REGULATORY SERVICES: Risk Management
- Syprosoft Engineering has extensive experience with the risk management process and follows the ISO 14971 standard - Application of Risk Management to Medical Devices. In accordance with this standard, we have helped our clients prepare and update their risk analyses by using both production and post-production data, and data from published literature. The table below shows an example of the types of production and post-production data used for the analysis.
- Hazard Category
- Item
- Potential Effect(s) of Failure
- Failure Mode
- Mitigation
- Mitigation Implementation
- Failure Cause
- End Effect
- Risk Code
- Severity
- Occurrence
- Detectability
- Initial Risk
- Mitigated Severity
- Mitigated Occurrence
- Mitigated Detectability
- Severity Rationale
- Occurrence Rationale
- Detectability Rationale
- Final Risk
- Complaint-MDR Qty
- NCR Qty
- % Occurrence
- Devices containing software have additional regulatory requirements for the documentation needed. At a minimum, basic documentation is needed for a submission for marketing clearance. Enhanced documentation is needed for any device software function whose failure or error could present a hazardous situation likely to result in death or serious injury to a patient, a user or others. This includes cybersecurity risks.