Guest Column | December 22, 2020

Risk-Based Postmarket Surveillance (PMS) In The Age Of EU MDR: The Binding Thread Of Risk Management

By Jayet Moon, author of the book Foundations of Quality Risk Management

As the central focus of the EU’s Medical Device Regulations (MDR), postmarket surveillance (PMS) and its related processes and subsystems have been in the limelight since 2017. This four-part series, using a fresh perspective, takes a bottom-up approach to PMS and starts by elaborating on the state of the art on the incident investigations in Part 1. “Investigations” are the basic iota of the PMS system upon which all further analysis, synthesis, and decision-making is based. With clarity on this most fundamental unit of PMS, a systems approach to both EU MDR and PMS are explored in Part 2. Successful implementation of an effective EU MDR-compliant PMS requires a systems approach which requires appreciation of not only the organizational context within which PMS operates but also the knowledge management as it relates to PMS generated data, information, knowledge, and wisdom. Part 3 focuses on the bedrock of EU MDR: the risk management system. It not only explores the interfaces between risk management and PMS but also discusses the postmarket aspects of risk surveillance and their accomplishments. Part 4 will detail an important upcoming topic with relevance going beyond EU MDR. Risk-based incident trending for postmarket signal detection is quickly becoming an expectation from most regulatory agencies and EU MDR is one of the first regulations to expressly document this requirement. The regulation asks for a methodology to gauge “statistically significant increases” in a certain subset of postmarket incidents. This article details salient features of any such method such that any chosen tool can act as a postmarket risk monitor and, if used right, can also convert the lagging indicator of complaints and incidents into a leading key risk indicator. Key risk indicators can help establish preemptive preventive actions before benefit-risk profile can be adversely impacted.

The thread of risk management connects every piece in the quality management system (QMS) and guides the manufacturer in quality related decision-making throughout the lifecycle of the device. In the medical device industry, risk management is a mature subject and fortunately has an ISO standard of its own (ISO 14971 and ISO TR 24971). ISO TR 24971:2020 says that:

Monitoring of production and post-production information is the critical step that enables medical device manufacturers to close the feedback loop and to make risk management a continuous life cycle process. During this phase, information is collected from many different sources, reviewed for relevance to safety, and where appropriate, fed back into earlier phases of the risk management process to maintain the safety of the medical device.

The PMS data collection and analysis processes can directly interface with the organizational processes as defined per ISO 14971. In the EU MDR paradigm, it is important to understand the responsibility of the PMS function as a partner to risk management function. An efficient interface between PMS and risk management will help in conversion of PMS data and information into easily usable knowledge for the risk management function. This article discusses a few things that can help in establishing a risk-based PMS system primed for effective risk communication with the risk management function.

The World Health Organization (WHO) provides a very pertinent definition of quality risk management: “QRM is the overall and continuing process of appropriately managing risks to product quality throughout the product's life-cycle in order to optimize its benefit–risk balance.”

Place this in context of the following definition of PMS from MDR Article 2(60):

‘Post-market surveillance’ means all activities carried out by manufacturers in cooperation with other economic operators to institute and keep up to date a systematic procedure to proactively collect and review experience gained from devices they place on the market, make available on the market or put into service for the purpose of identifying any need to immediately apply any necessary corrective or preventive actions.

Article 83 of the MDR goes onto say that “data gathered by the manufacturer's postmarket surveillance system shall in particular be used to update the benefit-risk determination and to improve the risk management as referred to in Chapter I of Annex I.”

As we can see, PMS and QRM are natural partners. PMS data is used to continuously monitor and update benefit-risk determination while also used to identify opportunities for improvement, corrections, and corrective and preventive actions dictated by the risk of emerging issues. On a macro level, what EU MDR has done is transformed PMS’s role from one line item in the reactive risk management plan into an active partner to be systemically engaged on a continual basis for data analysis and decision making.

As stated in the EU MDR, risk management is a continuous iterative process that occurs throughout the lifecycle of a product (pre- and postmarket) requiring regular updates. The data gathered through the postmarket surveillance system should be monitored, reviewed, and analyzed to check if the real-world risks and residual risks still meet the risk acceptance criteria as defined in the risk management plan.

EU MDR requires the risk to be reduced as far as possible (AFAP) without adversely affecting the benefit-risk ratio. AFAP risk reduction means that the risk controls meet state of art in the industry or that adding further controls does not reduce risk any further. Postmarket surveillance will not only confirm these determinations using real-world evidence but also allow for monitoring of residual risk profile.

The postmarket data is gathered through various avenues described in Part 2 of this article series. Monitor, review, and analyze this data to determine if any new hazards, hazardous situations, or harms have resulted from real-world use of the device or if the frequency of occurrence that was documented in the risk management documents still holds weight. If there is a change, evaluate the risk based on the acceptance criteria set in the risk management plan, and analyze the benefit-to-risk ratio. If the risk is unacceptable per individual risk acceptance or overall residual risk acceptance, or the benefit-to-risk ratio is adversely impacted, you are required to bring the risk back to acceptable level by means of additional risk control measures or other measures (e.g., change in intended use).

Benefit-risk analysis is performed when a residual risk is not acceptable per the acceptance criteria defined in the risk management plan. For this, the manufacturer needs to gather data regarding device benefits to determine if the intended use outweigh the residual risks. The first decision on benefit-risk is taken during design and approval of the device as the newly formed risk documents are created. Risk management, at this point, is prediction of foreseeable risks within the space of uncertainty in which the device is to be used after it is placed on the market. The PMS system (or the wisdom gained from it) will inform the risk portion of benefit-risk. To make PMS information usable for benefit-risk analysis, it must be converted into knowledge — i.e., a level of macro-analysis possible through aggregation of risk-specific information from PMS monitoring.

TIR 20416:2020 mentions the fact that PMS data collection and analysis should interface and overlap with processes outlined in ISO 14971:2019. These links between PMS and risk management process should be robust, transparent, and audit-ready. Most importantly, they must be efficient and effective in monitoring the benefit-risk profile and, where needed, they must affect a positive change in the benefit ratio through targeted actions.

What Should The PMS System Be On The Lookout For?

1.Risk Levels (Occurrence Rate Of Malfunction, Severity, Class, Frequency Of Harm)

Monitor the level of residual risk (post-treatment) at discrete intervals to ensure the actual value of risk has not changed significantly to impact the benefit-risk profile. This step may involve risk reassessment using the same technique originally used to assess the risk (in design phases) so that any risk change is apparent. Usually, this means recalculating the severity and probability to recalculate the risk level. The recalculated risk level is then compared to the acceptable risk level defined in the design phase on the product. If the risk or overall risk level is not acceptable, perform reduction of risk through risk control measures or perform benefit-risk analysis to determine if the benefit outweighs the risk. Risk monitoring using risk reassessments provides the actual (real-world) current exposure levels for comparison to the previously evaluated baseline. While it is ideal to reassess risk for each and every complaint, and some regulatory authorities expect as much (e.g., FDA, BfArM), the process can be resource-consuming.

2.Charting Key Risk Indicator Trends

Assign key risk indicators (KRIs) to the risk and chart their trends. In some cases, it may be possible to trend the occurrence of events themselves, such as complaint events, or it may be possible to trend the mean time between events using control charts. In other cases, you can identify specific risks that can adversely affect the benefit-risk ratio and confine the trending activities to those. Regardless of the methods you use for KRI trending, you must base the trending on a time series showing the change of the variable through the passage of time as opposed to a snapshot in time. This allows you to anticipate the increase or decrease in risk exposure and the likelihood of impact. KRI trending of leading indicators allows you to anticipate risky events with some specificity of scope, and these may be pointers leading to already-identified risks or emergent risks (see #5 on emergent risks below). KRI trending of lagging indicators allows you to monitor the exposure of antecedent risk events that have either materialized or could recur. This allows for better preparedness for impact and gives you time to add additional controls as needed. KRI trending of leading indicators will allow for prediction of risks that can adversely affect benefit-risk ratio. These leading indicators can have thresholds that can help manufacturers to proactively address emerging issues.

3.Benchmarking Of Failure Modes And Trends

Benchmark comparison means that the level and trends of similar risks must be checked outside the organization. If a competitor is making similar products or provides similar services, it will be of value to check its defect rates to benchmark performance. You can accomplish this by using public databases and information, partnerships, or industry event contacts.


The risk must be assessed in aggregate products or across your portfolio or programs based on the specific risk information from individual levels and trends. Similar risks trended individually may not look threatening but may show a different picture when clustered together. There must be some level of aggregation strategy to connect all risk indicators and performances.

5.Emergent Risks

Finally, new, unanticipated risks may emerge through the lifecycle. First, address these reactively (through correction or corrective action) to contain them, and then holistically assess and treat them (through preventive action). Define your strategy with contingency planning to account for monitoring and response for such risks.

EU MDR’s expectation is that when the device is placed on the market, the risks have been reduced AFAP. The risks that remain are residual risks. It is the residual risk profile that we aim to monitor. In some cases, risk may not be reduced AFAP, but the benefits may outweigh the residual risks. In these cases, it becomes even more important for the PMS system to track and trend the risks through KRI to ensure that the safety and performance of the device are sustained and that you can take quick corrective action at the first sign of deviation.

In conclusion, in the EU MDR paradigm, risk management is the sine qua non of PMS and quality management. No longer is risk management confined to design stages only. Postmarket risk management has become an important part of overall risk management with the renewed focus on continual benefit-risk monitoring. If you set robust interfacing processes and obtain clarity regarding resourcing and functional responsibilities for post-production risk management activities organization-wide, you’ll ensure an effective and efficient QMS.


The author thanks the following three colleagues for input:

  • Arun Mathew, Associate Director of Quality Risk Management, Abbvie Inc.
  • Angelina Hakim, founder and CEO of Qunique, a quality and regulatory consultancy based in the European Union
  • Veronica Cavendish-Stephens, vice president of quality and risk management of Auchincloss-Stephens, a global firm specializing in quality risk management solutions.

About The Author

Jayet MoonJayet Moon earned a master’s degree in biomedical engineering from Drexel University in Philadelphia and is a Project Management Institute (PMI)-Certified Risk Management Professional (PMI-RMP). Jayet is also a Chartered Quality Professional in the UK (CQP-MCQI). He is also an Enterprise Risk Management Certified Professional (ERMCP) and a Risk Management Society (RIMS)-Certified Risk Management Professional (RIMS-CRMP). He is a doctoral candidate at Texas Tech University in systems and engineering management. His new book, Foundations of Quality Risk Management, was recently released by ASQ Quality Press. He holds ASQ CQE, CQSP, and CQIA certifications.