This is one area that is confusing. The use of standards in setting product requirements also involves risk management. Most often standards identify hazards and provide methods for addressing those hazards in the form of risk control measures which become safety requirements at Design-Development Inputs (ISO 13485 7.3.3 c)). The standards often also provide tests to assure the effectiveness of the risk control measures. ISO TR 24971:2020 Annex E identifies a method for the use of standards for risk management, which creates the Design Safety Requirements or Risk Control measures. It is important that these Safety Requirements be captured in your Risk Management File to assure this information becomes part of your Overall Residual Risk Evaluation for the product, and that any design changes do not inadvertently remove these Risk Controls when they were not properly captured as part of the safety requirements of the product.
I recommend that you include the methods of Annex E in the process you are developing. You might actually save some time and effort in your risk management process because any hazard identified in a standard is automatically an Unacceptable Risk and there is no need to spend time evaluating it. Additionally if you follow the process of the standard to implement the required Risk Control measure and follow the test method in the standard is used to provide acceptable results, the Residual Risk is automatically an Acceptable Residual Risk by virtue of use of the standard, as long as it is the current "state of the art" version.
------------------------------
Edwin Bills
Edwin Bills Consultant
ASQ Fellow CQE, CQA, CQM/OE, RAPS RAC
elb@edwinbillsconsultant.comMember, ISO TC 210 JWG1
------------------------------
Original Message:
Sent: 26-Apr-2024 14:26
From: Anne LeBlanc
Subject: Derivation of product requirements from regulatory information/standards - Best practice?
Best practice includes early communication and negotiation about requirements at a high level.
First the Marketing function may say where are the target markets and the Design function may suggest the product concept. Then the Regulatory function can evaluate relevant regulations and extract some hard requirements.
Standards compliance comes next. The Regulatory function can say which standards are required or recommended, in full or in part, for the product type in those jurisdictions, and whether third-party verification of compliance is required vs in-house verifications. Of course the process can be iterative... If the cost of compliance is too high, the design could be changed or the list of target markets could be shortened.
Once the standards list is agreed, the Design and Design Quality functions convert the applicable sections of the standards into verifiable requirements that are applicable to the design concept.
As you say, you can't expect any one person in any one functional area to have all the expertise. It often takes some discussion, with each party sharing what they know and don't know about the relevant topics, and some trial-and-error to find effective ways of working together. It also takes some recognition that requirements development is a valuable process that needs resourcing with people and time.
------------------------------
Anne LeBlanc
United States
Original Message:
Sent: 25-Apr-2024 12:40
From: Anonymous Member
Subject: Derivation of product requirements from regulatory information/standards - Best practice?
This message was posted by a user wishing to remain anonymous
Hello dear colleagues,
We are currently developing a process for transferring regulatory requirements from standards, regulations and guidelines into product-related requirements. I would be interested in your experience in this regard and which "best practice" approaches you would recommend.
We are currently actively monitoring global databases for updated regulations and standards. This list of applicable standards is maintained by our RA department for each product group. However, we are now faced with the challenge of interpreting these standards and translating them into stakeholder requirements and system requirements. Unfortunately, our RA department is not in a position to do this due to the large number of requirements and sometimes a lack of detailed specific expertise.
However, our development department demands "hard requirements" for development and possible change assessment and not just a list of applicable standards. What is your experience with this? Can you share best practices on how normative and regulatory requirements are translated into products in your company?
Looking forward to an exciting discussion!
Cheers - Chris