Diligence, complete and proper examination and assessment of the gaps, and correction of the gaps right from the very start of product development are the core characteristics that need to go into implementing risk management of software used in medical devices.
These are the reasons for it:
- Lack of proper and complete implementation and gaps in them lead to major drawbacks such as production delays or deficiencies. Getting the necessary regulatory certification or approval or both for such products is almost impossible
- Because of the inseparable bond between most activities and the development lifecycle; a medical device manufacturer will find it extremely difficult to separate any single activity and perform it with retroactive effect after a gap is detected. The detection of gaps in the midway stage of production neutralizes all the activities performed till then, causing the company to have to start from the beginning, no matter at which stage the gap is detected. The delays and cost overruns from such a scenario are extremely high.
Is there a way out? Yes. Embedding software risk management into the bigger scope of overall risk management is the solution. This is the cure to defective product development. This is why companies need to implement globally applicable standard requirements such as ISO 14971 and IEC 62304. These are important guidelines for helping medical device companies overcome the impediments associated with risk management of software used in medical devices.
Regulatory agencies around the world expect medical device companies to implement these global standards, which make risk management mandatory to almost any activity in the medical device industry.
The IEC 62366-1: 2015
There is also the IEC 62366-1: 2015 in addition to ISO 14971 and IEC 62304. The IEC 62366-1: 2015 specifies a process that a manufacturer has to use to consider, state, develop and assess the safety aspect of the usability of a medical device. It relies on human factors engineering in its usability process to help the manufacturer in evaluating and mitigating the risks associated with normal use, for which correct use and use errors are taken into consideration. The IEC 62366-1: 2015 standard is used for identifying, assessing or mitigating risks associated with normal use, but not abnormal use.
Getting it right from beginning till the end
It is necessary for medical device companies to implement the regulatory requirements set out in ISO14971 and IEC62304, as well as IEC 62366-1: 2015 standards that deal with risk management of software used in medical devices in the right manner to get regulatory approvals and meet quality standards.
How do medical device companies do this? This is what a seminar that is being organized by GlobalCompliancePanel, a popular provider of professional trainings for the regulatory compliance areas, will teach. The course Director, Markus Weber, Principal Consultant with System Safety, Inc., who specializes in safety engineering and risk management for critical medical devices, will explain the ways of designing, implementing and testing critical medical device software in a regulatory compliant environment.
To register for this learning, please visit The ways of applying ISO 14971, IEC 62304 and IEC62366-1 to medical device software. This course has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.
The requirements of globally applicable standards
The requirements set out by international consensus, reflected in globally applicable standard requirements such as ISO14971 and IEC62304, which has led to risk management being a mandatory component of almost any activity in the medical device industry, will be explained.
Since embedding software risk management into the larger framework of overall risk management is a critical aspect; this will form the basis of this seminar. Markus will explain all the steps needed to design, implement and test vital medical device software in a regulatory compliant environment in a way that adheres to the principles of risk management. He will also take up system level risk management and the ensuing interfaces to software.
A look at the safety case method
A well-established method used to collect and consolidate all safety related information together in one location is what is called the ‘Safety Case’ or ‘Assurance Case’ document. This step has the purpose of helping in comprehensively summarizing all the risk related activities and demonstrate the safe properties of a device.
The FDA currently requires this method for only infusion pump submissions. But it hoped that this system of documentation will become standard practice across all devices that come up for approval in the future. Markus will offer an introduction to the basic concepts and content of safety assurance cases. He will also describe their utility for internal and external review of safety related information.
Applying risk management principles in practice
The Director of this seminar will lace the session with real-life examples and proven tips. The aim is to help participants derive the benefits of the practical application of risk management. The system level issues of risk management will be explained, along with the increasingly important software-related issues of critical systems.
An assurance case, which will be introduced at this seminar, will be an add-on in making the effort needed for designing, implementing and verifying a safe device transparent. One of the outcomes of this two-day learning is that participants will be able to comply with regulatory requirements at a much lesser cost and with reduced spending on resources.