A common practice in the medical industry to use severity level 1 as a catch-all category to include all product issues that may not directly cause injury. Is this practice consistent with ISO 14971?
If a sequence of events leads to a hazardous situation and the hazardous situation does not lead to a harm then it's simply "No Risk".
If a hazardous situation is assessed to be not having a substantial magnitude of severity then I would identify those at PHA phase and explain why I won't consider those hazardous situations in my risk analysis instead of simply estimating them as insignificant severity (s1) and not increasing my rmf with lots of such SoE's.
Good points Ravikanth, thanks for sharing. It is important to remain grounded in actual clinical experience with similar devices, or in a similar clinical environment, and not do an endless "what-if" analysis of potential hazardous situations.
Mar 19·edited Mar 19Liked by Naveen Agarwal, Ph.D.
Would perhaps rephrase to be:
'If a sequence of events leads to a hazardous situation and the hazardous situation cannot lead to a harm then it's simply "No Risk".'
Where a hazardous situation can lead to harm, there is always a risk - no matter how small. That a hazardous situation has not led to harm does not mean that it cannot: an absence of evidence is not evidence of absence. This is where a lot of manufacturers get caught out.
Mar 19·edited Mar 19Liked by Naveen Agarwal, Ph.D.
I wonder whether, perhaps, the question was asked solely from the perspective of risk evaluation, rather than from the perspective of the risk management process as a whole. For the sake of keeping consistency with the question's reference to ISO/TR 24971:2020, EXAMPLE 1 at subclause 7.1.1 is perhaps useful:
'EXAMPLE 1 Eliminating the hazard of sharp edges that can cause injury by designing the surfaces with rounded edges. Eliminating the hazard of electric shock by using a manually operated pump instead of an electrical pump.'
Taking the example of the hazard of electric shock, it would result in a number of probabilistic hazardous situations, which, in turn would result in a number of associated probabilistic harms. The severities of those harms would span through those of Table 2 or Table 4 of ISO/TR 24971:2020. At this point, the risk - the combination of the probability of occurrence of harm and the severity of that harm - is entirely uncontrolled; an unmitigated risk.
The risk control is applied: no electricity.
At residual risk evaluation the hazard has been eliminated, meaning severity must tend to the lowest level; zero, in fact. Per NOTE 2, subclause 7.1, ISO 14971:2019:
'NOTE 2 Risk control measures can reduce the severity of the harm or reduce the probability of occurrence of the harm, or both.'
You simply cannot cut yourself with a jelly. Well, not unless it is frozen or moving at high speed.
The risk control in the ISO/TR 24971:2020 example patently introduces a new set of hazards and resultant hazardous situations, which is why subclause 7.5 of ISO 14971:2019 is not merely a tick box exercise.
As a final observation, neither Table 2 nor Table 4 contain an exclusive 'no injury' entry.
I am still a bit torn on this topic. Unless we automatically accept harms with no injury regardless of occurrence levels (like you suggested), it seems to me that by trying to manage "reliability" risks in the safety program, we would unnecessarily increase the noise in risk control activities. The main benefit I see in including no-injury Harms, is to show that an analysis was performed and a certain sequence of events would not lead to any actual harm (with injury - physical or not) and thus may not need any mitigations. Of course the overall benefit/risk picture can change how we treat these risks for a specific device - which I believe you also pointed out in the article.
That is a good point and a valid concern Ehsan. I think we have to start thinking about risk management, not as a separate and disjointed activity, but an integral part of our quality management system. This is what I think the intent of ISO 13485 and QMSR is.
If a sequence of events leads to a hazardous situation and the hazardous situation does not lead to a harm then it's simply "No Risk".
If a hazardous situation is assessed to be not having a substantial magnitude of severity then I would identify those at PHA phase and explain why I won't consider those hazardous situations in my risk analysis instead of simply estimating them as insignificant severity (s1) and not increasing my rmf with lots of such SoE's.
Good points Ravikanth, thanks for sharing. It is important to remain grounded in actual clinical experience with similar devices, or in a similar clinical environment, and not do an endless "what-if" analysis of potential hazardous situations.
Would perhaps rephrase to be:
'If a sequence of events leads to a hazardous situation and the hazardous situation cannot lead to a harm then it's simply "No Risk".'
Where a hazardous situation can lead to harm, there is always a risk - no matter how small. That a hazardous situation has not led to harm does not mean that it cannot: an absence of evidence is not evidence of absence. This is where a lot of manufacturers get caught out.
I wonder whether, perhaps, the question was asked solely from the perspective of risk evaluation, rather than from the perspective of the risk management process as a whole. For the sake of keeping consistency with the question's reference to ISO/TR 24971:2020, EXAMPLE 1 at subclause 7.1.1 is perhaps useful:
'EXAMPLE 1 Eliminating the hazard of sharp edges that can cause injury by designing the surfaces with rounded edges. Eliminating the hazard of electric shock by using a manually operated pump instead of an electrical pump.'
Taking the example of the hazard of electric shock, it would result in a number of probabilistic hazardous situations, which, in turn would result in a number of associated probabilistic harms. The severities of those harms would span through those of Table 2 or Table 4 of ISO/TR 24971:2020. At this point, the risk - the combination of the probability of occurrence of harm and the severity of that harm - is entirely uncontrolled; an unmitigated risk.
The risk control is applied: no electricity.
At residual risk evaluation the hazard has been eliminated, meaning severity must tend to the lowest level; zero, in fact. Per NOTE 2, subclause 7.1, ISO 14971:2019:
'NOTE 2 Risk control measures can reduce the severity of the harm or reduce the probability of occurrence of the harm, or both.'
You simply cannot cut yourself with a jelly. Well, not unless it is frozen or moving at high speed.
The risk control in the ISO/TR 24971:2020 example patently introduces a new set of hazards and resultant hazardous situations, which is why subclause 7.5 of ISO 14971:2019 is not merely a tick box exercise.
As a final observation, neither Table 2 nor Table 4 contain an exclusive 'no injury' entry.
I am still a bit torn on this topic. Unless we automatically accept harms with no injury regardless of occurrence levels (like you suggested), it seems to me that by trying to manage "reliability" risks in the safety program, we would unnecessarily increase the noise in risk control activities. The main benefit I see in including no-injury Harms, is to show that an analysis was performed and a certain sequence of events would not lead to any actual harm (with injury - physical or not) and thus may not need any mitigations. Of course the overall benefit/risk picture can change how we treat these risks for a specific device - which I believe you also pointed out in the article.
That is a good point and a valid concern Ehsan. I think we have to start thinking about risk management, not as a separate and disjointed activity, but an integral part of our quality management system. This is what I think the intent of ISO 13485 and QMSR is.
Very good question, very interesting subject.
And thank you for these explanations !
Thank you Vincent - glad you found this post useful.