Regulatory Open Forum

 View Only
Expand all | Collapse all

Risk and design inputs/outputs traceability

  • 1.  Risk and design inputs/outputs traceability

    Posted 26-Mar-2024 02:42

    Hello dear community,

    I am looking for a smart and efficient way to maintain traceability between the risk analysis and the design control parameters throughout the lifecycle of the product.

    I'll be happy to hear about any processes you have in place for updating this traceability whenever a new risk is added/modified in the risk analysis. 

    Also in this regard, how do you ensure you have a design input for every risk? Design starts with design inputs, and only then a risk analysis takes place. How do you feed back any new risks as design inputs and at what stage?

    Glad to hear any insights you may have on this topic.

    Thanks in advance!



    ------------------------------
    Noa Ofer
    Senior Director QA & RA
    Microbot Medical
    Yokneam Ilit
    Israel
    ------------------------------


  • 2.  RE: Risk and design inputs/outputs traceability

    Posted 26-Mar-2024 10:05

    We utilize a software called JAMA. https://www.jamasoftware.com/ 

    I am not affiliated with JAMA. It's just a nice program. You can set directional relationships and check any missing relationships pretty easily. You'd of course need to validate the software for your use. 

    Regarding risks, we had design reviews in the beginning that fed back into design inputs. As a part of risk management throughout the product lifecycle, we manage that on a quarterly basis at recurrent product surveillance review meetings.



    ------------------------------
    Kimberly Chan
    X-Nav Technologies
    Lansdale PA
    United States
    ------------------------------



  • 3.  RE: Risk and design inputs/outputs traceability

    Posted 27-Mar-2024 05:50

    Hi Noah,

    Kimberly already gave good advice on the continuous update of risk management throughout the design and development cycle.

    I would like to add that in ISO 13485, Clause 7.3. is stated that, amongst others, applicable output of risk management is input for design. Of course not all risks and control measures are known at the beginning of a design project, Kimberley described how that could work.

    I advise my clients to identify risk control measures as design input requirements. All design input requirements are to be verified and/or validated, therefor risk control measures are 'automatically' verified and/or validated (requirement of ISO 14971). You can do the same with usability risk management control measures and security risk control measures. This approach also ensures that risk control measures are verifiable to start with.

     



    ------------------------------
    Peter Reijntjes
    Consultant Regulatory & Quality Affairs Medical Devices
    Heteren
    Netherlands
    ------------------------------



  • 4.  RE: Risk and design inputs/outputs traceability

    Posted 28-Mar-2024 05:45

    Thank you both. These tips are helpful.

    BR



    ------------------------------
    Noa Ofer
    Senior Director QA & RA
    Microbot Medical
    Yokneam Ilit
    Israel
    ------------------------------



  • 5.  RE: Risk and design inputs/outputs traceability

    Posted 28-Mar-2024 08:01

    I was about to reply but saw that Peter covered pretty much what I was going to say.... outputs of risk management are an input into Design Inputs (and Design Input Requirements if we want that distinction).

    To pick up on one key point though, you do not need a design or design inputs to start the risk analysis. You can start with the high level intended purpose and go from there. The more information and detail that is known, the more specific the risk analysis can become. Without this mindset, you will always be locked into the sequential process of 'do design inputs' then 'do risk analysis' then 'go back and revisit design inputs'.



    ------------------------------
    Ed Ball
    Manager, Intelligence & Innovation
    United Kingdom
    ------------------------------



  • 6.  RE: Risk and design inputs/outputs traceability

    Posted 28-Mar-2024 09:27

    Thank you Ed. What about updates to the risk analysis made after all the design control documents are complete (for example, due to post-market information)? Do you then revisit the design inputs document and the traceability matrix and update them as well?



    ------------------------------
    Noa Ofer
    Senior Director QA & RA
    Microbot Medical
    Yokneam Ilit
    Israel
    ------------------------------



  • 7.  RE: Risk and design inputs/outputs traceability

    Posted 29-Mar-2024 09:17

    Hi Noa,

    not neccessarily. Only when those documents need to be updated (e.g. because a design input requirements is changed, or an additional risk control measure is identified and added as design input requirement and consequently needing verification and validation).

    Your design change process should guide you through the design change, whatever the starting point of a design change is..



    ------------------------------
    Peter Reijntjes
    Consultant Regulatory & Quality Affairs Medical Devices
    Heteren
    Netherlands
    ------------------------------



  • 8.  RE: Risk and design inputs/outputs traceability

    Posted 30-Mar-2024 08:48

    Noa, the risk traceability matrix must be kept up to date, along with the entire Risk Management File, throughout the entire product lifecycle.

    If you have an electronic documentation system it can be set up to update the matrix automatically when the cited document changes. 



    ------------------------------
    Edwin Bills
    Edwin Bills Consultant
    ASQ Fellow CQE, CQA, CQM/OE, RAPS RAC
    elb@edwinbillsconsultant.com
    ------------------------------



  • 9.  RE: Risk and design inputs/outputs traceability

    Posted 29-Mar-2024 09:19
      |   view attached

    Unfortunately I have come on to this discussion late in the process.  There have been some excellent responses by Peter and Edward, but I saw one this that I may need to clarify.  

    As an example I can point to the GHTF guidance on risk management which I will attach, which has an example of the traceability matrix in Annex C.  The various risk analyses described by Peter are in fact, all part of ONE risk analyses for the product.  

    Certainly we do lots of different activities to create that input such as usability,  any software, cybersecurity, biocompatibility, electrical, environmental, the responses to ISO TR 24971:2020 Annex A Characteristics Related to Safety (required in ISO 14971 :2019 5.3) etc, all need to go into one traceability matrix which should start with the identified hazard, and progress through identification of the hazardous situation that exposes the hazard, the harms (multiple) that may occur as a result of he exposure, the probability of occurrence of harm and the severity of harm.  Next comes the risk rating, and then if risk controls are required, those are identified, and the verification of implementation (design verification) and the verification of effectiveness (design validation including usability validation for IFU risk controls) and finally the benefit-risk analysis if required.  This approach is based on the GHTF document.

    A best practice is to identify the document that these items come from along with any item number or line item.  By following this process you are managing the history of the process for later actions, say if a complaint comes in about this issue.  I wrote about this in AAMI Horizons Spring 2015 Risk issue, if you can find it.  This approach has been used by some of my clients to satisfy NB and US FDA audits and inspections, with very good responses by the auditors/investigators on the demonstration of an effective risk management system.



    ------------------------------
    Edwin Bills
    Edwin Bills Consultant
    ASQ Fellow CQE, CQA, CQM/OE, RAPS RAC
    elb@edwinbillsconsultant.com
    ------------------------------

    Attachment(s)

    pdf
    sg3n15r82005.pdf   149 KB 1 version


  • 10.  RE: Risk and design inputs/outputs traceability

    Posted 29-Mar-2024 09:36

    I should have attached the risk traceability matrix I discussed.  Here it is along with other items to show visually the inputs to Risk Analysis.



    ------------------------------
    Edwin Bills
    Edwin Bills Consultant
    ASQ Fellow CQE, CQA, CQM/OE, RAPS RAC
    elb@edwinbillsconsultant.com
    ------------------------------

    Attachment(s)



  • 11.  RE: Risk and design inputs/outputs traceability

    Posted 02-Apr-2024 05:25

    Edwin,

    Thank you for your thorough answer and for generously sharing these example documents.

    Appreciate it.

    Noa



    ------------------------------
    Noa Ofer
    Senior Director QA & RA
    Microbot Medical
    Yokneam Ilit
    Israel
    ------------------------------