Page 184 - Safety Risk Management for Medical Devices
P. 184

CHAPTER 18


                   Risk Controls





                   Abstract
                      Risk Controls are the overt actions and measures by which risks are reduced to, or maintained
                      within, specified levels. Three types of risk control measures are presented, and risk control option
                      analysis is discussed. Also, the concept of single-fault-safety is also expounded in this chapter.
                   Keywords: Risk controls; risk control option analysis; information for safety; completeness of risk
                   controls; single-fault-safe


                   Once the risks of a medical device are estimated, measures must be taken to reduce
                   the risks As Far As Possible [7]; or, if you are conforming to ISO 14971:2007, the
                   risk are to be reduced to As Low As Reasonably Practicable. These measures are
                   called Risk Controls.
                      Risk Controls can be viewed over two horizons:
                       1. Risk Controls performed prior to release of the product
                          These Risk Controls are discussed in Section 18.2.
                       2. Risk Controls performed after the release of the product
                          These are Risk Controls that are done at the customer site. Examples: per-
                          sonal protective equipment, organizational procedures, and training.
                      In general, Risk Controls attempt to prevent the realization of Hazards, or expo-
                   sure to Hazards. These types of Risk Controls reduce P1. Some Risk Controls
                   attempt to reduce the severity of the Harm after exposure to Hazards. These types of
                   Risk Controls reduce P2. For example, antilock brakes reduce the probability of colli-
                   sion and impact by a car, but airbags reduce the severity of injury if a collision occurs.



                   18.1 SINGLE-FAULT-SAFE DESIGN

                   ISO 14971 [3,7] requires that the device risks under both normal and fault condition
                   be managed. IEC 60601-1 [8] requires that medical devices be designed such that they
                   are single-fault-safe. IEC 60601-1 [8] y4.2.2 further clarifies that “fault condition”
                   includes single-fault condition, but is not limited to it. The concept of single-fault-safe
                   has a built-in assumption of independence of faults. If the occurrence of the initial fault
                   will necessarily cause the occurrence of a secondary fault, then they count as one fault.


                   Safety Risk Management for Medical Devices                    r 2018 Elsevier Ltd.
                   DOI: https://doi.org/10.1016/B978-0-12-813098-8.00018-0         All rights reserved.  163
   179   180   181   182   183   184   185   186   187   188   189