With the release of ISO 9001:2015, risk based thinking is the phrase that pays. I was at a conference several weeks ago and people were literally at DefCon 3, not really sure how they were going to move forward with their procedures. But I honestly could not identify what the fuss was all about. Why? Because they are probably already doing it anyway - especially if in a regulated industry. Let's think about it..
- Design Failure Modes and Effects Analysis
- Process Failure Modes and Effects Analysis
- Hazard Analysis
- Part Risk Analysis
- Supplier Assessments
- Audit Plans based on previous failures and/or assessments
- Training plans and requirements based on anticipated job hazards
- Corrective plan of actions based on complaints
- Preventative plan of actions based on possible failures
Does any of this sound familiar? Most likely - all are aspects of the risk pathway encountered during different phases of the product life-cycle.
Every time we make a business or personal decision we are weighing the odds and analyzing based on the best outcome; because naturally, we hope for the best - and PLAN FOR THE WORSE. For regulatory and notified bodies, we just have to document the planning process, document the risk identification, the risk mitigation, and long term action to maintain the prevention controls.
Below I have listed some very good resources to help out with the risk process in general:
- ISO 14971: 2007 Medical devices -- Application of risk management to medical devices
- BS EN ISO 14971:2012 Medical devices -- Application of risk management to medical devices (European standard that varies slightly from the English version particularly in mitigation approach)
- Design Control Guidance for Manufacturers ( has a section on Risk Management and Design Controls)
- Guidance for the Content of Pre-Market Submissions for Software Contained in Medial Devices (some content regarding risk from the software prospective)
And of course this is not an all inclusive list, nor was this post a deep dive into all the nuances of risk. These paragraphs were just to allay some fears and stimulate a conversation - so post a comment below!