If you’re developing a medical device, it’s vital that you understand Risk Management. It will keep you on the right path to designing a device that will keep the end user safe and actually improve their quality of life.
There are several key terms pertaining to Risk Management defined in ISO 14971 that you definitely need to understand (don’t forget to bookmark this page to return to whenever you need to clarify a definition).
RISK MANAGEMENT – systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling, and monitoring risk
RISK – combination of the probability of occurrence of harm and the severity of that harm
HAZARD – potential source of harm
HAZARDOUS SITUATION – circumstance in which people, property, or the environment are exposed to one or more hazard(s)
HARM – physical injury or damage to the health of people, or damage to property or the environment
SEVERITY – measure of the possible consequences of a hazard
RISK ANALYSIS – systematic use of available information to identify hazards and to estimate the risk
RISK ESTIMATION – process used to assign values to the probability of occurrence of harm and the severity of that harm
RISK EVALUATION – process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk
RISK ASSESSMENT – overall process comprising a risk analysis and a risk evaluation
RISK CONTROL – process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels
RESIDUAL RISK – risk remaining after risk control measures have been taken
These terms are standard, but realize that in practice, many people use the terminology incorrectly and/or interchangeably.
For example, someone might use “risk analysis” to refer to “risk management”.
When this happens, I recommend asking the person to explain what they mean. I’ve witnessed (and probably participated in) several disagreements where the terminology created confusion.
Getting a grasp on the list of terms above is critical to understanding medical device risk management.
Interested in understanding how all these terms fit into the broader Risk Management Process as described by ISO 14971, check out the infographic below.
About the author
Jon Speer is the Founder & VP of QA/RA at greenlight.guru, a software company that produces beautifully simple quality and risk management software exclusively for medical device companies. He is also the founder of Creo Quality, a consultancy that specializes in assisting startup medical device companies with product development, quality systems, regulatory compliance & project management. Jon started his career in the medical device industry over 16 years ago as a product development engineer after receiving his BS in chemical engineering from Rose-Hulman Institute of Technology.
At DeviceTalks Boston, Tyler Shultz will give attendees an inside look at Theranos and how he was able to sound the alarm after he realized the company was falling apart. Shultz will take attendees behind the story that everyone is talking about: the rise and fall of Elizabeth Holmes and her diagnostic company, Theranos.
Join Shultz and 1,000+ medical device professionals at the 8th annual DeviceTalks Boston.