How to address the content deviation of 'cannot apply criteria of risk acceptability prior to...'

d_addams

Involved In Discussions
Are people getting much scrutiny from NB's about having pre-determined risk acceptability criteria in their RM plans in light of the content deviation? How do you address the content deviation of no predetermined acceptable risks vs. having risk acceptability defined in your RM plan (as required by 14971).

In a prior life, acceptability criteria was just a verbatim statement of the MDR criteria. I was a little surprised in a new role to see blanket acceptability for the lowest category of risks (with no additional risk mitigations necessary) and some quantitative acceptability criteria for higher risk categories. Is this typical?

Also, what value is there in using qualitative descriptors for your risk classification categories. 'negligible, medium, high, critical, unacceptable'. IMO this just sets the conversation off on the wrong foot regrading acceptability or the need for additional mitigations. I prefer to just use a # classification (1 through whatever #). Any downsides to getting rid of the 'loaded' qualitative category descriptions?
 

Tidge

Trusted Information Resource
I'm curious to read more about recent experiences with NB auditors as well. Locally, the last round of experiences with NB auditors in the Risk Management space were (from my PoV) focused on trivialities like mass application of Risk Control Options Analysis in subordinate documents that were only informed by a high-level risk analysis as opposed to actually specifically addressing risks. Think FMEA (failure modes) vs. HA (risk analysis).

Also, what value is there in using qualitative descriptors for your risk classification categories. 'negligible, medium, high, critical, unacceptable'. IMO this just sets the conversation off on the wrong foot regrading acceptability or the need for additional mitigations. I prefer to just use a # classification (1 through whatever #). Any downsides to getting rid of the 'loaded' qualitative category descriptions?

I am in general (and particular!) agreement that qualitative descriptors beyond three(*1) categories approximating "high/middle/low" is probably sowing confusion, when ultimately the goal is to get to (relatively clear) overall assessment of acceptability/not-acceptability... with a presumption of working towards "as acceptable as possible". I don't want to leave with the impression that my opinion is that initial assessments of "low risk" items would simply be accepted with no further action; rather I'd prefer that they be verified as low risk and have an assessment made if their risk profile of these could be improved... even if they are already in the lowest category. I want to believe that this personal attitude is in alignment with the evolving thinking around medical device risk management, but I've been surprised before.

(*1) Intellectually I'll tolerate as many categories as makes sense for quantitative methodologies, but only if I can be shown that it is possible to quantitatively determine membership in each category. That is: if it can never be proven that something falls in a 1-in-a-million category... why bother having it?
 
Top Bottom