January 26, 2021



Check Your Existing Procedures:


To properly attend to what Europe’s outgoing Medical Devices Directive (MDD) and new Regulation 2017/745 (the EU MDR) require regarding the reduction of risk “as far as possible” (AFAP), it is first important to know what an organization’s corresponding acronym actually stands for.  For example, if the existing Risk Management Procedure uses “ALAP” and means “As Low as Possible“, then it may be that the organization’s definition of ALAP could already be aligned with the EU MDR’s requirement for As Far As Possible (AFAP).  But further detailed assessment of the existing procedure would be needed to flush this out.

On the other hand, if a Risk Management procedure is based on reducing/controlling risks to be As Low As Practicable (a.k.a., ALARP – As Low As Reasonably Practicable), then, in preparation for an EU MDR audit, it is most definitely the right approach, and certainly required, to revise the procedure so as to update and replace ALAP/ALARP to a proper interpretation of AFAP.  This is because both the outgoing MDD and the new EU MDR demand that risks be reduced to AFAP.  Indeed, AFAP is not a new concept to the European medical device regulatory arena.



Align Your Procedures:


Ultimately, it is necessary to be sure that the procedure aligns its definition and application of ALAP/AFAP with what will be expected by the Notified Body.  This should start with realizing that the EU MDR’s approach to AFAP builds upon, but doesn’t clearly conflict with, that which was already established in the MDD.  Specifically, the EU MDR adds that the reduction of risks AFAP means reduction of risks AFAP without adversely affecting the benefit-risk ratio.  So, what does that mean, and how do we characterize it for the purposes of the Risk Management procedure and process?  I introduce this below.


First, remember that the notion of achieving AFAP without regard for economic considerations was born from Annex Z Content Deviation #3 of EN ISO 14971:2012 (now withdrawn and superseded by the latest state of the art, EN ISO 14971:2019) which includes no such Content Deviation.  Indeed, even before EN ISO 14971:2012 was withdrawn, the Notified Bodies recognized and voiced such recognition (based on longstanding MDD precedent) of the impracticality and inappropriateness of pursuing AFAP with total disregard for economic considerations.  So, the Notified Bodies in fact continued to permit a reasonable amount of economic consideration to be made when pursuing AFAP.  Accordingly, the EU MDR Risk Management procedure’s attendance to AFAP should not be singularly focused on an aversion to, or disregard for, the associated economic considerations.  Such an approach would probably be viewed by the Notified Bodies as impossible, and perhaps even disingenuous.


Instead, the Risk Management procedure needs to assure that the organization and its risk management mechanism properly and precisely define, in practical (i.e., working, implementable) terms, the concept of the AFAP threshold and how the organization goes about reducing risks AFAP.  The procedure needs to specify what particular thresholds and criteria will be used for determining whether a particular risk has or has not been reduced to the AFAP threshold.  The Notified Bodies, based on longstanding precedent, have a pretty clear understanding of this concept as elaborated on in their October 2014 Consensus Paper for the Interpretation and Application of Annexes Z in EN ISO 14971:2012.  As noted above, the EN 2012 version of the ISO 14971 standard has been superseded, yet the 2014 Consensus Paper still in my experience contains an accurate Notified Body interpretation of the AFAP concept to be used as the basis for the corresponding elements of the Risk Management procedure.


A quick final note:  Risk management is not risk analysis (though risk management certainly includes risk analysis).  Accordingly, in order to comply with EN ISO 14971 and the EU MDR, it is necessary to have a Risk “Management” procedure that properly defines and integrates risk “analysis”.

Write a Reply or Comment