NEWS TRENDS

Talking about risk management is par for the course in the medical industry today. However, a risk management program must cover many different aspects of risk, and it is not a procedure that is followed during the manufacture of a product.

Rather, risk management must be a fundamental corporate strategy, according to Donald Sherratt, director of regulatory affairs at Analogic Corp. (Peabody, MA). Sherratt spoke at a Frost & Sullivan conference in March.

“EN ISO 14971 let us know a paradigm shift was coming,” Sherratt said. He predicted that it will become part and parcel to the standards that FDA and other regulatory authorities and bodies will audit to. Another wake-up call is the new edition of IEC 60601-1, which embraces a risk management approach to product safety and design.

The challenge in implementing a risk management program, Sherratt said, is changing company culture. First and foremost, management must be on board with the program. Management must allow the firm's regulatory staff to do what is necessary to bring about the right culture. Sherratt said that in his experience, getting management buy-in can be done—if you know how to present risk management as an essential part of doing business.

“It comes down to telling management that it's either a cost now or an expense later,” he explained. “They can either spend money now to mitigate risk, or they can spend much more money later to fix a product when something goes wrong.”

After receiving management's approval, it's time to address the rest of the company. Specifically, engineering culture is often difficult to change. “Many engineers think that their experience is good enough and are convinced that quality problems do not stem from them,” Sherratt explained. At Analogic, he made the choice very simple: engineers would be trained into compliance with the risk management program, or they would be replaced. “Once you overcome the egos of the company, the culture change begins to infiltrate the entire organization,” he explained. Incidentally, no one was replaced for failing to comply with the system at Analogic.

However, changing culture is never an easy process. Sherratt suggested starting with the employees that are most resistant to the new system. They need the most training, but once they accept the system, they can become its champions. That way, the company culture changes not only from the top down, but also from the bottom up.

The risk management system itself must also start from the top down, and it must permeate all stages of product development. Although it may seem difficult to apply risk management to product innovation, it can be done. Sherratt referenced ISO 14971 as a good starting place. “You need to be aware of risk,” he said.

“If you start early enough, you will be prepared to minimize risk throughout product development.” It is critical to consider the ramifications of the standard as well. In addition, ISO 14971 is a good platform for expanding a risk management program.

It's also important to get senior management involved in early-stage development. The following questions should be asked and answered with management participation:

Litigation considerations should also be peppered into a risk management program. For example, Sherratt noted, “all documents can be discoverable, including the training documents for a quality system.” Training must be documented, and it must be factual. All literature must be designed with the same degree of due diligence as the product, he explained.

Finally, Sherratt said, it's important to continue looking ahead. A risk management system must change as the regulations and the industry do. For example, when the third edition of IEC 60601 is harmonized in Europe, there will be a three-year transition to that standard. So, a company that wants to market in Europe a product that is currently in development should make IEC 60601 and EN ISO 14971 part of the development plan. It should also get certified to those standards within that three-year period.

“You don't want to get caught up short,” Sherratt said, “and a good risk management system can help prevent that.”

Copyright ©2007 Medical Device & Diagnostic Industry