Risk & Reward: Taking The Guesswork Out Of Compliance & Safety For Medical Devices

The world-famous and often quoted maxim: ‘the one constant is change’ certainly holds true for the medical devices sector. That doesn’t stop at the fast pace of innovation, but starts at the minefield of compliance and regulation that is rightly imposed on the sector that is expected to recover and reach $603.5 billion in 2023.

Needless to say, safeguards must be built into life-critical treatments, products and interventions, where a design flaw or unsufficient attention to potential harms can spell the difference between safe or potentially lethal medical devices.

Across the world – in the US under FDA, and Europe with notified bodies, and a raft of COVID delayed new regulations or significant changes to existing protocols, the medical devices industry faces a changing regulatory landscape. These regulatory bodies need to be assured that products meet control standards and are ultimately not just fit for purpose but also safe to use.

Huge Responsibility On The Manufacturer

But the buck doesn’t stop at the delivery door for medical device manufacturers. The burden of risk mitigation extends to the user of products and that can mean clinicians or OTC (over the counter) consumers in the case of self administration (such as inhalers, injections, drugs).

Risk management involves the identification, understanding, control, and prevention of failures that can result in harm when people use medical devices. Hazard Analysis and Risk Analysis, are structured tools for the evaluation of potential problems which could be encountered in connection with the use of taking a drug, or using a medical device.

Manufacturers are expected to identify possible hazards and hazardous situations which could lead to harm associated with the design in both normal and fault conditions. If any risk is judged unacceptable, it should be reduced to acceptable levels by appropriate means.

This all places a huge responsibility on the manufacturer and demands the most stringent of processes. Here’s where Compass plays a crucial role in helping to build safer, compliant medical devices.

Ability To Embed Regulations & Standards

Our risk-first approach places an emphasis on comprehensive risk analysis and its integration into the design control process so that all risks are identified and considered. We tightly integrate risk with requirements and testing to ensure quality is integral throughout all phases of product development – enabling companies to deliver safer, compliant products to market faster.

Compass helps companies navigate this critical pathway to product introduction. Based on ISO/TR 24971:2020 Compass guides the user in setting up the risk management process. Compass poses simple questions and uses the answers to auto-populate risk analysis tables.

Working directly from standards and regulations, such as ISO 13485, ISO 14971 or EU MDR, is the most efficient way to achieve rapid compliance. Using standards and regulations as a starting point means your technical documentation (i.e., Design History File (DHF), Annexes I and II, etc.) is audit-ready, submission-ready, and easily supports process enquiries.

In many other product development platforms, risk management is not a native integration. Compass, on the other hand, was built with a risk-first approach that places high emphasis on the value of tightly integrating risk management in the design control process with requirements and tests.

With Compass, you are guided through the process of:

• Creating a Risk Management Plan
• Carrying out Preliminary Hazard Analysis
• Performing Use Error Analysis
• Setting up a Design FMEA
• Performing Design Risk Analysis

Why is this important? Each of the above risk tasks must be addressed individually since the goals of each task are fundamentally different. However, it is imperative that they are all integrated and tell a cohesive story of how the device is designed for safety, and what controls are in place to ensure that safety.

Unlike other risk management tools, Compass not only manages individual risk data points, like hazards, hazardous situations, and harms, but it also manages the sequence of events that ultimately could lead to a patient being harmed. While the individual risk data points can be stored in a library and reused, it is this unique sequence of events as a whole that must be mitigated against.

‘Shaken But Not Stirred’

Our extensive research shows that connecting FMEA (failure modes and effects analysis) and Risk Analysis through the Sequence of Events component allows you to maintain the work done in FMEA while identifying control measures to be reused in the risk analysis assessment should they effectively contribute to lowering the risk. This method, in our view, is the right approach to complying with ISO 14971. To dig deeper, read the article published in MDDI, “Complying with ISO 14971:2019,” by our Compass Product Line Manager, Ben Higgitt.

An example we often cite, was a project for a company that makes medications for skin diseases: an ointment. They wanted to create a spray device to make application easier. However the initial design showed that while spraying itself was OK, too little medication was applied – introducing the risk that the treatment would be ineffective, which would not clear to the patient.

To mitigate this potential risk, they adapted the design to incorporate a warning light on top of the device. The spray head would not be activated until the user had shaken the canister long enough and the warning light turned green. They identified their risk and mitigated it by implementing functionality that would improve the efficacy of the device.

Difference Between Product Delays & A Market Winning Solution

Traceability is critical too. Linking all related information is essential in being able to deliver actual proof to auditors like the FDA and notified bodies that risks have effectively been mitigated. Time is critical and companies can’t afford to spend time fixing things. Tools like Compass allow manufacturers to access that information, combine it with automated support and documentation and that can indicate what needs fixing before the auditor arrives to review.

When looking at guidelines and that includes ISO 14971 and others, they state you need standard operating procedures in which you document the processes, who is involved, and who was assigned each role. At Compass we have built fail-safe processes. It simply won’t work until you include all of the essential risk management process information – integrating this into one single environment.

Overnight, Compass can be implemented and could well spell the difference between product delays or failures that could become seriously costly and potentially threaten the future of an organisation, or safe and timely production of a market winning solution.

Request a Demo and See How Compass Can Help You Get to Market Faster, With Complete Traceability.