Stop Treating Risk Management & Design Controls As Checkbox Activities
By Jon Speer, founder & VP of QA/RA, greenlight.guru
Understanding the relationship between product risk management and design controls is critical to the success of a medical device in the marketplace.
The single biggest issue companies face when dealing with risk management and design controls is this: Both are all too often treated as “checkbox” activities that have to be done because the regulations say so.
I hope this is not how you approach either risk or design. But, in the event you question the value of risk management and design controls, this post may help change your mind.
The Longer You Wait, The Tougher It Gets
Okay, I admit it: Once upon a time, I saw little value in design controls and risk management.
As a newbie product development engineer, I just wanted to design cool new medical devices, make prototypes, and test. To get a literal cocktail napkin sketch of a medical product idea from a world-renowned physician, and then have the chance to bring that product to market might be one of the coolest things I’ve ever had the opportunity to do.
The first few times, I buried myself in all the fun stuff: Making sketches of parts and components. Doing some machining. Assembling proof-of-concept prototypes. Performing some “quick and dirty” feasibility testing. And then repeating over and over until I got the design just right.
I was aware of design controls and risk management, but I always thought “I’ll get to that paperwork stuff later.” I told myself that the paperwork would be easier — and go more quickly — later in the development process. But, just the opposite was true. In fact, delaying design controls and risk management documentation actually caused lengthy delays in projects.
Understanding The Purpose
One of my pet peeves is being late, and completing projects late because of my own ignorance was intolerable.
So, I made a conscious decision to stop treating design controls and risk management as checkbox activities. I buried myself in any information I could find to explain these things known as design controls and risk management. I questioned peers and mentors who could help me understand the purpose of design controls and risk management.
Do you think FDA and other regulatory bodies would put so much emphasis on these things if they were not important? OK, I can imagine what you might be thinking. I’m sure you can rattle off a few cases where it seems like the regulatory “police” asked for things that were not meaningful, just to be difficult. But consider this: FDA’s primary role is to ensure that medical devices cleared and approved are as safe as possible.
Design controls and risk management serve the same primary purpose: Documented, objective evidence to demonstrate and ensure the medical devices we design, develop, manufacture, and sell are as safe as possible for their intended uses.
The Value Of Documentation
I know that engineers and product developers generally loathe documentation. I get it. I once had this mentality too.
Of course you are going to make sure that the med devices you design are safe and are going to address clinical needs, so why do you need to document the process? It’s simple: Your design controls and risk management documentation is the proof you’ve done your due diligence. As a VP of quality once told me, “If it’s not documented, then it didn’t happen.”
This documentation is not just for your benefit. Medical device product development is nearly always a team effort. Unless you are developing a medical device in a vacuum, there will be plenty of people “in and out” of your design history file and risk management file, generating, editing, and reviewing that documentation. Thus, your documentation also serves as a way to communicate with your team and with your company.
But what happens after you launch your medical device into the market? Does the documentation matter then?
You bet! FDA inspectors, ISO auditors, and other regulatory bodies and business associates are likely to review your design controls and risk management. This includes any company considering acquisition of your company or idea.
Filed equally under “funny” and “tragic” — I recently had a conversation with a guy who used to be in charge of M&A for a large medical device company. He chuckled when he shared a few stories about acquiring several companies that did not document design controls and risk management. He claimed he was able to reduce one offer by $20 million because of this oversight.
Keep Design Controls Simple
Implement design control practices that are sensible and scalable. Keep them as simple as you possibly can.
I’m a fan of starting design controls early. Remember that cocktail napkin sketch? This is the start of defining your product’s intended use. Once you grasp the intended use, you can begin to define user needs and design inputs. Once you start down this path, the design control documentation is your product development guide.
You use this documentation to communicate with end-users, ensuring you have properly captured the product concept. And, of course, you can also use prototypes to reinforce and communicate.
The design inputs then serve as a “contract” for the product development team. They establish the criteria that must be included in the medical device design. Design outputs define what is required to manufacture the product.
Design verification proves the medical device meets design inputs, while design validation proves the product meets the intended use and user needs. Design reviews throughout serve as checkpoints for your team and your company on product development and design control efforts.
All of these design controls coincide with the progression of product development.
Risk Management Should Be Simple, Too
Like design controls, you should establish a risk management process that is as simple as possible and based on ISO 14971. Realize that risk management and design controls are linked, so much so that they are really a single process.
Once you determine a product’s intended use and user needs, you can identify hazards and hazardous situations. From there, you can start to identify possible harm, estimate the severity of that harm, and judge probability of occurrence (at least qualitatively).
Taking this approach to risk management should then feed into establishing better design inputs, which should help to improve design outputs. This approach also will help you determine which design verification and design validation activities are required to prove your medical device’s safety and efficacy.
Remember, design controls and risk management are not just necessary evils — They are tools to help you ensure your medical device is as safe and effective as possible.
About The Author
Jon D. Speer is the founder and VP of QA/RA at greenlight.guru, a software company that produces beautifully simple quality, compliance and risk management software exclusively for medical device companies. He is also the founder of Creo Quality, a consultancy that specializes in assisting startup medical device companies with product development, quality systems, regulatory compliance, and project management. Jon started his career in the medical device industry over 16 years ago as a product development engineer after receiving his BS in chemical engineering from Rose-Hulman Institute of Technology.