Thanks! You've successfully subscribed to the BONEZONE®/OMTEC® Monthly eNewsletter!

Please take a moment to tell us more about yourself and help us keep unwanted emails out of your inbox.

Choose one or more mailing lists:
BONEZONE/OMTEC Monthly eNewsletter
OMTEC Conference Updates
Advertising/Sponsorship Opportunities
Exhibiting Opportunities
* Indicates a required field.

Risk Management: The Science of Minimizing Uncertainties




Read the December issue of BONEZONE for the second article in this three-part series.

ISO 14971 clearly states that top management shall be committed to:

  • defining and documenting the policy for determining criteria for risk acceptability; this policy shall ensure that criteria are based upon applicable national or regional regulations and relevant International Standards and take into account available information such as the generally accepted state of the art and known stakeholder concerns;
  • reviewing the suitability of the risk management process at planned intervals to ensure continuing effectiveness of the risk management process and document any decisions and actions taken; if the manufacturer has a quality management system in place, this review may be part of the quality management system review;
  • demonstrating support for the risk management process. Realistically, this does not mean a “yes” or “will do” to everything proposed or recommended, but it does mean that reasonable consideration be given and appropriate action taken on realistic recommendations;
  • clear communication in a policy-type statement that identifies risk control techniques that can be quantified and performance measured against an established criteria.

Life Cycle Approach
Risk management tools should be applied during all phases of the life cycle of medical devices. The common thread is to identify and address safety issues, whether they be in design controls, production and process controls, post market quality data analysis, legacy product decision-making and, of course, when it comes to handling complaints and potential adverse events. In general, risk management can be characterized by phases of activities. The following examples represent phases that could be addressed as part of a fundamental risk management plan.

Phase I – Your risk management team must determine the levels of risk that would be acceptable in the device and/or process. Manufacturers should have a procedure to determine risk acceptability criteria. These risk acceptability criteria may come from an analysis of the manufacturer’s own experience with similar medical devices or research on what appears to be currently accepted risk levels by regulators, users or patients, given the benefits derived from diagnosis or treatment with the device. Risk acceptability criteria should generally be reflective of state of the art in controlling risks.

Phase II – This cross-functional team will then perform risk analysis. This phase starts with identifying hazards that may occur due to characteristics or properties of the device during normal use or potential misuse. After these hazards are identified, risks are estimated for each of the identified hazards, using available and credible information.

Phase III – The estimated risks are compared to the risk acceptability criteria that your risk management team has decided upon. This decision-making process is influenced by the type and classification of your medical devices, the size and complexity of your quality management system and the legitimacy of your collected and documented quality data. This comparison will determine an appropriate level of risk reduction (mitigation), if necessary. This phase is called risk evaluation. The combination of risk analysis and risk evaluation is called risk assessment. Risk assessment is ongoing and dynamic within the frame of a documented quality management system.

Phase IV – Can be composed of risk control and monitoring activities. Your team establishes actions, i.e. risk control measures, intended to eliminate or reduce (mitigate) each risk to meet the previously determined risk acceptability criteria. Within the limits of feasibility, one or more risk control measures may be incorporated in order to achieve this end. Risk control activities may begin as early as design input and continue through the design and development process, manufacturing, distribution, installation, servicing and throughout the medical device life cycle.


Security code