I have to make a comment. I think auditors, consultants, Registrars, NBs, and regulators expecting a certain document to be in "this file" or "that file"' or expecting tools using thirteen ways from Friday to be used to estimate risk are really turning people off from doing anything. This can lead to all sorts of extra non-value procedures and activities for companies, or they just throw up their hands and do nothing until they have a major finding or lawsuit.
For example, for even something as "simple" as filing, my simple suggestion - make a "folder" for a Design File in an electronic or paper system . In that folder, have a sub-file for RMF. In THAT folder make a sub, sub-folder for UEF in there. KEEP track of those and all specific documents in the DHF Index , which is similar to an EP or ER checklist. Keep it updated.
DONE.
Everytime I see comments lamenting clients' lack of understanding about risk management (ISO-14971), I want to protest. Yes, you can use thirteen tools, numerous experts, literature reviews, statisticians for probability estimations. Does one need all that for lower risk devices? Please consultants do not scare innovators in application of over a voluntary standard. It just seems to me over time "we" (the industry) are creating a monster that only certain qualified "Risk Management Expert Consultants" charging $300 an hour will be deemed qualified to perform.
Having to read and apply the 100 page TIR 24971 to "interpret" ISO 14971:2019 is overwhelming for a start-up. To then criticize any effort is demoralizing to them. It just seems to me, someone who has seen very bad (lack of) RMFs and over-complicated RMFs even risk management experts in a large company can explain, that "we" have screwed this up.
That said, I have been involved in RM since implementation of ISO 14971:2007, as a user and now a consultant. I have seen its application evolve through "preliminary [software] hazard analysis leading to hazard analysis. I have seen and used detailed software and use hazard analysis with event sequence interactions leading to software safety classification and use studies. Other tools used: sFMEA, dFMEA, pFMEA, uFMEA, FTAs of all sorts. I have seen many different ways to write the final risk management report.
This said, I am myself uncertain where "we" are letting requirements of a "voluntary standard" end versus committee and consultant decided "best practices" start to creep in, so I myself am taking a refresher 2 day course on ISO 14971:2019 at the end of the month.
After reading the redlined version of ISO 14971:2019, its TIR, the standard IEC 80002-1, and the risk standards on cybersecurity risk management multiple times, it seems to me that it is time for committees to stop birthing standards and for consultants to keep it simple when it can be.
Ok, thanks for reading my rant. Peace be with you.
------------------------------
Ginger Cantor, MBA, RAC
Founder/Principal Consultant
Centaur Consulting LLC
River Falls, Wisconsin 54022 USA
715-307-1850
centaurconsultingllc@gmail.com------------------------------
Original Message:
Sent: 18-Apr-2020 17:04
From: Dan O'Leary
Subject: Usability engineering file vs. FDA Appendix A HFE/UE Report
The IEC 62366-1:2015 Usability Engineering File and the FDA HFE/UE Report are different because they serve different purposes.
The Usability Engineering File collects all the documents related to the usability engineering process. You should make your own checklist for your usability engineering process by searching IEC 62366-1:2015 for the phrase "Compliance is checked by". You will get everything that needs to be in file. Then determine how you implemented the usability engineering process. For example, you might have tailored it or you might have a legacy interface with UOUP. Adjust the checklist. Then identify the specific documents required by your implementation. Be mindful of EU-MDR Annex II(4)(d) which requires, "the precise identity of the controlled documents offering evidence of conformity with each harmonized standard, CS, or other method applied to demonstrate conformity with the general safety and performance requirements". The contents of the Usability Engineering File fall under this provision. See the EU-MDR Annex I(5), for example, since it includes use-error.
There is often a question of the residence of the Usability Engineering File. Usability engineering is one of the specific applications of Risk Management. ISO 14971:2007 is a normative reference, but you should implement ISO 14971:2019. Some people like to include the Usability Engineering File in the ISO 14971:2019 Risk Management File. Others keep it as a separate file. In either case, the ISO 14971:2019 Risk Management Plan applies. You will need, at least, the risk acceptability criteria for the case when you cannot estimate the probability of occurrence of harm. You will not be able to estimate the probability of use-error as you analyze the hazard-related use scenarios.
There is often a question of the residence of the Risk Management File and the Usability Engineering File. In an FDA QSR implementation, they are in the Design History File. In an ISO 13485:2016 implementation, they are in the Design and Development File. After release to production certain parts of these files move for maintenance in the Production and Post-production phases.
The FDA HFE/UE Report is just that, a report. It is a document not a file. There are two situations for FDA, whether or not the pre-market submission requires the report. There is a draft guidance document, List of Highest Priorities Devices for Human Factor Review, that answers the question.
In QSR, usability is part of the 820.30(g) design validation because it addresses patient or user needs. If you need to write the report, follow the format in the guidance document Applying Human Factors and Usability Engineering to Medical Devices, Appendix A. Include the report in the DHF. I recommend including it in the Usability Engineering File.
------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
Original Message:
Sent: 15-Apr-2020 13:24
From: Anonymous Member
Subject: Usability engineering file vs. FDA Appendix A HFE/UE Report
This message was posted by a user wishing to remain anonymous
Hi all,
I am going through IEC 62366-1:2015 (Ed.1) and the FDA guidance on human factors and I am trying to figure out differences and similarities between what IEC calls "usability engineering file" and FDA "HFE/UE Reports". I see differences both in terms of content and outline when I compare the section heading of the standard vs. the structure of the documentation requested by the FDA.
Does any of you have a checklist or a good template to use for such documentation to comply with both at the same time and make happy both the NBs in Europe and the FDA?
Thanks in advance for your help.