Page 222 - Safety Risk Management for Medical Devices
P. 222
CHAPTER 25
Traceability
Abstract
ISO 14971 requires manufacturers to provide traceability for each Hazard to its risk analysis, risk eval-
uation, Risk Controls, residual risk evaluation, verification of implementation, and effectiveness of
Risk Controls. This chapter examines methods and strategies for capturing and documenting trace-
ability for medical devices.
Keywords: Traceability; software; Risk Management Report
ISO 14971 [3] requires manufacturers to provide traceability for each Hazard to its
risk analysis, risk evaluation, Risk Controls, residual risk evaluation, verification of
implementation, and effectiveness of Risk Controls. For medical devices that include
software, IEC 62304 [9] requires that traceability between System requirements, soft-
ware requirements, software system test, and Risk Control measure implemented in
software must be made.
Traceability is an invaluable tool to ensure completeness in risk management.
Without traceability, it is possible to miss Hazards, fail to control their risks, or fail to
verify their Risk Controls. Fig. 25.1 depicts a model for traceability for risk
management.
Figure 25.1 Traceability model.
You can capture your traceability in any form that is convenient. Examples include
spreadsheets, databases, or requirements management systems.
Traceability between Hazards and risk analysis can be captured in the Risk
Assessment and Control Table (RACT). That is, the description of initiating event
Safety Risk Management for Medical Devices r 2018 Elsevier Ltd.
DOI: https://doi.org/10.1016/B978-0-12-813098-8.00025-8 All rights reserved. 201
