Best Practices for Efficient and Compliant Risk Traceability from Design to Manufacturing
Intro
Those familiar with medical device development know that risk traceability and risk management is an important aspect that threads through the entire product development process and lifecycle.
Many see risk management as discrete deliverables completed by different team members at certain phases of product development. For example, a risk analysis that focuses on the intended use and reasonably foreseeable misuse is typically first drafted at the onset of design controls by primarily those in touch with the user’s point of view – human factor engineers, marketing, clinicians, etc. While a risk analysis focused on the design occurs during the detailed design and development phase with heavy input from the design engineers. And yet another team, mostly of those on the manufacturing team contributing to the manufacturing risk analysis.
However, it’s important that risk management is treated holistically, with traceability and connections from design to manufacturing. This traceability and connection has many benefits, including compliance with ISO 14971, the standard for the application of risk management to medical devices and meeting FDA expectations for a ‘risk-based’ approach for design and manufacturing of a medical device. Other important reasons include consistency, more efficient risk analysis, and ensuring risks identified at any point throughout the product development and lifecycle are appropriately passed along and mitigated to the various team members and stakeholders addressing those issues.
Here are my best practices for ensuring risk traceability throughout the product lifecycle, from design to manufacturing, and to post-market surveillance.
RELATED: Design Transfer: Best Practices for Translating Your Device Design into Manufacturing Specifications
Main points for How
1: Create a ‘master list’ of hazards, hazardous situations, harms and severity of harms
A common early step in risk management is creating a preliminary list of hazards. I extend this concept to hazardous situations, the resulting harms from those hazardous situations, and associated severity of those harms.
As the team starts its first risk analysis, say from the application or use point of view, note the hazardous situations that tend to repeat or are very close in description to one another. After the first team session or two, take a moment to review the hazardous situations that have been named to date, determine the unique hazardous situations, and create a ‘master list’ of hazardous situations.
Next is to determine the corresponding harms and severity of those harms associated with these hazardous situations. And add these to the ‘master list.’ Again, the corresponding harm(s) to a hazardous situation is finite and doesn’t generally change. For example, take a device with a small cutting edge. The hazardous situation is the user’s exposure to the sharps edge. Let’s say the resulting associated harm is a cut with a minor severity. Thus, anytime a foreseeable event is determined by the team to lead to the hazardous situation of the user’s exposure to the sharp edge, the associated harm of a cut with a minor severity can quickly also be listed. This prevents the team needing to reassess from scratch what the associated harm should be in each future instance that this hazardous situation arises.
Use this ‘master list’ for the future risk assessments to standardize risk practices and optimize efficiency by reusing the same risk content. Picking from a list is an efficient way for the team to identify and document the associated hazardous situations for each foreseeable event, keep wording consistent, and make it easier for new team members to understand the common outcomes. Of course if a truly unique and new hazardous situation does arise, it can be added.
2: Ensure risk assessments is available for all risk management team members and partners
Given that the functions and specific team members working on risk management will change over time, it is important that there is an effective way to share and notify the team members and partners over time. For consistency and team efficiency, ensuring access to the ‘master list’ described above to the manufacturing team and vendors will give them visibility and insight to the risks they should be on guard against, as one example.
Another example is if a design feature is identified as a mitigation for a use error, this information needs to be passed along to the design engineers to ensure said feature is designed in. To build upon the sharps example from above – After the sharps hazard is first identified, the team decides to implement a physical guard around the sharp edge. This requirement needs to be passed along to the design engineers to ensure it is designed in, not added after design freeze, when changes are more costly and time consuming. Similarly, this risk can be traced to the manufacturing team to evaluate the risks of manufacturing said sharps guard to ensure it is assembled correctly and does not fail in the field. Also, if the sharps guard design changes or becomes obsolete, you would want team members to know it’s a risk control mitigation and ensure the risk concerns remain addressed and documented.
3: Pick an appropriate tool to stay organized and efficient
Traceability of risk management and requirements arising from risk management can quickly become unwieldly, especially for complex systems, electromechanical devices, and those with software. Using traditional tools like Microsoft Word™ and Excel™ documents for risk management and requirements traceability are difficult to manage and prone to mistakes and gaps due to the manual input and review required.
Using a tool like Jama Connect® allows for easier visibility to gaps in traceability, allows for automated review and notification workflows, and features that ensure consistency, all leading to a compliant risk management file with less of the errors and inefficiencies associated with manual tools. It also has ways to manage the ‘Master List’ described above and create a Global Library of risk content that can be leveraged for new projects, allowing organizations to expand its portfolio and scale efficiently.
RELATED: Understanding Integrated Risk Management for Medical Device
Conclusion
Risk management done right is holistic and connected throughout product lifecycle from design to manufacturing, and beyond. Follow these best practices for both a compliant and efficient way to manage risk.
- Practical Guide for Implementing Software Validation in Medical Devices: From FDA Guidance to Real-World Application – Part 2 - March 28, 2023
- Practical Guide for Implementing Software Validation in Medical Devices: From FDA Guidance to Real-World Application – Part I - March 7, 2023
- Common Pitfalls in Change Control Traceability and How to Compensate - January 17, 2023