Guide to the development and inclusion of safety aspects in International Standards for medical devices

ISO/IEC Guide 63:2012 provides guidance to standards writers on how to include safety aspects in the development of medical device safety standards intended to be used within the risk management framework established in ISO 14971. It expands on the concepts developed in ISO/IEC Guide 51 to include safety-related performance and usability. ISO/IEC Guide 63:2012 is intended to be read in conjunction with ISO/IEC Guide 51 and ISO 14971.

Guide pour l'élaboration des aspects de sécurité et leur incorporation dans des Normes internationales relatives aux dispositifs médicaux

General Information

Status
Replaced
Publication Date
09-Jan-2012
Withdrawal Date
09-Jan-2012
Current Stage
6060 - International Standard published
Start Date
22-Dec-2011
Completion Date
10-Jan-2012
Ref Project

RELATIONS

Buy Standard

Guide
ISO/IEC Guide 63:2012 - Guide to the development and inclusion of safety aspects in International Standards for medical devices
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

GUIDE 63
Guide to the development and
inclusion of safety aspects in
International Standards for
medical devices
Second edition 2012
ISO/IEC 2012
---------------------- Page: 1 ----------------------
ISO/IEC GUIDE 63:2012(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2012

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or

ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2012 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC GUIDE 63:2012(E)
Contents Page

Foreword ............................................................................................................................................................ iv

Introduction ......................................................................................................................................................... v

1 Scope ...................................................................................................................................................... 1

2 Terms and definitions ........................................................................................................................... 1

3 Principles for preparing medical device safety standards ............................................................... 4

3.1 General considerations ......................................................................................................................... 4

3.2 Scope of safety standards .................................................................................................................... 5

3.3 Types of standards ................................................................................................................................ 5

3.4 Taking a practical view of safety ......................................................................................................... 6

3.5 Managing risks ...................................................................................................................................... 6

3.6 Risk acceptability criteria ..................................................................................................................... 7

3.7 Risk control methods/methodology .................................................................................................... 7

3.8 Coordination of medical device safety standards ............................................................................. 7

3.9 Regulatory implications ........................................................................................................................ 7

4 Risk-based framework for developing a medical device safety standard ....................................... 8

4.1 General ................................................................................................................................................... 8

4.2 Management of the risk-based framework ......................................................................................... 8

4.3 Application and characteristics ........................................................................................................... 8

4.4 Identification of hazards and hazardous situations .......................................................................... 9

4.5 Types of hazards and hazardous situations..................................................................................... 10

4.6 Systematic or random nature of risks ............................................................................................... 12

4.7 Risk estimation .................................................................................................................................... 13

4.8 Risk acceptability criteria ................................................................................................................... 14

4.9 Risk evaluation .................................................................................................................................... 15

4.10 Risks to be controlled by the standard ............................................................................................. 15

4.11 Conclusion ........................................................................................................................................... 16

5 Facilitating the implementation of ISO 14971 though product or process standards ................. 16

5.1 Product standards ............................................................................................................................... 16

5.2 Process standards .............................................................................................................................. 17

5.3 Overview of the application of medical device safety standards in an ISO 14971

framework ............................................................................................................................................ 17

Annex A (informative) Product and process safety standards .................................................................... 19

Annex B (informative) Risk information ......................................................................................................... 20

Bibliography ...................................................................................................................................................... 21

© ISO/IEC 2012 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC GUIDE 63:2012(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO

technical committees. Each member body interested in a subject for which a technical committee has been

established has the right to be represented on that committee. International organizations, governmental and

non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the

International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

Draft Guides adopted by the responsible Committee or Group are circulated to the member bodies for voting.

Publication as a Guide requires approval by at least 75 % of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO/IEC Guide 63 was prepared jointly by ISO/TC 210, Quality management and corresponding general

aspects for medical devices, and IEC/SC 62A, Common aspects of electrical equipment used in medical

practice, in a Joint Working Group, Application of risk management to medical devices.

This second edition cancels and replaces the first edition (ISO/IEC Guide 63:1999), which has been

technically revised.
iv © ISO/IEC 2012 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC GUIDE 63:2012(E)
Introduction

ISO/IEC Guide 51 was the first of a series of guides intended to provide a harmonized approach to the

concept of safety when preparing International Standards. ISO/IEC Guide 51 anticipated the need for sectoral

guides such as this Guide. Consistent with ISO/IEC Guide 51, additional guidance might be needed for

sectors within the broad category of medical devices.

The concept of safety, including safety-related performance and usability, is closely related to safeguarding

the integrity of the patients who are the subjects of medical care, as well as that of those persons who are

giving the care and any other persons. As medical devices and medical systems have become more complex,

the diligence required to ensure their safety has similarly increased.

As different circumstances warrant different approaches to ensuring safety, it is impossible to provide precise

requirements and recommendations that apply to every case. However, these guidelines, when followed on a

judicious “use when applicable” basis, will help in developing reasonably consistent standards.

© ISO/IEC 2012 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC GUIDE 63:2012(E)
Guide to the development and inclusion of safety aspects in
International Standards for medical devices
1 Scope

This Guide provides guidance to standards writers on how to include safety aspects in the development of

medical device safety standards intended to be used within the risk management framework established in

ISO 14971. It expands on the concepts developed in ISO/IEC Guide 51 to include safety-related performance

and usability.

This Guide is intended to be read in conjunction with ISO/IEC Guide 51 and ISO 14971.

2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
2.1
accompanying document

document accompanying a medical device and containing information for those accountable for the

installation, use and maintenance of the medical device, the operator or the user, particularly regarding safety

[ISO 14971:2007, definition 2.1]
2.2
harm

physical injury or damage to the health of people, or damage to property or the environment

[ISO/IEC Guide 51:1999, definition 3.3]
2.3
hazard
potential source of harm

NOTE The term hazard can be qualified in order to define its origin or the nature of the expected harm (e.g. electric

shock hazard, crushing hazard, cutting hazard, toxic hazard, fire hazard, drowning hazard).

[ISO/IEC Guide 51:1999, definition 3.5]
2.4
hazardous situation

circumstance in which people, property or the environment are exposed to one or more hazards

[ISO/IEC Guide 51:1999, definition 3.6]
2.5
intended use
intended purpose

use for which a product, process, or service is intended according to the specifications, instructions and

information provided by the manufacturer
[ISO 14971:2007, definition 2.5]
© ISO/IEC 2012 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC GUIDE 63:2012(E)
2.6
life cycle

all phases in the life of a medical device, from the initial conception to final decommissioning and disposal

[ISO 14971:2007, definition 2.7]
2.7
manufacturer

natural or legal person with responsibility for the design, manufacture, packaging, or labelling of a medical

device, assembling a system, or adapting a medical device before it is placed on the market or put into

service, regardless of whether these operations are carried out by that person or on that person's behalf by a

third party

NOTE 1 Attention is drawn to the fact that the provisions of national or regional regulations can apply to the definition of

manufacturer.
NOTE 2 For a definition of labelling, see ISO 13485:2003, definition 3.6.
[ISO 14971:2007, definition 2.8]
2.8
medical device

any instrument, apparatus, implement, machine, appliance, implant, in vitro reagent or calibrator, software,

material or other similar or related article, intended by the manufacturer to be used, alone or in combination,

for human beings for one or more of the specific purpose(s) of
 diagnosis, prevention, monitoring, treatment or alleviation of disease,

 diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury,

 investigation, replacement, modification, or support of the anatomy or of a physiological process,

 supporting or sustaining life,
 control of conception,
 disinfection of medical devices,

 providing information for medical purposes by means of in vitro examination of specimens derived from

the human body,

and which does not achieve its primary intended action in or on the human body by pharmacological,

immunological or metabolic means, but which may be assisted in its function by such means

NOTE 1 This definition has been developed by the Global Harmonization Task Force (GHTF).

NOTE 2 Products, which could be considered to be medical devices in some jurisdictions, but for which there is not yet

a harmonized approach, are
 aids for disabled/handicapped people,
 devices for the treatment/diagnosis of diseases and injuries in animals,
 accessories for medical devices,
 disinfection substances,

 devices incorporating animal and human tissues which can meet the requirements of the above definition but are

subject to different controls.

NOTE 3 Adapted from ISO 13485:2003, definition 3.7, and ISO 14971:2007, definition 2.9.

2.9
residual risk
risk remaining after risk control measures have been taken
2 © ISO/IEC 2012 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC GUIDE 63:2012(E)

NOTE 1 ISO/IEC Guide 51:1999, definition 3.9, uses the term “protective measures” rather than “risk control

measures”.
NOTE 2 Adapted from ISO 14971:2007, definition 2.15.
2.10
risk

combination of the probability of occurrence of harm and the severity of that harm

[ISO/IEC Guide 51:1999, definition 3.2]
2.11
risk analysis

systematic use of available information to identify hazards and to estimate the risk

[ISO/IEC Guide 51:1999, definition 3.10]

NOTE Risk analysis includes the examination of different sequences of events that can produce hazardous situations

and harm.
2.12
risk control

process in which decisions are made and measures implemented by which risks are reduced to, or

maintained within, specified levels
[ISO 14971:2007, definition 2.19]
2.13
risk estimation

process used to assign values to the probability of occurrence of harm and the severity of that harm

[ISO 14971:2007, definition 2.20]
2.14
risk evaluation

process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk

[ISO 14971:2007, definition 2.21]
2.15
risk management

systematic application of management policies, procedures and practices to the tasks of analysing,

evaluating, controlling and monitoring risk
[ISO 14971:2007, definition 2.22]
2.16
safety
freedom from unacceptable risk
[ISO/IEC Guide 51:1999, definition 3.1]
2.17
severity
measure of the possible consequences of a hazard
[ISO 14971:2007, definition 2.25]
© ISO/IEC 2012 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO/IEC GUIDE 63:2012(E)
2.18
usability

characteristic of the user interface that establishes effectiveness, efficiency, ease of user learning and user

satisfaction
[IEC 62366:2007, definition 3.17]
2.19
use error

act or omission of an act that results in a different medical device response than intended by the manufacturer

or expected by the user
NOTE 1 Use error includes slips, lapses, and mistakes.
NOTE 2 See also IEC 62366:2007, Annex B and D.1.3.

NOTE 3 An unexpected physiological response of the patient is not in itself considered use error.

[IEC 62366:2007, definition 3.21]
2.20
verification

confirmation, through the provision of objective evidence, that specified requirements have been fulfilled

NOTE 1 The term “verified” is used to designate the corresponding status.
NOTE 2 Confirmation can comprise activities such as
 performing alternative calculations,

 comparing a new design specification with a similar proven design specification,

 undertaking tests and demonstrations, and
 reviewing documents prior to issue.
[ISO 9000:2005, definition 3.8.4]
3 Principles for preparing medical device safety standards
3.1 General considerations

The goal of medical device safety standards is to support the development and production of medical devices

with a predictable, consistent level of safety.
To achieve this goal, medical device safety standards should

a) assist manufacturers in the design and production of safe and effective medical devices,

b) assist manufacturers, certification bodies, testing laboratories or test houses, and regulatory authorities in

assessing compliance with legal and market requirements, and

c) assist health care providers in managing risks associated with the use of medical devices.

To produce medical device safety standards that are well suited to assisting the stakeholders listed above, the

standards writers are encouraged to employ a risk-based framework (see Clause 4).

4 © ISO/IEC 2012 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC GUIDE 63:2012(E)
3.2 Scope of safety standards

The planning and development of medical device safety standards require a global approach that includes

manufacturers, users, regulatory authorities and other stakeholders. Close coordination within and among

committees responsible for different medical devices is necessary to create a coherent approach to the

treatment of safety in the preparation of standards. Defining the scope of safety standards will ensure that

each standard is restricted to specific aspects and makes reference to standards of wider application for all

other relevant aspects. Such a hierarchy is built on:

 basic safety standards, including fundamental concepts, principles and requirements with regard to

general safety aspects applicable to all kinds or a wide range of products, processes and services (basic

safety standards are sometimes referred to as horizontal standards);

 group safety standards, including safety aspects applicable to several, or a family of, similar products,

processes or services dealt with by two or more technical committees or subcommittees, making

reference, as far as possible, to basic safety standards;

 product safety standards, including all necessary safety aspects of a specific, or a family of, product(s),

process(es), or service(s) within the scope of a single technical committee or subcommittee, making

reference, as far as possible, to basic safety standards and group safety standards (product safety

standards are sometimes referred to as vertical standards).
This hierarchy is set out in ISO/IEC Guide 51:1999, 7.1.

Safety requirements for medical devices may be incorporated in different types of standards (see 3.3) that

at any appropriate level in the hierarchy described above.
may be found
3.3 Types of standards
3.3.1 Product standards
These can be

 standards that state safety or performance parameters and include reference test methods that can be

used to demonstrate conformance to those parameters, or

 disclosure and test method standards where adherence to declared pass/fail criteria are necessary for

safety and performance.

See Clause A.1 for a discussion of how product standards can contribute to the safety and the effectiveness

of medical devices.
3.3.2 Process standards
These can be

a) quality system standards that establish a framework within which the manufacturer is able to design,

develop and produce medical devices that consistently meet specifications, or

b) standards that establish a framework within which the manufacturer is able to design and develop

medical devices of consistent safety and effectiveness, or

c) standards for processes used for the design, development or production of safe and effective medical

devices (e.g. sterilization, biological evaluation, clinical investigation).

See Clause A.2 for a discussion of how process standards can contribute to the safety and the effectiveness

of medical devices.

Some types of standards cannot be easily allocated to one of these categories since they combine properties

of product standards and process standards. Examples are described in 3.3.3 and 3.3.4.

© ISO/IEC 2012 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO/IEC GUIDE 63:2012(E)
3.3.3 Installation and environmental standards

These standards are generally appropriate for large systems and active medical devices. These can be

a) construction and installation standards (e.g. X-ray shielding, electrical wiring),

b) system standards that address the proper precautions and procedures for interconnection of multiple

devices into a single system,

c) commissioning standards that address the proper testing and inspection procedures to apply to

permanently installed equipment and systems prior to initial use, or

d) environmental standards that address precautions and testing to ensure that a medical device does not

negatively affect its environment and that the environment does not degrade or otherwise impair the

performance of a medical device (e.g. electromagnetic compatibility standards).
3.3.4 In-process standards
These can be

a) routine in-service testing standards to ensure that the safety of active medical devices is maintained over

the useful life of the equipment, or

b) quality assurance and calibration standards to ensure the continued proper function and accuracy of

medical devices where relevant to safety.
3.4 Taking a practical view of safety

Risk must be balanced against other demands on the product, process or service. These other demands

include benefit, suitability and cost. Standards writers should remember that the level of required effort from

the manufacturer (e.g. for required documentation or testing) should be scaled to the level of risk.

Because zero risk is unattainable, safety is defined as freedom from unacceptable risk. Although zero risk is

an ideal to pursue, its attainment should not be expected. The realistic expectation is to choose risk

acceptability criteria that take into account available information, such as the generally accepted state of the

art and known stakeholder concerns, and that result in a high level of safety and protection of health.

In evaluating the safety of medical devices, it is also necessary to consider that certain medical devices,

because of their means of operation, composition or the circumstances of their use, carry with them an

inherent risk that cannot be eliminated without degrading their effectiveness.

Differences exist in medical and health practices among cultures including judgments about the safety of

medical devices. Furthermore, what is considered safe within a culture evolves over time as technologies and

social values change. These issues can often be addressed by identifying the specific conditions under which

a technical requirement applies.

Standards writers should focus on requirements relevant to medical device safety or to the safe use of the

medical device, and avoid features or functions that are not essential to safety.

3.5 Managing risks
The risk management process for medical devices includes the following:
a) establishing risk acceptability criteria;
b) identifying hazards and the scenarios that result in hazardous situations;
c) estimating the associated risks;
6 © ISO/IEC 2012 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC GUIDE 63:2012(E)

d) identifying risk control measures to reduce each risk, as needed, to meet the risk acceptability criteria;

e) implementing risk control measures;
f) verifying the effectiveness of the risk control measures.
This risk management process is described more comprehensively in ISO 14971.

Standards development should be based on hazard identification. The goal of standards development is to

produce standards that specify methods for hazard identification or measures to control risks such that risk

acceptability criteria are met (see 3.6).

These considerations should then be taken into account as the standards writers determine the appropriate

requirements to be included in the standard.

Clause 5 provides an overview of how medical device safety standards can facilitate the implementation of a

risk management system that is compliant with ISO 14971.
3.6 Risk acceptability criteria

The goal of medical device safety standards is to support the development of medical devices with an

acceptable level of risk. Medical device safety standards should provide practical criteria, such as design limits

and performance criteria, when describing the acceptability criteria.
3.7 Risk control methods/methodology

Medical device safety standards should determine methods/methodologies appropriate to the control of risks

associated with the related medical devices. This may include aspects of performance, design, manufacturing

process, installation, servicing, etc. based upon a risk management approach throughout the entire life cycle.

3.8 Coordination of medical device safety standards

The development of each new medical device safety standard needs to be viewed in the context of existing

medical devices and standards, as well as national, regional and international laws. New standards should

make use of the body of existing standards, whenever relevant, either by reference or by reproduction of text

where this is justified by convenience or clarity (see ISO/IEC Directives, Part 2, 2011, Clause A.7).

3.9 Regulatory implications

Safety and effectiveness of medical devices, whose sale and use is regulated in many countries, are of

particular concern to regulatory authorities.

Standards are often cited in regulations and legislation, in which case the standards themselves become

legally binding. Alternatively, there are systems where a medical device that complies with a specified

standard is “deemed to comply” with the regulations.

Standards may also be cited in litigation as what may reasonably be expected by society, and thus used to

establish compliance with these expectations.

Standards writers should be aware of the possible legal and regulatory implications of the standard they

develop.
© ISO/IEC 2012 – All rights reserved 7
---------------------- Page: 12 ----------------------
ISO/IEC GUIDE 63:2012(E)
4 Risk-based framework for developing a medical device safety standard
4.1 General

In applying ISO 14971 to medical device risks, the risk control measures selected can include both product

design features and process controls. The choice of a risk control measure is dependent upon the

effectiveness and feasibility of the available risk control measures. Similarly, in applying ISO 14971 principles

to the development of standards, the type of standard may be either a product or a process standard or a

combination of the two types (see 3.3), The choice is dependent on the medical device or process that is

analysed and the resulting risks that are identified. The scope of the standard should reflect this choice.

Clause 4 follows the procedural steps of ISO 14971. These enable the standards writers to take a systematic

approach when identifying the need for a safety standard and the risk controls that should be included in the

standard to manage risks. These steps can also aid in the preparation of a New Work Item Proposal for a new

project. Product and process standards may be used as different approaches to control product risks.

Although Clause 4 is product-oriented, it applies equally to an effort that might lead to a process standard.

There are two reasons for this:

 although the management of different types of risk may involve processes that need to be controlled

using different procedures, models or methods, it is necessary for process standards writers to ensure

that product risk management objectives can be met;

 the value of a process standard is determined by its usefulness in meeting product risk management

objectives.

Thus, 4.2 to 4.8 may be viewed as aiding in the problem identification phase, 4.9 as aiding in the decision on

the need for managing risks with a standard and 4.10 as aiding in decisions on the methods of risk control,

e.g. safety features, control of processes or process parameters, safety information, etc.

4.2 Management of the risk-based framework

When deciding on the need for a medical device safety standard, the initial task, independent of the type of

standard, is to
 determine the application of the medical device or the process,

 identify the characteristics related to the safety of the medical device or related process,

 identify the hazards and hazardous situations associated with the life cycle of the medical devices and

their use,
 determine whether the risks posed by those hazards need to be controlled, and
 determine those risks that can be controlled by a standard.
4.3 Application and characteristics

Determination of the application of the medical devices or processes under consideration includes the

following:

a) intended medical indication [e.g. condition(s) or disease(s) to be screened, monitored, treated,

diagnosed, or prevented];
b) intended patient population (e.g. age, weight, health, condition);
c) intended part of the body or type of tissue applied to or interacted with;
8 © ISO/IEC 2012 – All rights reserved
---------------------- Page: 13 ----------------------
ISO/IEC GUIDE 63:2012(E)
d) intended user profile;
e) intended environment, conditions and methods of use;

f) preparatory and service procedures prior to use (e.g. sterilization, assembly, calibration).

Characteristics of the medical device or process can influence the safety of patients and users and should be

taken into account when considering the need for a standard. Typical characteristics include t

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.