5 min reading time

How do you alert everyone on your development team about product risks? In an email? A shared drive? Verbal communication in a team meeting?

A recent study of 500 employees working on Class II or Class III devices (see http://medgroup.biz/managing-risk for the whole study) asked:

How do you manage risk identification, analysis, and mitigation?

• 47% said Broken Down into Individual Risk Artifacts in a Commercial Software Tool
• 43% said Documents on a Shared Network
• 10% said Documents under Document Control

The top three methods used for mitigating risk in this year’s survey were Failure Mode Effects Analysis (FMEA), risk management files, and Root Cause Analysis (RCA).

Nearly 70% of respondents said they also use Corrective and Preventative Action (CAPA) as part of their quality management system. No distinction was made between reactive and proactive methods.

Perhaps most surprising was the answer to the question,

When do you start documenting risk?

• 31% said Concept
• 35% said Feasibility
• 27% said Development
and 7% said Verification

I won’t summarize the whole piece for you but you can get the rest at http://medgroup.biz/managing-risk

So, for today’s discussion, how (and when in the process) do you manage risk?

++++++++++

Recent Discussions

How to motivate people to follow compliance?

Do website edits require controlled change?

International approvals without repeating trials?

Who uses contract engineers and why?

A win for Obama? Is the tax-inversion play dead?

++++++++++

CFO of Globus Medical Rick Baron is confirmed to speak at the 10x Medical Device Conference.

10x is a thought leaders forum for medical device execs. We limit participation to 200 guests to keep it intimate and meaningful. 67 spots are already taken.

See all the speakers and secure your spot at http://medgroup.biz/About-10x

Prices go up this Saturday.

++++++++++

Make it a great week.

Joe Hage
Medical Devices Group Leader

P.S. I’ll be at http://medgroup.biz/IN3 in San Francisco next week if you want to attend or meet.

---

Ian Newington
Head of Special Projects at LGC Grant Management Group
There are different risks at different stages of the product development. I would say that technical risk (will it work) and commercial risk (will someone pay the right amount for it) are important at the concept phase. The risks when the product is realised and ready to market are more about potential failure or mis-use.

Software tools can be useful but only if they are aids and not driving the RA – ther is a danger in thinking that just because we reached the bottom of the list, we’ve quantified the risk.

Carine Grelait
QA Expert Release and Raw Materials chez Baxalta
I used to build a product map during the concept phase, in order to identify each user-device interaction. This product map is the entry point of the application FMEA.
Then I begin the design FMEA at the end of the concept phase, just before beginning the prototype phase.
The development team is closely involved in these activities.

Ee Bin Liew
Access-2-Healthcare’s Owner and Consultant
Hi Joe, thanks for that and actually your post have pretty interesting points..

• 47% said Broken Down into Individual Risk Artefacts in a Commercial Software Tool
• 43% said Documents on a Shared Network
• 10% said Documents under Document Control

another way of looking at it, I could say – “due to the needs of documenting risk and risk being communicated to all relevant stakeholders, a commercial software tool may be the best way today to achieve this”

The top three methods used for mitigating risk in this year’s survey were Failure Mode Effects Analysis (FMEA), risk management files, and Root Cause Analysis (RCA).

another way of looking at it, I could say – “I identify risk, I find out why, mitigate them in various ways, and I document all that as appropriate”

Nearly 70% of respondents said they also use Corrective and Preventative Action (CAPA) as part of their quality management system. No distinction was made between reactive and proactive methods.

another way of looking at it, I could say -“30% of them are non compliant right away!”

When do you start documenting risk?
• 31% said Concept
• 35% said Feasibility
• 27% said Development
and 7% said Verification

another way of looking at it, I could say that in product realisation process, the proportion is about right.

Cheers

Ned Kraft
Kimochis – Tools for BIG Feelings – Social Emotional Learning and Character Education for Kids
I do a simple spread sheet with appropriate ranking criteria, reviewed by a small team on a monthly basis. In my experience risk management is generally done in an ad-hoc manner with one or two individuals driving and keeping score. I like to keep a laundry list in a spread sheet in a shared location so that anyone can add risks. With proper encouragement, you can extract hundreds of real risks from everyone from the sales folks to the assemblers that have been on their minds for months or years, but not captured or acted on.

As far as processes, CAPA, etc. most companies I have worked with don’t have the foundational processes and discipline to implement agile or 6 sigma, but focus on regulatory/audit compliance (which is a low bar compared to process excellence).

A thought on commitment. I’d recommend not asking people to give your their risk list unless you’re willing to lead and invest in the follow up action. Yep – a budget line item or 3 for risk management.

Goldy Singh
VP Regulatory & Clinical Affairs at Profound Medical
Must establish Risk Management Team of individuals who possesses “right” skill sets. Bi-weekly face to face meeting with development team has worked very well for us. You may follow internal procedures for risk categories. If internal procedure has not been established (small start-ups), follow ISO14971 and IEC 3rd edition standards requirements for structured discussions. Using that as a guidance and taking it beyond based on intended use/user of the device including potential miss-use. Keep good traceability to each test record that provides evidence that risk mitigation has been implemented and it WORKS. Once the device is released for production and market, any failure (manufacturing processes or customer complaints) must loop back to risk management system and ensure that the risk mitigation is effective. To manage risks, good team who understand the product and is empowered to make decisions/propose solutions, is the key to success.

Mary Drotar
Product Development Expert | Co-Founder at Product Risk Framework and Strategy 2 Market
We recommend that our clients start identifying and resolving risks/assumptions as soon as possible in the project including the very early stages e.g. stated as assumptions… “We have a compelling value proposition.” “This product is eligible for reimbursement.” etc.

Detektiv Iorio
Detektiv presso Internationaler Privat Detektiv Iorio
I think the risk is handled with courage and work…

Anders Emmerich
CEO at Aligned AG
Hi,
we try to advocate that the risk analysis should be an integrated part of your DHF.
This way you get a number of benefits:
– You can ensure that you don’t have any loose ends
– Are all your measures are actually covered by a requirement and that they are properly tested.
– Will new requirement lead to new risks?
– Changing a requirement may require you to look at the risk analysis again.

Normally you start off with a Preliminary Hazard Analysis for all risks that are derived from norms to move on to e.g. an FMEA on details in your design. The following blog describes one approach, [http://www.aligned.ch/blog/46-product-news/182-preliminary-hazard-analysis-vs-fmea-in-aligned-elements|leo://plh/http%3A*3*3www%2Ealigned%2Ech*3blog*346-product-news*3182-preliminary-hazard-analysis-vs-fmea-in-aligned-elements/LXTs?_t=tracking_disc].

For our ALM-tool Aligned Elements, we have even taken this a step further when it comes to implementing your 62304 classification. We refer to the risk analysis to support the classification claim. See this blog for details [http://www.aligned.ch/blog/53-tips-tricks/191-62304-software-safety-classification|leo://plh/http%3A*3*3www%2Ealigned%2Ech*3blog*353-tips-tricks*3191-62304-software-safety-classification/De5Y?_t=tracking_disc].

Brian O’Connell
Senior Consultant at KPC International
From my experience a Risk assessmet document is best such as a FMEA or Hazard list

Has anyone seen any innovating ways on Risk Management?