May 15, 2018
According to ISO 14971, risk management is defined as the "Systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating, controlling, and monitoring risk."
Basically, risk management means the right people doing the right activities at the right time to prevent harm.
What would you do before going skydiving?
Whenever we take a risk, most of us consider these two questions before we "take the leap";
"What are my chances of success?"
"How much will it hurt?"
This is the part of the risk management process which is simply a well thought out collection of planned ways to control situational danger from occurring and/or reduce the harm it can cause.
When you think about it ... We perform many risk management activities in everyday life!
We know that crossing a street on foot poses the hazard of getting hit by a car, which rates high in severity because it can cause serious injury or death. [Severity can change given the speed limit and type of vehicle].
The probability of occurrence is quickly determined by your own stored memory of data and experiences. [Probability can change given the type of roadway or time of day].
We each have our own internal formula for risk and this is what it looks like:
This formula is part of our everyday internal calculations; we even do it subconsciously.
So, now we see that the probability of occurrence and the severity of harm are both used together to estimate risk. But there is more to it than that when it comes to managing that risk.
When it comes to medical devices, we all know that risk management is mandatory and it also contains many useful design tools.
A risk management process in the Medical Device industry also needs to be easily communicated to others.
As we know, there are regulatory rules and standards to follow when designing a risk management system for a Medical Device, especially ISO 14971.
So, what is required when designing a Medical Device risk management process? Read on.
Begin by creating a strategy with your team or consultant.
Create a risk management plan, assign roles and set a schedule.
Store this in your risk management file, which is the paper trail for the whole risk management process. It should be organized and clear.
Be objective. This will prevent you from forgetting important parts.
The first part of a risk assessment is completing a risk analysis; the process of defining and analyzing all potential hazards.
To begin, define the devices Intended Use.
Example questions to answer:
Then identify the Hazards.
Now brainstorm any foreseeable sequence of events that can become a hazardous situation.
Describe the hazardous situation.
Describe the harm that can result.
Next, estimate the risk level for each hazardous situation.
Use the risk formula:
Next, the risk assessment ends with a risk evaluation; the stage of the plan where you judge whether the risk is acceptable to you, or whether a risk control is necessary for each hazard.
The best way to do a risk evaluation is to use a risk acceptability matrix using the previously estimated risk levels.
The matrix will look something like this:
Risks that are at low levels (yellow) are acceptable.
Marginal risks (orange), however, need further consideration if they are to be acceptable or can be controlled to lower figures.
High level risks (red) are unacceptable and require risk control measures for the project to move forward
Example: Chance of battery explosion
Likely probability x Major severity = Unacceptable risk!
Risk control are the things you do to reduce the probability of occurrence and/or severity of harm, in the following order:
Here are examples of risk control measures used to mitigate the risk of harm due to the battery overheating:
Residual risk is defined as risk that cannot be reduced further after risk control measures have been taken.
Evaluate whether the overall residual risk is acceptable or not; benefit versus harm.
Let's use the X-ray machine to illustrate a simple example.
Despite all protective measures and safety designs, having an x-ray done still poses the risk of radiation exposure.
BUT, we need x-rays for diagnostic purposes.
Despite the potential harm, the medical benefits for the patient are greater.
THUS, the x-ray machine residual risk is acceptable.
The risk management report is a summary of all results, data, tables, etc., of the entire risk management process.
It explains all acceptable and unacceptable risks, the benefits and harms, what risk controls occurred and why, plans for risk monitoring, etc.
It must be clearly written and demonstrate that all the planned objectives have been met.
It must also provide confirmation of the overall level of risk.
From an idea in one's head to post-market success, it is important to monitor all life stages of a medical device.
During the product phase, monitoring will help adjust overall risk acceptability and prepare for the market.
But, even with all the planning and speculation, no one can predict how the device will work in real life situations, in user's hands, and on actual patients.
Therefore, post-production monitoring is equally important
Any changes can affect the risk formula numbers and can send the device back to the risk analysis stage.
Because he strategized, then defined and analyzed all known and foreseeable hazards, estimated the risk level, evaluated risk acceptability, controlled for all unacceptable risks, and then decided the benefits outweighed the residual risk. THEN he crossed.
© 2019 Koven Technology Canada Inc.