Re: Will you really expect column "source" in Risk Management file to show the clear evidence that experience with the same and similar types of device was taken into account?
One of the major problems in ISO 14971 is the lack of a "filter" function to switch between different levels of documentation depending on the nature of the risk related item. It makes sense that a variable approach should be applied, with some risk items not requiring any documentation, others just a record or link to the characteristics of the risk control measure, others need both characteristics and justification (including source material), and others still a detailed discussion on why no action or only limited action was taken, including records of potential solutions that were evaluated and assessed as not being practical (allowing risk/benefit to proceed).
This lack of a filter means that all items are treated the same. Given the volume of risk related items, which are typically in the thousands, the only possible approach is a light touch to the formal records.
This explains why the normative section of ISO 14971 standard is actually fairly light on the records required, and even lighter for "objective evidence". In fact, the term objective evidence, while defined, does not appear at all in the normative section. It does sneak in via the term verification, however, only one clause uses verification: implementation of the risk control measure. In all other cases, there is no requirement to document any objective evidence for the decisions in the risk management file, and the "record" itself can be as simple as a number e.g. "4" or a binary decision (e.g. "Yes" or "No"). For example: are there risk arising from risk control measure #123? Record = "No". That's it. No need to explain.
However, in the informative section, guidance documents, seminars, expert opinions will often imply the need to keep evidence for decisions. It's very easy to find examples of risk items where keeping evidence makes sense. The problem, though, is that this cannot be applied universally, there are simply too many risk items to deal with.
I have in the past recommended to manufacturers to make their own filter. But I've found that in practice it doesn't work. Decisions are heavily influenced by bias, such as cost, competition, complexity, complacency. So a real world manufacturer might say great, filter makes sense, but then only apply the filter to a selected few "comfortable" risk items to record more detail, evidence, basis for the decision and so on.
Anything that's in the uncomfortable zone, such as no action being taken because, well, ... that's what the competitors do ... or it's going to require the PCB to be completely reworked ... or delay the project by 6 months ... or we have no idea how to assess the probability ... ... ... all those will get filtered into the the simple record group, to avoid the spotlight.
So we really need the standard (i.e. ISO 14971) to step in and identify the characteristics of situations where keeping more evidence makes sense. It is more nuanced, but I don't think it would be that hard to do.
