Too many companies still treat risk management as a “checkbox” activity.
They look up the regulations, only to apply them as a high-level list of to-dos for the team to check off as they develop the product.
But this compliance-only mentality doesn’t do risk management justice, and it isn’t the best way to focus on bringing a safe, high-quality medical device to market.
If you’re doing it correctly, risk management is an ongoing process that is intimately tied to every stage in the medical device lifecycle. From concept to development, manufacture to post-market surveillance, risk management should be fully integrated into every step you take.
While that may sound daunting, integrating risk management into your work from the very beginning will actually make your life much easier down the road. It’s a relatively small investment of time and energy that will help you get your product to market faster—and keep it there longer—so that you can help the greatest number of patients improve the quality of their life with your device.
Here’s how to integrate risk management into everything you do:
Medical device manufacturers often view risk management and design controls as two separate processes that happen throughout the design and development of a device. However, you should really view design controls and risk management as closely related parts that operate in tandem—to the point that they are essentially integrated into one connected process.
In fact, according to ISO 14971:2019—the international standard for risk management for medical devices—risk management should begin with the establishment of a risk management framework, which includes:
Defining your risk management process
Establishing management roles and responsibilities
Documenting your risk management plan
Establishing a living risk management file
Only then does ISO 14971 recommend you move on to the second step: your intended use statement.
Now, consider that the intended use statement is also an essential part of design controls. The intended use statement addresses a specific patient and clinical need the device will meet. And design inputs, design outputs, design verification, and design validation all flow from the device’s intended use.
After intended use is defined, ISO 14971 prescribes three subsequent steps for risk analysis:
Identifying hazards
Defining hazardous situations and foreseeable sequences of events
Estimating risk
Once each of those steps has been completed, the next steps are evaluating the risks that have been identified and using risk controls to reduce those risks to acceptable levels.
Keep in mind, risk reduction measures for your device may necessitate changes to your design inputs. Whatever the case may be, your risk management processes will directly affect the design and development of your device, so it’s critical to keep these subsystems up-to-date and connected within your QMS.
Once you’ve made it through the design and development phases, it can feel a little like you’re home free. The product risks you identified have been reduced, mitigated, or eliminated—now all you need to do is assemble the parts.
But you’re not out of the woods yet. There’s a new set of risks that come into play when manufacturing your product, especially if you’re outsourcing components or materials to contract manufacturers. For instance, you’ll need to determine and define the purchasing controls that will largely influence the extent to which you manage risk beyond your design and development activities.
A good risk management framework will inform the way your supplier controls are structured, which should be documented in your supplier agreement and executed by both parties. These risk-based controls will also define when and how audits will be conducted to ensure quality standards are being met on an ongoing basis.
In some cases, companies create these plans without going back and incorporating findings from the earlier risk assessment of their product. But that approach is a waste of valuable time, resources, and data; not to mention it makes justifying your reasoning for purchasing decisions needlessly difficult.
Factoring in risk early on enables you to easily and logically determine the level of controls which are needed to effectively manage suppliers and other third party firms during the post-production process.
The role of risk management during the postmarket phase of a medical device’s lifecycle is equally, if not more, important as it plays during the premarket phase.
As you engage in various postmarket surveillance activities you’ll want to remember to update and adjust your risk management file as needed. You’ll receive a ton of postmarket data on your device once it starts to be used in a real-world setting.
It doesn’t matter how well you think you know your product, you will gain an entirely new perspective from the customer feedback you receive once it interfaces with end users. This is why it’s so important to establish a system that can support the various types of feedback.
Postmarket surveillance can take shape in a variety of ways, but it often includes:
Complaints
Product feedback
CAPA investigations
Control of nonconforming materials or products
Adverse event reporting
Each of these sources tie into risk management in its own way. Perhaps you learned something new about your product from a customer survey, which has informed the decision to make a change or update to your device—that means new risk assessments and evaluations must be conducted.
Or maybe a complaint identified a new hazard or hazardous situation that requires risk reduction steps to be taken. Maybe the number of complaints indicates that the likelihood of harm is greater than your risk assessment accounted for.
The point is that all the postmarket data you collect ties into risk management in some way. A steady input of good data is crucial to ensuring that any risk your product poses is thoroughly reduced and abundantly clear to patients.
It’s true that integrating risk management into all the stages of your medical device lifecycle can be a lot of legwork. But it doesn’t have to be.
Greenlight Guru’s QMS software is fully aligned with ISO 14971:2019 and offers a simple, intuitive way to visualize the relationship between all areas of your QMS and effectively manage risk.
If your team is looking for an automated solution to integrate risk management into all of your QMS workflows, then get your free demo of Greenlight Guru’s Risk Management software today!
Looking for a design control solution to help you bring safer medical devices to market faster with less risk? Click here to take a quick tour of Greenlight Guru's Medical Device QMS software
Etienne Nichols is the Head of Industry Insights & Education at Greenlight Guru. As a Mechanical Engineer and Medical Device Guru, he specializes in simplifying complex ideas, teaching system integration, and connecting industry leaders. While hosting the Global Medical Device Podcast, Etienne has led over 200...