Risk Evaluation Matrix-Product Portfolio

alimary15

Involved In Discussions
#1
Hello,

a quick question :)

Does it make sense to have the same Risk Evaluation Matrix for completely different products?

Shouldn?t different products ( such as Apps, or heavy machines) have different tresholds of acceptable/unacceptable risks?

What is the best practice? Is it better to your experience to have 1 Evaluation Matrix for all, or to define 1 evaluation Matrix for each single product/device?

Thank you very much!
 
Elsmar Forum Sponsor

Marcelo

Inactive Registered Visitor
#2
The evaluation matrix you mentioned is the graphical interpretation of the risk acceptability criteria.

The criteria should be based on the risk management policy, and should be created for each device.

So yes, you should have different ones for different devices. The only rationale for having the same for different devices is if the devices have generally the same risks, for example, if all are lung ventilators. If you manufacture a lung ventilator and an implant, or a lung ventilator and ultra-sound machine, there?s no way the risk acceptability criteria would be the same.

However, most of the time people use only one. This is common practice, not best practice, thought.
 
Last edited:

alimary15

Involved In Discussions
#3
The evaluation matrix you mentioned is the graphical interpretation of the risk acceptability criteria.

The criteria should be based on the risk management policy, and should be created for each device.

So yes, you should have different ones for different devices. The only rationale for having the same for different devices is if the devices have generally the same risks, for example, if all are lung ventilators. If you manufacture a lung ventilator and an implant, or a lung ventilator and ultra-sound machine, there?s no way the risk acceptability criteria would be the same.

However, most of the time people use only one. This is common practice, not best practice, thought.
Thanks for the feedback !

In case the devices are totally different I would go for the option to have different acceptability criterias. However, if having a general and "good-for-all" policy, would it then make any sense to discuss possible residual risks in a risk/benefit analysis?

By having an acceptability criteria that is unique for all, wouldn?t there be a risk of classifyng as acceptable risks that might not be acceptable? I am concerned about and if it is possible to lose any kind of information within the RM process by doing so.

What is your opinion?

Thanks
 

Marcelo

Inactive Registered Visitor
#4
However, if having a general and "good-for-all" policy, would it then make any sense to discuss possible residual risks in a risk/benefit analysis?
The risk management policy is the high-level policy on how the enterprise deal with risk. Policies are direction, but really not directly actionable. That why you need to define the criteria for each device based on the policy. Please see an example of policy discussion in this thread - http://elsmar.com/Forums/showthread.php?t=52843

By having an acceptability criteria that is unique for all, wouldn?t there be a risk of classifyng as acceptable risks that might not be acceptable? I am concerned about and if it is possible to lose any kind of information within the RM process by doing so.
Yes, that why is makes no sense to have a risk acceptability criteria for all devices, as I mentioned. This problem might even happen if the devices are similar but have modifications that can impact the risks.
 

alimary15

Involved In Discussions
#5
The risk management policy is the high-level policy on how the enterprise deal with risk. Policies are direction, but really not directly actionable. That why you need to define the criteria for each device based on the policy. Please see an example of policy discussion in this threadhttp://elsmar.com/Forums/showthread.php?t=52843
Sorry for the bad use of words- I was always speaking about the risk criteria of acceptability!

Thanks for the help!
 

alimary15

Involved In Discussions
#6
This problem might even happen if the devices are similar but have modifications that can impact the risks.
In this case for example, when upgrading the same device, it is practice to start from the previous RA and then move forward to identify new possibile risks that are coming from the new modification.

My only concern is using the same acceptability criteria for software, hardware, and different kind of devices. I think it would make things way more general.

I will try to discuss this further within my team and try to change things.

Thanks for the confirmation :thanx:
 
Last edited by a moderator:

Marcelo

Inactive Registered Visitor
#7
Ah, ok, well, people generally use those concepts interchangeably, but they are very different, which causes confusion in the discussion and understanding.

So, if your question is

However, if having a general and "good-for-all" risk acceptability criteria, would it then make any sense to discuss possible residual risks in a risk/benefit analysis?

Yes, it would, because the residual risk are related to risk control measure, and even if similar devices would have similar risks, it does not mean that they would have the same risk control measures (in fact, newer devices in a device family usually have different risk controls measures to some risks because that?s how technology evolution works.
 

Marcelo

Inactive Registered Visitor
#8
In this case for example, when upgrading the same device, it is practice to start from the previous RA and then move forward to identify new possibile risks that are coming from the new modification.
Yes, and this is acceptable by ISO 14971 IF you perform and evaluation and concludes that you can use the proviso RA.

My only concern is using the same acceptability criteria for software, hardware, and different kind of devices. I think it would make things way more general.
Exactly. They probably need separate ones, based on the same high level risk management policy.
 

alimary15

Involved In Discussions
#9
Ok great thank you!

Then I might have a more complex question:

Let?s consider a scenario where we have different modules that could be or could be not present on the field and that are sold as a complete system to the costumer.

Then what is it the best practice? Make RA for each single module? Shall RA also be made to the complete and overall system to include possible risks arising from interactions between each single module?

What?s the best practice in this case?

Thanks
 

Marcelo

Inactive Registered Visitor
#10
Then I might have a more complex question:

Let?s consider a scenario where we have different modules that could be or could be not present on the field and that are sold as a complete system to the costumer.

Then what is it the best practice? Make RA for each single module? Shall RA also be made to the complete and overall system to include possible risks arising from interactions between each single module?

What?s the best practice in this case?

Thanks
Risk management (as defined in ISO 14971 and as required by most regulations) is applicable to the medical device as a whole.

So yes, you would need to focus on the complete device, and as you mentioned, part of the focus is on interactions between each single module - in fact, think of it as interactions in the different configurations.
 
Thread starter Similar threads Forum Replies Date
U Changes to Internal Processes and Risk Evaluation - Mitigations Risk Management Principles and Generic Guidelines 10
M Informational Work in progress at the FDA for biological evaluation – Color Hazard and RISk calculator (CHRIS) Medical Device and FDA Regulations and Standards News 0
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
qualprod Qualitative or Quantitative? Risk method evaluation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Rincewind Clinical Evaluation of very low risk medical devices EU Medical Device Regulations 3
J Simple supplier evaluation qualification process form that includes Risk Assessment Document Control Systems, Procedures, Forms and Templates 2
Sam Lazzara ISO 14971 Clause 7 - Evaluation of Overall Residual Risk Acceptability ISO 14971 - Medical Device Risk Management 3
J FMEA Evaluation of "User Risk" - Wording FMEA 3rd party advisors ISO 14971 - Medical Device Risk Management 3
S Risk Analysis and Risk Evaluation - Biomedical company ISO 14971 - Medical Device Risk Management 6
B Chrysler requirement of Initial Risk Evaluation IATF 16949 - Automotive Quality Systems Standard 2
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
M Estimating the benefit-risk ration under MDR EU Medical Device Regulations 1
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 8
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
M Has anyone heard of Run at Risk? Manufacturing and Related Processes 17
Tagin Is SARS-CoV-2/COVID-19 on your risk register? Misc. Quality Assurance and Business Systems Related Topics 11
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 3
DuncanGibbons Classification of aerospace parts depending on their risk and criticality etc. Federal Aviation Administration (FAA) Standards and Requirements 3
D Performance specification as a Risk Control Measure, EN 14971 ISO 14971 - Medical Device Risk Management 7
M Risk Classification For Supplier - Clinical Research Organisation (CRO) Supply Chain Security Management Systems 3
Sidney Vianna IAQG SCMH explains "positive risk"..........but does it? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
MrTetris Unacceptable risk and information for safety ISO 14971 - Medical Device Risk Management 16

Similar threads

Top Bottom