QMSs and the IVDR: Risk management

Risk management, based on the type of device as well as its inherent risks, is embedded within the IVDR with the expectation that this is taken into account while structuring the QMS. For manufacturers that have more than one type of device, or devices which range across multiple classifications, this means that it is necessary to also reflect on which parts of the QMS can be scaled based on the device risk. This requires a deep understanding of both the devices and the QMS. Whenever a process has different requirements based on device classification, this should be noted and clearly expressed. A process may have select activities or outputs that are required for Class C and D products but are not required for Class B and A.

Throughout the regulation, we see the emphasis on the integration of risk management, and much of this is based on the classification of the device (see Figure 1). Manufacturers need to always have this risk-based approach in mind when implementing the QMS, ensuring that controls and checks put into place are appropriately scaled to the risk, since a one-size-fits-all approach will not meet the expectations of efficiency and effectiveness. As a company portfolio changes, through development or acquisition, it should be reviewed to ensure that any adaptations based on the risk of new products are taken into account.

Some specific requirements are set out in Section 3 of Annex I. This includes a documented process to help ensure that each device has an adequate risk management plan, and that the process is continuous throughout the life cycle of the device so that the device remains safe and effective for its intended use. The reader finds that Section 3 of Annex I is substantially similar to ISO 14971 (Risk management for medical devices) with respect to the expectations of risk management. General requirements include the identification of risks, including foreseeable misuse, mitigation of those risks with preference for design reduction to eliminate the risk as far as possible and communication of any residual risks to the user. Overall, the risk must be reduced to demonstrate that the benefits of the product outweigh any remaining risk. From a QMS perspective, the key is ensuring that risk management is a living activity throughout the product lifecycle and not something done only during product conception. Manufacturers can consider using a process map or similar methodology to demonstrate all of the points where risk management is incorporated.

Figure 1 – IVD Classifications

The QMS shall identify applicable general safety and performance requirements for the products in the manufacturer’s portfolio and explore options to address those requirements. Although this is complementary to risk management activities, the IVDR specifically segregates this as a specific requirement as it goes beyond those requirements as an output of risk management. Annex I, Chapter II of the IVDR describes other aspects of this category with specific expectations for different types of devices. In order to fulfil the requirement, the QMS must adequately identify these general requirements in each product development where applicable, and incorporate the means to address these requirements. The QMS should provide guidance on how to evaluate or establish these requirements from one product to the next (e.g. the compliance with known standards) and provide, when possible, standardized response to common requirements. The manufacturer may find value in developing an input document by product family or business unit where products share substantial similarities. Alternatively, a generic, and more encompassing list, could be presented for all products allowing each development team to select only what is applicable. The approach will depend largely on a company’s portfolio.

This is an excerpt from the white paper Developing and maintaining a quality management system for IVDs. To download our other medical device white papers, please visit the Insight page on the Compliance Navigator website.