A few comments from my end :
First of all, in direct relation to your question about a Notified Body's position on the clauses of the Z-Annexes of EN ISO 14971:2012 and the NBRG Consensus Paper of two years later (October 2014). From two of our auditors (that I both value very much for their expertise, their intelligent approach to auditing, and (above all) their continuous attention for the safety and performance of medical devices) :
Regarding the publication of EN ISO 14971:2012, I remember one of them stating about the impact of the Z-Annexes : "it means more paper work, but most likely no design changes".
And regarding an evaluation of the overall risk/benefit ratio for one of our devices, another auditor thought we had somewhat over-estimated the residual risk.
For me, this Forum post is pretty much reflecting the debate that seems to be going on for a long time now on how to make the best possible use of Risk Management as a tool to help ensure the responsible use of medical devices, i.e., to ensure they have a favorable Benefit-to-Risk ratio. One the one hand, many of the current (IEC and ISO) standards and (FDA) guidance documents emphasis the notion of "risk management" as a means of contributing to device safety. On the other hand, doubts have been expressed whether Risk Management is a tool that will allow for consistent decision making and whether more Risk Management leads to safer devices or just more paperwork.
To fuel that debate a little bit more :
I recommend reading this AAMI blogpost : https://aamiblog.org/2016/08/23/william-hyman-do-we-know-how-to-evaluate-and-compare-risks-and-benefits/ .
I think the continuous issuance of documents of a regulatory nature demonstrates that we are all still trying to achieve a better consensus and convergence regarding what constitutes useful Risk Management for medical devices:
- EN 1441 (published in the mid-1990s)
- ISO 14971:2007 (first published in 1998 as ISO 14971-1, thereafter as ISO 14971:2000)
- EN ISO 14971:2012 (with its Z-Annexes)
- ISO 24971:2013 (guidance on ISO 14971:2012)
- NBRG ("Interim NBMed Consensus Paper"), 2014)
- AAMI White Paper "Risk Principles and Medical Devices: A Postmarket Perspective", 2015
And so on … .
Whereas ISO 14971 contains a definition of "risk", it does not contain a definition of "benefit". The absence thereof does not seem helpful, if we want to ensure consistency when performing "benefit-risk-analysis". I have also not found a definition of "benefit" in the GHTF-publications about "Clinical Evidence". The above cited AAMI White Paper is the first publication I came across with an attempted definition of "benefit" by referring to ISO 16439: 2014 « Information and documentation -- Methods and procedures for assessing the impact of libraries" (yes, libraries !). Now the recently published MDR (EU/2017/745) finally contains definitions of "benefit-risk determination" (Article 2, definition 23) and "clinical benefit" (Article 2, definition 53), so let's move forward with those.
And I could easily fuel this debate with more …. . And you ?
Just to end my contribution : all we do must always first and foremost serve the interest of the patient, of the health care professionals caring for the patient, and of public health in general. We also have a legitimate purpose in ensure the good (business) health of the organizations we work for. Filling binders with paper or spreadsheets with numbers that do not serve these interests should have no place in this world.
------------------------------
Ary Saaman
Director, Regulatory Affairs
Debiotech S.A.
Lausanne
Switzerland
------------------------------
Original Message:
Sent: 05-Oct-2017 17:21
From: Anonymous Member
Subject: Content Deviations of Annex ZA, EN/ISO 14971:2012
This message was posted by a user wishing to remain anonymous
I am interested in getting feedback on your experience with NB audits, specifically regarding content deviation #4 of the EN standard and how your NB is interpreting this requirement. It states that each individual risk as well as all risks combined require a Risk Benefit Analysis (RBA). In October of 2014, a consensus paper was published by the NB Recommendation Group that seemed to soften this requirement somewhat. It states the following:
"at the end of the risk management process, the mfr shall perform a RBA for individual risks that are not acceptable according to the criteria explained in content deviation #2 and for which further risk reduction is not possible. In any case, the mfr shall perform an overall RBA considering all individual risks to provide a rationale for overall risk acceptance."
How do you interpret this and what experience do you have with your NBs?
Thanks in advance.