Risk Assessments play a central role in Medical Device development. All medical device manufacturers apply risk management (they should because they have to!). All of them claim to be compliant with ISO 14971. And all of them do it differently.
I have worked with a large number of clients and I have seen more Risk Assessment variants than I can count. Some are good, some have, let's say, "potential".
From this experience, I can deduce a few best practices that will reduce the risk assessment effort considerably.
Here are my top five tips:
Don't brainstorm to identify risks
You are required to identify and assess ALL potential risks. How do you find them ALL? That can be a daunting question for someone new to the medical device industry.
However, the solution is to be structured i.e. to use a structured approach to systematically identify risks. There exists several known methods to do this, including:
- Task Analysis (analysing the use process)
- System Analysis (analysing the system through decomposition)
- Using the ISO 14971 annex questions
- Using existing risk reports of similar devices
Regardless of the approach selected, brainstorming should not be one of them. There are a number of well-known reasons for this, the most important one being that you will miss important risks.
Next time around, try a structured technique. You will identify more risks. I promise.
Use both top-down and bottom-up Risk Assessments
Some companies rely on EITHER bottom-up OR top-down risk assessment techniques and miss out on the fact that both approaches deliver vital and often DIFFERENT risks.
Top-down risk assessment techniques (such as PHAor Task Analysis) can be done early in the development process without much knowledge about the actual design of the device. It is a great tool for early identifying use errors and probably misuse.
Once the device design is known, the selected design itself must be analysed for risks (such as materials used, geometry, movements and energy emittance etc.) through a bottom-up risk assessment. FMEA'sare very popular and well designed for this purpose. Both these techniques complement each other and should be conducted by any serious medical device manufacturer.
Don't keep Design Controls and Risk Management in separate systems
Design drives risk. And Risk drives design. This will become apparent when you need to follow up on the implementation and verification of mitigations as well as the further analysis if mitigations introduce new risks. The glue between the design and the risks is the traceability. The effort of managing this traceability in a paper-based documentation system will be VERY high (those of you who have done it will nod now!).
So is applying software tools the solution? Not necessarilly, since proper traceability monitoring can not be done until the requirement management tool is integrated with the risk management tool (or vice versa). Only by automatically managing the traceability between the Risk Assessment Items and the Design Items, preferably in a single tool, can true trace monitoring be obtained.
Use reasonable probability and severity scales
I am glad to see a clear trend of tightening down the probability and severity scales during the risk evaluations. From previously having used up to 10 steps, the current trend tends towards five to six steps or less. People simply have a very hard time to judge whether a probability should be six or seven on a 1-10 scale and spend too much time pondering such questions. The option range is simply too large to be effective!
For the probability axis, I would like to endorse Dr. Johner approach of having each step representing 2 orders of magnitude. He explains this very well by saying, that apart from such a an approach lets the probability axis span over more than 8 order of magnitudes, "...the factor 100 indicates the precision which we can appreciate... If you ask a group of people, how long it takes (on average) for a hard disk to be defective, the estimates vary between 2 years and 10 years. But everyone realizes that this average is greater than one month and less than 10 years. And between these two values is about a factor of 100."
Make use of existing mitigations
In many cases, the risk assessment is carried out when the design is already known. In such cases: when coming up with mitigations for your identified risks, use the already existing mitigations in your current design!
I bet your current design already contains a whole bunch of design decisions that are risk mitigations without you really considering them as such. The absolute majority of design teams I have encountered are very, very good in designing innovative and safe devices. However, many of the design decisions taken are based on previous experience, industry state-of-the-art, or simply old habits having been refined over time. Since these engineer are often better designers than document writers, they simply do not see their design (often already in place) through the lens of risk management.
Bottom line: your current design already contains of an uncovered treasure of existing mitigations. Try to use your existing design as mitigations when performing your next risk assessment.
Risk Management is a crucial part of Medical Device Development and if you are about to develop a Medical Device, you and your team are likely to find yourselves spending many hours compiling Risk Assessments.
There exist several techniques for performing a proper Risk Assessment but they all follow the same basic steps:
- Define your risk policy (risk acceptance criteria)
- Identify the Hazards through a structured analysis
- Evaluate the Risks by estimating severities and probability
- Mitigate the Risks that are not acceptable
- Implement and verify the mitigations for effectiveness
To get you started, we have made two free Risk Assessment Excel templates available for download.
The first demonstrates a Failuremode and Effect Analysis (FMEA) approach, a widespread technique used in many areas and industries. We often see it in bottom-up types of Risk Assessment.
The second one uses a Preliminary Hazard Analysis (PHA) approach which is an excellent top-down approach earlier in the design cycle where many of the design details are not yet known.
Both these techniques are available in Aligned Elements and we have compared and contrasted them in earlier posts.
From the very first day, we decided to integrate risk management into Aligned Elements. It is obvious to anyone within the industry that risk management and requirement-specification-verification-validation management are intimately connected. Still, many companies insist on keeping these two artefact collections separate in isolated systems. We think the management of all Design Control Items, including risk information, can be made more efficient with less errors if they are kept within one system.
Failuremode and Effect Analysis in Aligned Elements
In Aligned Elements, we initially implemented FMEA as risk analysis method. The FMEA is a very versatile risk assessment technique. It is widely adopted in the medical device industry and fairly straight forward to understand.
The implementation of FMEA:s in Aligned Elements goes as follows: a Failuremode entity holds a collection of Hazard entities. Each Hazard contains a cause with its probability, an effect with its severity, and an additional optional visibility parameter. A risk priority number is calculated based on the probability, severity and visibility values. The Hazard can then be addressed with one or more Mitigations which, each in turn, reduce the RPN to a new value.
All this entered risk information in subjected to Aligned Elements general features, including:
- Individual IDs assigned to each entity
- Strict version management of all changes made
- Changes are registered chronologically in the project audit trail
- Search and filter options can be applied using the Query Manager
- Risk reviews can be performed using the integrated Design Review Module
- The risk information can be included in the Aligned Elements DHF Index
Based on our experiences of time consuming risk analysis work, we included a number of usability features to make the day-to-day work easier and to save time and resources:
- Automatic calculation of RPN
- Automatic checks of RPN against thresholds
- Intelligent reuse of mitigations
- Highlighting of unmitigated risks
- Highlighting mitigations that have not been implemented
- Automatic Risk Summary generation
- Control checks that applicable parts of the DHF has been subjected to risk analysis
- Highlights which requirements/specifications/tests that are affected by the risk analysis
- Incorporation of risk entities into the overall trace landscape
One of the many reasons the FMEA is such a widely adopted technique derives from its versatility and flexibility. This permits the medical device manufacturer to apply the best possible fit between his risk analysis approach and his existing products, processes and organization.
Aligned Elements provides a number of customization possibilities to ensure that a wide range of FMEA variants can be applied, including:
- Customizable naming of the parameters and entities
- Customizable Probability, Severity and Visibility ranges
- Customizable thresholds for unacceptable risk, ALARP and acceptable risk
- Customizable formulas for RPN calculation
- Customizable look and feel of the risk report
- Expanded Risk reports to include traceability to mitigation implementation according to client QMS
- Multiple FMEA types in the same project
Enter Preliminary Hazard Analysis
Not all our customers favored the FMEA as risk analysis method. We therefore contacted ProSystem AG, an well renowned expert company in the area of medical device risk management and active member in several norm groups (such as IEC 62304, IEC 60601-1) and jointly developed a Preliminary Hazard Analysis (PHA) method in Aligned Elements as an effective complement to the existing FMEA method.
According to theory, the PHA is a top-down approach, using a list of known hazards as input for the risk analysis. The PHA method can be applied in the early stages of the development process and does not presuppose detailed knowledge about the system to be analyzed.
The Aligned Elements Preliminary Hazard Analysis uses a terminology aligned with ISO 14971 to describe Potential Hazards, Harms, Measure entities etc..
As opposed to the FMEA, our PHA implementation uses a stricter separation of Causes and Harms from the Risk Analysis aggregator (the Risk Analysis entity corresponds to the Failuremode entity as a collection of Causes and Harms under a particular subject), where Causes and Harms are captured as separate entities. This allows a more efficient reuse when causes and harms are reoccurring throughout the risk analysis, saving time when creating and managing the risks. Keeping the Causes in separate entities further permits them to be used as the link between IEC 62304 Software Items and the risk analysis in accordance with the IEC 62304.
In the PHA, we have expanded the Cause entity to include a “Cause source”-parameter to enable a more precise analysis of risk causing factors. Correspondingly, the Harm entity has an additional “Has Effect On”-parameter for a more granular designation of the affected agent.
Furthermore, in accordance with best practices from ISO 14971 and other risk norms, the Measure entity contains an additional parameter to explicitly designate risk control approach such as "Design for inherent safety", "Adding Protective measure", "Providing Information of Safety" etc. This risk control approach can further be connected to the risk reduction parameter controlling the new RPN to ensure that a given risk control approach always results in a consistent risk reduction.
With the Preliminary Hazard Analysis, we have created a capable complement to the existing FMEA risk analysis implementation. We have enlisted the help of renowned industry experts and used input from our client base to build an implementation more aligned with ISO 14971 and industry best practices. The decoupling of the PHA entities in separate Document Object types permits a more efficient information reuse than the FMEA implementation. Additional parameters enables the user for more in-depth analysis of risk drivers. This has been achieved without compromising the benefits of strict version control, integrated consistency checks and flexibility that Aligned Elements offers.
If you are interested in a demonstration of the Aligned Elements Preliminary Hazard Analysis, please contact us.
Learn more about riskmanagement in Aligned Elements.
Let us show you how riskmanagement works in Aligned Elements during a live demo.