Guidelines for risk management with ISO 14791 in SaMD development

ISO 14971 is an international standard that provides guidelines for risk management as it relates to medical devices. It applies to all stages of the lifecycle of medical devices, including Software as a Medical Device.

The reach of ISO 14971 extends across all stages of a medical device’s lifecycle, from the initial concept and design to production, distribution, and even disposal. It’s a living process, adapting and responding to changes and new information as a medical device, including SaMD, progresses through various development and usage stages.

The main objective of ISO 14971 is to promote the safety and efficacy of medical devices. It achieves this by providing a systematic and structured approach to identifying, analyzing, evaluating, and controlling risks. It’s not just about avoiding or minimizing risks; it’s about managing them in a way that ensures the benefits of the medical device outweigh any potential hazards.

In the context of Software as Medical Device, this is of the utmost importance. Software in healthcare has the potential to greatly enhance patient care, offering new possibilities for diagnosis, treatment, and monitoring. However, any malfunctions, inaccuracies, or unexpected behavior could directly influence patient health and safety.

The beauty of ISO 14971 lies in its versatility. It can be seamlessly integrated with various development methodologies, including Agile, allowing for continuous attention to risks throughout the development process.

The application of ISO 14971 involves a structured, step-by-step process designed to ensure that risks associated with medical devices, including SaMD, are thoroughly assessed and controlled. Here’s a breakdown of the process:

• Identifying hazards: This step involves finding potential problems that could occur in Software as Medical Device. These could range from software bugs to user interface issues.
• Estimating risks: After identifying the hazards, the next task is to estimate how severe they could be and how likely they are to happen. This helps in understanding and prioritizing the risks.

• Defining acceptable risk: Not all risks are equal. It’s crucial to decide what level of risk is acceptable. This means determining which risks are significant and must be addressed.
• Comparing risks to acceptance criteria: This stage involves comparing the identified risks with the set standards. If a risk is above the acceptable level, action must be taken to reduce it

• Creating and implementing strategies: This stage focuses on reducing the identified risks. Strategies may include software design changes, extensive testing, user training, or clear instructions to prevent misuse.
• Verifying effectiveness: After the control measures are in place, it is necessary to check that they effectively reduce the risk to an acceptable level.

• Assessing remaining risks: Some risks might remain even after control measures. These residual risks need to be assessed to determine if they are acceptable considering the SaMD’s benefits.
• Benefit-risk analysis: This important part of the process involves comparing the benefits of the SaMD against the risks, including any remaining risks.

• Regular evaluation: The risk management process must undergo regular checks at predefined intervals. These checks assess whether the risk management measures are still suitable and effective.
• Adapting to changes: Technology and regulations are constantly evolving. The review process ensures that the SaMD’s risk management adapts to new scientific information, technological advancements, or changes in regulations. If a review uncovers weaknesses or areas for improvement, strategies may need to be adjusted. This could include updating risk control measures, implementing additional testing, or modifying user guidelines.

• Continuous risk assessment: Once the Software As Medical Device is in use, real-world situations may reveal new risks that weren’t identified earlier. Continuous monitoring helps in identifying and assessing these new risks promptly.
• Feedback and reporting: Feedback from healthcare providers, patients, and other stakeholders using the Software As Medical Device is an essential source of information. Their real-world experiences can reveal insights into the software’s performance, usability, and potential risks. Any incidents related to the use of the SaMD, such as unexpected adverse events, must be reported, investigated, and analyzed to identify underlying risks and necessary corrective actions.

ISO 14971 provides a framework for managing risks throughout the lifecycle of the medical devices, including 5 phases of medical device software development. Risk management is a systematic process of identifying, analyzing, evaluating, controlling, and monitoring risks.

In Agile SaMD development, risk management is not a separate process but is integrated into the Agile development cycle. It is iterative, just like the Agile process, and is carried out continuously throughout the development lifecycle. Here’s how:

• Risk analysis: This involves identifying potential hazards associated with the Software as Medical Device and estimating the associated risks. In Agile development, this is done continuously as new features are added or changes are made to the software. Every backlog item, from a minor UI tweak to a major algorithm change, carries inherent risks. In Agile, these risks can be identified early and clearly documented within the backlog itself.
• Risk evaluation: This involves comparing the estimated risks with the risk acceptability criteria, to determine if risk control measures are needed. As teams plan their sprints, risks associated with chosen backlog items are evaluated. The potential impact and likelihood of each risk materializing are discussed, and strategies are devised.
• Risk control: If it is deemed that risk control measures are needed, they are executed. This could involve implementing robust cybersecurity measures, rigorous software testing, and developing contingency plans for potential issues. In Agile development, risk control measures are implemented as part of the development tasks in the next sprint. Throughout the sprint, as the software takes shape, risk controls are implemented. Developers work on mitigating known risks, and testers ensure that these mitigations are effective.
• Evaluation of overall residual risk: This involves determining and evaluating the overall residual risk of the device, in the same manner as is done for each individual risk. In Agile development, this is done at the end of each sprint, allowing for continuous monitoring and control of risks.
• Risk management review: A risk management review is then completed at scheduled intervals to assess the execution of the risk management plan and its suitability to manage the risk associated with the medical device. In Agile development, this is done as part of the sprint review, allowing for continuous improvement of the risk management process.
• Production and post-production activities: During and after the manufacture and release of the device, production and post-production activities continue to collect information on the risks of the device and iteratively assess this risk as specified in the risk management plan. In Agile development, this is done as part of the release planning and post-release activities, allowing for continuous monitoring and control of risks even after the Software as Medical Device (SaMD) is released.

The importance of risk management in Agile development of Software as a Medical Device cannot be overstated. In the fast-moving and adaptable world of Agile, where changes are frequent and development is carried out in small, iterative steps, managing risks impacts many aspects which we will explain below:

• Patient safety: The primary purpose of SaMD is to improve patient outcomes. However, if not properly managed, the software could pose risks to patient safety. For example, a software bug could lead to incorrect diagnoses, which could in turn lead to incorrect treatment and harm to the patient. Risk management helps to identify and mitigate such risks, while ensuring patient safety.
• Regulatory compliance: Regulatory bodies such as the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMA) require medical device manufacturers to implement a risk management process. This is to ensure that the benefits of the SaMD outweigh its risks. Failure to comply with these requirements could result in regulatory action, including fines and withdrawal of market authorization.
• Product quality: Risk management is integral to quality management. By identifying potential issues early, it allows for timely corrective action, meaning we can improve product quality. It also provides a framework for making informed decisions about trade-offs between risks and benefits, which can enhance product design and functionality.
• Company reputation: In the highly competitive SaMD market, reputation is key. A single incident of patient harm or data breach could severely damage a company’s reputation, leading to loss of market share and potential legal action. Risk management helps to prevent such incidents and protect the company’s reputation.

Risk management is more than just a part of Agile SaMD development; it’s its very foundation. This necessity isn’t just about being ready for surprises; it’s about spotting possible problems early and fixing them.

Take, for example, a Software as Medical Device created to help doctors find a certain type of cancer. Without good risk management, a mistake in the software could make a wrong diagnosis, leading patients to get treatments they don’t need or miss the ones they do. These mistakes could be really harmful, even deadly. However, if risk management follows the ISO 14971 standard, such bugs could be found and fixed early, keeping the diagnoses correct and patients safe.

Trust is also a big part of ISO 14971 risk management in Agile medical device software development. People using the Software as Medical Device (SaMD), government agencies checking it, and everyone else needs to know it’s safe and works well.

As the field of SaMD continues to evolve, with new technologies, new threats, and new opportunities, so too will the approaches to risk management. But one thing is certain: the importance of risk management in Agile SaMD development, guided by the principles of ISO 14971, will only continue to grow. It’s not just a good practice; it’s a moral obligation. It’s not just about compliance; it’s about care. And it’s not just about software; it’s about saving lives.