Embed Size (px)
Citation preview
Risk Analysis and Management
QsiteQsiteMay 2011ISO 14971
1
A dAgenda
RiskDefinitions
Risk Management
DevelopmentDevelopment Phases
ProcessHazardsHazards
Evaluation
2Residual Risk
Wh D W N d Ri k A l iWhy Do We Need Risk Analysis1. Quantify the risk level of the device to the patient, to the
user and to the device efficacy2 Required by regulatory agencies2. Required by regulatory agencies
• We:• We:• List the Hazards• Assess the associate risk regarding the safety of the g g y
patients and User• Assess the associate risk regarding the device efficacy
C th t d fi d th h ld• Compare them to a predefined threshold• Mitigate the risk to make sure that they are under this
threshold
3
IEC 60601-1 3rd Edition Requires Risk Management
IEC 60601-1 3rd Edition Mandatory Adoption Dates:Europe: June 1 2012Europe: June 1, 2012 Canada: June 1, 2012 USA: July 1, 2013USA: July 1, 2013
IEC 60601-1 3rd Edition requires Risk Management process in accordance to ISO 14971Risk Management process in accordance to ISO 14971Clause 4.2 of the third edition states:“A risk management process complying with ISO 14971 g p p y gshall be performed”.
4
D fi itiDefinition• Harm: physical injury/damage to the health of people or to• Harm: physical injury/damage to the health of people or to
property and environment. • Hazard: potential source of harm• Risk: combination of the probability of occurrence of harm
and the severity of that harm• Mitigate Risk: 21 CFR 50: the probability and magnitude• Mitigate Risk: 21 CFR 50: the probability and magnitude
of harm or discomfort anticipated in the research are not greater in and of themselves than those ordinarily encountered in daily life or during routine physical orencountered in daily life or during routine physical or psychological exam or test.
• Risk management: systematic application of management li i d d i h k f l ipolicies, procedures and practices to the tasks of analyzing,
evaluating and controlling risk. • Residual Risk: Risk remaining after protective measures
5
g phave been taken.
Ri k A tRisk Assessment
The ISO 14971:2007Standard does not specify acceptable risk levels.
life-cycleall phases in the life of a medical device, from the initial conception to final decommissioning and disposaldisposal
6
Product Development PhasesProduct Development Phases(MEDICAL DEVICES)
Feasibility Design Pilot PostProductionConcept
Product Risk Management- On-goingPrelim. Risk Assessment
7
Risk AnalysisI t d d P Id tifi ti Preliminary Hazard • Intended Purpose Identification
• Hazard Identification• Risk Estimation
RiskAssessment
yAnalysis
Fault Tree AnalysisFunctional Analysis
Risk Evaluation
• Risk Acceptability Decision
Assessment
Tolerability of RiskCost-Benefit AnalysisSocio/Ethical Analysis
Risk Control• Options analysis
RiskManagement
Socio/Ethical Analysis
FMECAp y• Implementation• Residual Risk Evaluation• Overall Risk Acceptance
HACCPHAZOPPAT
Post-production Information• Post-production experience• Systemic Procedures• Identification of new Hazards
Six SigmaSPCCAPA
8
• Change Control & Feedback Loop Complaint Mgmt.
H d / Ri kHazard / Risk
Hazard Risk
Probability of the occurrence of harm and the
severity of that harm.Potential source of harm
9
H d / Ri kHazard / Risk
10
K H dKnown Hazard
11
Ri k M t PRisk Management Process
12
Management responsibilitiesManagement responsibilities
• Define and document the policy for determining criteria for risk acceptabilitydetermining criteria for risk acceptability
• Review the suitability of the risk management process at planned intervals to ensure continuing effectiveness of the risk gmanagement process and document any decisions and actions takendecisions and actions taken
13
Risk Management TeamRisk Management Team• Qualified personnel – appropriate Q p pp p
knowledge and experience• Risk management plan – ScopeRisk management plan Scope,
assignment of responsibilities, requirements of activities criteria for risk acceptabilityof activities, criteria for risk acceptability, verification activitiesM t i hi h bi b bilit f• Matrix - which combines probability of harm and severity of harm, acceptability
d i k iti tiand risk mitigation
14
I iti t Ri k A l i PInitiate Risk Analysis Process
• Start a Risk management FileId tif RA l d• Identify a RA lead person
• Define hazards based on experience, similar p ,preliminary device, preplanned plan Etc.
• Identify hazardous situations• Identify hazardous situations• Risk evaluation
15
Id tif i H dIdentifying Hazards
• Compile documentation on known and foreseeable hazards associated with the medical device in bothhazards associated with the medical device in both normal and fault conditions.
• Extrapolate from similar preliminary devices• Extrapolate from similar preliminary devices• Use preplanned hazards (will follow in this
t ti )presentation)• Identification of anticipated hazards in both
normal and fault conditions
16
Wh t d d ’t l it iWhatever you do, don’t plug it in
17
Estimation of Risk(s) for each ( )Hazardous Situation
• Identified hazardous situation, the associated risk(s) using availableassociated risk(s) using available information or data.
• Quantitative categorization of probability of occurrence of harm or severity of harmy
• Analysis (quantitative) of the probability of d thoccurrence and the consequences
18
Ri k E l tiRisk Evaluation
• Use the criteria defined in the risk management planmanagement plan
• Decide if risk reduction is required• If risk reduction is needed follow the risk
control processcontrol process
19
Ri k C t lRisk Control• Follow risk control options in the priority order
listed• Design change (ECO)• Protective measures in the medical device itself or
i th f t iin the manufacturing process• Information for safety (like labeling change)
Ri k t l l t d h ll b d d• Risk control measures selected shall be recorded in the Risk Management File
• Implementation of each risk control measure shall• Implementation of each risk control measure shall be verified
20
S f t C t l t Miti t Ri kSafety Controls to Mitigate Risk
• Design Change P• Process
• Labelingg• Standards and Compliance (Use of
consensus standards to defend safetyconsensus standards to defend safety adequacy)
21
R id l Ri kResidual Risk
• Residual risk shall be evaluated using the criteria defined in the risk management plancriteria defined in the risk management plan
• If the residual risk is not judged acceptable using these criteria further risk controlusing these criteria, further risk control measures shall be appliedF id l i k h j d d• For residual risks that are judged acceptable, decide which residual risks to disclose and document
22
O IOpen Issues
• If the residual risk is not judged acceptable, decide which one is safety relateddecide which one is safety related
• Decide which residual risk and judged accepted and which not
• Record all the data and hand it over forRecord all the data and hand it over for management decision
23
Ri k M t PRisk Management Process
• Risk management process is part of the d idesign
• Risk analysis, risk evaluation and riskRisk analysis, risk evaluation and risk control are commonly recognized as
i l f Ri k Messential parts of Risk Management.• Risk Management continues on into theRisk Management continues on into the
post-production phase
24
Q lit ti A lQualitative Analyses
• Examples of qualitative severity level
E l f li i b bili l l• Examples of qualitative probability levels
25
Ri k A l i T h iRisk Analysis Techniques
• * FMEA - Failure Mode and Effects Analysis FTA Fault Tree AnalysisAnalysis FTA - Fault Tree Analysis
• FMECA - Failure Modes Effects & Criticality Analysis
• HACCP - Hazard Analysis Critical ControlHACCP Hazard Analysis Critical Control Points
• Combination Methods – Tools & Approaches
26
pp
Ri k A l i T h i FMEARisk Analysis Techniques FMEA
• Failure Mode and Effects Analysis (FMEA)• The consequences of an individual fault mode are• The consequences of an individual fault mode are
systematically identified and evaluated. It is an inductive technique using the question “What happens if ... ?”. q g q ppComponents are analyzed one at a time, thus generally looking at a single-fault condition. This is done in a “bottom-up” mode.
27
Ri k A l i T h i FTARisk Analysis Techniques - FTA
• Fault Tree Analysis (FTA)• Analyzing hazards identified by other techniques and starts from a postulated
undesired consequence also called a “top event ” In a deductive mannerundesired consequence, also called a top event. In a deductive manner, starting with the top event, the possible causes or fault modes of the next lower functional system level causing the undesired consequence are identified. Following stepwise identification of undesirable system operation to successively lower system levels will lead to the desired system level which issuccessively lower system levels will lead to the desired system level, which is usually either the component fault mode or the lowest level at which risk control measures can be applied. This will reveal the combinations most likely to lead to the postulated consequence. The results are represented pictorially in th f f t f f lt d At h l l i th t bi ti fthe form of a tree of fault modes. At each level in the tree, combinations of fault modes are described with logical operators (AND, OR, etc.). The faultmodes identified in the tree can be events that are associated with hardware faults, human errors, or any other pertinent event, which leads to the undesired , , y p ,event. They are not limited to the single-fault condition.
28
Definitions and Analysis Methode o s d ys s e od(FMEA)
• F (Frequency of occurrence): The expected frequency of the failure occurrence.
• S (Degree of Severity): The severity of the failure effect• S (Degree of Severity): The severity of the failure effect on the user.
• D (Degree of Detection): The possibility of detecting the failure/problem by the physician/user before it causes any harm.
• RPN (Risk Priority Number of criticality): TheRPN (Risk Priority Number of criticality): The problem-solving priority order = F x S x D. Quantitative indication for recommended preventing/monitoring action, the higher the number the more serious the risk hence thethe higher the number, the more serious the risk hence the required preventive action.
29
A l i 3 L lAnalysis 3 Level
• The method is by addressing the potential failures, ranking the answers between 1 andfailures, ranking the answers between 1 and 3 and calculating the RPN:
• F (Frequency of occurrence): What is the• F (Frequency of occurrence): What is the likelihood of the failure/hazard occurrence?1 i di RARE• 1 indicates RARE
• 2 indicates VERY LOW• 3 indicates LOW
30
D f S itDegree of Severity
• S (degree of Severity): How sever is the effect of the failure on the user/patient?p
• 1 indicates MINOR, i.e. a defect that neither affects product performance nor patient injuryp p p j y
• 2 indicate PERFORMANCE, i.e. a defect that affects product performance but will not cause patient injury.
• 3 indicates CRITICAL, i.e. a defect that may cause patient injury.
31
D f D t tiDegree of Detection
• D (degree of Detection): Can a failure be detected by the user (physician) before the hazard occurs?by the user (physician) before the hazard occurs?
• 1 indicates CERTAIN for failure detection possibility before hazard occurrencepossibility before hazard occurrence
• 2 indicates POSSIBLE for failure detection ibilit b f h dpossibility before hazard occurrence
• 3 indicate NOT POSSIBLE for failure detection possibility before hazard occurrence.
32
RPNRPN
• The RPN is equal to: F x S x D. This number provides for a relative priority of the failure item.provides for a relative priority of the failure item. The higher the number, the more serious the failure mode is considered. Based on these criticalfailure mode is considered. Based on these critical numbers, preventive/corrective actions are being designed.designed.
• NOTE: RPN>=12 is considered unacceptable by the company and more severe action shouldby the company and more severe action should be taken to reduce this hazard.
33
Integrating Risk Assessment into eg g s ssess e othe Quality System
• Defining Risks as a result of field reports P t k t ill• Post market surveillance
• Risk analysis techniques to evaluate MDRs y qand corrections and removals
• Integrate risk management into the CAPA• Integrate risk management into the CAPA program
34
C St dCase Study
•Use sample device ffor •Risk analysis andy•management file
35
SSummary
• Lesson Learned in safety risk managementE l i t d d i i th b f• Evolving standards, raising the bar for safety adequacy
• Using safety risk management to improve designdesign
36
Q ti ?Questions?
37
