Page 72 - Safety Risk Management for Medical Devices
P. 72

Risk Management Process  51


                   This together with Fault Tree Analysis constitutes the Hazard identification phase.
                   Additionally, the Security Risk Assessment file is examined for potential security risks
                   with a safety impact.
                      Next, the risk estimation phase is entered (see Chapter 17: Risk Estimation). This
                   is where all the Hazards and their causes, the corresponding Hazardous Situations and
                   Harms are brought together in one table called the Risk Assessment and Control
                   Table (RACT). Risk Controls should be applied, and risks reduced as far as possible
                   (in compliance with EN ISO 14971:2012 [7]). Within the RACT, the risks for each
                   Hazard, Hazardous Situation as well as overall, for the whole System are estimated.
                   The RACT is the heart of the BXM risk management process. In any ISO 14971
                   compliant risk-management process something like the RACT is found. It may be
                   called by other names, e.g., Risk Table, Risk Matrix, Risk Analysis Chart, etc.
                      Following the Risk Controls and risk estimation, another pass is made to investi-
                   gate whether it is possible to further reduce the residual risks for each Hazard or
                   Hazardous Situation. If possible, additional Risk Controls are implemented. Next, the
                   overall residual risk for the System is assessed with consideration of all the Hazards that
                   the System could present.
                      Once the overall residual risk of the System is known, a benefit risk analysis is
                   performed to determine whether the potential benefits of the System outweigh its
                   potential risks. If the benefits do not outweigh the risks, and no justification can be
                   made for release of the product, then the System should not be released for commer-
                   cial purposes. If the benefits do outweigh the risks then update the RACT with any
                   additional Risk Controls that were put in place since the initial RACT was produced,
                   and produce a Hazard Analysis Report (HAR). A HAR is a relatively large document
                   which embodies much of the details of the risk management process, e.g., the RACT
                   and the benefit risk analyses.
                      For submission purposes, an executive summary of the HAR is produced as input
                   to the Risk Management Report (RMR). While the HAR could be overwhelming
                   to a Regulatory reviewer due to its size and depth of detail, the RMR is a smaller
                   document that is designed to provide a good understanding of the risk management
                   work and give the Regulatory reviewer confidence that the System is safe enough for
                   commercial release.
                      The RMR is included in the Regulatory Submission. After the approval and
                   release of the medical device, the risk management process continues for as long of
                   the medical device is in the market. Periodically, the risk management work-products
                   are examined for potential impact due to input from production and postproduction
                   monitoring. Input such as complaints, trending, other field data, and even changes to
                   the Standard ISO 14971 [3,7] itself are considered. If any change or finding warrants
                   revising of the risk management work-products, the required changes are done and
                   the results are reflected in the RMR.
   67   68   69   70   71   72   73   74   75   76   77