The risk device companies assume is great. This requires a comprehensive planned approach. A policy on paper is not enough. It must be inherent in the day to day activities throughout the organization. Risk is constantly assessed and appropriate and timely decisions made. The goal is a reasonable assurance of safety and effectiveness of the product. In the simplest terms risk management results in the following:
- Identifies hazards
- Evaluates /estimates risk
- Determines risk acceptability
- Controls risks
Don’t Wait for Tomorrow for What You Can Fix Today
“We’ll cross that bridge when we come to it”, is not a good method for dealing with risks. Identifying and addressing issues early in the process is far more cost effective than waiting for the problem to occur during customer use. Good planning will reduce risk later on. To that end, companies need a risk management plan that includes:
- How risk is assessed,
- The criteria of acceptable risk
- Responsibilities executed by qualified individuals
An effective plan needs information that is readily available and communicated across departments. Paper systems can encumber this activity and standalone applications can make it difficult to integrate and interpret data. As a result, a central location that provides traceability of the information is desirable. All employees need to be trained and fully understand their roles.
The entire organization needs to embrace that gaps can occur from the very beginning in the design and development phases or later on through incomplete or inaccurate investigations or complaint capture. The earlier you use risk management the better, rather than waiting later in the product lifecycle or to manage risk only when a problem occurs. This is why a formal process based on collaboration across departments is necessary. The activities can encompass:
- FMEA
- Control plans
- Component/raw material qualifications
- Inspections
- Stability
- CAPA
Tools/ Techniques
There are multiple tools that can facilitate data collection and analysis. These tools can help define and also score the risk such as a risk priority number (RPN).
- Preliminary Hazard Analysis (PHA)- Used early in the process
- Fault Tree Analysis- Top down from an individual event
- Failure Mode and Effectiveness Analysis (FMEA), FMECA-adds criticality- How each component or process could fail
FMEAs are performed early in the design process, at design review stages and then throughout the lifecycle of the product. To estimate the risk, a calculation is employed using the severity of the issue, the likelihood of the occurrence and the ability to detect it. The result will fall into a band of increasing risk. A table can then be created where the likelihood and the hazard are compared and the risk is categorized perhaps as low, medium or high.
Now What?
Once the risk is defined, then decisions can be made regarding which risks are low and can be tolerated and those that need to be corrected and controlled. Any fixes need to be implemented, documented and evaluated for effectiveness.
A big problem is waiting too late in the process and thinking of it as a static document-once completed it is done. Risk management is never finished. It is an iterative process that goes on as long as the device is available. A good risk management plan will demonstrate that risks are evaluated and that issues are corrected quickly.