Risk File

The risk file is an important part of any regulatory filing. BSC has extensive experience creating risk files that are accepted by both the FDA and notified bodies. Use BSC to gain confidence that your risk file will be accepted.

IMG_5376.JPG

This project will generate a risk file for one project, defining the risks and mitigations and showing how the device is safe and effective for its intended use. 


The output documents from this project are:

  • The Risk Management Plan

  • A Top level Hazards Analysis showing the overall risk of the device

  • Design FMEAs/FMECAs showing individual failure modes and their mitigations (System, Subsystem, and Use/Misuse)

  • A Safety Assurance Case explaining how the overall design process and device implementation result in a safe and effective device

  • A Graphical representation of dFMEA/FMECA structure (similar to this structure)

  • A Process FMEA analyzing risks in manufacturing

Note FMEA and FMECA are used interchangeable after this point as each project can choose their preferred methodology.

Project Overview

Phase 1: Risk Management Plan

IMG_6947.JPG

The creation of the Risk Management Plan defines the scope of work to be done. 


The process of writing, reviewing, and approving the Risk Management Plan accomplishes the following:

  • Identifies standards to comply to (ISO 14971:2012 recommended)

  • Identifies guidance documents from the FDA that need consideration (e.g. Safety Assurance Cases for Infusion Pumps)

  • Defines the  structure of top level Hazards Analysis

  • Determines subsystems requiring their own FMEA/FMECA

  • Defines qualitative occurrence and severity levels

  • Defines risk levels (Acceptable, ALAP vs ALARP, Unacceptable)

  • Defines how quantitative occurrence is calculated (P1*P2)

  • Determines if pre-mitigation occurrence and risk will be included

  • Defines the relationships between risk documents

  • Defines the process for determining if a Risk Benefit Analysis is needed

  • Defines the process for secondary hazards

Phase 2: Top Level Hazards Analysis

IMG_1505-EFFECTS.jpg

This phase generates a top level hazards analysis. From a list of medical risks, a top level hazards analysis along with the system response is drafted. Depending on how the risk file is structured this can either be a standalone document or it can be a summation of the FMEAs generated later.

This phase involves determining the hazards, top level requirements controlling the hazards, and the expected residual risks.

Phase 3: FMEAs

IMG_6540-EFFECTS.jpg

This phase analyzes the implemented or planned design and identifies all reasonably foreseeable failure modes. The phase starts with the generation of failure modes for the System FMEA. These are linked to Hazards providing the Severity for the FMEA lines. Occurrence is determined using engineering judgement and the result is the Risk Classification.


With the failure modes of the System FMEA determined, the subsystem FMEAs can generate their list of failure modes. Often in the analysis of subsystem failure modes, new system failure modes are identified and added to the System FMEA. 


Throughout the process of failure mode identification, already implemented mitigations are mapped to the failure modes, and where necessary, new mitigations are created.


FMEA generation is iterative and involves inputs from the entire team to ensure the creation of a safe and effective device. As new mitigations are added, each mitigation needs to be assessed for new hazardous situations or secondary hazards

.


The Use/Misuse FMEA can be generated in parallel to the other design FMEAs. The Use/Misuse FMEA identifies all reasonably foreseeable misuse based on a review of the workflow. The severity in the Use/Misuse FMEA is used to identify which tasks need testing in a Summative Human Factors Study.


Once all design FMEAs are fully drafted, a review with the subject matter experts, and preferably an independent expert is conducted. After the review, the FMEAs are approved and signed off.

Phase 4: Process FMEA

IMG_4577-EFFECTS.jpg

Manufacturing risk is captured through a Process FMEA. Failure modes in the documented manufacturing process are identified. The Process FMEA generally uses a different Severity and Occurrence classification scheme than a design FMEA, and it focuses on the possibility of an escape (a defective device actually reaching a customer). 


Severity, Occurrence, and Detectability of each failure mode are defined on a scale of 1-10 which are multiplied together to give a Risk Priority Number (RPN). Based on the RPN, actions are recommended to resolve the issue which can be process improvements, design changes, in line tests, or new fixtures. The completion of the recommended actions is also documented.

Phase 5: Safety Assurance Case

IMG_4400.jpg

The Safety Assurance Case provides an explanation for why the team thinks the device is safe and effective. This includes explaining how the design process ensures that the device described in the risk file matches the device on the market, why the risk file is complete and correct, how the team knows that the mitigations were implemented, and an analysis of the reliability of the device. 

Screen Shot 2020-02-21 at 12.51.55 PM.png
 

BSC can also provide a visual representation of your risk file as an html document that looks like the image here. For a fully functioning example click here.