By Mike Heald, Commala Ltd., (Medilink WM member)
The American Code of Federal Regulations 21cfr820 (Medical Devices – Quality System Regulation) mentions the word ‘risk’ only once, looking like a spare part in the design validation section. Burying this single reference to risk management deep inside design control legislation does nothing to prepare would-be medical device developers for the scale and importance of this activity. Happily, the more recent European Medical Device Regulations are a little more profuse on the subject.
Ignore ISO 14971, the standard for medical device risk management, at your peril. It is a very good starting point, but it still leaves a lot to your imagination when it comes to the role of risk management in the development process. One could be forgiven for thinking that risk management is just a bolt-on to the design and development of a medical device, but in fact it integrates deeply. Risk management helps select the correct concept for development, prevents design flaws making it into expensive prototypes, tells you what design attributes are critical to safety, underpins design decision making, provides a reportable risk metric for project stakeholders, and finally, provides submission evidence that your finished device does more good than harm.
Beginning near the middle, by explaining when not to start risk management, this series of eight articles looks at some of the practical aspects of actually doing risk management, before ending at the beginning; the fundamental need for risk management:
Part 2 – Safety Risk Management in Research
Part 3 – What is Acceptable Risk?
Part 7 – Risk Control Verification