10/15/2010

Implementing the New EN ISO

14971:2009 Risk Management Standard

EN ISO 14971:2009 Scope

What it is:
This International Standard specifies a process for a manufacturer to identify the hazards
associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate
and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the
controls.
Implementing the revised risk management standard into your manufacturing environment is a
necessity to maintain your CE Mark for European distribution of products.
New requirements for review of risk management activities
New criteria for risk acceptability
Implementation of production and post-production information
Expanded Hazard Analysis requirements
Clinical Evaluation Summary
Risk control measures and residual risk
The requirements of this International Standard are applicable to all stages of the life-cycle of a
medical device.

10/15/2010

What it is not:
This International Standard does not apply to clinical decision making.
This International Standard does not specify acceptable risk levels.
This International Standard does not require that the manufacturer have a quality management
system in place. However, risk management can be an integral part of a quality management
system.

EN ISO 14971 Revision History

2001:

EN ISO 14971:2001 (supersedes BS EN 1441:1998)

2003:

EN ISO14971:2001 (addition AMD 14456; July 7, 2003)

2003:

EN ISO14971:2001 (correction CORR 14652; August 19, 2003)

2007:

EN ISO14971:2007

2009:

EN ISO14971:2009

10/15/2010

EN ISO 14971: Comparative Review

Old
Revision
EN ISO
14971:2001

New
Revision
EN ISO
14971:2007

+AMD14456
+CORR14652

Key Changes

Risk analysis process section revised to include clarification around leveraging of

risk analyses for similar devices
Risk considerations defined around hazardous situations versus hazards; in
particular sequence of events that can produce hazardous situations and harm
Risk management report requirements expanded: Prior to release for commercial
distribution of the medical device the manufacturer shall carry out a review of the
risk. Management process and review shall ensure that:
(a) the risk management plan has been appropriately implemented
(b) The overall residual risk is acceptable
(c) Appropriate methods are in place to obtain a relevant production and postproduction information

EN ISO 14971: Comparative Review

Old
Revision
EN ISO
14971:2007

New
Revision
EN ISO
14971:2009

Key Changes
Review leads to an informative annex, but no technical content
changed. Per endorsement notice:
The text of ISO 14971:2007, Corrected version 2007-10-01 has been
approved by CEN as a EN ISO 14971:2009 without any modification.
Note: Although no technical content was changed, a modification was made to figure 1,
page 6. The feedback loop was moved from the evaluation of overall residual risk
acceptability to the production and post-production information item.

10/15/2010

A schematic representation of the risk

management process

Elements of the Risk Management System

INTERNAL

RISK CONTROL
EVALUATION OF OVERALL
RESIDUAL RISK

EXTERNAL

RM REPORT

LIFECYCLE MAINTENANCE
PRODUCTION
INFORMATION
POST-PRODUCTION
INFORMATION

MANAGEMENT RESPONSIBILITY

RISK ASSESSMENT

EFFECTIVENESS
OF RM SYSTEM

RISK COMMUNICATION

RM PLANNING

PRODUCT RISK
DECISION & REVIEWS

CORE PROCESS

10/15/2010

Definitions
Risk

= occurrence of harm and severity of that harm

Residual

risk = risk remaining after risk control measures have been taken

Risk

analysis = systematic use of available information to identify hazards and to estimate the risk

Risk

assessment = overall process comprising a risk analysis and a risk evaluation

Risk

control = process in which decisions are made and measures implemented by which risks are
reduced to, or maintained within, specified levels

Risk

estimation = process used to assign values to the probability of occurrence of harm and the
severity of that harm

Risk

evaluation = process of comparing the estimated risk against given risk criteria to determine
the acceptability of the risk

Risk

management = systematic application of management policies, procedures and practices to the

tasks of analyzing, evaluating, controlling and monitoring risk

Risk

management file = set of records and other documents that are produced by risk management

Definitions, contd.

Harm = physical injury or damage to the health of people, property or the environment, either
directly or indirectly

Hazard = a potential source of harm

Normal Condition
Fault Condition

Hazardous Situation = circumstance in which people, property or the environment are

exposed to one or more hazards

Occurrence = the frequency or probability of an event (e.g. harm, hazardous situation,

hazard, cause, etc.)

Severity = a measure of the possible consequence of a hazard.

10/15/2010

Key Deliverables

Use, design and

process FMEAs / FTAs

Hazard Analysis
Clinical Experience Summary
Risk Management Plan and Report

EN ISO 14971:2009
The manufacturer shall establish, document and maintain throughout the
life-cycle an ongoing process for identifying hazards associated with a
medical device, estimating and evaluating the associated risks, controlling
these risks, and monitoring the effectiveness of the controls. This process
shall include the following elements:
risk analysis;
risk evaluation;
risk control;
production and post-production information

10/15/2010

EN ISO 14971:2009 Risk Management Planning

Risk management activities shall be planned. Therefore, for the particular medical
device being considered, the manufacturer shall establish and document a risk
management plan in accordance with the risk management process. The risk
management plan shall be part of the risk management file.
This plan shall include at least the following:

a) the scope of the planned risk management activities, identifying and describing the
medical device and the life-cycle phases for which each element of the plan is
applicable;
b) assignment of responsibilities and authorities;
c) requirements for review of risk management activities;
d) criteria for risk acceptability, based on the manufacturers policy for determining
acceptable risk, including criteria for accepting risks when the probability of occurrence
of harm cannot be estimated;
e) verification activities;
f) activities related to collection and review of relevant production and post-production
information.

Best Practices

Risk Management Plan

Scope
Responsibilities
Similarities and differences
Acceptance criteria
Review requirements
Verification activities
Production and Post-production information collection methods

Risk Management Report

Deviations
Medical benefits summary
Risk benefit evaluation
Summarized risks
References
Risk management conclusion

10/15/2010

EN ISO 14971:2009 Risk Management File

For the particular medical device being considered, the manufacturer shall establish and maintain
a risk management file. In addition to the requirements of other clauses of this International
Standard, the risk management file shall provide traceability for each identified hazard to:
the risk analysis;
the risk evaluation;
the implementation and verification of the risk control measures;
the assessment of the acceptability of any residual risks

EN ISO 14971:2009 Risk Analysis

Intended use and identification of characteristics
related to the safety of the medical device:
For the particular medical device being considered, the manufacturer shall document the
intended use and reasonably foreseeable misuse. The manufacturer shall identify and
document those qualitative and quantitative characteristics that could affect the safety of the
medical device and, where appropriate, their defined limits. This documentation shall be
maintained in the risk management file.

10/15/2010

EN ISO 14971:2009 Hazard Analysis

The manufacturer shall compile documentation on known and foreseeable hazards associated
with the medical device in both normal and fault conditions. This documentation shall be
maintained in the risk management file. Compliance is checked by inspection of the risk
management file.

Reasonably foreseeable sequences or combinations of events that can result in a hazardous

situation shall be considered and the resulting hazardous situations shall be recorded. For each
identified hazardous situation, the associated risks shall be estimated using available information
or data. For hazardous situations for which the probability of the occurrence of harm cannot be
estimated, the possible consequences shall be listed for use in risk evaluation and risk control.
The results of these activities shall be recorded in the risk management file.

Any system used for qualitative or quantitative categorization of probability of occurrence of

harm or severity of harm shall be recorded in the risk management file.

EN ISO 14971:2009 Hazard Analysis, contd.

Risk estimation incorporates an analysis of the probability of occurrence and the consequences.
Risk estimation can be quantitative or qualitative. Methods of risk estimation, including those
resulting from systematic faults, are described in Annex D. Annex H gives information useful for
estimating risks for in vitro diagnostic medical devices.

Information or data for estimating risks can be obtained, for example, from:
a) published standards;
b) scientific technical data;
c) field data from similar medical devices already in use, including published reported
incidents;
d) usability tests employing typical users;
e) clinical evidence;
f) results of appropriate investigations;
g) expert opinion;
h) external quality assessment schemes.

10/15/2010

How to Begin a Hazard Analysis

Breakthrough, New Technology,

Little or no experience

Platform
known technology,
new materials/
components/
intended use

Increasing availability
of information

Derivative, well known technology,

line extension, minor design changes

Starting a Hazard Analysis - Inputs

Sources of
Information

Type of Information

Comments

Use Flow Chart

Hazard/Haz Sit

Useful for brainstorming

Normal state Hazards

Complaints/MDRs

Hazard/Haz Sit/Harm

Review and reuse similar

products (listed in Risk Mgt
Plan)

CRBA and CES

Hazard/Haz Sit/Harm

Periodically updated with

current Complaint/MDR info

DFU

Hazard/Haz Sit/Harm

Market Spec
HA Work Instruction
appendixes

Harm

Intended use, functional

performance reqts

Hazard

ISO Annexes- used to be

tabs in the old FMEA
workbooks

10

Slide 19
JKM1

Increase size of triangle so the words in the top area do not extend beyond so much.
Julie Maes, 7/7/2009

10/15/2010

Starting a Hazard Analysis Sources of Information

Sources of Information

Type of Information

Comments

Hazard

R&D studies
Feasibility, Development,
Design Verification

Bench Studies
TDP Reports
Animal & Clinical Studies

uFMEA and dFMEA

Regulatory standards for

performance & test
List of harms and
severities
CAPAs, PIRs, Design
Changes

Hazard/Haz Sit/Harm
Hazard/Haz Sit/Harm

Hazard/Haz Sit

Harm
Hazard/Haz Sit/Harm

Obtain and reuse from

products with similar use and
design
e.g.
AAMI TIR 32 (software)
CDRH performance stds
ISO 10555
May use more than one
Obtain and reuse learning/data
from similar products (listed in
Risk Mgt Plan)

Hazards- Fault and Normal

Fault Condition
Result from a Requirement/Functionality not met such as:
Product malfunction
Grouping of Failure Modes to describe the failure
to perform a function

Normal Condition
Characteristics that are required for operation
but present a hazard nonetheless

11

10/15/2010

Hazards, contd.
9

Hazards are expressed in terms of the product

9

A Hazard is the top event in a list of failures

9
9

9
9

Use language already in complaints if possible

If the description can lead to another product failure, it is likely not at the top
If the description is one of several causes for a failure, it is likely a cause and not
the hazard

Must be analyzed for the entire product kit or

configuration
Must consider direct interaction with another
product or accessory

Hazards, contd.
9

How do we know we have a complete list of hazards?

Check hazards from different viewpoints, e.g.

Intended-use/ Misuse

Bench, animal, clinical studies

Complaints/ MDRs from similar products

Use and design FMEAs from similar products

DFUs

CES or CRBA

9Developing a hazard analysis is an iterative process.

12

10/15/2010

Hazardous Situations

How do we determine the Hazardous Situation?

Consider the action, event or circumstance that links hazard to harm

Describe the anatomy, exposure, patient, or time that create difficulties in using the device,
leading to a harm
Describe how the product interacts with the patient, anatomy or body
Apply clinical knowledge of events or circumstances
Describe the sequence of events that lead from hazard to harm.

Best Practices Hazard Analysis

Hazard Analysis
Product Family Name:

Sources of Information: 
Hazard
Harm Type
Hazardous Situation

















Harm




Source Information
 


 

 

13

10/15/2010

EN ISO 14971:2009 Risk Evaluation

For each identified hazardous situation, the manufacturer shall decide, using the
criteria defined in the risk management plan, if risk reduction is required. If risk
reduction is not required, the requirements given in 6.2 to 6.6 do not apply for this
hazardous situation (i.e., proceed to 6.7).

The results of this risk evaluation shall be recorded in the risk management file.

Best Practices

FMEA or FTA
Use
Design
Process

New requirements apply risks of risk controls

Helpful input List of harms and severities

14

10/15/2010

EN ISO 14971:2009 Risk Reduction and Control

Risk reduction

When risk reduction is required, risk control activities shall be performed.

Risk control option analysis

The manufacturer shall identify risk control measures that are appropriate for reducing the risks
to an acceptable level.

The manufacturer shall use one or more of the following risk control options in the priority order
listed:
a) inherent safety by design;
b) protective measures in the medical device itself or in the manufacturing process;
c) information for safety.

EN ISO 14971:2009 Risk Reduction and Control, contd.

Implementation of risk control measure(s)

The manufacturer shall implement the risk control measure(s).

Implementation of each risk control measure shall be verified. This verification shall be recorded
in the risk management file.
The effectiveness of the risk control measure(s) shall be verified and the results shall be recorded
in the risk management file.
The verification of effectiveness can include validation activities.
Compliance is checked by inspection of the risk management file.

15

10/15/2010

EN ISO 14971:2009 Residual Risk Evaluation

After the risk control measures are applied, any residual risk shall be evaluated using the criteria
defined in the risk management plan. The results of this evaluation shall be recorded in the risk
management file.

If the residual risk is not judged acceptable using these criteria, further risk control measures shall
be applied

For residual risks that are judged acceptable, the manufacturer shall decide which residual risks
to disclose and what information is necessary to include in the accompanying documents in order
to disclose those residual risks.

Compliance is checked by inspection of the risk management file and the accompanying
documents.

Risk Assessment Tools

Hazard Analysis

Fault Tree Analysis (FTA)

Harm,
Hazardous Situation,
& Hazard

Fault Condition Hazards

Product & Process FMEA

Hazard = The
Connection

16

10/15/2010

HAZARD ANALYSIS

Harm
Hazardous Situation
Hazard
use Failure Mode
design Failure Mode

---FMEA---

Relationship Between Risk Assessment Tools

process Failure Mode

Hazard Analysis / FMEA (+/-)

Hazard Analysis

FMEA

Advantages:

9Captures Haz-Haz Sit-Harm relationships

9High level summary
9Identifies Normal State Hazards
9Facilitates identification of new / changing
risks with commercial products
9Helps with designing out Hazards
9Provides consistent terminology linked to
complaint coding
9Encourages teams to identify hazards
associated with interfaces

Shortcoming:
Cant see causes of Hazards

9
9
9
9

Advantages:
Provides a bottom-up perspective
Analyzes single fault failures
Able to focus on specific perspectives
(use, design, process, etc.)
Provides a detailed analysis and
control focus to the individual levels
being considered

Shortcoming:
Can add redundant controls (due to onelevel-at-a-time focus)

Used together they deliver a thorough risk analysis.

17

10/15/2010

Best Practices

List of harms and associated severities

Benefits
Inputs
Watch outs

EN ISO 14971:2009 Risk / Benefit Analysis

If the residual risk is not judged acceptable using the criteria established in the risk management
plan and further risk control is not practicable, the manufacturer may gather and review data and
literature to determine if the medical benefits of the intended use outweigh the residual risk. If
this evidence does not support the conclusion that the medical benefits outweigh the residual
risk, then the risk remains unacceptable. If the medical benefits outweigh the residual risk, then
proceed to 6.6.

For risks that are demonstrated to be outweighed by the benefits, the manufacturer shall decide
which information for safety is necessary to disclose the residual risk.

The results of this evaluation shall be recorded in the risk management file. Compliance is
checked by inspection of the risk management file.

18

10/15/2010

Best Practices CRBA or CES

Product description
Intended use, indications for use
Contraindications
Summary of scientific literature
Literature review methodology
Literature experience summary
Clinical data
Market experience
Complaint review
MDR review
Field actions
Post-market surveillance
Alternate therapies
Evaluation of risk vs. benefit ratio
Reported harms
Reported benefits
Acceptability of risk vs. benefit ratio
Intolerable risk
Conclusion
Bibliography
Reference documents
Appendices (literature search articles)

EN ISO 14971:2009 Risks Arising from Risk

Control Measures

The effects of the risk control measures shall be reviewed with regard to:
a) the introduction of new hazards or hazardous situations;
b) whether the estimated risks for previously identified hazardous situations are affected by the
introduction of the risk control measures.

Any new or increased risks shall be managed in accordance with 4.4 to 6.5.

The results of this review shall be recorded in the risk management file. Compliance is checked
by inspection of the risk management file.

19

10/15/2010

EN ISO 14971:2009 Completeness of Risk Control

The manufacturer shall ensure that the risks from all identified hazardous situations have been
considered.

The results of this activity shall be recorded in the risk management file. Compliance is checked
by inspection of the risk management file.

EN ISO 14971:2009 Evaluation of Overall Residual

Risk Acceptability

After all risk control measures have been implemented and verified, the
manufacturer shall decide if the overall residual risk posed by the medical device is
acceptable using the criteria defined in the risk management plan.

If the overall residual risk is not judged acceptable using the criteria established in
the risk management plan, the manufacturer may gather and review data and
literature to determine if the medical benefits of the intended use outweigh the
overall residual risk. If this evidence supports the conclusion that the medical
benefits outweigh the overall residual risk, then the overall residual risk can be
judged acceptable. Otherwise, the overall residual risk remains unacceptable.

For an overall residual risk that is judged acceptable, the manufacturer shall decide
which information is necessary to include in the accompanying documents in order
to disclose the overall residual risk.

The results of the overall residual risk evaluation shall be recorded in the risk
management file. Compliance is checked by inspection of the risk management file
and the accompanying documents.

20

10/15/2010

EN ISO 14971:2009 Risk Management Report

Prior to release for commercial distribution of the medical device, the manufacturer shall carry
out a review of the risk management process. This review shall at least ensure that:
the risk management plan has been appropriately implemented;
the overall residual risk is acceptable;
appropriate methods are in place to obtain relevant production and post-production
information.

The results of this review shall be recorded as the risk management report and included in the
risk management file. The responsibility for review should be assigned in the risk management
plan to persons having the appropriate authority. Compliance is checked by inspection of the
risk management file.

EN ISO 14971:2009 Production and

Post-production Information

The manufacturer shall establish, document and maintain a system to collect and review
information about the
medical device or similar devices in the production and the post-production phases. When
establishing a system to collect and review information about the medical device, the
manufacturer should consider among other things:
a) the mechanisms by which information generated by the operator, the user, or those
accountable for the installation, use and maintenance of the medical device is collected and
processed; or
b) new or revised standards.

The system should also collect and review publicly available information about similar medical
devices on the market. This information shall be evaluated for possible relevance to safety,
especially the following:
if previously unrecognized hazards or hazardous situations are present or
if the estimated risks) arising from a hazardous situation is/are no longer acceptable.

21

10/15/2010

EN ISO 14971:2009 Production and

Post-production Information, contd.

If any of the above conditions occur:

1) the impact on previously implemented risk management activities shall be evaluated and
shall be fed back as an input to the risk management process and
2) a review of the risk management file for the medical device shall be conducted; if there is a
potential that the residual risks or its acceptability has changed, the impact on previously
implemented risk control measures shall be evaluated.

The results of this evaluation shall be recorded in the risk management file. Compliance is
checked by inspection of the risk management file and other appropriate documents.

So What Does Your Notified Body Want?

Their review shall at least ensure that:

RM plan is appropriately implemented;
overall residual risk is acceptable;
appropriate methods in place to obtain relevant production and post-production
information (PMS plan)
Active and passive PMS

Establish, document and maintain a PMS system to collect info in production and postproduction phases
mechanisms of collecting & processing input from operators, users, installation and
maintenance personnel etc
new or revised standards

Collect and review publicly available information about similar medical devices

impact analysis
review RM file

Its your company they will not tell you what to do

you know your products and their history better than anyone you should decide what is
appropriate
you as a company are required to have a system in place does it work for you or is it
window dressing?
talk to your notified body

22

10/15/2010

Questions?
Roberta Goode
(954) 646-1215
Roberta@[Link]
[Link]

23