ISO/TR 24971-2020 pdf download.Medical devices — Guidance on the application of ISO 14971.
The risk management plan is a “living document” that will be reviewed and updated throughout the life cycle of the medical device as new information becomes available. The information should be collected on a continuous basis, even after the last medical device is sold and placed on the market. ISO 14971:2019 requires that changes to the risk management plan be recorded in the risk management file. The extent of planned activities and the level of detail of the risk management plan should be commensurate with the level of risk associated with the medical device. The requirements in ISO 14971:2019 are the minimum requirements for a risk management plan. Manufacturers can include other items such as time-schedule, risk analysis tools, or a rationale for the choice of specific risk acceptability criteria.
4.4.2 Scope of the risk management plan The scope identifies and describes the medical device and the life cycle phases for which each element of the plan is applicable. Some of the elements of the risk management plan can apply to the product realization process (design, development and production of the medical device). Other elements can apply to the production and post-production phase (such as installation, use, maintenance, decommissioning and disposal of the medical device).
4.4.3 Assignment of responsibilities and authorities The risk management plan identifies the personnel or functions with responsibility for the execution of specific activities related to risk management (see Table 1). In addition, the risk management plan identifies the individuals with appropriate authority to review and approve risk management decisions and actions. This can entail assignment of personnel familiar with the unique characteristics of the medical device (or medical device family) and their possible relevance to safety. This assignment can be included in a resource allocation matrix defined for the specific life cycle phase and the activities covered in the scope of the plan.
4.4.4 Requirements for review of risk management activities The risk management plan details how and when the risk management activities will be reviewed for a specific medical device (or medical device family). This should include the review method, the responsible individuals or functions, who is required to participate in the review, and how the review results are managed. The results of the review of planned risk management activities will be consolidated in the risk management report (see Clause 9). The requirements for the review of risk management activities can be part of other quality system review requirements, such as design and development review (see ISO 13485 [24] ).
4.4.5 Criteria for risk acceptability Criteria for risk acceptability are established according to the manufacturer’s policy for determining acceptable risk. This includes criteria for situations where the probability of occurrence of harm cannot be estimated, in which case the criteria for risk acceptability can be based on the severity of harm alone. The criteria can be common for categories of similar medical devices (or medical device families). It is important to establish the criteria for risk acceptability before starting the risk assessment. Otherwise, the results of the risk assessment could influence the decision when establishing the criteria. See Annex C for further guidance and examples of criteria that are derived from the policy and applied in risk evaluation.ISO/TR 24971 pdf download.