The IVDR has reshaped lab compliance and— let’s just admit it—put out a tall order for labs to serve up. One aspect that proves particularly exasperating is a much stronger emphasis on rigorous risk management – not only for the lab in general, but also for each in-house diagnostic test.  

For labs with numerous in-house IVDs, implementing effective risk management practices is no piece of cake. But the pay-off is also not just a sugary icing on the cake. It is rather the bread and butter of diagnostics: quality and patient safety. 

The following offers an overview of the enhanced risk management requirements stipulated by the IVDR, as well as those issuing from ISO 15189, which is now mandated by IVDR for labs with in-house tests. Then we take a look at how ISO 22367 offers a convenient cookbook for meeting the combined requirements. 

Article 5.5 and GSPRs 

Article 5.5  first and foremost mandates adherence to the General Safety and Performance Requirements (GSPRs)—and the first general requirements therein are all about risk management at the in-house device level. Key relevant requirements for each lab-developed test include: 

• Risk identification and assessment: Labs must conduct comprehensive risk assessments for each test, addressing potential hazards throughout the test’s lifecycle. 

• Risk control and mitigation: Labs must implement tailored risk controls to either eliminate or reduce identified risks to acceptable levels for each in-house test. This includes implementing protective measures plus monitoring the effectiveness of these measures. 

• Monitoring: Labs must undertake an ongoing review of experience gained from clinical use. Risk management must be understood as a continuous iterative process throughout the entire lifecycle of an in-house device, requiring regular systematic updating. Any emerging risks associated with the devices must be addressed. 

• Risk documentation: Laboratories must document all risk assessments including a risk management plan.  

ISO 15189 and yet more risk management 

ISO 15189 is a foundational standard for management systems in medical labs, including quality management. It sets forth requirements for risk management systems aimed at enhancing quality and minimizing risks to patients and users. Under ISO 15189, labs are expected to: 

• Implement a structured risk management approach: ISO 15189 requires laboratories to develop a risk management system that identifies, assesses, documents and controls risks at every stage of the testing process. 

• Focus on patient and user safety: Risk control measures aim for accurate testing from specimen collection to result reporting, as well as a safe lab environment. 

• Manage equipment and processes: Proper maintenance of lab equipment and calibration of test methods are addressed among other essential components that help reduce risks with the potential to compromise diagnostic results. 

By setting this standard as mandatory, IVDR has created a comprehensive framework for managing risks at the general lab level that will reinforce quality at the device level.  

ISO 22367 as a comprehensive solution 

IVDR has harnessed the standards—and labs might be able to more efficiently deliver on risk management by leaning on ISO recipes, too.  Perhaps the easiest way to tackle the combined requirements is to take ISO 22367 as your cookbook to draw from. 

ISO 22367 builds on ISO 15189, providing more detailed guidance on risk management for lab environments. This standard hits the mark for labs looking for a streamlined way to update their risk management to align with the IVDR. Most of the ingredients and instructions you need to meet relevant requirements can be found there. 

Key features of ISO 22367 include: 

• Risk control across testing stages: ISO 22367 encompasses risk management throughout pre- and post-analytical stages, offering a thorough approach to managing risks associated with laboratory processes. 

• Alignment with IVDR requirements: ISO 22367’s risk management framework aligns well with the GSPR requirements of IVDR, offering practical guidance that simplifies compliance. 

• A guide to integrating risk management into an ISO 15189-compliant QMS: ISO 22367 entails the integration of risk management into the relevant parts of an ISO 15189-mandated QMS and offers a helpful guide for this in Annex I. 

Once again, this standard is all about minimizing risks to patients and users. The other upside of leveraging this standard is that it also reduces risk for the lab itself because it leads to fully baked compliance. 

* We have compiled the above information to the best of our knowledge, yet our blog entries do not constitute expert advice and cannot substitute your own examination of the legal situation applicable to you and your institution.