Regulatory Affairs Quality Assurance Consulting Services and Products

Risk Management Plan, Analysis and Report as per ISO 14971based on Preliminary Hazards Analysis, FMEA, FTA and HACCP

1. Service Description

We provide risk analysis service for both product and process. It consists of risk associated with design, development, manufacturing of the product and processes. We also do extensive software risk management analysis and human factor analysis. The report consists of risk identification, risk priority number assignment, recommended action to reduce the risks to reduce the risk priority number to an acceptable level.

There will be productivity increase and cost savings of more than 90% using our service. Your company will save money from several thousand to millions of dollars adding to your bottom line profit.

The Risk Analysis evaluation method usually used are Preliminary Hazards Analysis, FMEA, FTA and HACCP as listed below:

Preliminary Hazards Analysis: A high level, step-by-step approach for identifying hazards, assessing risk and recommending actions. Preliminary Hazard Analysis is a guide for identifying design inadequacies, development of safety requirements and safety design features. More detailed risk analysis (e.g., FTA, FMEA) may be required following a Preliminary Hazard Analysis
Failure Modes and Effects Analysis: FMEA is a “bottom-up analysis”. It analyzes each component or subsystem to determine potential failures and how these failures will impact the whole system. Based on the risk level, actions are planned to minimize the probability of failure and/or reduce the severity of the effects.
Fault Tree Analysis: FTA is a “top-down analysis.” It identifies system failures and then further analyzes the possible direct causes for the most serious potential failures. Based on the risk level, actions are planned to minimize the probability of failure and/or reduce the severity of the failures.
Hazards and Critical Control Point Analysis (HACCP): Used for manufacturing process points analyzed for criticality. Steps followed are
1. Conduct hazard analysis, identify preventive measures
2. Identify critical control points
3. Establish critical limits
4. Monitor each critical control point
5. Establish corrective action to be taken when deviation occurs
6. Establish record-keeping system Establish verification process

2. Cost Savings - Return on Investments (ROI)

Amount of money saved by your company on using our service based on the company size is provided in the Table 1.0.

Projected savings is based on

Process efficiency gains (people)
Less personnel requirements (people)
Infrastructure efficiency gains (systems)
Infrastructure validation and maintenance (systems)
Delivering quality products
Avoid regulatory noncompliance cost
Avoid regulatory fines cost

Compared to cost associated with company's inefficient internal manual methods, , systems, tools, software’s, and personnel etc. Detailed Return on Investment (ROI) information is available on request.

Company Size	Small	Medium	Large
$Savings	≥ 90%	≥ 90%	≥ 90%
Annual Sales	≤ $100 million	$100 million < Sales ≤ $500 million	> $500 million
Number of Submissions	≤ 2 per year	2 < Sub ≤ 4 per year	> 4 per year

Table 1.0 - Amount of money saved by your company on using our service. Company size is based on annual sales as per FDA classification.

3. Solution Approach

Step 1 Establish Risk Management Team
Step 2 Develop, review and approve Risk Management Plan
Step 3 For each risks identified, follow steps 4 through 8 below –
Step 4 Identification of known or foreseeable risks
Step 5 Estimation of the risk(s) for each risk/hazard type
Step 6 Risk evaluation
Step 7 Listing of risk control recommendations
Step 8 Review and approval of Risk Management Reports
Step 9 Review and update as required. Approve and file subsequent versions of the Risk Management Plan and Reports during the product development process
Step10 Post-production risk management activities occurring after product release will be the responsibility of the Product Line Sustaining Team

The Risk Analysis File or Report(s) is created providing traceability to each hazard in the risk analysis and determines whether the residual risk is acceptable based on severity, occurrence and detection rate. It usually consists of:

Risk Analysis Method
Risk Analysis Summary
Risk Analysis Conclusion

The ultimate goal of the risk analysis is to reduce the risks to as low as possible before the product is launched ensuring they are safe and effective.

Schematic Representation of the Risk Management Process

Figure 1 - Schematic Representation of the Risk Management Process - Source ISO 14971:2007 Standards

Overview of Risk Management Activities as Applied to Medical Devices

Figure 2 - Overview of Risk Management Activities as Applied to Medical Devices - Source ISO 14971:2007 Standards

4. Definitions

Type	Definition
Harm	Physical injury or damage to the health of people, or damage to property or the environment [ISO/IEC Guide 51:1999, definition 3.1]
Hazard	Potential source of Harm [ISO/IEC Guide 51:1999, definition 3.5] Hazardous Situation Circumstance in which people, property or the environment are exposed to one or more Hazard(s) [ISO/IEC Guide 51:1999, definition 3.6]
Risk	Combination of the probability of occurrence of harm and the severity of that harm [ISO/IEC Guide 51:1999, definition 3.2]
Residual Risk	risk remaining after protective measures have been taken [ISO/IEC Guide 51:1999, definition 3.9]
Risk Analysis	Systematic use of available information to identify hazards and to estimate the risk [ISO/IEC Guide 51:1999, definition 3.10]
Risk Assessment	Overall process comprising a risk analysis and a risk evaluation [ISO/IEC Guide 51:1999, definition 3.12]
Risk Control	process through which decisions are reached and protective measures are implemented for reducing risks to, or maintaining risks within, specified levels [ISO 14971:2000(E), definition 2.16]
Risk Evaluation	Judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context based on the current values of society [Based on ISO/IEC Guide 51: 1999, definitions 3.11 and 3.7]
Risk Management	Systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating and controlling risk [ISO 14971:2000(E), definition 2.18]
Risk Management File	set of records and other documents, not necessarily contiguous, that are produced by a risk management process [ISO 14971:2000(E), definition 2.19]
Safety	Freedom from Intolerable or Unacceptable Risk [ISO/IEC Guide 51:1999, definition 3.1]
Severity	Measure of the possible consequences of a Hazard [ISO 14971, definition 2.21]
Tolerable Risk (Acceptable Risk)	Risk which is accepted in a given context based on the current values of society [ISO/IEC Guide 51:1999, definition 3.7] NOTE 1 Tolerable Risk is the result of a balance between the ideal of absolute safety, the demands to be met by a product, process or service, and factors such as benefit to the user, suitability of purpose, cost effectiveness, Risk Evaluation, conventions of the society concerned, and the state of the art. NOTE 2 The term “Acceptable Risk” is used in ISO 14971 in the same sense as Tolerable Risk.
Intolerable Risk	Risk that is not a Tolerable or Acceptable Risk [Based on IEC 61010-2-101, Annex AA]
Reasonably Foreseeable Misuse	Use of a product, process or service in a way not intended by the supplier, but which may result from readily predictable human behavior [ISO/IEC Guide 51:1999, definition 3.14]

5. Applicable Laws, Regulations and Standards

ISO 14971– Medical Devices – Application of Risk Management to Medical Devices
FDA's Pharmaceutical Quality for the 21st Century - A Risked Based Approach - http://www.fda.gov/oc/cgmp/
ISO/IEC 16085:2004 - Information technology. Software life cycle processes. Risk management
IEC 60601-6 - Medical Electrical Equipment - Requirements for Safety
AAMI HE74: Human Factors in Medical Device Design
Human Factors User Interface Design Cycle - http://www.fda.gov/cdrh/humanfactors/index.html
ISO/IEC Guide 73:2002 - Risk management -- Vocabulary -- Guidelines for use in standards