Working with risk management can be tricky, but the following video offers six useful tips on how to get the desired results in the best way. It is a part of our online course on Risk management for medical devices and IEC 14971:2019.

This article aims to give tips and tricks so that risk management work can be done more efficiently and effectively. Please note that the focus is not so much about the regulatory requirements, as it is about making the risk management work efficient.

The right competencies and risk management

One of the most useful tips for successful work with risk management is having the right competencies on board when doing risk management – for example, it is always a good idea to have some people with clinical knowledge, and at least one person with good knowledge about the risk management process, as well as people who know the application. In addition to that, other relevant competencies, such as the ones relating to the production or service of the device may be needed when analysing risks relating to those particular life-cycle phases or areas.

It is not only about having the right competencies, though. It is also about harvesting the positive effects of group dynamics. This means that it is essential to set up meetings and collaborate with people that can help.

Risk management does not mean boredom

A surprisingly large number of people participating in risk management work feel that it is “boring”, not necessarily because risk management in itself is boring, but rather the format by which many have chosen to work. What often happens is that several people gather in a room and then have a risk management workshop meeting that takes three hours or more.

The problem with this is that it is very often difficult to make the meeting meaningful for every participant when the group is large and the meeting is that long. And, the time spent in the risk management workshop often ends up being spent on minor conflicts, or even worse, dealing with grammar or trying to spell words like “phthalates” correctly. Therefore, big and unnecessarily long meetings should be avoided.

risk management workshop

The solution to this problem is to have shorter sessions, ideally less than one hour, where people feel free to brainstorm and come up with ideas and thoughts. After the meeting, one or two people can perform the detailed processing of the information that came up during the meeting. This would include categorising information to hazards, reasonably foreseeable sequence or combination of events, hazardous situations, harms and even risk controls. It could also be to further elaborate on causes of risks and identify various variants of the identified risks.

The outcome of the processing should be recorded in a hazard traceability matrix or similar. And then, it can be decided to either reconvene to review what has been done, or even better, send the results out for a document review. The next step is to collect comments and remarks, collate the comments in one document, resolve any obvious things, and bring the things that require discussion to another short meeting. This principle offers more quality results compared to trying to achieve all in one long meeting.

It is important to remember that risk management is a team effort, but it can still be a team effort without lengthy meetings.

Leading a risk management workshop

Continuing the talk about meetings, it is essential that there is someone in the risk management workshops who can really effectively lead the meeting. People have a hard time coming to an agreement, or they dig too deep and become very granular or technical. And when that happens, it is very useful to have someone in the meeting that can either make the decision of going with A or B, or someone who can say: “let’s stop the discussion and escalate this particular issue”.

Following the requirements in risk management

Creating records of who is taking part in the risk management work is practical, but more importantly, it is also a requirement in the standard. There should be records of who did what, and it is best to start as early as possible so that going back and doing it retroactively can be avoided.

A simple list with risk management meetings or reviews that outline what they addressed, when they were held and who was present, should suffice to avoid nonconformities.

Iteration and risk management meetings

Even if the standard describes a very linear approach that goes from hazards to reasonably foreseeable sequence or combinations of events and so on, it is important to know that the work is rarely as linear as it is described in the standard. The team should have the space and liberty to go back and forth.

hazard traceability matrix

When analysing risks, someone might say that the product should be sterile. That is not a risk, it is a risk control measure. And if that risk control seems reasonable, the team might want to go back and say why the product needs to be sterile and come up with all sorts of risks that the manufacturer wants to avoid by sterilizing the product.

How to make a risk management file

If a brand-new product is being created, there will be no background risk management work to start from. This will very much influence how the risk management file is created because everything is done from scratch.

However, if there is a similar pre-existing product, that is good news because it is allowed to copy text from a previous hazard traceability matrix within the predecessor product. Still, this requires great care, since the details do not necessarily match, or the risk is different for the new version of the product.

In conclusion, working with risk management does not need to be tiresome and not everything needs to be done from scratch. There are tips and shortcuts, just make sure you do not stray from the standard and regulations.

Understanding Po and Severity

A lot of discussions and frustration can occur when discussing the severity of harm for certain risks and the associated probability of occurrence of harm. A lot of risk management teams are missing the necessary insights needed to accurately and correctly define the different outcomes and harms of a particular risk. To be successful, good knowledge of P1 and P2 and techniques on how to handle multiple outcomes are essential. These topics are covered on our blended risk management course.

If you enjoyed this article and learned something from it, you can find others here.

Would you like to learn more about Risk Management?

Get instant access to our online Risk Management for Medical Devices and ISO 14971:2019 course right here. In 6 hours, you can learn more about how to develop new medical devices and maintain them in organisations where design control requirements apply. This course is taken by quality assurance, project management, design engineering or those involved in R&D and product development teams.

Peter Sebelius instructor

Peter Sebelius

Peter Sebelius is a highly esteemed trainer, consultant and entrepreneur in the medical device industry. He is a member of the Joint Working Group that is revising the ISO 13485 and ISO 14971 standards.

He has vast ‘hands on’ experience, having developed, amongst other things, a mechanical chest compression device and an ex vivo perfusion machine for lungs. He has received numerous awards including the Great Design Award and the title “This year’s specialist” by Veckans affärer.