Risk Management Requirements for Post-Market Surveillance for Medical Devices

Nov 17, 2021 | Resources

Medical Device Regulation: what is it about?

The EU’s Medical Device Regulation (MDR) is a hot topic in healthcare since it was officially published on 5th May 2017 and came into effect on 25 May 2017. The MDR replaces the EU Medical Device Directive (93/42/EEC) and the Directive on active implantable medical devices (90/385/EEC).

Manufacturers of currently approved medical devices were given a transitional period of 3 years, till the 26th of May 2020, during which they had to reorganize the operations to meet the requirements of the MDR. An amendment to the MDR was adopted on 24 April 2020 by European Commission, which postponed the application of most of its provisions by one year, until 26 May 2021. However, certain devices that meet special requirements can be granted permission to extend the transition period till the 26th of May 2024. [1]

Post-market surveillance: what’s new

Articles 82 through 86 and Annex III of the EU MDR describe the requirements for a post-market surveillance system (PMS), making PMS mandatory, and those manufacturers who want to remain in compliance with new MDR are obliged to re-organize the PMS and Vigilance System following the new requirement.

The PMS process is focused on the collection and analysis of the data that comes from the various sources as reported in Annex III and is carried out according to a PMS plan to be established for each MD in order to:

  • update the benefit-risk determination and improve the risk management.
  • Update the design and manufacturing information, the instructions for use and the labeling.
  • Update the clinical evaluation.
  • Update the summary of safety and clinical performance.
  • Identify the needs for preventive, corrective or field safety corrective action.
  • Identify options to improve the usability, performance and safety of the device.
  • Contribute to the post-market surveillance of other devices (when relevant).
  • Detection and reporting of trends.

Risk management requirements for post-market surveillance for medical devices

With PMS becoming a duty for medical device manufacturers, the effective risk management system becomes a priority as well as one of the three basic elements that ensure compliance and safety, alongside with PMS and clinical evaluation (see Image 1).

According to the MDR, manufacturers are expected to provide evidence of a risk management plan created for the whole lifecycle of products. Such plans should be used for tracking and reducing any potential hazards and ensuring the safety of the devices.

The MDR references to the following risk-related key notions:

  • Risk is defined in Article 2 as “the combination of the probability of occurrence of harm and the severity of that harm”;
  • Benefit-Risk Determination is defined in Article 2 as “the analysis of all assessments of benefit and risk of possible relevance for the use of the device for the intended purpose, when used in accordance with the intended purpose given by the manufacturer”;
  • General obligations are defined in Article 10 in the following way: “Manufacturers shall establish, document, implement and maintain a system for risk management as described in Section 3 of Annex I”;
  • The Quality Management Systems shall address the following matter – “risk management as set out in in Section 3 of Annex I”.

The following requirements by the MDR should be addressed in order to ensure compliance and correct benefit/risk management:

  • establish and document a risk management plan for each device.
  • Identify and analyse the known and foreseeable hazards associated with each device.
  • Estimate and evaluate the risks associated with, and occurring during, the intended use and during reasonably foreseeable misuse.
  • Eliminate or control the risks referred to in point (c) in accordance with the requirements of Section 4.
  • Evaluate the impact of information from the production phase and, in particular, from the post-market.
  • Surveillance system, on hazards and the frequency of occurrence thereof, on estimates of their associated risks, as well as on the overall risk, benefit-risk ratio and risk acceptability.
  • Amend control measures if necessary.

What else is there to keep in mind?

In 2019, a new ISO 14155:2018 draft has been published and contains changes on pre- and post-market clinical investigations for medical devices. it is closely tied to the risk management requirements outlined in ISO 14971.

Other significant changes in the new ISO 14155:2018 draft include:

  • guidance on clinical quality management, clinical investigation audits and ethics committees.
  • Risk-based monitoring requirements.
  • Registration of clinical investigations in publicly accessible databases.
  • Clarifications on how ISO 14155 requirements apply to each stage of clinical development.
  • Annexes relating ISO 14155 to the European Medical Devices Regulation, and to the Medical Devices Directive (MDD) and Active Implantable Medical Devices Directive (AIMDD).
  • Useful Medical Device Regulation terminology.

MDR – Medical Device Regulation

PMS – Post Market Surveillance

PIP- Poly Implant Prosthesis

MDD – Medical Device Directive

FDA – Food and Drug Administration

PMCF- Post Market Clinical Follow-up

CER – Clinical Evaluation Report

RM – Risk Management

PSUR- Periodic Safety Updated Report

PMSR – Post Market Surveillance Report

SSCP – Summary on Safety and Clinical Performances

SAE – Serious Adverse Event

IFU – Instruction For Users

How can seQure, the business unit of Arithmos, help you?

seQure can support companies in a consultative way by making sense of the MDR and analysing a company’s needs in terms of quality assurance and regulatory compliance. We can support with an initial gap analysis and risk assessment regarding the MDR. Contact us for further information.

Are you looking for technological solutions to facilitate clinical trials and adverse events management for your Medical Device products? We offer such solutions as Symphony, flexible and easy to set up EDC system, and Argus BluePrint, pre-validated and pre-configured version of Oracle Safety, that ensure compliance and security of the processes for Medical Device companies.


Contact us

If you would like to learn more about our services, please fill out the form.
We will get back to you as soon as possible.

Contact us

If you would like to learn more about our services, please fill out the form.
We will get back to you as soon as possible.