The difference between ethylene oxide and gamma sterilization

Medical sterilization is most often the final part of the medical device contract manufacturing process and there are various sterilization methods that can be used. The main ones are gamma (irradiation) sterilization and ethylene oxide (EtO) sterilization.

Gamma sterilization and EtO sterilization are both suitable for achieving a sterility assurance level of 10-6, which is the minimum requirement for the sterilization of medical devices. This means that for one million sterilized items, there will not be more than one microorganism. Most single-use medical device packaging is suitable for these sterilization methods.

To help make sure that you choose the right sterilization method, and to ensure the safety, quality and performance of your products, we have put together this short guide to gamma sterilization and EtO sterilization, including information on the processes and where and in what circumstances they are used.

What is ethylene oxide sterilization and how does it work?

EtO sterilization is a popular means of medical device sterilization in the UK and throughout Europe. Highly effective and efficient, it is the method used by leading medical device contract manufacturers. The official standard is EN ISO 11135:2014/A1:2019.

This type of sterilization uses a gas diffusion process. Sterilization is achieved when microbial DNA is destroyed by an ethylene oxide gas molecule. The effectiveness of the sterilization process is dependent on the degree to which the gas can penetrate products and their packaging. For example, densely packed products without much air space surrounding them are harder to sterilize than those that are more sparsely packaged in a way that allows more air to flow around them. Hence, it is recommended that devices are shipped in breathable packaging to allow the ethylene oxide gas to break through the sterile barrier and to react with all the necessary surfaces.

When the sterilization process is completed, the degassing process must be thorough and remove as much of the gas as possible. The amount of gas remaining on a device after sterilization is strictly controlled. This remainder is often referred to as EtO residual. EN ISO 10993-7:2008 provides guidance on residual limits for each type of device and with regard to patient exposure. In short, the longer your device is intended to be used for, the lower the residual on the device needs to be.

While EtO sterilization is mostly performed at specialist facilities, it can be carried out in-house using small sterilization cabinets or chambers. However, this equipment is not suitable for mid-to-high-level volume sterilization.

What are the pros and cons of the ethylene oxide sterilization process?

A wide range of medical device materials can be sterilized using the EtO sterilization process, including plastic and other heat-sensitive materials, and products that are sensitive to radiation. This is a main reason why EtO sterilization is often preferred

Another major advantage of EtO sterilization is that mixed products can be included in a single sterilization cycle or validation. This generates key process and cost-efficiency benefits. However, EtO sterilization cannot be used on sealed air tight medical devices, or devices that are very densely packaged

What is gamma sterilization and how does it work?

Gamma sterilization is still widely used in Europe, although it is a more popular method in the US. It sterilizes products by exposing them to a radiation source, normally Cobalt-60, which is highly effective at destroying microorganisms, with minimal temperature changes. The official standard is EN ISO 11137-4:2020.

How much radiation a product receives depends on the type of product and the amount of radiation prescribed for effective sterilization. A dosimetric release system makes it possible for products to be processed, verified and immediately released for transportation. This makes the process very quick and more suitable for short shelf-life products.

Gamma sterilization can only be carried out in approved sterilization facilities. As such, it is unlikely to be suitable for most in-house facilities as the control of Cobalt-60 in the volumes needed for mass product sterilization are strictly governed. Also, Cobalt-60 is quite expensive to buy.

What are the pros and cons of the gamma sterilization process?

While gamma sterilization can be cheaper and faster than EtO sterilization, the validation costs relating to gamma sterilization are often higher (it requires quarterly revalidation and dose auditing). Therefore, it is suited to high-volume production.

Irradiation is often shown as a range, such as between 15 and 25 kGy. If a product receives this dose, it has absorbed between 15 and 25 kilo-grades of radiation. For devices with a higher bioburden, the validated dose may need to be higher, such as between 25 and 35 kGy. The higher the dose of radiation, the more the product is affected.

Devices that receive a high dose of irradiation often display a yellowing or browning or the packaging becomes stiff or brittle. This can be problematic if you need to rework or re-sterilize a batch of your device. This is why the aim is always to use the suitable dose for your device. It should be noted here that reviewing the bioburden is more important in such circumstances.

Gamma sterilization must be dose mapped and dose audited. A pallet of product must be tested to make sure that devices in the middle receive an effective dose of radiation. Notably, the same validation is unlikely to be suitable for multiple devices if they have different weights or density. Furthermore, gamma sterilization can cause material cross-linking, which can affect product stability.

Sterilization options and your manufacturing partner

When it comes to selecting a sterilization process, it is very likely that your medical device will be most suited to a specific method. Factors linked to cost, speed-to-market, intended device use, shelf life, materials and battery or microchip use will all influence the choice.

As such, it is vital that when using a medical device contract manufacturer, you choose a specialist partner with the experience to correctly assess your sterilization needs, the resources to deliver high-quality sterilization and the expertise to carry out this sterilization to the highest standard.

Meridian Medical is an established and experienced contract medical equipment manufacturer specializing in a wide range of medical device designs, development and supply services, including medical sterilization.

To find out more about how Meridian Medical can help you with your medical product design and manufacture, get in touch today by filling out our online form or contacting us on 01903 732344 or info@meridian-medical.com.

Effective risk management of medical devices is a fundamental aspect of ensuring their safety, efficacy and regulatory compliance. Rooted in Hippocrates’ principle of ‘First, do no harm’, it serves as a proactive approach to identifying, evaluating and mitigating risks throughout the product lifecycle. By doing so, manufacturers can prevent potential harm to end users and patients, enhance device performance and uphold the highest standards of care. Effective risk management not only meets regulatory standards, such as ISO 14971:2019 and EU MDR, but also builds trust with stakeholders and protects businesses from costly recalls and legal issues. This blog* will explore the essential components of risk management, common misconceptions and the latest challenges facing the industry, with a focus on emerging technologies and their associated risks.

What is risk?

In the context of medical devices, the concept of risk is central to ensuring safety, efficacy and compliance. Understanding risk is critical for managing potential hazards throughout the lifecycle of a medical device.

ISO 14971 definition of risk

ISO 14971:2019, the international standard for the application of risk management to medical devices, defines risk as ‘the combination of the probability of occurrence of harm and the severity of that harm.’ This framework is tailored to the medical device industry, focusing on identifying, evaluating, controlling and monitoring risks to ensure patient safety and regulatory compliance.

ISO 31000 definition of risk

ISO 31000, the broader international standard for risk management across industries, offers a slightly different perspective, defining risk as the effect of uncertainty on objectives. However this definition emphasises the potential for both positive and negative outcomes and highlights the need for a systematic approach to managing uncertainty.

Key standards and regulations for the risk management of medical devices

Several key standards and regulations provide a framework for managing risks throughout the lifecycle of medical devices. These standards ensure that safety, performance and compliance are maintained in alignment with both global and regional regulatory requirements.

ISO 14971:2019- the core standard for medical device risk management: 

• Provides a structured framework for identifying, evaluating and mitigating risks throughout the medical device product lifecycle.
• Emphasises balancing risks against benefits and implementing effective risk controls.

ISO 13485:2016 - integrates risk management into quality management systems:

• Ensures risk management is an ongoing process across all stages of development and production.

IEC 60601 - focuses on the safety and performance of electrical medical devices:

• Embeds risk management requirements into its guidelines.

Regional regulatory requirements:

• EU MDR - European Union Medical Device Regulation: Mandates robust risk management to meet General Safety and Performance Requirements (GSPR). It also highlights the importance of risk assessment in device design and post-market monitoring.
• FDA 21 CFR Part 820 - U.S. Food & Drug Administration: Enforces risk-based approaches within Quality Management System Regulation (QMSR). Requires risk management in design controls through to post-market surveillance.

Why is risk management for medical devices important?

Effective risk management plays a critical role in ensuring safety, compliance and business success. Here's why it matters:

• Patient Safety:
  • Prevents harm from faulty or potentially harmful devices (e.g. non-medical grade materials or malfunctioning equipment).
  • Ensures patient health is safeguarded throughout the device lifecycle.
• Regulatory Compliance:
  • Helps meet standards like ISO 14971:2019 and EU MDR.
  • Failure to comply can result in fines, recalls and delays to market access.
• Avoiding Financial Consequences:
  • Inadequate risk management can lead to costly recalls, legal action or damage to reputation.
• Improved Device Performance:
  • Identifies potential issues early, leading to better quality and reliability.
• Building Trust:
  • Reinforces confidence with stakeholders and end users, ensuring long-term success in the healthcare market.

What is risk management for medical devices?

Risk management for medical devices is a systematic, ongoing process aimed at identifying, assessing, controlling and monitoring risks to ensure safety, compliance and efficacy. This process is essential for meeting regulatory requirements and safeguarding both patients and manufacturers.

An overview of the risk management process

Risk analysis

The Risk analysis document involves identifying potential hazards associated with the device’s design, manufacturing and usage. These hazards should include all aspects of a devices design and intended use, and address the type of failure such as mechanical failure, electrical hazards, biological incompatibilities or software errors. Each hazard should be thoroughly investigated to determine its origin, frequency and potential impact on patients and users. Tools such as Failure Mode and Effects Analysis (FMEA) or Fault Tree Analysis (FTA) are often used in this stage to ensure all potential risks are identified.

Risk evaluation

After identifying ach of the risks, the next step is to evaluate them by assessing and scoring the likelihood of each risk occurring and the potential severity of its consequences. This evaluation enables manufacturers to categorise risks based on their potential impact and decide which risks are acceptable and which require immediate attention. The regulatory standard ISO 14971:2019 provide guidance on setting thresholds for acceptable risk.

Risk control

Risk control is the stage where action is taken to reduce, eliminate or mitigate identified risks. This might involve modifying the device design, adding safety features, enhancing testing protocols or implementing preventive measures in manufacturing. Medical device verification and validation are therefore key to the development and manufacturing of medical devices.

Verification ensures that any risk controls function as intended, while validation confirms they effectively reduce risks in real-world use. The aim is to lower residual risks to a level that is acceptable and ensures patient safety without compromising the device's intended function. Controls are continually reviewed and updated based on new information or evolving standards.

Residual risk evaluation

After implementing risk controls, manufacturers assess the remaining risks, known as ‘residual risks’, to ensure they are within acceptable limits. This step is critical to confirm that, even after mitigation measures, the risks do not pose an unacceptable threat to patient safety or device performance. If residual risks are deemed too high, further corrective actions, such as enhancing safety features or modifying design, are taken. Residual risk evaluation ensures that a device remains safe, compliant and effective throughout its lifecycle, balancing practical risk reduction with regulatory standards.

Production and post-production information

Risk management extends beyond product development into production and post-production. During production, it’s crucial to monitor the device for any new risks that arise during scaling or manufacturing processes. Supplier auditing is a key part of this process, helping to ensure that external vendors continue to meet quality and regulatory standards, reducing the risk of defects or inconsistencies. Once the device is on the market, Post market surveillance is necessary to collect data, including user feedback, adverse events as well as any complaints. This information helps identify new risks or previously unrecognised hazards, prompting updates to risk control measures and further refinement of the product.

Common misconceptions in risk management

Risk management in medical devices is often misunderstood, leading to gaps in implementation and compliance. Below are some of the most common misconceptions:

Risk management is only a regulatory requirement

Many believe that risk management is only necessary to meet regulatory requirements. While it is a critical part of compliance with standards such as ISO 14971:2019 and EU MDR, risk management goes beyond merely ticking boxes. It is an essential process to ensure patient safety, improve device performance and maintain long-term trust in the device. Effective risk management helps identify potential issues early, reducing the likelihood of costly recalls, legal action or damage to the company’s reputation.

Risk management is only about preventing harm

Another misconception is that risk management is solely about preventing harm or injury. While preventing harm is an essential aspect, risk management also includes evaluating the benefits of a device, balancing risks with intended benefits, and mitigating any risks that remain. It is a holistic process that involves identifying, assessing and controlling risks throughout the device's lifecycle, ensuring that both the device’s safety and effectiveness are optimised.

Risk management ends after product development

Some might think that risk management only applies during the design and development phases. However, this is far from the case. Risk management is an ongoing process that continues after product development, throughout production and even post-market. Continuous monitoring of device performance, addressing adverse events and implementing corrective actions are essential to maintaining safety and compliance. A robust post-market surveillance system ensures that any new risks are identified and mitigated quickly.

Emerging Challenges in Risk Management

As medical technology advances, new risks are emerging, requiring manufacturers to adapt their risk management strategies:

Cybersecurity Risks in Connected Devices

The rise of connected medical devices has introduced potential cybersecurity threats that challenge successful risk management of medical devices. These devices often store or transmit sensitive patient data, making them attractive targets for cyberattacks. A breach in security could lead to data theft, manipulation or even device malfunctions that harm patients. Risk management for connected devices must include robust cybersecurity measures to protect patient information, ensure device functionality and comply with regulations like the FDA’s post-market guidance on cybersecurity.

Risks Posed by AI and ML Systems

Artificial Intelligence (AI) and Machine Learning (ML) systems are becoming more prevalent in medical devices, from diagnostic tools to predictive healthcare applications. However, these technologies introduce unique risks due to their complex, data-driven decision-making processes. The ‘black box’ nature of many AI/ML models can make it difficult to understand how decisions are made, raising concerns about accountability and transparency. Risk management for AI/ML-based devices must address the potential for bias in algorithms, the need for continuous validation of models, and the implications of incorrect diagnoses or treatments.

Regulatory and Ethical Considerations

The rapid pace of innovation in connected devices and AI/ML systems also poses regulatory challenges. Standards and regulations must evolve to keep up with these technologies while ensuring patient safety and data privacy. Manufacturers must be proactive in staying abreast of new guidelines and regulations to manage emerging risks effectively.

These emerging challenges highlight the need for dynamic risk management approaches that can address the evolving landscape of connected and AI-driven medical devices.

Risk management of medical devices isn’t just a box to tick

Risk management is the backbone of every successful medical device. By constantly identifying, evaluating and mitigating risks, manufacturers not only protect patients but also ensure long-term business success. As technology advances, staying ahead of emerging risks like cybersecurity threats and AI challenges will be key to maintaining trust, compliance and innovation. A strong, evolving risk management strategy is your pathway to navigating the future of medical devices with confidence.

FAQs Risk Management of Medical Devices

What is risk management for medical devices?

Risk management for medical devices involves identifying, assessing and mitigating risks throughout a device's lifecycle. This process ensures patient safety, product effectiveness and regulatory compliance. It aims to reduce the likelihood of device failures or harm by implementing effective risk controls and continuously monitoring post-market performance.

What are the risks of medical devices?

Risks of medical devices include mechanical failure, electrical hazards, biocompatibility issues, user error, software malfunctions and data breaches. These risks can lead to patient harm, device malfunction or non-compliance with regulations. Effective risk management helps identify, assess and mitigate these risks to ensure safety and performance.

What is the ISO risk management standard for medical devices?

The ISO risk management standard for medical devices is ISO 14971:2019. It provides a framework for identifying, evaluating and controlling risks associated with medical devices throughout their lifecycle. The standard ensures that all potential hazards are identified, risks are assessed and appropriate risk control measures are implemented to ensure patient safety and device reliability.

What are the 5 steps of risk management?

The five steps of risk management are:

1. Risk Analysis – Identifying potential hazards and risks.
2. Risk Evaluation – Assessing the likelihood and severity of each risk.
3. Risk Control – Implementing measures to reduce or eliminate risks.
4. Residual Risk Evaluation – Evaluating remaining risks after controls are applied.
5. Post-Market Surveillance – Monitoring the device in real-world use and updating the risk management plan.

*DISCLAIMER: This blog has been written to provide general guidance on Risk Management of Medical Devices. Meridian Medical is not an expert in this field and does not offer risk management services. For expert advice or assistance, please consult a qualified professional. Meridian Medical is not responsible for actions taken based on this content.

Partner with Meridian Medical

If your company is looking for a trusted partner to manufacture high-quality medical devices, Meridian Medical is ready to assist. With a proven track record and a commitment to excellence, Meridian Medical is your ideal contract manufacturing partner.

Contact us today to learn more about our services and how we can help bring your innovative medical devices to market. Get in touch by filling out our online form or contacting us on 01903 732344 or info@meridian-medical.com.