Developing a Risk Management Plan for MR Medical Device Trials

Introduction

A Risk Management Plan is a critical document required in medical device projects, ensuring compliance with internationally recognized standards such as ISO 14971 (“Medical Devices – Application of Risk Management to Medical Devices”). This standard provides a structured framework for identifying, evaluating, mitigating, and monitoring risks throughout the lifecycle of a medical device, safeguarding both patient safety and regulatory compliance.

The official role of the Risk Management Plan is multifaceted:

  1. Framework for Risk Management: It establishes processes and responsibilities for systematically addressing potential hazards associated with the device.
  2. Documentation of Compliance: The plan serves as formal evidence that risk management activities adhere to regulatory requirements, such as the European Union’s Medical Device Regulation (MDR) and IEC 60601 for electrical medical equipment.
  3. Dynamic Risk Assessment: By continuously evaluating risks as the project progresses, the plan ensures the device’s safety remains robust in the face of new challenges.
  4. Collaboration and Communication: It assigns roles and responsibilities, ensuring that all team members are engaged in identifying, mitigating, and addressing risks effectively.

For the SIGNATURES2023 study, the Risk Management Plan specifically governs the use of non-CE-marked dual-tuned RF coils and experimental pulse sequences in advanced MR(S)I research. This document is crucial for managing risks unique to this project while aligning with broader safety and performance requirements outlined in ISO 14971 and MDR Annex I.

Related documents: (1.) risk management report, (2.) risk analysis report, (3.) investigators brochure (IB), (4.) clinical investigation plan (CIP).

Table of Contents

1. Purpose
2. Roles and Responsibilities
2.1. Risk Management Team
2.2. Risk Officer
2.3. Project Members
3. Risk Documentation
3.1. Risk Analysis Database
3.2. Risk Identification
4. Risk Activities
4.1. Risk Identification
4.2. Risk Analysis
4.3. Risk Mitigation
5. Review
6. Annex I

1. Purpose

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

This document outlines the risk management process in accordance with ISO 14971:2019, titled “Medical devices – Application of risk management to medical devices.” ISO 14971:2019 is an internationally recognized standard that provides manufacturers with guidelines to establish, document, and maintain a systematic risk management process throughout the lifecycle of a medical device.

The key responsibilities associated with risk management under ISO 14971:2019 include:

  • Risk Analysis: Identifying hazards associated with a medical device, estimating and evaluating the associated risks, assessing the effectiveness of existing controls, and determining the need for additional measures.
  • Risk Evaluation: Determining whether risk reduction is necessary based on the manufacturer’s policy and assessing the acceptability of the risks.
  • Risk Control: Selecting and implementing measures to mitigate risks, verifying their effectiveness, and evaluating any new risks introduced by these measures.
  • Risk Monitoring: Continuously monitoring device performance and the effectiveness of risk controls throughout the product lifecycle, including the collection and analysis of post-production data.
  • Risk Communication: Sharing information about risks with all stakeholders, including manufacturers, users, patients, and regulatory authorities.
  • Documentation and Reporting: Maintaining detailed records of the risk management process and reporting outcomes to relevant stakeholders and regulatory bodies as required.

This document specifically details the processes and procedures for managing risks associated with the SIGNATURES2023 study. It adheres to the principles of ISO 14971:2019, defining roles and responsibilities, outlining planned risk management activities, specifying the schedule for these activities, and identifying the tools and techniques to be employed.

2. Roles and Responsibilities

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

As described in detail in the Investigative Brochure (IB), this project focuses on research in the field of MR(S)I. It involves the use of a non-CE-marked dual-tuned RF coil and non-CE-marked RF pulse sequences. To clarify roles and responsibilities, the following points should be noted:

  • RF Coil:
    The RF coil was purchased from the manufacturer [your RF-coil manufacturer], based in Zaltbommel, The Netherlands. This document does not replicate the risk management and General Safety and Performance Requirements (GSPR) already conducted by the ISO-certified [your RF-coil manufacturer]. Instead, it references the following key documents provided by the company:

    • Risk Management File:
      [your RF-coil manufacturer] comprehensive Risk Management File for the head coil, compliant with ISO 14971:2019, outlines the identification, analysis, and mitigation of potential risks, ensuring a robust safety evaluation of [your RF-coil manufacturer]:
      02_Risk_Management_File_DHF_RMF.pdf
    • GSPR Compliance Document:
      The GSPR document demonstrates the coil’s compliance with Annex I of the Medical Device Regulation (MDR), referencing standards such as ISO 14971:2019 for risk management and the IEC 60601 series for technical specifications of [your RF-coil manufacturer]:
      03_Gen_Safety_Perf_Reqs_GSPR.pdf
    • Safety Report:
      This document details the safety simulations and measurements conducted by [your RF-coil manufacturer] on the dual-tuned head coil. Temperature measurements were carried out using the non-CE-marked pulse sequences on a humanoid, electrically-matched head phantom. These tests were performed on the [your scanner brand/type] scanner at the TIC (where the coil will also be used in the SIGNATURES2023 project). The results demonstrated that the RF coil is safe for both the ¹H channel and the ²H channel, with no hotspots detected. The tests were completed without any adverse effects on the equipment by [your RF-coil manufacturer]:
      05_Safety_Report.pdf
  • Pulse Sequences:
    The pulse sequences used in this study are being developed by researchers from the [your institute or company, location]. This document reports on the risk management activities specifically related to the combined use of the non-CE-marked pulse sequences and the non-CE-marked RF coil.

Personnel responsible for risk management activities related to these components are detailed in Annex 1.

2.1. Risk Management Team

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

The Sponsor-Investigator also serves as the Risk Officer, holding primary responsibility for overseeing the risk management process. As part of their duties, the Risk Officer ensures that all identified risks are systematically addressed and mitigation measures are effectively implemented and monitored.

The Risk Management Team is required to convene on a quarterly basis to:

  • Review Risk Mitigation Efforts: Assess the progress and effectiveness of all ongoing risk mitigation activities, ensuring that implemented measures achieve the desired outcomes.
  • Evaluate New Risk Items: Examine any newly identified risks or updates arising from recent activities, project developments, or emerging information in the field.
  • Adjust the Project Plan: Based on the findings from the review, redefine the project direction or timeline as necessary to accommodate new risks or optimize existing mitigation strategies.
  • Document Findings: Record outcomes of the meeting, including decisions made, updates to the risk analysis database, and any new actions required.

These regular reviews ensure that the risk management process remains dynamic, responsive, and aligned with the project’s objectives, as well as regulatory requirements.

2.2. Risk Officer

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

The Risk Officer plays a central role in the risk management process, bearing responsibility for the identification, compilation, and oversight of risks. Their specific duties include:

  • Risk Identification: Identifying potential risks associated with the project through systematic evaluation of project activities, feedback from team members, and review of relevant literature or data.
  • Risk Compilation: Collecting and organizing reported risks from team members and stakeholders, ensuring all identified risks are logged accurately and comprehensively.
  • Database Management: Entering all identified risks into the risk analysis database and maintaining its accuracy and completeness throughout the project lifecycle.
  • Risk Mitigation Activities: Defining and proposing mitigation strategies to address identified risks, ensuring these measures align with the project’s objectives and regulatory requirements.
  • Completing Risk Tables: Preparing detailed risk tables that summarize each risk, its likelihood and impact, the proposed mitigation measures, and the residual risk after mitigation.
  • Reporting: Compiling updates and findings into the risk summary report, providing stakeholders with a clear overview of the current risk status and any outstanding issues.

Additionally, the Risk Officer meets regularly with the Risk Management Team to:

  • Finalize the initial risk analysis at the beginning of the project.
  • Evaluate and address new risk items that may arise during the course of the project.
  • Ensure the risk management process remains proactive, responsive, and aligned with evolving project requirements.

By fulfilling these responsibilities, the Risk Officer ensures that risks are effectively managed, documented, and communicated, contributing to the safety and success of the project.

2.3. Project Members

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

The Risk Officer(s) will delegate identified risks to the appropriate Risk Management Team members, based on their expertise and areas of responsibility. The assigned team members will:

  • Risk Assessment: Evaluate the assigned risks by assessing their exposure (the potential impact or consequences) and probability (the likelihood of occurrence). This evaluation will be conducted in accordance with the risk assessment criteria outlined in the project’s Risk Management Plan.
  • Reporting: Document the findings of their analysis and report the results back to the Risk Officer, ensuring that all relevant data is accurately captured in the risk analysis database.
  • Mitigation Implementation: Execute the mitigation steps defined in the Risk Mitigation Plan for their respective areas of responsibility. This includes implementing control measures, monitoring their effectiveness, and ensuring compliance with applicable standards.
  • Progress Reporting: Regularly update the Risk Officer on the status of mitigation efforts, including any challenges, outcomes, or additional risks identified during the implementation phase.

The roles and responsibilities of each Risk Management Team member, along with their areas of expertise, are detailed in Annex I of this document. This clear delineation of responsibilities ensures an organized and effective approach to risk management throughout the project lifecycle.

3. Risk Documentation

Effective risk management requires comprehensive and systematic documentation to ensure that all identified risks, mitigation measures, and ongoing evaluations are accurately recorded and easily accessible. This section outlines the procedures for maintaining a detailed risk analysis file, which serves as a centralized repository for tracking risks throughout the project lifecycle. By adhering to strict documentation practices, this approach ensures transparency, accountability, and compliance with applicable standards, facilitating informed decision-making and streamlined project management.

3.1. Risk Analysis Database

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

All risk factors identified and managed throughout this project will be systematically documented and stored in a centralized risk analysis file. This file is securely hosted on a virtual drive within the Insel Gruppe AG network, ensuring controlled access and data integrity. Access to the file is restricted exclusively to the study coordinator, who is responsible for maintaining the file’s accuracy and confidentiality. This secure storage approach complies with relevant data protection and risk management standards, facilitating efficient tracking and review of risk-related information throughout the project lifecycle.

3.2. Risk Identification

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

Risks are identified by experienced system users, including PhD students and post-doctoral researchers actively involved in programming and testing new sequences. These individuals possess the technical expertise and hands-on experience required to recognize potential hazards during the development and testing phases. Identified risks are communicated both orally and in writing to the Risk Officer, who is responsible for evaluating and formally documenting them in the risk analysis file. This collaborative approach ensures that risks are identified promptly and accurately by those most familiar with the system’s operational intricacies.

4. Risk Activities

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

This section provides a detailed outline of the procedures governing all risk management activities throughout the project. It includes the following key processes:

  • Risk Identification: The systematic recognition of potential risks associated with the project.
  • Risk Analysis: Evaluation of identified risks to determine their potential impact and likelihood of occurrence.
  • Risk Assessment: Determination of the acceptability of identified risks and prioritization for mitigation.
  • Risk Mitigation Measures: Development and implementation of strategies to reduce or eliminate risks to an acceptable level.
  • Testing and Verification: Validation of the effectiveness of mitigation measures to ensure they achieve the intended outcomes.
  • Continuous Risk Management: Ongoing monitoring and evaluation of risks throughout the project lifecycle to address new or evolving challenges.
  • Documentation and Reviews: Comprehensive recording of all risk management activities and periodic reviews to ensure accountability, compliance, and alignment with project objectives.

By defining these processes, this section establishes a robust framework for proactive and continuous risk management, ensuring the safety, reliability, and regulatory compliance of the project.

4.1. Risk Identification

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

Initial risk identification will be conducted by the Risk Officer, who will evaluate potential hazards associated with the project’s initial phases. Subsequently, risks will be identified by experienced system users, including PhD students and post-doctoral researchers, actively involved in programming and testing new sequences.

In addition, all project team members are responsible for identifying any newly introduced or observed risks that may arise during the use or modification of the developed sequences as part of the SIGNATURES2023  project. These risks will undergo a secondary evaluation process, ensuring that all emerging threats are comprehensively assessed and incorporated into the risk management plan.

4.2. Risk Analysis

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

Risk analysis for each identified risk will be conducted by the Risk Officer, with input from relevant team members who have expertise in the area of concern. This collaborative approach ensures a thorough and accurate assessment of potential hazards.

After a risk is identified, it will be documented in the risk analysis file, including the following key details:

  • Risk Description: A clear and concise explanation of the identified risk.
  • Risk Source: The origin or cause of the risk, including any associated system or process factors.
  • Sequence of Events: The specific chain of events or conditions that could trigger the risk.
  • Risk Consequences: The potential impact or outcomes resulting from the risk, should it materialize.

Each risk will then be evaluated to determine its level of severity before corrective actions are implemented. This assessment considers both the frequency of occurrence and the consequences of the risk, utilizing the risk assessment matrix provided in Figure 1 and the scales defined in Tables 1 and 2. These tools ensure a structured and standardized evaluation process, supporting informed decision-making for risk mitigation.

Figure 1 Risk assessment matrix representing the rated frequency and consequence of the risk before and after mitigation activities. The three colors represent the acceptability of the risk with red (unacceptable), orange (undesirable), and green (acceptable).
Figure 1 Risk assessment matrix representing the rated frequency and consequence of the risk before and after mitigation activities. The three colors represent the acceptability of the risk with red (unacceptable), orange (undesirable), and green (acceptable).

Table 1 Risk assessment frequency scale definitions

Frequency
Frequent Expected to occur frequently
Probable Expected to occur
Occasional Likely to occur
Remote Unlikely to occur but probable
Improbable Very unlikely to occur

 

Table 2 Risk assessment severity scale definitions

Consequence
Critical Death, Extensive permanent injury to the patient or user
Major Sever, long-term injury, potential disability
Serious Short-term injury or impairment requiring additional medical intervention to correct (e.g. reoperation)
Minor System cannot achieve its goal, procedure reverted to conventional, slight customer inconvenience
Negligible Increased operating time

 

4.3. Risk Mitigation

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

The risk matrix categorizes risks into three zones based on their severity and likelihood:

  • Unacceptable Risk (Red): Requires immediate action. Mitigation measures must be implemented to reduce these risks to a more acceptable level.
  • Undesirable Risk (Orange): Mitigation is recommended but subject to a risk-benefit feasibility analysis to determine if the effort and resources required are justified by the potential reduction in risk.
  • Acceptable Risk (Green): No further action is required as these risks are considered tolerable within the scope of the project.

For all unacceptable risks, mitigation measures must be promptly developed and implemented. Any mitigation actions taken, including their details and outcomes, must be systematically recorded in the risk analysis file for transparency and tracking.

Following the implementation of mitigation measures, the risk level is reevaluated using the risk matrix displayed in Figure 1 to ensure that the actions have effectively reduced the risk.

A risk is considered successfully mitigated when:

  1. It falls within the acceptable risk zone (green), or
  2. A risk-benefit analysis demonstrates that further mitigation of an undesirable risk is infeasible and the residual risk is deemed tolerable in light of the project’s overall benefits.

This approach ensures a structured, consistent, and justifiable process for managing risks effectively.

5. Review

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

 

Following the initial risk analysis conducted prior to 26 May 2021, the Project Leader and the Risk Management Team will convene to review the status of all identified risks. These reviews will occur:

  • After the occurrence of any adverse effects, ensuring timely reassessment and response.
  • Upon request by any team member who has become aware of new risk-related information, whether from the scientific literature, regulatory updates, or manufacturer-provided data.

During these meetings, the team will:

  1. Review Risk Information: Assess the latest data on identified risks, including new developments or emerging concerns.
  2. Evaluate Mitigation Actions: Examine the effectiveness of previously implemented mitigation measures to determine whether they remain adequate or require adjustment.
  3. Reassess Risk Classification: Reevaluate the categorization of risks based on updated information, ensuring that all risks are accurately classified and appropriately addressed.

This iterative review process ensures that risk management remains dynamic, responsive, and aligned with the evolving context of the project.

6. Annex I

The risk management plan document of the approved SIGNATURES2023 trial the following was written:

Personnel Assignment

  • Project Leader: Prof. X.Y.
  • Risk Officer: Prof. X.Y.
  • Project Team Members:
    • Prof. X.Y., PhD – Project Leader
    • Dr. X.Z., PhD – MR Programmer Representative
    • Dr. W.Y., MD – Study Coordinator, Clinical Issues

 

Leave a Reply

Discover more from MRI/MRS Clinical Trial Compliance Solver

Subscribe now to keep reading and get access to the full archive.

Continue reading