Aligned AG - ISO14971

5 Tips for Efficient Risk Assessments

Risk Assessments play a central role in Medical Device development. All medical device manufacturers apply risk management (they should because they have to!). All of them claim to be compliant with ISO 14971. And all of them do it differently.

I have worked with a large number of clients and I have seen more Risk Assessment variants than I can count. Some are good, some have, let's say, "potential".  

zeppelinwtext

From this experience, I can deduce a few best practices that will reduce the risk assessment effort considerably.

Here are my top five tips:

Don't brainstorm to identify risks

You are required to identify and assess ALL potential risks. How do you find them ALL? That can be a daunting question for someone new to the medical device industry.

However, the solution is to be structured i.e. to use a structured approach to systematically identify risks. There exist several known methods to do this, including:

  • Task Analysis (analysing the use process)
  • System Analysis (analysing the system through decomposition)
  • Using the ISO 14971 annex questions
  • Using existing risk reports of similar devices

Regardless of the approach selected, brainstorming should not be one of them. There are a number of well-known reasons for this, the most important one being that you will miss important risks.

Next time around, try a structured technique. You will identify more risks. I promise.

Use both top-down and bottom-up Risk Assessments

Some companies rely on EITHER bottom-up OR top-down risk assessment techniques and miss out on the fact that both approaches deliver vital and often DIFFERENT risks.

Top-down risk assessment techniques (such as PHAor Task Analysis) can be done early in the development process without much knowledge about the actual design of the device. It is a great tool for early identifying use errors and probably misuses.

Once the device design is known, the selected design itself must be analysed for risks (such as materials used, geometry, movements, and energy emittance, etc.) through a bottom-up risk assessment. FMEA'sare very popular and well designed for this purpose. Both these techniques complement each other and should be conducted by any serious medical device manufacturer.

Don't keep Design Controls and Risk Management in separate systems

Design drives risk. And Risk drives design. This will become apparent when you need to follow up on the implementation and verification of mitigations as well as the further analysis if mitigations introduce new risks. The glue between the design and the risks is traceability. The effort of managing this traceability in a paper-based documentation system will be VERY high (those of you who have done it will nod now!).

So is applying software tools the solution? Not necessarily, since proper traceability monitoring can not be done until the requirement management tool is integrated with the risk management tool (or vice versa). Only by automatically managing the traceability between the Risk Assessment Items and the Design Items, preferably in a single tool, can true trace monitoring be obtained.

Use reasonable probability and severity scales

I am glad to see a clear trend of tightening down the probability and severity scales during the risk evaluations. From previously having used up to 10 steps, the current trend tends towards five to six steps or less. People simply have a very hard time judging whether a probability should be six or seven on a 1-10 scale and spend too much time pondering such questions. The range of options is simply too large to be effective!

For the probability axis, I would like to endorse Dr. Johner's approach of having each step representing 2 orders of magnitude. He explains this very well by saying, that apart from such an approach lets the probability axis span over more than 8 order of magnitudes, "...the factor 100 indicates the precision which we can appreciate... If you ask a group of people, how long it takes (on average) for a hard disk to be defective, the estimates vary between 2 years and 10 years. But everyone realizes that this average is greater than one month and less than 10 years. And between these two values is about a factor of 100."

Make use of existing mitigations

In many cases, the risk assessment is carried out when the design is already known. In such cases: when coming up with mitigations for your identified risks, use the already existing mitigations in your current design!

I bet your current design already contains a whole bunch of design decisions that are risk mitigations without you really considering them as such. The absolute majority of design teams I have encountered are very, very good at designing innovative and safe devices. However, many of the design decisions taken are based on previous experience, industry state-of-the-art, or simply old habits having been refined over time. Since these engineers are often better designers than document writers, they simply do not see their design (often already in place) through the lens of risk management.

Bottom line: your current design already contains of an uncovered treasure of existing mitigations. Try to use your existing design as mitigations when performing your next risk assessment.

Aligned Elements, our medical device ALM, assists you in performing structured risk assessments. Its highly customizable risk assessment configuration can be set up for a large array of risk analysis variants. Should you be interested in a demonstration, contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.

Identifying Risks using ISO 14971:2012 Annex C

Risk Identification is an early and essential part of the risk management process and ISO 14971 requires us to make a complete risk assessment, to identify ALL hazards. 

But, how do we know if all of the hazards have been identified? How can we prove this?

You could brainstorm or have a whiteboard session gathering ideas that pop up, but the only way to truly achieve confidence in your risk identification process is by using a structured approach. 

There are several techniques available depending on the assessed source, including:

  • Assessing established potential hazards from internal records or published standards
  • Analysis of the manufacturer's experience with similar medical devices
  • Conducting a User Task Analysis on the user’s interaction with the device to uncover use errors
  • Assessing Field data and published incidents from similar devices in use
  • Assessing critical components for safe and effective use

Because of the difficulty involved with thoroughly identifying all of the hazards, ISO 14971 provides a number of aides – such as Annex C (2012) (becoming the ISO 24791 Annex A in the 2019 edition) – which provide a list of questions to assist in establishing device characteristics that may impact safety. Although not exhaustive, these questions can serve as a starting point and become one of several potential approaches from which the complete risk identification can be assembled. 

Aligned Elements users can kick start their risk identification process by downloading and importing our ISO 14971:2012 Annex C Extension, assessing them and start generating risks and mitigation. 

The ISO 14971:2012 Annex C Extension contains:

  • RVT file for an ISO 14971 Annex C Question and a corresponding DOCX Reporting style template
  • 37 importable questions built on Annex C in ISO 14971 to assess and integrate into your Risk Assessment

This Extension facilitates the assessment of the questions, the creation of both an automated assessment report of the Annex C questions as well as a starting point for generating new risks and mitigation. 

It gives medical device manufacturers a predefined starting point when setting up their technical file with the intention of accelerating the documentation effort.

The user is of course welcome to expand this question list with questions that are particular for his/her device and the conditions under which it needs to operate.  

The ISO 14971:2012 package can be combined with other risk identification packages from Aligned or in-house developed approaches by the manufacturer.

The ISO 14971:2012 Annex C package is free to Aligned Elements users.

For more information on how you can include our ISO 14971 questions in your risk assessment, contact the This email address is being protected from spambots. You need JavaScript enabled to view it. today. 

Preliminary Hazard Analysis vs. FMEA in Aligned Elements

From the very first day, we decided to integrate risk management into Aligned Elements. It is obvious to anyone within the industry that risk management and requirement-specification-verification-validation management are intimately connected. Still, many companies insist on keeping these two artefact collections separate in isolated systems. We think the management of all Design Control Items, including risk information, can be made more efficient with fewer errors if they are kept within one system.

Failure Mode and Effect Analysis in Aligned Elements

In Aligned Elements, we initially implemented FMEA as a risk analysis method. The FMEA is a very versatile risk assessment technique. It is widely adopted in the medical device industry and fairly straightforward to understand.

The implementation of FMEA:s in Aligned Elements goes as follows: a Failuremode entity holds a collection of Hazard entities. Each Hazard contains a cause with its probability, an effect with its severity, and an additional optional visibility parameter. A risk priority number is calculated based on the probability, severity, and visibility values. The Hazard can then be addressed with one or more Mitigations which, each in turn, reduce the RPN to a new value. 

All this entered risk information is subjected to Aligned Elements general features, including:

  • Individual IDs assigned to each entity
  • Strict version management of all changes made
  • Changes are registered chronologically in the project audit trail
  • Search and filter options can be applied using the Query Manager
  • Risk reviews can be performed using the integrated Design Review Module
  • The  risk information can be included in the Aligned Elements DHF Index

Based on our experiences of time consuming risk analysis work, we included a number of usability features to make the day-to-day work easier and to save time and resources: 

  • Automatic calculation of RPN
  • Automatic checks of RPN against thresholds
  • Intelligent reuse of mitigations
  • Highlighting of unmitigated risks
  • Highlighting mitigations that have not been implemented
  • Automatic Risk Summary generation
  • Control checks that applicable parts of the DHF have been subjected to risk analysis
  • Highlights which requirements/specifications/tests are affected by the risk analysis
  • Incorporation of risk entities into the overall trace landscape

One of the many reasons the FMEA is such a widely adopted technique derives from its versatility and flexibility. This permits the medical device manufacturer to apply the best possible fit between his risk analysis approach and his existing products, processes, and organization.

Aligned Elements provides a number of customization possibilities to ensure that a wide range of FMEA variants can be applied, including:

  • Customizable naming of the parameters and entities
  • Customizable Probability, Severity and Visibility ranges
  • Customizable thresholds for unacceptable risk, ALARP, and acceptable risk
  • Customizable formulas for RPN calculation
  • Customizable look and feel of the risk report
  • Expanded Risk reports to include traceability to mitigation implementation according to client QMS
  • Multiple FMEA types in the same project

Enter Preliminary Hazard Analysis 

Not all our customers favored the FMEA as a risk analysis method. We, therefore, contacted ProSystem AG,  a renowned expert company in the area of medical device risk management and an active member in several norm groups (such as IEC 62304, IEC 60601-1) and jointly developed a Preliminary Hazard Analysis (PHA) method in Aligned Elements as an effective complement to the existing FMEA method.

According to theory, the PHA is a top-down approach, using a list of known hazards as input for the risk analysis. The PHA method can be applied in the early stages of the development process and does not presuppose detailed knowledge about the system to be analyzed. 

The Aligned Elements Preliminary Hazard Analysis uses terminology aligned with ISO 14971 to describe Potential Hazards, Harms, Measure entities, etc.. 

As opposed to the FMEA, our PHA implementation uses a stricter separation of Causes and Harms from the Risk Analysis aggregator (the Risk Analysis entity corresponds to the Failuremode entity as a collection of Causes and Harms under a particular subject), where Causes and Harms are captured as separate entities. This allows more efficient reuse when causes and harms are reoccurring throughout the risk analysis, saving time when creating and managing the risks. Keeping the Causes in separate entities further permits them to be used as the link between IEC 62304 Software Items and the risk analysis in accordance with the IEC 62304.  

In the PHA, we have expanded the Cause entity to include a “Cause source”-parameter to enable a more precise analysis of risk-causing factors. Correspondingly, the Harm entity has an additional “Has Effect On”-parameter for a more granular designation of the affected agent.

Furthermore, in accordance with best practices from ISO 14971 and other risk norms, the Measure entity contains an additional parameter to explicitly designate risk control approaches such as "Design for inherent safety", "Adding Protective measure", "Providing Information of Safety" etc. This risk control approach can further be connected to the risk reduction parameter controlling the new RPN to ensure that a given risk control approach always results in a consistent risk reduction.

With the Preliminary Hazard Analysis, we have created a capable complement to the existing FMEA risk analysis implementation. We have enlisted the help of renowned industry experts and used input from our client base to build an implementation more aligned with ISO 14971 and industry best practices. The decoupling of the PHA entities in separate Document Object types permits more efficient information reuse than the FMEA implementation. Additional parameters enable the user for a more in-depth analysis of risk drivers.  This has been achieved without compromising the benefits of strict version control, integrated consistency checks, and flexibility that Aligned Elements offers.

If you are interested in a demonstration of the Aligned Elements Preliminary Hazard Analysis, please contact us

Learn more about riskmanagement in Aligned Elements.

Let us show you how riskmanagement works in Aligned Elements during a live demo. 

Risk vs Benefit => Residual

Whenever we come across risk management SOPs from different companies, we always keep an eye open for how that company solved the requirement 7.4 in ISO 14971 to perform a Risk vs Benefit Analysis as well as the handling of Residual Risks.

In excel-based approaches it is not uncommon to see something similar to the table below:

The QMS expects that each risk (representing one row) should be addressed in the spreadsheet. When I see this, I personally feel inclined to ask:

- What happens if someone in the team does not agree that the risk is acceptable, claims that the risk does not outweigh the benefits or simply cannot decide?

In many cases, these extra columns made it into the template after an audit of the QMS to quickly fix any audit findings, a somewhat unfortunate result of increasing regulations.

Let’s look at these requirements in a bit more detail.

Is the risk acceptable?

Answering this question is very much like shooting from the hip. Either the answer is trivial, e.g. the risk is frequent and severe, in which case we should definitely control the risk as per the procedure. The other complex scenario is that it very much depends on a lot of different factors. The complex scenario is only possible to answer in the scope of the benefit of the device. Still, we often come across it as an individual item in the risk analysis.

The solution is straightforward

The principle of lowering risks as much as possible should be applied and when all possibilities for applying risk measures have been looked at, the company needs to do a proper Risk vs Benefit Assessment for the complete device.

Hint: The risk management report is a good location for this. 

Benefit-Risk Analysis

One could imagine that looking at an isolated function and weighing the risk towards the benefit of that function may give us an insight into if the function is acceptable for the device. In most cases, a function cannot be handled as an isolated part of the system, nor can the benefits of that function be easily compared to the risks it may impose on a user, patient, or operator. E.g. Trying to argue that a power unit may impose risks to a patient but having the benefit that the device needs electricity to work is not a meaningful exercise. ISO 14971 (2019) is exceptionally clear in this matter:

 

Good reasoning and sensible pros and cons are asked for

Here we recommend looking at the Device as a whole. Will the discovered residual risks still make it beneficial in the scope of the intended use of the device? In case of doubt, look at trying to apply additional Risk Control Measures to open risks. Remember that all identified risks acceptable or not are considered residual risks for the device. See ISO 14971 (2019) Section 6:

 

Once again:The risk management report is a good location for this. 

New Risks?

Claiming that there are no residual risks involved is in our opinion not possible to handle in a spreadsheet column. The questions cannot simply be answered with a yes or no. Let me be a bit provocative and suggest that this question alone could replace any risk analysis method altogether. Something like this:

Although I’ve seen similar approaches at very large established medical device manufacturers, I do not recommend this approach!

Here is what ISO 14971 (2019) has to say about it:

Bring the analysis to completion

Here we need to use our toolset properly and link the risk control measures to any implementing functions and continue with a new loop of risk analysis.

The outcome of that task will answer if there are still any residual risks present. This exercise may need to be repeated for any suggested risk control measures.

Finally, summarize all your findings in the risk management report and do not forget to remove these columns from your risk analysis templates!

Sharpen your Medical Device Development Skills!

Register to the seminar "Sharpen your Skills! - Medical Device Development 2016 in a dynamic regulatory context"

Take this opportunity and find out how to rapidly deliver innovative medical devices as the regulatory landscape is changing.

Key learning objectives:

  • New EU MD Regulation & ISO 13485:2016 - Assess and adapt, change and comply
  • Design Control Best Practices - common mistakes and lessons learned from real project cases
  • Death by documentation - innovate or administrate? Uncover documentation inefficiencies in your DHF process
  • Risk Management when the heart stops - An ISO 14971 Case Study from a Class IIb product

Register now to reserve your seat!

Our event is aimed at medical device development professionals, project managers, QARA professionals, software managers and architects, designers and developers, and other personnel engaged in medical device development. We are at this seminar dealing with the fundamental question of medical device development: how to rapidly develop and deliver innovative medical devices while ensuring compliance.

sharpen your skills!

Take the opportunity to sharpen your medical device development skills and update your knowledge at our half-day seminar on the existing and upcoming challenges in today's dynamic regulatory environment.

Register now to reserve your seat!

When: Wednesday, May 25th, 08:30 - 13:00

Where: Hotel Marriott Courtyard Oerlikon, Zurich (directions)

Price: 125 CHF  (Note! 30% early bird discount for registrations before May 1st)

Presented by: 

  • Mario Gennari, Regulatory Affairs and Design Control Expert, Prismond Group AG, former Lead Auditor at TÜV SÜD
  • Christian Steiner, Quality Assurance Manager, Thoratec Switzerland GmbH
  • Anders Emmerich, CEO, Aligned AG

Hosted by: Prismond Group AG / Aligned AG

For any questions, please feel free to This email address is being protected from spambots. You need JavaScript enabled to view it.

The Aligned Elements IEC 62304 configuration

The "IEC 62304 – medical device software – software life cycle processes" is a standard specifying life cycle requirements for the development of medical software and software within medical devices. 

This international standard is harmonized by the EU and USA and therefore can be used as a benchmark to comply with regulatory requirements from both these markets.

Software development according to IEC 62304 is a risk-driven approach, requiring the developer to perform reliability- and safety-enhancing actions and tasks proportional to the risk the software pose to the patients and users.

Getting compliant with IEC 62304 may seem daunting at first. The Aligned Elements IEC 62304 configuration has been set up to guide you through this process and has been tuned to automatically take care of most of the involved quality checks, making sure that the required tasks and actions are sufficiently covered.

The Aligned Elements IEC 62304 configurations contain:

  • Pre-configured templates using IEC 62304 standard naming conventions
  • Software Safety Classification automatically based on risk analysis results
  • Numerous quality checks for consistency verification
  • Pre-configured Reviews and checkpoints according to IEC 62304 stipulations
  • Pre-configured Trace Tables based on the IEC 62304 requirements
  • Included Process-checklists for documented verification of process compliance

The Aligned Elements IEC 62304 supports documentation management of:

  • System and Software Requirements
  • Software Architecture building blocks(Software Items, Units SOUPs, and segregations)
  • Risk Management using a Preliminary Hazard Analysis technique (listed in ISO 14971)
  • Verification and Validation (Unit, Integration and System testing)
  • Change and configuration management (Problem Reports and Change Management)


On top of all that, the Aligned Elements IEC 62304 includes all the standard features of Aligned Elements, including:

  • Completed change control of all Design Control Items
  • Complete audit trail for all changes
  • Keep your company-specific look and feel of all report outputs
  • End-to-end traceability with real-time impact analysis
  • Easy and fast Word reporting using drag and drop
  • FDA QSR 21 CFR Part 11 compliant User Management
  • Efficient decision-making process using workflows and E-signatures


By applying selected parts of the Aligned Elements IEC 62304 configuration to your Aligned Elements setup, you can efficiently leverage Aligned Elements in your IEC 62304 compliance effort.

The Aligned Elements IEC 62304 configuration is available for download in our extension library.

For a live demonstration of the Aligned Elements IEC 62304 configuration, please This email address is being protected from spambots. You need JavaScript enabled to view it. to set up an appointment.

The Aligned Elements IEC 62366 Usability Configuration

With the 2015 update of the IEC 62366-1:2015 and the issuing of the FDA  Human Factor Guidance, usability engineering in medical device development has received increased attention recently.

Human factor analysis gets more important with the rising trend of offering patient-centric solutions via new mobile health applications and wearables.
When patients, rather than specialists become the medical device user, the increased focus needs to be placed on the patients' capabilities and the environment in which the device is used. IEC 62366-1 is applied in an effort to increase patient and user safety by identifying, assessing, and mitigating Use Errors, by paying attention to the usability of the device design and harness existing usability verification and validation methods to make sure that usability requirements are met and use errors are avoided.

usability

For medical device manufacturers with limited previous experience in usability engineering, the task of implementing IEC 62366-1 might seem intimidating. However, the updated 2015 version of the standard has simplified and clarified the required process steps and tasks and Aligned Element now features a preconfigured setup that integrates the inputs, outputs, and risk-relevant elements of the usability process into the overall Design Control traceability.

The configuration includes:

  • 8 Design Control templates for capturing the input and output elements of the usability process
  • Pre-configured content validation checks assessing the consistency of the project in real-time
  • ISO 14971 compliant risk management to identify, assess and mitigate Use Error-driven risks
  • Interactive Checklist for reviewing the Use Specifications Document against IEC 62366-1:2015 
  • 20 usability example risks for Use Errors during the Transport, Storage, Installation, and Decommissioning
  • 2 preconfigured Traceability Tables
  • Integrated test protocols for established test methods such as:
  • Cognitive Walkthrough
  • Heuristic Evaluation (based on the Nielsen-Schneidermann heuristics)
  • Simulated-Use Testing for Usability Validation

On top of all that, the Aligned Elements IEC 62366 includes all the standard features of Aligned Elements, including:

  • Completed change control of all Design Control Items
  • Complete audit trail for all changes
  • Keep your company specific look and feel of all report outputs
  • End-to-end traceability with real-time impact analysis
  • Easy and fast Word reporting using drag and drop
  • FDA QSR 21 CFR Part 11 compliant User Management
  • Efficient decision-making process using workflows and E-signatures


By applying selected parts of the Aligned Elements IEC 62366-1 configuration to your Aligned Elements setup, you can efficiently leverage Aligned Elements in your IEC 62366-1 compliance effort.

The Aligned Elements IEC 62366 configuration is available for download in our extension library.

For a live demonstration of the Aligned Elements IEC 62366 configuration, please This email address is being protected from spambots. You need JavaScript enabled to view it. to set up an appointment.

The IMDRF terminologies - a common risk language

 

Have you ever struggled to describe Hazardous Situations so it was clear to all stakeholders what you intended to say?

Did you spend a lot of time to come up with a concisely written Sequence of Events and then the first person to review your document claims to not understand what you intended to convey?

When describing your harms, have you ever wished that someone had put together a list of all possible harms, so you could just pick the one, which is applicable for this particular situation?

And then after your product release, did a Risk occur that you did not foresee?

Common Terminology by curtesy of the IMDRF

If you have ever experienced one or more of the above, there might be some help out there. The International Medical Device Regulators Forum (http://www.imdrf.org) has created a document called IMDRF terminologies for categorized Adverse Event Reporting (AER): terms, terminology structure, and codes.

Although that is quite a mouthful, this document can make your life a lot easier. It provides an extensive list of possible medical device problems, possible harms, and related causes. Each term is assigned a code, which has to be used when creating a Manufacturer Incident Report as required by the MDR (https://ec.europa.eu/docsroom/documents/41681).

These codes can also be used when reporting Adverse Events to the FDA by means of a Medical Device Report (https://www.fda.gov/medical-devices/mandatory-reporting-requirements-manufacturers-importers-and-device-user-facilities/mdr-adverse-event-codes).

Is the terminology only applicable for post-market events?

Although the terms compiled by the IMDRF have a strong focus on Post Market incidents, they are also useful in your pre-market design risk assessments. When performing your ISO 14971 compliant Risk Analysis during the development phase, a lot of time is (and should be) spent on the risk identification process to make sure all potential risks have been assessed and addressed.

In practice, this requires writing down and assessing the hazardous situations, what causes, and subsequent harms that could possibly arise by using your product. However, these are essentially the same as in a post-market scenario. Using the lists provided by IMDRF can speed up this process significantly.

So how does this make things easier for me?

The IMDRF lists act as an acceleration vehicle for your Risk Analysis. By using and analysing these established terms, you will save a significant amount of time when documenting all possible hazardous situations, causes, and harms. At the same time, the likelihood of overlooking a particularly hazardous situation, cause, or harm is greatly reduced.

Furthermore, ambiguities are reduced by using and referring to an established set of risk terminologies. Thus, you reduce the risk that other stakeholders, not just your colleagues, but also the auditors, will not misunderstand your carefully constructed Risk Analysis.

Using the IMDRF terminology in Aligned Elements

The lists are applicable to Aligned Elements projects using Risk Assessments using the Preliminary Hazard Analysis method. 

It is possible to import the IMDRF items directly into Aligned Elements by using four import packages which you can download here.

The extension consists of lists containing a Design Control type called “IMDRF Item”, which have the attributes “Code” and “Definition”.

When importing them, you will need to map the types to types that exist in your configuration.

Note that the lists contain a large number of items that may not all be applicable to your particular device.

A pre-assessment step of the list content is therefore recommended before applying them to production projects.

The following mappings should be done.

  • “Annex A, Medical Device Problems” (469 items) should be mapped to a type that represents “Potential Hazards” in your configuration.
  • “Annex D, Investigation Conclusions” (35 items) should be mapped to a type that represents “Causes” in your configuration.
  • “Annex E, Health Effects - Clinical Signs and Symptoms or Conditions” (797 items) should be mapped to a type that represents “Harms” in your configuration.
  • “Annex F, Health Effects - Health Impacts” (64 items) should be mapped to a type that represents “Harms” in your configuration.


Please do not hesitate to ask for assistance at This email address is being protected from spambots. You need JavaScript enabled to view it..