ABSTRACT
Second, the standard deemphasized the use of FMEA, which is recommended only if it fulfills appropriately the particular risk analysis task under study; many other analytical approaches are acknowledged to potentially be suitable to achieve the same end. The expanded scope of the standard emphasizes management responsibilities. The standard stipulates that management responsibility is the initial and key requirement. More precisely, management must incorporate the following tasks: (1) defining policies for determining acceptable risk (2) ensuring the provision of adequate resources, including the
identification of a risk management team (3) ensuring the assignment of trained personnel to perform risk assessment and management activities (4) reviewing the results of risk management activities at defined
intervals to ensure the effectiveness of the risk management process
The expanded scope also mandates implementation of the following records: (1) risk management plan (2) risk management file (3) risk management report (4) production and post-production informationThese requirements are interesting because they draw attention to the fact that risk management rests on more than having a framework, but also on a human dimension where the activities of people must be directed and organized. Currently, the ISO 14971 Standard has just gone through a second edition that incorporated only minor changes from the initial edition; however, the volume of explanation of the stipulated framework in the second edition has increased almost three-fold (from 22 pages to 65 pages). The ISO 14971:2007 “Application of Risk Management to Medical Devices” [2] stipulates an expectation of a risk management framework that considers the total lifecycle of the product. It includes a risk management process, and defines executive responsibilities, personnel qualifications for performing risk management activities, and the documentation needed to provide a record of risk management activities. Some limitations in the document are still perceived by some to exist. For example, it does not provide guidance with respect to clinical decisions that may be a significant part of the risk/benefit analysis. In fact, the EU is currently challenging the committee on the sufficiency of the guidance with regard to risk/benefit analysis. In addition, some readers of the standard can develop the false impression that it only addresses the design control elements of a quality management system because manufacturing only appears once in the text although it is in fact mentioned a further twenty times in the annexes of the document which are provided for explanations but not requirements.In summary, the ISO Standard provides a framework to the medical device manufacturers for effective management of the risks associated with the use of their products and within which experience, insight, and judgment are applied systematically to manage these risks. It also helps practitioners to identify processes by which they can identify hazards associated with a medical device, estimate and evaluate the risks associated with these hazards, control these risks, and monitor the effectiveness of that control.
