MDRM 2013 Agenda

Medical Device Risk Management
Beyond FMEA — New Tools To Assure Your Risk Management Program Meets New Standards


8:00 a.m. – 9:00 a.m.

Registration and Continental Breakfast

9:00 a.m. – 10:15 a.m.

Workshop Introduction and Concepts of Risk Management Overview

  • The fundamentals of medical device risk management
    • Define common risk factors
    • Create a Consequence Diagram and extend it to multiple levels to build a Decision Tree
  • Components of risk and potential problems to consider
    • The neonatal heal warmer example: an illustration of a Risk Analysis Procedure
  • Definitions from ISO 14971:2007
    • Discuss the definition of a hazard and a harm
    • Risk defined: Identify the probability of harm and its severity to estimate risk
    • Assess the risk, including its formal definition
  • Why FMEA is not sufficient for risk management

10:15 a.m. – 10:30 a.m.


10:30 a.m. – 11:00 a.m.

Importance of Risk Management —This exercise allows for an exchange of ideas among participants. They will discuss why risk is important and provide an example of failed risk management. They will discuss the various approaches their firms take to recognize the amount of impact and loss by developing three bullet points that describe the approach.

11:00 a.m. – 11:30 a.m.

The Regulatory Structure: The Current Status of ISO 14971:2007

  • ISO 14971:2007 as the current standard
    • Follow the development of ISO 14971:2007 and understand the new requirements
    • Outline the steps in the risk management process
    • First look at the implications of EN ISO 14971:2012
  • The risk management requirements in FDA’s QSR — Design Validation
    • Understand how risk management supports design validation
    • Recognized consensus standards and the FDA’s declaration of conformity
  • The Risk Management requirements in ISO 13485:2003
  • Risk Management standards in the EU
    • Where to find the harmonized standards to the Medical Device Directive
    • Understand the status of EN ISO 14971:2012 and EN ISO 13485:2012
  • Global Harmonization Task Force: Two important guidance documents for risk management
    • Understand the purpose of GHTF and its successor, IMDRF
    • Implementation of risk management principles and activities within a quality management system
    • Explore the purpose of the guidance; review and identify the four phases of risk
    • Highlight the two most important elements within the document
    • Identify essential principles of safety and performance of medical devices
  • Review FDA warning letters
  • Evaluate examples from companies that failed to address and design a valid risk analysis

11:30 a.m. – 12:00 p.m.

Understanding ISO 14971:2007 (Part 1)

  • Overview of the structure of ISO 14971:2007
  • Explore the parts of a risk management plan: scope, responsibility, review, risk acceptability, risk verification, production activity, post-production activity
  • How to create and administer a risk management file — Think of it as your risk management file cabinet
  • Analysis of clauses 4–9 in ISO 14971
    • Ways to create a risk analysis (Clause 4)
    • Outline a risk evaluation (Clause 5)
    • Determine whether a risk reduction is required (Clause 6)
    • Highlight the importance of a residual risk evaluation (Clause 7)
    • Learn about the report on risk management of a device (Clause 8)
    • Look at production and post-production information (Clause 9)
  • Components of risk — How to measure risk through hazards that create harm

12:00 p.m. – 1:00 p.m.

Lunch Break

1:00 p.m. – 1:30 p.m.

Understanding ISO 14971:2007 (Part 2)

  • Conclusion of Understanding ISO 14971:2007

1:30 p.m. – 2:30 p.m.

Building a Risk Management File That Meets ISO 14971:2007 Requirements (Part 1)

  • Understanding the purpose and contents of a risk management file
    • Assuring the file contains pointers to all relevant documents
    • Organizing documents by hazard and cause
    • Auditing the risk management file
  • Risk management planning
    • Explore the role of the risk management plan and learn the scope of the plan
    • Designating someone to be responsible for the plan: qualifications for performing risk management tasks, RASI Matrix and example
    • Two sets of criteria for risk acceptability
    • Accessing risk severity and probability
    • Monitoring residual risk evaluations
    • Two aspects of verification activities provided in the standard
    • Post-production activity: how to collect data and review
  • Hazard Analysis
    • Why FMEA is not the right approach
    • Hazards that are not failures
    • The fallacy of Risk Priority Numbers (RPN)
  • Risk Assessment
    • Two parts of risk assessment: risk analysis and risk evaluation
    • Tips to develop a systematic approach to determine risk
    • Different components of risk
    • Tools for hazard identification – 5 standard methods to support risk analysis (PHA, FTA, FMEA, HAZOP, HACCP)
    • Understand how to score risks — how to use severity and probability

2:30 p.m. – 2:45 p.m.


2:45 p.m. – 3:45 p.m.

The Risk Management Plan —Participants will develop various sections of the plan based on the contents of a file as defined in ISO 14971. They will first develop a risk matrix. They will then define the structure of their matrix and include a description of each part. Finally, they will devise a plan for data collection, analysis and use of production and post-production issues and discuss how to incorporate it into the risk management file.

3:45 p.m. – 4:30 p.m.

Building a Risk Management File That Meets ISO 14971:2007 Requirements (Part 2)

  • Risk control
    • Conducting a risk control completeness check
      • Implementing risk controls: Strategies for the two elements of risk verification
  • Overall residual risk evaluation
    • Seven methods to evaluate overall residual risk
    • Disclosing overall residual risk
  • Risk management report
    • Strategies for reviewing the risk management process to ensure complete reports
    • A checklist to ensure your report is complete
  • Production and post–production information
    • Review the production phase and the post–production phase
    • Evaluating final hazards and corrective processes to put in place

4:30 p.m.

Session Wrap-up, End of Day One


8:30 a.m. – 9:00 a.m.

Continental Breakfast

9:00 a.m. – 10:00 a.m.

The Risk Management Report —This is a set of exercises designed to illustrate the sections of the report. Participants will develop various sections of the report based on the contents defined in ISO 14971. They will begin with deciding on someone to prepare the report. Then they will compose a checklist that acts as a guideline in reviewing the risk management plan. Finally, they will explore more about the residual risk evaluation.

10:00 a.m. – 12:00 p.m.
(Includes a break)

Digging Deep Into the Risk Management Tool Kit

  • Preliminary Hazard Analysis (PHA)
    • What is PHA and how can it be best used
    • Developing a PHA worksheet
    • Sources of hazards using PHAs
  • Hazard and Operability Studies (HAZOP)
    • Procedures for HAZOP
    • Developing a worksheet for HAZOP
    • Significant parameters for HAZOP
  • Hazard Analysis and Critical Control Points (HACCP)
    • Using HACCP to identify hazards, establish controls, and monitor processes
    • Linking HACCP with corrective action
  • Failure Modes, Effects and Criticality Analysis (FMECA)
    • Applications to discover known and probable failures in products and the failure impact
  • Fault Tree Analysis (FTA)
    • Using this tool to analyze a particular event and its causes
  • Event Tree Analysis (ETA)
    • Using this tool to evaluate barriers as risk reduction methods

12:00 p.m. – 1:00 p.m.

Lunch Break

1:00 p.m. – 2:30 p.m.

Understanding the 13485 and 14971 Applications to the Product Directives From the EU harmonized EN ISO 13485:2012 and EN ISO 14971:2012 to the three product directives: MDD, IVDD, and AIMDD.

  • Learn where ISO 14971:2007 deviates from the essential requirements and the implications for risk management
  • Understand the linkages between conformity assessment and ISO 13485:2003

2:30 p.m. – 2:45 p.m.


2:45 p.m. – 4:15 p.m.

Related Standards
There are standards and FDA guidance documents that relate to risk management and often call out ISO 14971:2007.

  • IEC 60601-1 Medical electrical equipment – Part 1: General requirements for basic safety and essential performance
  • IEC 62304 Medical device software – Software life-cycle processes
  • FDA Guidance – Factors to Consider When Making Benefit-Risk Determinations in Medical Device Premarket Approval and De Novo Classifications
  • FDA Draft Guidance – Applying Human Factors and Usability Engineering to Optimize Medical Device Design
  • The Assurance Case as a new methodology

4:15 p.m. – 4:30 p.m.

Summary, Conclusions, and Lessons Learned

4:30 p.m.

Adjourn Workshop