The requirement on having a policy for establishing criteria for risk acceptability was added to the ISO 14971:2019 version of the standard. The requirement is particularly important to meet MDR and IVDR requirements on risk management.
The reason for the addition of the requirement of having a policy for establishing criteria for risk acceptability in the ISO 14971:2019 version of the standard was that the concept was often misunderstood in the previous 2007 version of the standard. The “risk policy” was often replaced with only a risk evaluation matrix as seen below. This was not the intent of the standard.
As part of your risk management system, top management must define and document a policy that is the starting point for the determination of criteria for risk acceptability. Thus, the risk acceptability criteria should be derived from the policy, similarly to how quality objectives are derived from the quality policy according to ISO 13485.
The policy is supposed to provide a framework that ensures that criteria are based on applicable national or regional regulations, such as the MDR or the IVDR, and relevant international standards, and take into account available information such as generally acknowledged state of the art and known stakeholder concerns.
This policy should be included in your documented procedures or Standard Operating Procedures (SOPs), outlining how your organisation views and manages risk, thus setting the tone for your overall risk approach. Having this documented within your SOPs ensures continuity, consistency, and clarity when managing risks in multiple phases or aspects of your operations.
The criteria for risk acceptability that are derived from the policy must be documented in the risk management planning. The risk management planning does not have to be one document with the name risk management plan, but it can be documented in different formats and in different documents. But it is generally a good idea to not deviate too much from having one document called risk management plan.
The policy for establishing criteria for risk acceptability should typically include:
The policy is particularly important when considering MDR and IVDR requirements as the General Safety and Performance Requirements (GSPR) clause 2, states the following:
The requirement in this Annex to reduce risks as far as possible means the reduction of risks as far as possible without adversely affecting the benefit-risk ratio.
This means that merely reducing risks to a level where the magnitude of risk is reduced below a threshold is not sufficient; the risks must be reduced as far as possible without adversely affecting the benefit-risk ratio. Thus, this is a relative measure of risk reduction. And when claiming compliance with MDR and IVDR requirements, the policy must include the principle.
This policy applies to all persons involved in establishing, reviewing, updating, and approving the criteria for risk acceptability in risk management plans for medical devices that are within the scope of our operations.
The following factors and considerations should be taken into account when establishing the criteria
for risk acceptability:
As a general principle:
Individual risks:
It is the responsibility of top management to define and document the policy, and therefore also to approve it. Top management is defined in ISO 14971 as:
Person or group of people who directs and controls a manufacturer at the highest level.
Get instant access to our online Risk Management for Medical Devices and ISO 14971:2019 course right here. In 10 hours, you can learn more about how to develop new medical devices and maintain them in organisations where design control requirements apply.
This course is taken by quality assurance, project management, design engineering or those involved in R&D and product development teams.
Or if you’re looking for a tailored training to align with your company’s specific needs – contact us for inhouse training options.
Peter Sebelius is a highly esteemed trainer, consultant and entrepreneur in the medical device industry. He is a member of the Joint Working Group that is revising the ISO 13485 and ISO 14971 standards.
He has vast ‘hands on’ experience, having developed, amongst other things, a mechanical chest compression device and an ex vivo perfusion machine for lungs. He has received numerous awards including the Great Design Award and the title “This year’s specialist” by Veckans affärer.
Receive FREE templates and quarterly updates on upcoming courses that can help you in your career! Subscribe to our newsletter now.
When you submit this form, you will be sending personal information to medicaldevicehq.com. To comply with GDPR requirements, we need your consent to store and use the personal data you submit. Take a look at our Privacy policy for more details.
Choose your course options below
IMPORTANT – The course will be associated with the account that the purchase is made from. Are you taking the course or is someone else?
Oops, I actually wanted to buy seats for several people. Take me to the right place.
Special launch offer: 349 299 EUR for the online plan & 449 349 EUR for the online lifetime plan.
