I’m trying to implement a more robust and well-defined procedure at my company for risk management activities per ISO 14971, and I’m having a lot of trouble coming up with methods that are effective, efficient, and consistent. I was hoping some of the people here might have some insights.
My current thinking is that the process should be centred around a risk traceability matrix that co-ordinates and records information from all other activities. In that matrix, you would record hazards, hazardous situations, harms, risk estimation and assessment, risk control measures etc.
As specific risk analysis tools are employed throughout the development process, information from these activities would then be used to populate the matrix, with the outputs of these processes being translated into hazards, hazardous situations, harms, and foreseeable event sequences as necessary. My intent with this is to allow individual subordinate analysis techniques (FTAs, FMEAs, PHAs) etc to be freely performed and updated throughout the development process, and the relevant findings incorporated into the overall ISO 14971 risk table without significant disruption.
Has anyone else approached risk management in this way and found it effective?
The other big issue I’m having is in consistent definition of hazards and hazardous situations without excessive duplication. For example, I have a device with a deployable/retractable fixation system that anchors it to subcutaneous tissue. For the duration of use this anchor is expected to support loads applied to protruding length of the device. To me it seems that there is an obvious hazard / hazardous situation here but documenting it seems to become complicated.
I could document it as follows (format is Hazard / Foreseeable Sequence of Events / Hazardous Situation / Harm):
Mechanical force (interaction between anchor and tissue) / Tissue anchor is deployed during use / Loading of tissue by tissue anchor / Tissue injury.
Or I could split it into further smaller hazardous situations:
Mechanical force (interaction between anchor and tissue) / Tissue anchor is deployed during use / Loading of tissue by tissue anchor during deployment / Tissue injury.
Mechanical force (interaction between anchor and tissue) / Tissue anchor supports transmitted loadings during use / Loading of tissue by tissue anchor whilst deployed / Tissue injury.
Mechanical force (interaction between anchor and tissue) / Tissue anchor is retracted after use / Loading of tissue by tissue anchor during retraction / Tissue injury.
It gets even more difficult when I try to consider conditions that may exacerbate mechanical interactions. For instance: If the user applies excessive force to the device during use there’s an obvious possibility of harm. What I can’t figure out is whether this scenario should be treated as a contributor in a sequence of events leading to a hazardous situation (Loading of tissue anchor whilst deployed), or should it be considered to constitute its own hazardous situation (something like Excessive loadings transmitted to tissue anchor).
I think I may have a fundamental misunderstanding of how I define my hazards, hazardous situations, and foreseeable sequence of events, because I run into issues like this near constantly. In many cases (except for the simplest ones) I can find justifications for defining a particular event or situation as either a contributing event, or its own hazardous situation.
My current thinking is that the process should be centred around a risk traceability matrix that co-ordinates and records information from all other activities. In that matrix, you would record hazards, hazardous situations, harms, risk estimation and assessment, risk control measures etc.
As specific risk analysis tools are employed throughout the development process, information from these activities would then be used to populate the matrix, with the outputs of these processes being translated into hazards, hazardous situations, harms, and foreseeable event sequences as necessary. My intent with this is to allow individual subordinate analysis techniques (FTAs, FMEAs, PHAs) etc to be freely performed and updated throughout the development process, and the relevant findings incorporated into the overall ISO 14971 risk table without significant disruption.
Has anyone else approached risk management in this way and found it effective?
The other big issue I’m having is in consistent definition of hazards and hazardous situations without excessive duplication. For example, I have a device with a deployable/retractable fixation system that anchors it to subcutaneous tissue. For the duration of use this anchor is expected to support loads applied to protruding length of the device. To me it seems that there is an obvious hazard / hazardous situation here but documenting it seems to become complicated.
I could document it as follows (format is Hazard / Foreseeable Sequence of Events / Hazardous Situation / Harm):
Mechanical force (interaction between anchor and tissue) / Tissue anchor is deployed during use / Loading of tissue by tissue anchor / Tissue injury.
Or I could split it into further smaller hazardous situations:
Mechanical force (interaction between anchor and tissue) / Tissue anchor is deployed during use / Loading of tissue by tissue anchor during deployment / Tissue injury.
Mechanical force (interaction between anchor and tissue) / Tissue anchor supports transmitted loadings during use / Loading of tissue by tissue anchor whilst deployed / Tissue injury.
Mechanical force (interaction between anchor and tissue) / Tissue anchor is retracted after use / Loading of tissue by tissue anchor during retraction / Tissue injury.
It gets even more difficult when I try to consider conditions that may exacerbate mechanical interactions. For instance: If the user applies excessive force to the device during use there’s an obvious possibility of harm. What I can’t figure out is whether this scenario should be treated as a contributor in a sequence of events leading to a hazardous situation (Loading of tissue anchor whilst deployed), or should it be considered to constitute its own hazardous situation (something like Excessive loadings transmitted to tissue anchor).
I think I may have a fundamental misunderstanding of how I define my hazards, hazardous situations, and foreseeable sequence of events, because I run into issues like this near constantly. In many cases (except for the simplest ones) I can find justifications for defining a particular event or situation as either a contributing event, or its own hazardous situation.
