse reheats the pouch

* Aggressive mixing breaks
seal

Pouch spills
hot contents

Second degree
thermal burn

Serious

R2

Hazard

Chain of
events

Remote

The spreadsheet could contain many rows.

Notice that a hazard could have more than one chain of events.

Risk Management - ISO 14971

Ombu Enterprises, LLC

52

Identifying hazards can be difficult

The standard has a number of helpful aids
Annex C helps identify device characteristics that may
impact safety
Table E.1 provides a list of potential hazards
Table E.2 offers a list of potential initiating events
Table E.3 shows examples of hazards, chain of
events, hazardous situations, and harm
Annex H provides additional information for in vitro
diagnostic devices

Risk Management - ISO 14971

Ombu Enterprises, LLC

53

Risk Evaluation
Clause 5

Risk Management - ISO 14971

Ombu Enterprises, LLC

54

The Prior Work Simplifies Risk

Evaluation
The Risk Management Plan contains the criteria
for acceptable risk
Risk Analysis determined the risk for each
hazardous situation
Application of the criteria to each hazardous
situation determines the need for risk reduction
Risk Management - ISO 14971

Ombu Enterprises, LLC

55

Recall Our Previous Flow Chart

Hazardous
Hazardous
Situation
Situation
Identified
Identified

Risk
Risk Estimated
Estimated

Risk
reduction
required?

Yes

Option
Option
Analysis
Analysis
(6.2)
(6.2)

Implementation
Implementation
(6.3)
(6.3)

Residual
Residual
Risk
Risk
(6.4)
(6.4)

Risk
Risk
Benefit
Benefit
(6.5)
(6.5)

New
New
Risks
Risks
(6.6)
(6.6)

No
Completeness
Completeness
Check
Check
(6.7)
(6.7)

Overall
Overall
Risk
Risk
(7)
(7)

Risk evaluation (Clause 5)

for each identified hazardous
situation
Risk Management - ISO 14971

Ombu Enterprises, LLC

56

Risk Control
Clause 6

Risk Management - ISO 14971

Ombu Enterprises, LLC

57

Risk Reduction (when required) Clause 6

Option Analysis
(6.2)

Select risk control measures in the specified order:

inherent safety by design protective measures
safety information

Implementation
(6.3)

Implement the selected risk control measures

Verify implementation of each risk control measure
Record the results in the risk management file

Residual Risk
(6.4)

After implementation of risk control measures

Evaluate residual risk by the risk management plan
If necessary, apply further risk control measures

Risk Benefit
(6.5)

Decide if medical benefits outweigh the risk when:

Residual risk is not acceptable
Further risk control is not practicable

New Risks
(6.6)

Determine if risk control introduced any new risks

Check if previously estimated risks are affected

Risk Management - ISO 14971

Ombu Enterprises, LLC

58

Risk Control Completeness Check

Clause 6
Completeness
Check (6.7)

Risk Management - ISO 14971

Ensure the risks from all identified hazardous

situations are considered.

Ombu Enterprises, LLC

59

Evaluation of Overall Residual

Risk Acceptability
Clause 7

Risk Management - ISO 14971

Ombu Enterprises, LLC

60

This is a Broad View of Risk

Previously we evaluated the risk of each
hazardous situation
If it didnt meet the criteria we reduced the risk
We also cycled through all the hazardous
situations to evaluate impacts

Now we take a broader view to evaluate

the whole device
Risk Management - ISO 14971

Ombu Enterprises, LLC

61

Use Expert Opinion to Review

and Decide
Overall residual
risk acceptable?

Yes

No

Medical benefits
outweigh risk?

Yes

No

STOP THE PROJECT

Risk Management - ISO 14971

Disclose overall risk

Ombu Enterprises, LLC

62

Disclosing Overall Risk

Annex J offers guidance on communicating risk
Information for safety is the least preferred method
Recall the priority order: inherent safety by design protective
measures safety information

Identify who receives the information and how

Explain the risk, the consequences of exposure, and
how to prevent the harm

Risk Management - ISO 14971

Ombu Enterprises, LLC

63

The GHTF Guidance

Implementation of risk management
principles and activities within a Quality
Management System

Risk Management - ISO 14971

Ombu Enterprises, LLC

64

Purpose and Overview

The GHTF Guidance focuses on integrating Risk
Management into the Quality Management
System (QMS).
The scope of ISO 14971 says
This International Standard does not require that the
manufacturer have a quality management system in
place. However, risk management can be an integral
part of a quality management system.

Risk Management - ISO 14971

Ombu Enterprises, LLC

65

Phases of Risk
1st Phase

Acceptable levels of risk

A policy or procedure determines risk acceptability criteria
It is derived from experience and research on currently
accepted risk levels

2nd Phase

Risk analysis
Identify hazards in normal use or foreseeable misuse
Estimate the for each identified hazard

3rd Phase

Compare risks to acceptability criteria

Determine the need for risk reduction, if necessary
Determines the appropriate level of required risk reduction

4th Phase

Risk control and monitoring activities

Activities can begin as early as design input, and continues
through manufacturing, distribution, installation, and
servicing. Activities cover the device life cycle.

Risk Management - ISO 14971

Ombu Enterprises, LLC

66

The Guidance Covers Areas of the QMS

Management Responsibilities
Outsourcing
Planning
Design and Development
Traceability
Purchasing Control and Acceptance Activities
Production and Process Controls
Servicing
Analysis of Data
Corrective and Preventive Actions (CAPA)

Risk Management - ISO 14971

Ombu Enterprises, LLC

67

Two Areas are Worthy of Note

Design and
Development
The guidance covers
each area of design and
development.
Annex B contains a
detailed flowchart placing
risk management
activities in the design
and development
process

Risk Management - ISO 14971

CAPA
The guidance contains a
detailed flowchart integrating
risk management into the
CAPA process.
The flowchart identifies key
quality data points:
Service Reports
Product Complaints
Manufacturing
Nonconformities/Defects
Engineering
Nonconformities/Defects
Quality System
Nonconformities/Defects
Ombu Enterprises, LLC

68

Tools for Risk Management

Failure Modes and Effects Analysis
Fault Tree Analysis
Hazard Analysis and Critical Control Point

Risk Management - ISO 14971

Ombu Enterprises, LLC

69

Failure Modes and Effects

Analysis (FMEA)
This is a standard reliability technique adapted
to risk analysis.
In risk analysis, there is a very important
consideration. Hazards and Harms do not
require failure!
Evaluate risk management in normal, single
fault, and multiple fault conditions.
Risk Management - ISO 14971

Ombu Enterprises, LLC

70

The Standard Method

A large spreadsheet where each row relates to a hazard.
Typical column entries include:

Function
Hazard
Harm
Mode (Normal, single fault, or multiple fault)
Severity
Occurrence
Detection
Risk Priority Number (Determine by severity, occurrence, &
detection as defined in the Risk Management Plan)
Mitigation
Responsibility
Verification

Risk Management - ISO 14971

Ombu Enterprises, LLC

71

Fault Tree Analysis (FTA)

A Fault Tree is a logic diagram showing
the paths to an event
The event under study is called the Top
Event
The causes of the Top Event are
diagramed using standard logic gate
symbols
Risk Management - ISO 14971

Ombu Enterprises, LLC

72

Logic Symbols
AND
The output event occurs when all input
events occur at the same time

OR
The output event occurs when at least one
of the input events occur

Risk Management - ISO 14971

Ombu Enterprises, LLC

73

A Fault Tree
Pump Failure

Bearing Failure

Motor Failure

Seal Failure

Valve Failure

A coupling failure causes a motor failure

A motor failure causes a pump failure
Coupling Failure

Electrical Failure
A power failure AND battery
exhausted cause an electrical failure

Power Failure

Risk Management - ISO 14971

Battery Exhausted

Ombu Enterprises, LLC

74

Fault Tree Analysis (FTA) Steps

Fault Tree Analysis usually involves five steps:
1. Define the undesired event to study, the Top Event

State the undesired event that can cause risk

2. Understand the system

Describe the events that could allow the Top Event to happen. For each event determine the
what would cause it. Continue to analyze the system.

3. Construct the fault tree

After selecting the undesired event and analyzed the system to identify the causal events,
construct the Fault Tree. Describe the events and their relationships using AND and OR
gates. More complex gates are also possible.

4. Evaluate the fault tree

Evaluate the Fault Tree. Look for possible improvements that can mitigate, reduce, or
eliminate the events. Identify all possible hazards affecting in a direct or indirect way the
system.

5. Control the hazards identified

After identifying the events and hazards, determine methods to decrease the probability of
occurrence.

Risk Management - ISO 14971

Ombu Enterprises, LLC

75

Hazard Analysis and Critical Control

Point (HACCP)
HACCP is a system to prevent problems, rather
than finding them by inspection at the end of the
production process.
HACCP is used by US regulatory agencies (FDA
and USDA) to help protect the food supply
HACCP is based on seven principles described in
the FDAs Hazard Analysis and Critical Control
Point Principles and Application Guidelines
Risk Management - ISO 14971

Ombu Enterprises, LLC

76

HACCP Principles

Principle 1: Conduct a hazard analysis

The hazard analysis develops a list of significant hazards that they are
reasonably likely to cause injury or illness if not effectively controlled.

Principle 2: Determine the critical control points (CCPs)

A critical control point is a step at which control can be applied to
prevent or eliminate a hazard or reduce it to an acceptable level.

Principle 3: Establish critical limits

A critical limit is a maximum and/or minimum value to which a
parameter must be controlled at a CCP to prevent, eliminate or reduce
to an acceptable level the occurrence of a hazard. A critical limit is used
to distinguish between safe and unsafe operating conditions at a CCP.

Risk Management - ISO 14971

Ombu Enterprises, LLC

77

HACCP Principles (cont.)

Principle 4: Establish monitoring procedures
Monitoring is a planned sequence of observations or
measurements to assess whether a CCP is under control and to
produce an accurate record for future use in verification.
Monitoring serves three main purposes.
Monitoring facilitates tracking of the operation. If monitoring
indicates that there is a trend towards loss of control, then action
can be taken to bring the process back into control before a
deviation from a critical limit occurs.
Monitoring is used to determine when there is loss of control and a
deviation occurs at a CCP, i.e., exceeding or not meeting a critical
limit. When a deviation occurs, an appropriate corrective action
must be taken.
Monitoring provides written documentation for use in verification.

Risk Management - ISO 14971

Ombu Enterprises, LLC

78

HACCP Principles (cont.)

Principle 5: Establish corrective actions
The HACCP system identifies hazards and establishes
strategies to prevent, eliminate, or reduce their occurrence.
Deviations from established processes may occur, so if there is
a deviation from established critical limits, corrective actions are
necessary. Specific corrective actions should be developed in
advance for each CCP and included in the HACCP plan
Corrective actions should include the following elements:
(a) determine and correct the cause of non-compliance;
(b) determine the disposition of non-compliant product and
(c) record the corrective actions that have been taken.

Risk Management - ISO 14971

Ombu Enterprises, LLC

79

HACCP Principles (cont.)

Principle 6: Establish verification procedures
Verification is defined as those activities, other than monitoring,
that determine the validity of the HACCP plan and that the
system is operating according to the plan.

Principle 7: Establish record-keeping and documentation

procedures
Generally, the records maintained for the HACCP System should
include the following:
A summary of the hazard analysis, including the rationale for
determining hazards and control measures
The HACCP Plan
Support documentation such as validation records
Records that are generated during the operation of the plan
Risk Management - ISO 14971

Ombu Enterprises, LLC

80

Summary & Conclusions

Risk Management - ISO 14971

Ombu Enterprises, LLC

81

Summary
The standard method for medical device
risk management is ISO 14971:2007
The FDA recognizes it as a consensus
standard
The EU lists it as a harmonized standard to
the MDD, IVD, and AIMD
ISO 13485:2003 recommends ISO 14971 for
risk management
Risk Management - ISO 14971

Ombu Enterprises, LLC

82

Summary
ISO 14971 implementation starts with a Risk
Management Plan
The implementation flows through a series of steps
defined in the respective clauses:

4: Risk Analysis
5: Risk Evaluation
6: Risk Control
7: Residual Risk Evaluation
8: Risk Management Report
9: Production & Post-production Information

Maintain of the information in the Risk Management File

Risk Management - ISO 14971

Ombu Enterprises, LLC

83

Summary
The Risk Management File is not a static
document
It should include production information
Monitor production processes that contribute to risk
factors
Validated processes are particularly significant
contributors

It include post-production information

Integrate the complaint and post-market surveillance
processes
Risk Management - ISO 14971

Ombu Enterprises, LLC

84

Conclusions
ISO 14971:2007 is the de facto standard
for medical device risk management
Regardless of the marketing region (US,
EU, Canada, etc.) ISO 14971 is a valuable
addition to a medical device QMS
ISO 14971 is most effective when it is
integrated into a companys QMS.
Risk Management - ISO 14971

Ombu Enterprises, LLC

85

QUESTIONS
Risk Management - ISO 14971

Ombu Enterprises, LLC

86