Page 73 - Safety Risk Management for Medical Devices
P. 73

52    Safety Risk Management for Medical Devices


                   ISO 14971 [3] does not specify the periodicity of production and postproduction data
                review. The manufacturer gets to specify that in the RMP. But the choice by the manu-
                facturer must be defensible. A reasonable approach would be to choose the period based
                on the device risk, and novelty. For example, if a device is high risk and new, it makes
                sense to review its RMF more frequently immediately after launch, e.g., twice a year.
                Then as more knowledge is gained about the device, reduce the frequency to once a year
                or once every 2 years. For devices that are just iterations on an existing device, about
                which much knowledge exists, you can start with a lower frequency. In any case, if an
                adverse event happens in the field, or changes are made to the design or indications of
                the device, the RMF must be examined for potential impact.



                11.1 MANAGEMENT RESPONSIBILITIES

                ISO 14971 [3,7] defines specific responsibilities for Top Management. “Top
                Management” is not defined in the Standard [3,7], and could mean different things in
                different companies. For example, in a small company Top Management could be the
                CEO. But that would not be the case in a large multinational company. The best way
                to discern what “Top Management” means for your company is to consider the
                governing Quality Management System (QMS). The person(s) at the level where
                Risk and Quality policy decisions are made, can be considered “Top Management.”
                Therefore for a company with multiple business units that have different QMSs, “Top
                Management” could be the business unit board members, e.g., manager of R&D,
                Manager of Quality, and the general manager.
                   Top Management is required to provide evidence of its commitment to the risk
                management process by:
                   • ensuring the provision of adequate resources
                   • ensuring the assignment of qualified personnel for risk management
                   Other responsibilities of Top Management are:
                   • define and document the policy for determining criteria for risk acceptability
                      (see Section 11.3.1 for further details)
                   • review the suitability of the risk management process at planned intervals to
                      ensure continuing effectiveness of the risk management process. Any decisions
                      and actions taken during the reviews should be documented. If you have a
                      QMS in place, e.g., one that is compliant with EN ISO 13485 [21], the risk
                      management process review can be part of the regular management reviews of
                      the QMS.
   68   69   70   71   72   73   74   75   76   77   78