Articles

Addressing Challenges in Medical Device Certification with a Top-Down Approach – Lessons Learned

Challenges in Traditional Safety Approaches

Traditionally, medical device certification has lacked a structured top-down approach, leading to the introduction of various isolated safety measures. These measures often require significant effort but fail to clearly support overarching safety goals, making their effectiveness questionable. As a result, they are frequently misunderstood and often the first candidates for removal during optimization.

One key reason for this challenge is that many regulatory norms focus on prescribing specific safety measures rather than providing a systematic framework. For example, IEC 61508, a generic functional safety standard for electrical, electronic, and programmable electronic systems (E/E/PES), has traditionally not been directly applicable to medical devices. However, its core principles, such as quantitative safety metrics, failure probability analysis, redundancy, and diagnostic coverage, have influenced IEC 62304 (Medical Software) and ISO 14971 (Medical Risk Management).

Implementing a Top-Down Safety Approach

To address these issues, our company introduced a top-down approach, ensuring that all safety goals are systematically connected to safety measures designed to mitigate potential faults.

Methods Used in the Top-Down Approach

For top-down diagrams, we utilize:

  • Fault Tree Analysis (FTA) for detailed and formal representation of safety-critical events, supporting comprehensive hazard identification and mitigation.
  • Goal Structuring Notation (GSN) for a higher-level safety argumentation, particularly effective in the early stages of development, when system dependencies and safety justifications are being structured.
  • STPA (System-Theoretic Process Analysis) for discovering risks related to system interfaces, unsafe controls, and missing feedback mechanisms, complementing traditional failure-based analyses.

By combining these methods, we achieve a traceable link between system safety goals and the corresponding risk control measures.

Key Benefits of Our Approach

  • Seamless collaboration between System Architecture, Design, and Safety teams
  • Simplified impact analysis, enabling efficient change management
  • Consistent and traceable requirements derivation
  • Improved communication with suppliers and certification authorities
  • Systematic approach to safety evidence creation

Additionally, several safety metrics are widely used to assess whether the introduced safety measures are sufficient. For example, redundancy and diagnostic coverage, as defined in IEC 61508, help determine probability of failure and safe fault fraction.

Applicability to FDA and EU MDR Compliance

Regulatory frameworks such as FDA’s 21 CFR Part 820 and the EU Medical Device Regulation (MDR) 2017/745 emphasize structured risk management, traceability, and safety case documentation. Our top-down approach directly supports these requirements:

  • For FDA Compliance:
    • Ensures alignment with ISO 14971 for risk management, which is recognized by the FDA as a consensus standard.
    • Provides structured safety justifications, supporting 510(k) submissions, De Novo classifications, and PMA approvals.
    • Improves traceability of safety requirements, which aligns with FDA’s expectations for Design Controls (21 CFR 820.30).
  • For EU MDR Compliance:
    • Supports risk-based decision-making, as required under Annex I, Chapter I of EU MDR (General Safety and Performance Requirements – GSPR).
    • Enhances the creation of Clinical Evaluation Reports (CERs) and Post-Market Surveillance (PMS) documentation.
    • Strengthens software lifecycle processes, ensuring compliance with IEC 62304, which is critical for medical software classification under MDR.

By integrating a structured safety methodology, our approach streamlines regulatory submissions, reduces certification delays, and ensures alignment with global safety expectations.

Beyond Functional Safety: A Holistic Risk Management Perspective

It is important to recognize that functional safety is only one aspect of risk management. Medical devices must also address electrical safety, sterility, cybersecurity, and other critical properties.

Our top-down approach can be effectively applied to various types of risks:

  • FTA is ideal for analyzing functionality failures and their consequences.
  • GSN provides a higher-level view of argumentation for safety justifications.
  • STPA is valuable for identifying risks related to interfaces, unsafe controls, and lack of feedback mechanisms.

This systematic top-down methodology is a core element of our holistic medical Safety Management System (SMS), enhancing regulatory compliance, risk management, and overall device safety.