1. You are here:
  2. Homepage
  3. News & Insights Search
  4. MedCon: Consider the device risk management file a ‘living document’

rf-fullcolor.png

 

Regulatory News
May 3, 2023
by Mary Ellen Schneider

MedCon: Consider the device risk management file a ‘living document’

COLUMBUS, OH – Device manufacturers need to keep their risk documentation up to date throughout the total product life cycle by monitoring production and post-production information, according to LCDR Thomas Peter, an investigator and medical device specialist at the US Food and Drug Administration (FDA).

“We need to establish that risk management doesn’t end when you initially design and develop your device and transfer it to production. Unfortunately, that’s what we have seen, more often than we would like,” Peter told attendees at the 2023 MedCon conference, sponsored by the AFDO/RAPS Healthcare Products Collaborative and FDA.

Peter, who is a Division 1 Investigator/Medical Device Specialist in the Office of Medical Device and Radiological Health Operations in the FDA Office of Regulatory Affairs, discussed the use of production and post-production information in risk management, as well as some risk-management related deficiencies seen during inspections.

Sometimes a device manufacturer will develop the risk management file during design and development but fail to update it as the device moves through to the production stage, Peter said. The expectation from FDA, he said, is that the risk management file remains a “living document” that includes updates on new risks and updated risk estimates based on continued monitoring.

“Sometimes things happen more frequently than what you estimate initially, or sometimes even the severity of the harm could be different from what you had anticipated,” Peter said. “In either case, that may drive additional actions to mitigate those new risks.”

Monitoring is critical because it is not feasible for manufacturers to identify and accurately estimate every risk during design and development. “No matter what amount of modeling you do, nothing can substitute for actually putting the device in the hands of users,” Peter said.
There are a variety of data sources that can help to assess device risk during the production and post-production phases, Peter said.  
During production, consider:
  • supplier performance monitoring
  • production process monitoring
  • inspection and test results
  • environmental monitoring (especially if the device is susceptible to contamination)
  • internal and external audit results
In post-production, consider:
  • complaints
  • customer feedback (information that does not rise to the level of a complaint)
  • adverse events
  • installation and servicing
  • clinical studies
  • scientific literature
  • media sources (including newsletters and social media posts)
Complaints are often thought of first for good reason, Peter said. “You’ll learn a lot about how your devices are used from your customers,” he said. “Sometimes your devices will be used in ways that you did not anticipate at all.”

When a company learns about a new way that a device is being used, that information and the potential risks associated with it should become part of the risk management file.

Peter also advised thinking broadly when it comes to risk management, by examining previous generations of the device or a competitors’ device that has similar operating principles and intended uses. “Oftentimes, those devices have similar hazards and hazardous situations associated with them and that’s really good information that you can incorporate into your design,” he said.

Conducting production and post-production monitoring also serves to put manufacturers in a “more defensible” position if questions are raised during an inspection, since the monitoring information allows manufacturers to establish a risk-based rationale for any actions.

“Just the fact that we see that you’re thinking about these things, really helps your position during an inspection. If you’re not thinking about these things, that may slow things down and create some more questions,” Peter said.

Peter said he has seen a variety of risk-management related deficiencies during inspections. For instance, sometimes quality data will reveal recurring complaints, but those risks are not addressed in the risk management file. Additionally, sometimes risks occur more frequently than what was documented in the risk management file.
In other cases, there are no procedures in place for updating the risk management file, or the procedures are in place but are not followed.
Another issue seen during inspection is that the threshold for corrective action considers the frequency, but not the severity, of the risk. “That threshold needs to incorporate both pieces, not just the frequency,” he said. “That threshold should really be derived from your risk management file.”
 
MedCon

Related topics

Medical Devices
Return to listing

Recommended content

Regulatory Affairs Professionals Society (RAPS)
5635 Fishers Lane, Suite 400
Rockville, Maryland 20852

Telephone: +1 301 770 2920
Fax: +1 301 841 7956

Email:  [email protected]

Design & Development by Pixl8
Membership software by ReadyMembership

Regulatory Affairs Professionals Society (RAPS)

© 2026 Regulatory Affairs Professionals Society

×

Welcome to the new RAPS Digital Experience

We have completed our migration to a new platform and are pleased to introduce the updated site.

What to expect: If you have an existing login, please RESET YOUR PASSWORD before signing in. After you log in for the first time, you will be prompted to confirm your profile preferences, which will be used to personalize content.

We encourage you to explore the new website and visit your updated My RAPS page. If you need assistance, please review our FAQ page.

We welcome your feedback. Please let us know how we can continue to improve your experience.