SBS - The best value in QMS software

Risk Identification Methods and Risk Management Procedure

dsanabria

Quite Involved in Discussions
#11
My issue is with how to show evidence of "acceptance of remaining risks after implementation of mitigating actions", ref. AS9100 7.1.2 e.

We had our renewal audit to AS9100-C last fall. For risk management we came up with some risk worksheets for certain processes. We were able to pass with that but before the auditor left he strongly suggested we figure out how to show evidence of risk acceptance in the future. I do not want to add another form or expand the risk worksheets our folks already use so I've suggested to them that after taking mitigating actions (if any) they record the results and acceptance at the bottom of the risk worksheet, keeping all risk documentation on one form. Thoughts?
Did post #4 helped you...:popcorn:

Remember - keep it simple - much of this stuff is new and unique to upper management and thus - by default will be embrace by few and followed by the rest.
 
Elsmar Forum Sponsor
T

TrishDish

#12
So in this situation no additional action taken is evidence enough to show that any remaining risks were accepted by the company?
 
K

kiwisfly

#13
Hi TrishDish,
It would be better to demonstrate that you assessed the risks and accepted that their level falls within the tolerable limits of what your company accepts. If you use the kind of table posted by Samsung, you should be able to show that the residual risk remaining following mitigation is within your acceptance levels.

Some risk tables show red, amber, green to show if the risk is acceptable (green for go), amber may be acceptable but needs to be monitored and red (danger / stop) you can not proceed or must be mitigated. The attachment is an example. You could also use RPN's (numbers) to show what is acceptable if you do a FMEA.

The thing about risk is that it is subjective. What the risk management process is trying to do is step you through a controlled process where you assess the risk and determine whether it is one that you will live with or something you need to do something about. Risk idenfitification is only as good as the people doing it, so it is very important that the process is followed to protect yourselves and your company from inherent risks.

I hope this helps. :bigwave:

Cheers
 

Attachments

M

mallen92705

#14
In the idea of doing it sooner rather than later, our company assesses risk at the quote stage, rather than contract review with order in hand.
 

Mike S.

Happy to be Alive
Trusted Information Resource
#17
Re: Problems with risk identification on Risk Management procedure

If not - get those that need to be involved in a room and do a brainstorm of "What if" scenario. Do it for key products but more important - do for it for your processes (Note: - use the handbook - section 11.2.2 for ideas and question (page 12)).
What handbook?
 
M

MGMTREP

#19
An FMEA is a good risk management tool because it pushes you to consider the severity and liklihood of and hindrances to occurence. The resultant RPN helps focus your managment efforts.
 
Last edited by a moderator:
K

kgott

#20
Hello everybody,

I'm just writting my risk management procedure, basically my structure for the procedure consists in:

-Review the customer requirements
-Identify risks
-Risk Assesment
-Establish plans for risk mitigation
-Verify and control mitigation plans

I already looked for some examples here in the cove for risk management and i found very helpful information but I?m still "fighting" with the risk identification part.

I'm just stuck trying to establish a quick and easy metodology to identify risks. I thought in a brainstorm metodology but i just read a lot of disadvantages for that metodology, for example the fact that it can be totally unuseful if a key actor is not present during the brainstorm session.

So, can anyone help me with some ideas about a easy metodology for risk identification? , if you have an example it would be great :rolleyes:

Thanks in advance for your help!
Why are you writing a risk management procedure?

ISO 9001, ISO 14001 ASOHS 18001 are doing what the risk management standard requires - controlling risk, thats what they do.

If you feel a risk management standard is required why not just say you use these and other standards (and other actions you take) to control risk?
 
Thread starter Similar threads Forum Replies Date
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
A Is Risk Identification and Treatment a Process? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
R Risk Analysis and Hazard Identification concerning Clinical Decision Support Systems ISO 14971 - Medical Device Risk Management 1
S Hazard Identification and Risk Assessment - Can Risk Assessment be "Grandfathered"? Occupational Health & Safety Management Standards 4
K Do you have to use RPN in Medical Device Risk Analysis? Identification of Hazards ISO 14971 - Medical Device Risk Management 6
K Behaviour Assessment for Hazard Identification & Risk Assessment Occupational Health & Safety Management Standards 25
G Hazard Identification and Risk Assessment 4.3.1 Occupational Health & Safety Management Standards 14
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 7
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 4
Q FMEA and Risk assessment in Microsoft Access FMEA and Control Plans 6
I Realization processes input into overall risk ISO 14971 - Medical Device Risk Management 2
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
thisby_ Post Market/Production Risk Assessment ISO 14971 - Medical Device Risk Management 0
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
C Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
qualprod Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
G Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
C Risk Matrix vs FMEAs ISO 14971 - Medical Device Risk Management 11
S IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 6
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
S Traceability of requirements to design and risk Design and Development of Products and Processes 3
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
D Deciding whether or not pre-market clinical investigation is required for low risk device EU Medical Device Regulations 5
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
_robinsingh Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 0
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
bryan willemot Contract Review and risk managment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3

Similar threads

Top Bottom